• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

What are you using to protect your custom client?

tarantonio

Old School Player
Joined
Jun 21, 2009
Messages
714
Best answers
0
Reaction score
177
I’m only aware of paid software like VMProtect and similar ones.
What are you using or planning to use?
 

Stanos

Advanced OT User
Joined
Jun 12, 2018
Messages
424
Best answers
0
Reaction score
160
To protect your shit you have to encrypt your client if im not wrong.
 

Merrok

Magic Tomato
Joined
Jun 18, 2009
Messages
133
Best answers
6
Reaction score
150
To protect your shit you have to encrypt your client if im not wrong.
That is kind of true, you can encrypt your code but it must be decrypted to be executed. The computer needs to be able to read the code to start the program. So at the start it does get decrypted, meaning the key to decrypt the code is on your pc and it just makes it harder for people to get to the code but still not impossible.

VMProtect uses a different style. It runs the program in a virtual environment making it even harder to gain access, but with the possibility of loss of performance.

There are a few ways to protect your software, the easiest way to figure it out is to google it.
There are people out there with way more expertise on the subject than in this forum.
Better take their advice ;)
 

Discovery

Developing myself
Joined
Apr 16, 2010
Messages
509
Best answers
10
Reaction score
189
Location
Neverland
That is kind of true, you can encrypt your code but it must be decrypted to be executed. The computer needs to be able to read the code to start the program. So at the start it does get decrypted, meaning the key to decrypt the code is on your pc and it just makes it harder for people to get to the code but still not impossible.

VMProtect uses a different style. It runs the program in a virtual environment making it even harder to gain access, but with the possibility of loss of performance.

There are a few ways to protect your software, the easiest way to figure it out is to google it.
There are people out there with way more expertise on the subject than in this forum.
Better take their advice ;)
That is!

Protection is everything.
 
OP
tarantonio

tarantonio

Old School Player
Joined
Jun 21, 2009
Messages
714
Best answers
0
Reaction score
177
I'm only asking for the methods/software that people are using or planning to use to protect custom clients.
 

christophe

Member
Joined
Aug 3, 2008
Messages
125
Best answers
0
Reaction score
14
don't get me wrong but don't you guys see a bit of an issue in protecting something that is open source...
(this is what is wrong with the current OTC community :/)
 

LooSik

Active Member
Joined
Oct 12, 2007
Messages
197
Best answers
1
Reaction score
29
don't get me wrong but don't you guys see a bit of an issue in protecting something that is open source...
(this is what is wrong with the current OTC community :/)
I think it's more of an issue regarding botting for example. Leaving your client open = bot heaven.
 

Xagul

deathzot.net
Joined
Jun 30, 2008
Messages
1,296
Best answers
2
Reaction score
993
don't get me wrong but don't you guys see a bit of an issue in protecting something that is open source...
(this is what is wrong with the current OTC community :/)
Yea people in this community just take take take and never give back.

I can understand not wanting to always be on the forum releasing stuff for people or helping people, I myself rarely do it because it's just not something I enjoy doing (sitting around on a forum all day) so I'm not trying to white knight here but come on... To literally go out of your way to obfuscate lua scripts (of all things lol) in your OTC just shows 1 thing, not that you are too lazy or uninterested in benefiting this community project, but that you are actively willing to go out of your way to ensure that you NEVER contribute anything, even by accident. It's discouraging to say the least and I'm not even a super active forum user, I can't even imagine why people like <actually there are too many to name but you know who you are> even bother checking this forum every day to help people or put work into the github projects. Seriously, hats off to you guys.

I cannot claim to know what everyone here is doing for their OTs but there are 3 main things you need to create a server:
  1. The server (lets be real, everyone is using TFS or a variation thereof)
  2. A map editor (Likely RME or the other one that nobody uses, I forget the name... Simones?)
  3. A client (likely CIPs but now it seems OTC is becoming more widely accepted.)
And I am confident that there is not a single person on here that has made their own program for all 3 from scratch which means everyone is at least using something from this community.

Assuming the above is true, and clearly it is for someone using OTC, would it really be so unreasonable for those that are interested in progressing the development of OTC to take a snippet of your LUA code if they thought it would be useful? Seeing as you are likely utilizing over a decade of code generated by this community, the way I see it this would be the least you could do. Actually you wouldn't be doing anything at all that's the beauty of it! You could literally do nothing and maybe some little feature or fix you added is something that the OTC has needed for so long to help make it more mainstream and someone other than you could add it to the main project thus benefiting everyone.

But hey, that's just me... Maybe I'm being unreasonable... Who knows.
 

