Open Source Graal?
 

I didn't know exactly where to put this so I put it here.

Do you think Graal should go open source? Please explain why or why not.

I lie somewhere in the middle on this issue. I definitely think that the game client and rc could benefit from more than one person coding it as more ideas and etc. could be shared. Open source has a lot of benefits, but I won't bore you with them as you probably already know them. If you don't, look on the web.

Anyway, I think it could still work as you would still have to purchase subscriptions from Graal Online to play. And as far as people putting malicious code etc in it, perhaps code would have to be submitted to someone before it is added to the client you download at graalonline and make it so that's the only one that will work online. Perhaps an offline mode could work with a non graalonline client for testing.

I can't come up with all the details, but I'm just throwing the idea in the air. It would help keep everyone from impatiently waiting for the next release as updated versions would be much more frequent.

As far as people stealing code and trying to make a "clone", well, perhaps something like the GNU general public license could be used. I dunno. Like I said, I'm just throwing the idea in the air.

I used to want an open source Graal myself, but i've retracted that, because there are far many more bad things that would occur than good things. Graal is very dependant on client-side operation still, a lot of the cheats that are done are through client-side things which are not checked through the server, if Graal were to go open source it would be way too easy to write your own client (or modify the existing), so that will possibly let you do as you wish, or cause some nasty problems with the server.

So, unless there were some heavy rewrites, no, Graal should not become open source.

Re: Open Source Graal?
 

No. They would be throwing four years worth of hard work away. Stefan spent too much time on the client for him just to give it away. Open source isn't the solution in every case. And your malicious code thing doesn't make any sense, if you can download the source then you can connect to the graal online servers no matter what. If you have the source, then you can modify it to your heart's content then connect to the servers and wreak havoc...

Re: Re: Open Source Graal?
 

I agree. Making graal open source would be wasting quite a bit of work. Also, as mentioned, there are too many people who would jump at finding the security vulnerabilities and exploiting them.

Completely and utterly incorrect.

Re: Re: Re: Open Source Graal?
 

Actually it is possible, take it from someone who has done it (Not the source part, but the connection to the servers).

I don't think going open source means you are throwing away your work...

I just think that if the many talented programmers in the community were willing to help, then stefan could accept legitimate contributions.

Well, then I would actually support private work, rather than Open Sourcing it, such as NDA, etc, but -- I think that is too risky, with what Nemesis did even though he signed an NDA (or contract?).

Re: Re: Re: Re: Open Source Graal?
 

Oh yes, I forgot! It doesn't matter how many security checks they use or whatever verifications they have, because if you have the source, you can automatically connect no matter what! It doesn't matter if you're banned, or if you don't have an account, the source gives you the magical power to connect to the servers no matter what!

or maybe give parts of the code and leave out stuff ike the ability to go online with it. I dunno, like I said, I was just throwing the idea out there to see what the commuity thinks about it. I think it could be beneficial but could definitely be abused if improperly implemented.

Re: Re: Re: Re: Re: Open Source Graal?
 

If you have access to the source then you have access the security checks right? You can bypass them by modifiying them. Editing the source, you can probably trick the server you are playing on into thinking you are on an account even though you really aren't. Maybe redirecting the data that the server asks from the client to another account. Christ, I don't know. It's late and I'm tired. But having access to the source would cause more problems than it would be worth.

Re: Re: Re: Re: Re: Re: Open Source Graal?
 

Yep.

Nope.

Very.

Re: Re: Re: Re: Re: Re: Re: Open Source Graal?
 

Meh, 2 out of 3 isn't bad for getting up at 6am.

Actually a long time ago when me and sern were friends (we are no longer friends since I fired him and he went insain and joined team int) he showed me a site hosted by him in which showed all the details of the graal.exe and even had the source code. I might have the site on my lap top but its for an older version of graal anyway.

I find that, very hard to believe. TI is/are nothing but a bunch of idiots repeating what others have done.

Re: Re: Re: Re: Re: Re: Open Source Graal?
 

Yes! you can modify the code server with some source on your hard drive! You're a genius!

(modifying source on your computer != modifying source on the Graalonline servers.)

No? That doesn't even make sense.

Yes, again, you'll redirect something on the server because somehow modifying the source on your hard drive magically modifies the source on the server too. No.

You got it.

No, but with source, you can change how the client interprets, reacts, or behaves toward a security check on the server.

But, for the umpteenth time, it doesn't matter what the client says. The server is the final authenticator. And, if all security checks trusted whatever a client said, the world would be a horribly, miserably insecure place, now wouldn't it?

But the thing is, most of what the client says IS indeed trusted. Which is why we have "wallhacking", etc.

i'll put it into simple terms for you.
Ok, you've found the part where the client reacts to the server's request for a password. You replace it so it send the server "LOL BEANS". The server says "WTF?"

