[MUD-Dev] How to Hurt the Hackers: The Scoop on Internet Cheating and How You Can Combat It by Matt Pritchard

Hans-Henrik Staerfeldt hhs at cbs.dtu.dk
Thu Jul 27 14:53:02 New Zealand Standard Time 2000

On Wed, 26 Jul 2000, J C Lawrence wrote:
> Client-server games unfortunately can't benefit as much from these
> techniques, as they lack full game information and by design must
> rely on the authority of the server. We will look at this more a bit
> later.

This makes me think of this scheme;

In a Client/Server setup, on a synch-event let the Server send a small=20
program/function that needs to be executed on the Client machine. It=20
could be some CRC over a peice of a file or memory that the program=20
itself knows about, using a specific method. The idea is that the=20
program may evolve and change without the hacker can control it. The=20
people running the server simply release a new one each day, and
randomly vary some parameters each hour. The program then communicate=20
back its findings to the Server, that checks it to see if it is correct.=20

This method may have serious security risks, especially, if applied to=20
privately run servers, that could dish out trojan horses to all the
connecting client machines :-(.

Hacking that would need the hacker to set up a virtual machine, where
the 'original' game is running on, with the right data, and emulate=20
running the program there. Not exactly an easy task. Perhaps so hard=20
that they will give up.

This is not simply security by obscurity, as the hacker never has a chanc=
of figuring out the obscurity.

Hans Henrik St=E6rfeldt   |    bombman at diku.dk    | work:  hhs at cbs.dtu.dk=
address:                |___  +45 40383492    __|__       +45 45252425   =
 Dybendalsvej 74 2. th, | Scientific programmer at Center for Biological =
 2720 Vanl=F8se, Danmark. |  Sequence Analysis, Technical University of D=

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list