Apollos

Dude who does stuff
Joined
Apr 22, 2009
Messages
758
Best answers
114
Reaction score
524
Location
United States
There is plenty of reasons to protect your files besides keeping people from stealing your scripts. Sprites, antibot, stopping edits to client for gameplay advantage.

If you want to keep your scripts open for viewing yet protected you could look into getting checksum of files and comparing server side, if the checksum differs refuse login. Otherwise mole box or equivalent is a good option.
 

Felipe93

Ghost Member
Joined
Mar 21, 2015
Messages
1,611
Best answers
9
Reaction score
244
Location
Chile
I think it's more of an issue regarding botting for example. Leaving your client open = bot heaven.
in order to block bots just add in preprocessors BOT_PROTECTION definition :) that would block the bots
 

Xagul

deathzot.net
Joined
Jun 30, 2008
Messages
1,296
Best answers
2
Reaction score
993
There is plenty of reasons to protect your files besides keeping people from stealing your scripts. Sprites, antibot, stopping edits to client for gameplay advantage.

If you want to keep your scripts open for viewing yet protected you could look into getting checksum of files and comparing server side, if the checksum differs refuse login. Otherwise mole box or equivalent is a good option.
I understand where you are going with this, and it is much better than going out of your way to make sure that your changes can never be had by the community but it's still a waste of time.
  1. You aren't going to protect your sprites. You have to give us the client to play your server because that is the entire point of all this right? This means we can literally log into the server and screenshot all the sprites and "steal" them.
  2. The client already has protection for LUA calling any function in certain ways that could be used for a "bot" as long as you don't manually go in and disable it. This is done in the source which of course would not be included with a client download I would assume.
  3. There are no edits you can do in the client to gain a gameplay advantage, anything that could be automated would be caught by the anti-bot feature that I previously mentioned. Everything important, such as player/item movement limitations, exhaust rates, or view range is and should always be server-sided because programs like WPE and cheat engine exist. Anything else will just be done with a simple keyboard macro that comes standard with any gaming keyboard that was made in the last 5 years and cost $20. In the event that someone does not have such a keyboard (and even some that do), they will just use autohotkey (or worse) which is even more powerful than said keyboards anyway.
  4. If people really want to cheat your server, they can just modify their own OTC to connect. In all honesty, it wouldn't really be that difficult. How do you think TFS and OTC exist in the first place? It's not like Cip was sharing their updates with the OT community.
 

Apollos

Dude who does stuff
Joined
Apr 22, 2009
Messages
758
Best answers
114
Reaction score
524
Location
United States
I understand where you are going with this, and it is much better than going out of your way to make sure that your changes can never be had by the community but it's still a waste of time.
  1. You aren't going to protect your sprites. You have to give us the client to play your server because that is the entire point of all this right? This means we can literally log into the server and screenshot all the sprites and "steal" them.
  2. The client already has protection for LUA calling any function in certain ways that could be used for a "bot" as long as you don't manually go in and disable it. This is done in the source which of course would not be included with a client download I would assume.
  3. There are no edits you can do in the client to gain a gameplay advantage, anything that could be automated would be caught by the anti-bot feature that I previously mentioned. Everything important, such as player/item movement limitations, exhaust rates, or view range is and should always be server-sided because programs like WPE and cheat engine exist. Anything else will just be done with a simple keyboard macro that comes standard with any gaming keyboard that was made in the last 5 years and cost $20. In the event that someone does not have such a keyboard (and even some that do), they will just use autohotkey (or worse) which is even more powerful than said keyboards anyway.
  4. If people really want to cheat your server, they can just modify their own OTC to connect. In all honesty, it wouldn't really be that difficult. How do you think TFS and OTC exist in the first place? It's not like Cip was sharing their updates with the OT community.
Really fair points bro. Although for the game play advantage my only frame of reference was from a fix I attempted to make for problems with old versions and targeting with runes. As you can see here someone could easily go back into this and change the scripts a bit in order to be able to send runes through battle windows again, or any equivalent to a problem similar to this.

However, even though this may be my lack of knowledge to edit sources to avoid situations like this it's still something that can happen to many people learning coding. I just feel like using a tool like molebox to protect your scripts is a safe and effective option to ease any doubts(at least from what I'm aware of pertaining to the security of this tool).

That said anyone who is guilty of using system like this to hide your files from anyone learning from/using them is contributing to the problem we have here on otland and I agree that it's not fair, but I don't think greediness should be the blame for someone seeking out solutions like this.
 
OP
tarantonio

tarantonio

Old School Player
Joined
Jun 21, 2009
Messages
714
Best answers
0
Reaction score
177
I share my poor knowledge here on OTland and Github on almost all the OT repos around there.
This is not incompatible with open a server and trying to keep cheats and bots away. I only want to protect gameplay things I cannot modify on sources to make a client suitable to my server version (example: no hotkeys to aim), or at least still don't know how to modify on sources.
 

