• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

OTClient Forcing Auto-Update in OTClient

Tibia Idle

Tibia Idle

Active Member
Joined
Nov 23, 2023
Messages
149
Reaction score
28
Hey,
Is it possible to force OTClient to auto-update before connecting to an OTS? I want to make sure players can't play without the latest version.
Any ideas on how to achieve this?
 
Sort by date Sort by votes
Tibia Idle said:
Hey,
Is it possible to force OTClient to auto-update before connecting to an OTS? I want to make sure players can't play without the latest version.
Any ideas on how to achieve this?
Click to expand...
You can check version in server and match it.. it would require you to update version in server every time you update your client to a breaking version
 
Upvote 0 Downvote
But it's easy to replace the Lua file with your own, so the player can bypass the update. I've secured the client so it can't connect from an unofficial version (in the C++ code of both the client and server), but there's still the issue of replacing Lua modules, and I want to block that.
 
Upvote 0 Downvote
What is a goal of forcing someone to use your client?
Make sure it won't crash, when you add new items? Block bots?

OTCv8 has updater included, it's not forced - you can press Escape to disable it or turn off network, when you start client, to make sure it won't connect to updater server.

As @samco said, use server 'version' instead of tibia protocol and check it on server side. Like now you got ex. 860 protocol for 8.60 client, you can set it in client to 10001 and set same version on server side to detect that someone uses unofficial client. When you make update on server/client that breaks compatibility with old client, you change version on server and client to ex. 10002 and server won't allow connections from other protocol version than expected.
 
Upvote 0 Downvote
Gesior.pl said:
What is a goal of forcing someone to use your client?
Make sure it won't crash, when you add new items? Block bots?

OTCv8 has updater included, it's not forced - you can press Escape to disable it or turn off network, when you start client, to make sure it won't connect to updater server.

As @samco said, use server 'version' instead of tibia protocol and check it on server side. Like now you got ex. 860 protocol for 8.60 client, you can set it in client to 10001 and set same version on server side to detect that someone uses unofficial client. When you make update on server/client that breaks compatibility with old client, you change version on server and client to ex. 10002 and server won't allow connections from other protocol version than expected.
Click to expand...
that's what I did. I changed the required version to 22xx. however, the problem is that the player can change the client's lua script easily by throwing them into data.zip unless there is a method to completely hide the data zip and make it uneditable by replacing or simply editing the code. I want to block bots and lua file editing by players.

edit: I've actually blocked (probably because I haven't tested) the bots, the second option you suggested and I don't want to reveal it here :) I'd also like to block the ability to edit lua files in data.zip
 
Last edited:
Upvote 0 Downvote
Tibia Idle said:
data.zip unless there is a method to completely hide the data zip and make it uneditable by replacing or simply editing the cod
Click to expand...
data.zip can be there, you can make it hard to edit or use in other client.

I've released OTCv8 with bot removed and blocked:
github.com

Client without bot and with VS project to build special safe .exe for… · gesior/otcv8-dev@64a7939

… players
github.com github.com

After you replace OTCv8 encryption password in 2 places // replace "0xABCD1234" with your unique encryption/decryption key values in 2 places in this file (bencrypt/bdecrypt)):
github.com

Client without bot and with VS project to build special safe .exe for… · gesior/otcv8-dev@64a7939

… players
github.com github.com
github.com

Client without bot and with VS project to build special safe .exe for… · gesior/otcv8-dev@64a7939

… players
github.com github.com
No one will be able to add own .lua to your client or use your .lua in his client (whole data.zip won't work).

Of course hackers can read changed 0xABCD1234 encryption key value from your compiled .exe and use it in their own client, but it's easier to write own bot and inject it into OTC (ex. RifBot).

If you want to make your client absolutely unique, you can edit network packets IDs in OTC and OTS code, so other OTClients will get black screen, when they try to login, even with all your Lua/spr/dat files.
 
Upvote 0 Downvote
By default, does OTClient support unencrypted files?
I encrypted my data and then, for testing purposes, uploaded unencrypted files to the updater folder. OTClient downloads and runs them without any issues. Similarly, it's possible to manually replace files with unencrypted ones, and they are still processed correctly.
In my otclientv8 the function looks different:
C++: 
void Crypt::bdecrypt(uint8_t* buffer, int len, uint64_t k) {
    uint32_t const key[4] = { (uint32_t)(k >> 32), (uint32_t)(k & 0xFFFFFFFF), 0xDEADDEAD, 0xB00BEEEF };
// replace "0xABCD1234" with your unique encryption/decryption key values in 2 places in this file (bencrypt/bdecrypt)
    uint32_t const key[4] = {
        (uint32_t)((k >> 32) & 0xABCD1234),
        (uint32_t)(k & 0xABCD1234),
        (uint32_t)(k & 0xABCD1234),
        (uint32_t)(k & 0xABCD1234)
    };

Does the default OTClient v8 lack this feature, and only your version enforces running encrypted files exclusively?
 
Upvote 0 Downvote
Thanks again for your help. A few changes in otclient sources and I managed to make otclient run only when it has lua files encoded. Let's hope it doesn't turn out that otclient already had this feature :D


1741615586958.webp
 
Upvote 0 Downvote

Similar threads

ausirosiris
  • Question Question
TFS 1.X+ Spell that makes screen black!!
Replies
2
Views
174
ausirosiris
ausirosiris
nkedzierski93
  • Question Question
OTClient OTClient login problem
Replies
5
Views
323
nkedzierski93
nkedzierski93
Back
Top