Technical solution to eliminate desync in single-player sessions

"

genericacc wrote:

"

tropane wrote:

Because the hardware is controlled by the attacker. It could be as trivial as a raw memory dump or attaching a debugger to retrieve the key. Sure it could be obfuscated but it will always just be a matter of time.

He is assuming the existence of a magical black box which cannot be examined by any means whatsoever iirc

"

NEVER trust the client!

If you do not trust the client whatsoever, most games give unacceptable performance. As you might note from the length of this thread, this is not excluded. >_>

"

gonzaw wrote:

20)The hacker can't "view" the game state no matter what

This follows from (15). The hacker can't do any of the 4 hacks, which are basically the only ones he can do AT ALL. The hacker can only use these hacks to "view" the game state, so without being able to use these hacks he can't do anything.

In practice this is useless because:
1) The hacker can alter the hardware
2) The software running on the hardware is a subset of the capabilities of the hardware
3) Hacks are software

"

4) Hack 1 isn't explained very well. In practice, modifying packet content en route is silly, borderline impossible

Why do you think this is borderline impossible?

"

6) There exists an application protocol, that for any hacker that attempts to do (Hack_4) or (Hack_5.4), the server and client can detect when the packets the server/client receives have been tampered by said hack.

This premise is incorrect unless there exists a shared secret which can't be extracted by the hacker, where one of the parties sharing the secret is ... also the hacker. You can work around this by the assumption that the hacker can't examine the system, which has absolutely no bearing in reality.

"

It is symetrical because the protocol is done in both the server and client. The key is that both share the same common info the hacker doesn't, which is the one I mentioned in the proof of hypothesis (12). With that private key, the client can validate packets sent by the server. The server has to do the same exact thing but in reverse: Put "packet.setAuthKey(key)" from the key he has in the database, and the PoE client validates it with the key from the OS.

1) That's asymmetric cryptography, not symmetric. Symmetric would be more of a Diffie-Hellman-like scheme.
2) This is not generally done for time-sensitive applications because it adds a significant amount of overhead, to the extent that there's dedicated hardware.

"

Hmm, interesting. Yes, it won't do any "in-game" hack. It would make the server/client believe he has higher latency...
...but two questions:
1)How is this any different than me ACTUALLY having higher latency? There is no difference in you (hacker) "delaying" my packet by 30ms, and the network adding 30ms of RTT to the packet.
2)How could this "break" the game, or possibly "hack" it?

There were aimbots for Quake implemented using this method, actually. Packets are an encoding of data and you can change the data before resending.

"

6) False, although checking the route which the packet followed will often reveal hacking in this case, forcing the hacker to gain root access on some very well-defended systems in order to execute such a hack. See 10.

You do not know the route along which a packet was sent. Traceroute works by sending ICMP packets with increasing TTL.

"

Couldn't a simple checksum solve it?
Basically the hacker would play the "change bits" game that usually happen in the network itself. If the packet contains a checksum, it can detect these errors. The server either gets an error parsing the packet itself, or it gets a checksum error. In both cases it will not let the packet pass as valid.

The checksum is part of the packet.

"

Yes this was what I wanted to avert with the whole "magic OS". In this case the hacker does not have access to the same key the legitimate client has.

It is so magic that this is a thought experiment about as practical as Maxwell's Demon. "Perfect security" does not exist.

While you clearly have an interest in security, please read basic material before inventing an engine that assumes a perpetual motion machine exists, this conversation is getting quite tedious due to the length of your replies and the assumptions that bear no relation to actual practice.

"

OP just got SCHOOOLED!!!!

"

syrioforel wrote:

The OP is qwave. :|

"

genericacc wrote:

"

syrioforel wrote:

The OP is qwave. :|

The OP's proposition isn't any more practical. I don't like GGG much (the sample of disassembly I've heard about is charitably called eccentric) but this isn't quite that easy. There are ways to make significant gains, but they involve trusting the client in slight ways (mob clipping). We can't have that because then players could cheat slightly instead of using one of the many many legitimate, infinitely repeatable ways to go through mobs...