Xagul

deathzot.net
Joined
Jun 30, 2008
Messages
1,296
Best answers
2
Reaction score
993
I share my poor knowledge here on OTland and Github on almost all the OT repos around there.
This is not incompatible with open a server and trying to keep cheats and bots away. I only want to protect gameplay things I cannot modify on sources to make a client suitable to my server version (example: no hotkeys to aim), or at least still don't know how to modify on sources.
Yea I understand what you and @Apollos are saying here and while I agree in this specific situation 2 things.
  1. Auto hotkey will still allow people to cheat the targeting system.
  2. The fact that there is not already classic targeting/hotkey protection in the OTC source is exactly the core problem I'm describing. I am quite certain someone has done it already but just refuses to share it with the project meaning everyone that wants to make a classic server is worse off for it. OTC is extremely underdeveloped and has glaring issues that have persisted for years because nobody wants to share what they have and the people that do seem to be lacking the time or motivation to put in the work.
The reason I am so... passionate? about this subject is because after playing real tibia for just a month using their new client and all of the features it has to offer (like playing with WASD and tab targeting) I never want to play another version of tibia again. I can't even stand logging into my own server Deathzot anymore without using the OTC Flatlander and myself have worked on which includes many of these features. I would really like to see the OTC become mainstream for OTs but it's going to take us working as a community to make it happen because I think most people right now just don't want to deal with it in its current state.
 
Last edited:
OP
tarantonio

tarantonio

Old School Player
Joined
Jun 21, 2009
Messages
714
Best answers
0
Reaction score
177
Yea I understand what you and @Apollos are saying here and while I agree in this specific situation 2 things.
  1. Auto hotkey will still allow people to cheat the targeting system.
  2. The fact that there is not already classic targeting/hotkey protection in the OTC source is exactly the core problem I'm describing. I am quite certain someone has done it already but just refuses to share it with the project meaning everyone that wants to make a classic server is worse off for it. OTC is extremely underdeveloped and has glaring issues that have persisted for years because nobody wants to share what they have and the people that do seem to be lacking the time or motivation to put in the work.
The reason I am so... passionate? about this subject is because after playing real tibia for just a month using their new client and all of the features it has to offer (like playing with WASD and tab targeting) I never want to play another version of tibia again. I can't even stand logging into my own server Deathzot anymore without using the OTC Flatlander and myself have worked on which includes many of these features. I would really like to see the OTC become mainstream for OTs but it's going to take us working as a community to make it happen because I think most people right now just don't want to deal with it in its current state.
WASD is on standard OTClient.
Do you have something new on Deathzot OTClient to share with us?
 

Apollos

Dude who does stuff
Joined
Apr 22, 2009
Messages
758
Best answers
114
Reaction score
524
Location
United States
Yea I understand what you and @Apollos are saying here and while I agree in this specific situation 2 things.
  1. Auto hotkey will still allow people to cheat the targeting system.
  2. The fact that there is not already classic targeting/hotkey protection in the OTC source is exactly the core problem I'm describing. I am quite certain someone has done it already but just refuses to share it with the project meaning everyone that wants to make a classic server is worse off for it. OTC is extremely underdeveloped and has glaring issues that have persisted for years because nobody wants to share what they have and the people that do seem to be lacking the time or motivation to put in the work.
The reason I am so... passionate? about this subject is because after playing real tibia for just a month using their new client and all of the features it has to offer (like playing with WASD and tab targeting) I never want to play another version of tibia again. I can't even stand logging into my own server Deathzot anymore without using the OTC Flatlander and myself have worked on which includes many of these features. I would really like to see the OTC become mainstream for OTs but it's going to take us working as a community to make it happen because I think most people right now just don't want to deal with it in its current state.
I completely agree. I have been adding pull requests and doing my best to contribute what I can and I know a few others have recently as well, but not enough people. I think since Don created the new repo I have hope people will begin to work on it again, especially since their pull request/issues will be heard.

Although there will always be section of otland that is just greedy devs and I don't think there's any way we could stop that.
 

christophe

Member
Joined
Aug 3, 2008
Messages
125
Best answers
0
Reaction score
14
WASD is on standard OTClient.
Do you have something new on Deathzot OTClient to share with us?
this is just 1 of the things he did but you'll have to wait for dzot launch to see all of it (should not be to long)
also keep on mind its a bit better then just wasd my keyboard for example is azerty so the keys i used instead of wasd is qszd.
 
Top