Great advice. I've done some simple hacking on tibia servers, and i found out rotating addresses seem to be popular. I don't expect to prevent someone who has hacking experience, i just want to prevent people whom have no or low amount of experience. For example, in similar fashion:
Every time the client is executed, it receives from server a randomly encrypted (to avoid packet sniffing?) offset value, used to change the addresses. I want to implement something that at least increases the time/knowledge it takes to create a bot, and a dynamic way of changing things up.
Is this complicated? Can you refer a tutorial, or suggest a path in learning more of this? I have basic programming knowledge in assembly/c/data communication. Thanks
Rotating addresses - Do you mean that some parameter you found (for example in cheat engine) is on another memory address every time you run the client yea?
- Well if yes, then I need to disappoint you. Those params are just dynamically allocated (while program starts) and mid-experienced cracker will find their position by memory/pointer scanning. In the end It will be something like chain of addresses starting with constant address (that never change its position with respect to base address) pointing to some address, then pointing to some address then pointing to wanted address. Those are exactly multi pointers in C/C++.
Packet anti-sniffing is already done since tibia 7.7 when RSA encryption was added.
Im not sure if you can multiply change the physical address of something in your client by easy way. Creating some more 'clone' parameters and defining by server which one is correct in given time might be a solution, but what about time synchronization between server and many clients? Remember that server must confirm every action player do and everything needs to run smooth.
Anyway you're on good way to go because -
you want to create something unique
Usually cracker just treat tibia client just as every other and try to hack it traditionally, but when he met first extraordinary protection (or client uncommonness) he might and probably will just give up.
Your server will be safe as long it wont become super popular and it will be worth to spend super-more time to find out what did you create there.
In future I plan to try to create some easy anti-bot. I will start with creating some tibia-api, dll injection and then try to mess with tibia packets send/receive. Thats how bot works, they just send packets with action codes (opcodes) instead of you. I would recommend you to look there then.
Would be great if someone more experienced will join this discussion. I'd love to know some already known tips to fights with botters too. If not , there might be also chance to talk about it on some cracker forums - tpforums/tibiapf - you can met there some pros, but usually forums are quite dead.