Graal Forums - Addressing Security inside NPC?

Graal Forums (https://forums.graalonline.com/forums/index.php)

- NPC Scripting (https://forums.graalonline.com/forums/forumdisplay.php?f=8)

- - Addressing Security inside NPC? (https://forums.graalonline.com/forums/showthread.php?t=134270543)

maximus_asinus

09-01-2017 09:34 PM

Addressing Security inside NPC?

How secure are attr[] values from a memory editor? I'm defining them serverside and using them to sync data between the server and client. I'm wondering if because of their nature, will a player running a trainer be able to redefine these values?

A stripped down version of my script:

PHP Code:


		
			
// level NPC

function onCreated() {

  this.attr[1] = ITEM;

  join("CLASS");

}

PHP Code:


		
			
// class NPC

function onActionCHECK() {

  addweapon(this.attr[1]);

}



//#CLIENTSIDE

function onPlayerTouchsMe() {

  // triggeraction CHECK

}

As you can see, IF this.attr[1] is accessible by a trainer then the player could inject code to give himself any item on the server.

MysticalDragon

09-02-2017 03:51 PM

its pretty secure, you can't read client set attrs on serverside

example:

PHP Code:


		
			
function onCreated() { 
  this.attr[2] = "test";
  echo(this.attr[2]);
}

example2

PHP Code:


		
			
function onActionServerSide(temp.cmd) {
  switch(temp.cmd) {
    case "testEcho";
      echo(this.attr[3]); //wont echo anything
    break;
  }
}
//#CLIENTSIDE
function onCreated() {
  this.attr[3] = "test";
  triggerserver("gui", this.name, "testEcho");
}

However you can read server set Attrs on Client

DustyPorViva

09-04-2017 07:35 PM

If it's visible on the client than it can be edited in a memory editor.

The security Graal employs simply means secured variables are updated when changed on the server. You can still edit clientr.variables on the clientside but once the server updates the same flag it will push the new value back to the client and change it back. However changes to the client are not pushed to the server unless it's a variable that is synced(such as a client.variable).

All times are GMT +2. The time now is 02:14 AM.