"

gonzaw wrote:

"

genericacc wrote:

"

gonzaw wrote:

The hacks or hacker won't be able to manipulate this lower-level entity (won't have sufficient OS permissions, etc), so he can't access anything about it, or manipulate it into "simulating" the client.

Please tell me more about these hackers who can't patch the exe. A lot of hacks assume you have SeDebugPrivilege, which is essentially equivalent to root. There's attempts at verification of the exe like Blizzard's Warden, but that's more of a speedbump (note wowglider etc).

Could you expand a little bit further?

I think I get what you mean. Hackers can always get root access in the OS. The "runtime environment" would be a user process, or an "exe", and with said root access hackers can basically "hack" anything about said "runtime environment" (same as they would the PoE client), and thus be able to simulate everything.

But is that the only way? Is there a way where even if hackers can get root access they can't just "patch the exe"? Would it require custom kernel code for example?

For instance, imagine GGG get a custom Linux distro made for themselves. They can twink ANYTHING they want, just to cater to PoE and how it handles the client.
Are you telling me there is no possible way GGG can twink their Linux distro, in a way no hacker can ever get full information about everything he needs to know to simulate the PoE client? If so, why?
If this linux distro is open source, would it make a difference? Or would it have to be proprietary (ehm....somehow >_> ) for it to work?

Or no matter how "lower" you get in the architectural level, there is always a way the hacker can "hack" your programs/OS/etc at that level to be able to "hack" PoE?
...what about quantum computers? I bet hackers can't "hack" quantum superposition can they? :P

Please know this is a purely theoretical discussion. I want to know if it is theoretically impossible or theoretically possible to do what I'm talking about or not.

"

ScrotieMcB wrote:

"

LogoOnPoE wrote:

Ok, did the test, nope, client does not get mob AI seed. Mobs only move once confirmed by server.

I told you so.

"

gonzaw wrote:

Okay, how about this: Authentication based on a hash (SHA1 for example) of the PoE binaries

"

Sachiru wrote:

Somewhat incorrect.

Yesterday I was playing on the cursed SG gateway and was having a connection timeout every 15 seconds. Normal Prisoner's Gate, with the leapslamming goats and all.

I had an occurrence where the goats leapslammed to my position, and then stopped attacking. I attempted to drink flasks, but all I got was the flask drink sound playing and regeneration, but no deduction in flask charges.

I thought, "screw this, I timed out again" and proceeded to run away from the mob, thinking that they'd stay in place.

Lo and behold, they walked, following me like some kind of weird procession. When I stopped moving, they stopped, and they were in the exact same (relative) position as they were when they leap slammed.

Leapslammer goat to my north walked, and when I stopped, it stopped at my position, but still oriented towards the north. So did leapslammer goat at southeast, and leapslammer goat at west.

Strangely, fireball mage goat remained in the previous position. Probably because he can fire ranged attacks?

This went on until my connection timed out 20 seconds later. I logged back in, thought about attempting to simulate that again, but discarded the idea in favor of leveling my alt character which was intended to test the viability of Avatar of Fire+Infernal Blow Mace Stunner.

Still, I hope this sheds some light on movement behavior. And no, I still won't respond to qwave or the other... er, "less enlightened" people here who think synchronization on an unstable medium is somehow linked to determinism.

"

Sachiru wrote:

"

gonzaw wrote:

Okay, how about this: Authentication based on a hash (SHA1 for example) of the PoE binaries

And how would GGG get the hash? If you say, "the client will send it to them", what's to prevent me from sending a faked hash?

If you say, "encrypt the packet containing the hash", what's to prevent me from capturing a packet from an official, un-hacked client, then relaying that correct packet whenever my hacked client is queried by GGG?

If you say, "attach a timestamp to the encrypted packet", what's to prevent me from forging a timestamp?

If you say, "use server timestamp", what's to prevent me from engineering something that gets the correct hash and computes the encrypted correct hash and server timestamp and relaying that back?

Local control = full control. What you can do, I can fake. What you can encrypt, I can copy and forge.