Client-Check

Discussion in 'Bukkit Discussion' started by jeussa, Apr 20, 2014.

Thread Status:
Not open for further replies.
  1. Offline

    jeussa

    Hi dere everyone,

    first of all I'm not sure if this was placed on the right forum, sorry if it isn't.

    Secondly I would like to suggest a little thing and also hear some feedback of the community.

    Basicly the meaning of this is to prevent modified clients from being used on a multiplayer server which should be done in collaboration with bukkit and mojang. How will this be done?

    There are some ways of which I've been think, I'm not sure though if they will all work propperly.

    1. When logging in, the player will be asked to 'update' their version .jar file. If they click yes, something similar to the login session will be performed. The player will recieve a code which bukkit then has to confirm at minecraft.net. This code is only given after a version file has been updated, so a player will not be able to login onto a bukkit server using a modified client. (unless the owner of the server has toggled client-check off)

    2. Another solution against modified clients would be by checking the amount of bites that are needed for the version .jar. Having exactly the same amount of bites in a modified client, is very unlikely. Again this can be disabled in the server.propperties.


    Hope you guys like this idea, anyway thanks for reading! And don't forget to leave a feedback
     
  2. It's been discussed many times. Basically it will be bypassed easily, provided someone finds it worth a little time to create a bypass. All the simple codes and hashes for a certain client can be found by examining the protocol and make a client that fakes the values to send - you just don't have full control over the computer of players, and people might not even want you to have control over their computers.

    Virtually any locally installed game gets bypassed with time, and those are more difficult to crack than java applications use to be. Since they have a valid Minecraft account, they just need to emulate the behavior of your client-safety component and are good to go.

    You can make it harder by re-obfuscating the client jar and also scrambling checking-stuff all over the place, so the cheaters can't use their favorite mod so easily - this might be an option, if available as a button-press-tool for the server owner, but your players have to trust you then, also inserting certain hacks into that client should be no problem in general, given some time. (Edit: Also a strongly obfuscated client might still allow black-boxing the thing, just examining the protocol in plain text. So it's still not that hard to bypass if the method of verification ends up being too simple, e.g. sending the same stuff for the same client.)

    I have not heard of any successful (and legal) attempt to verify Minecraft clients. Many cheat clients also don't do anything special until a cheat is activated. Detecting the cheat in other ways on server-side might work, but it'll turn out to be similar to Anti-virus programs, some behavior can be caught, for some one would only catch past-cheats, e.g. signature-based, and the rest is guessing and/or trying to minimize false positives by confining the players to some side conditions. Working on detecting hacks reliably might be more promising...
     
  3. Offline

    Bobcat00

    At Minecon, I asked Dinnerbone what could be done to stop people from hacking/cheating. He basically said with the Minecraft protocol, there's not a lot they could do to stop hacked clients. Even if they put code in the client to protect against hacks, people could just hack it again.
     
  4. Offline

    Gamecube762

    Anything is Hackable unless it doesn't exist.

    Also, there are multiple server owners(including me) who use clients as tools for managing their servers.
     
Thread Status:
Not open for further replies.

Share This Page