[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World D esign)

Jon Leonard jleonard at divcom.slimy.com
Wed Oct 14 16:36:02 New Zealand Daylight Time 1998

On Wed, Oct 14, 1998 at 04:07:03PM -0500, Wilburn, E.J. wrote:
> > -----Original Message-----
> > From:	Marc Hernandez [SMTP:marc at jb.com]
> > Sent:	Wednesday, October 14, 1998 2:21 PM
> > 
> > 	Is there any way to stop other processes from at least writing and
> > preferebly both reading and writing a Win 95/98/NT processes memory? Is
> > there 
> > any way to stop programs from being run via a debugger or at least detect
> > it?  
> > 
> > Marc Hernandez		marc at eisoftware.com
> > Programmer		www.eisoftware.com
> > 
> I don't know if you're at all familiar with Subspace from Virgin Interactive
> <http://www.vie.com/subspace>, but they would attempt to detect any
> debuggers in memory and then log the IP address of the system attempting to
> debug their program.  I'm not sure how well it worked but the few months I
> spent playing SubSpace were relatively cheat free.  I'm not sure as to the
> exact implementation since they didn't pass that information out for obvious
> reasons.  I'm assuming they probably just search through the task list
> and/or window list for certain identifying strings.

Logging the IP address of a cheat is an interesting deterrent, but in a
world of dynamic IP addresses it doesn't give you anything worthwhile.

Requiring a valid serial number to connect (a cryptographicly signed
one, so they can't be faked), and then logging that is probably better.
That way you can permanently disable the game for someone who tries.
The same technique can detect illegal copies, and do all sorts of other
big-brotherish tracking.

Searching memory for debuggers isn't that useful, though.  A determined
analyst can snoop network trafic, run under an emulator (how do you know
my 600 MHz alpha isn't really a sluggish PC?), or even attach a logic
analyzer to the system.  At best that sort of technique just slows
down hacks.

It might make it harder than bribing an insider for some source code,

I favor doing client data validation in the server, and more or less
defining as legal anything that follows the protocol.  It just seems
simpler and more secure that way.

Jon Leonard

More information about the MUD-Dev mailing list