You cant change the script in any way to make the server let you pass, it will wait for a valid password, and that is all.


Wallhacking is from a bug in the client that is abused by a trainer, which uses clientsided scripts to change the players x/y positions without a wallcheck.

I'm not talking about the login request. I'm talking about a couple other things, which i'd rather not state here in case of possible abuse.

Actually "wallhacking" is possible because lo and behold, the client sends exact X and Y coordinates for positions, all walking and default onwall is done on the client end, remove the onwall and thus, you can walk over walls.

The server trusts what X and Y positions the client gives it.

Most?

Things that are trusted:

client.strings
clothes attributes
bombs/arrows counts
x,y position

Things that are not trusted:

Everything else.

I won't get into this, as i'd be giving out many security flaws.

I thought you agreed to "you could connect to the graalonline servers no matter what." Whoops, that just happens to be a "matter what"!

Ah...unmentionable other things are great ways to prove your impossible point! :p

See my above post. The client's reported x,y is trusted by the server.

Agreed. It can be accomplished by doing what I just said, though. :P


[edit]post 1337 ^_^[/edit]

Excellent! Ignore that you were just disproven, ignore my main point, and instead comment on some side thing! :p

You can, i've connected to the Graal servers through my own clients, and successfully logged in.

Proving my points would only give out information that would be abused. I can give you some fine examples in private, if you like.

Define "connected to the Graal servers." And besides, that still does not account for the "no matter what" promised earlier. How can you get through a global ban? How can you get through a lack of, or a deleted, account? Questa implied that nothing can stop you if you have the source. I have proven him incorrect by stating several things that can. You seem to be arguing from the standpoint of "what if all went well and according to plan, with nothing in the way" - I am illustrating the items in the way.

If one person can find these so-called security vulnerabilities, anyone can find them, and it would have already been well-known by now, if not by Stefan himself, then by those annoying script kiddies.

Connected and emulating a real client.

I know of only two people which have delved as deep into the packets of Graal as I have, other than the official coders.


[edit]
You edited your post, thus i'll update mine.

Connected and emulating a real client. I interpreted "no matter what" in a different way than you, I guess. However, global ban? -> new account/ip, account deletion -> new account.

Off topic arhgahhrahgrarhgy get back on topic please.

Yes, but neither of those directly result from you possessing the source. :-\

I define "no matter what" as: "regardless" or "in spite of everything".

On-topic. :( Dealing with the question: "Would having the source allow you to connect to the graalonline servers no matter what?" (no).

THAT IS NOT ON TOPIC! :( The topic is would open source be better or worse for Graal!

It's a sub-topic of the topic, thus, still on topic.

You win, I'll stop ze trolling.

<3

Rick is right about the server trusting the client on certain issues (when, strictly speaking, it shouldn't). Since this is an 'existence' argument, it's impossible to disprove Rick's side without having the entire source code. Those who examine the network protocols form their opinions based on personal experience, while the others form them on unconfirmed faith. Personally I'd more highly value the words of the former group.

Re: Re: Re: Re: Re: Re: Re: Open Source Graal?
 

But in order to verify the client's authenticity doesn't the client have to send data to the server? It can't be completely server sided because the server can't look at the client without asking for data. If you had the client source then you could modify the data sent to verify the client.

Plus: Don't act like I'm a *****, that "You're a genius" part just makes you look like the jerk here. Can't you just drop the arrogance for a little bit and understand that Rick knows what he is talking about?

Re: Re: Re: Re: Re: Re: Re: Re: Open Source Graal?
 

I think he has found out that he is wrong now but can't admit it. So soon he will make this thread go horribly off topic about some argument and force Kai to lock it :grin: .

No, as most likely said before, too much stuff is handled client side, and would allow "hackers" to make trainers a hell of a lot easier (just edit the code). Not to mention, we can't run our own servers, so we can't even get the gserver binary, none the less the gserver source to edit to make a server compatible with any edits of the client. It's made even more pointless since there is no offline playing.

Re: Re: Re: Re: Re: Re: Re: Re: Re: Open Source Graal?
 

You're right, it does send data. (Also, I do not think you understand how verification works: the data sent by the client is examined BY THE SERVER to see if it's okay - you can't change how it is verified after the client sends the data, while you seem to indicate that you think you can). Read, think, and learn:

(Still absolutely correct.)

I'm no genius. And, if you want me to not act like you're a *****, you should read (and think) before you post.

I'm wrong? You can connect to the graal servers no matter what?

I illustrated several "whats" -> I am not incorrect. Rick was arguing against something slightly different than what I was arguing (he interpreted 'no matter what' to mean something different).

And, Trevor, what makes you so sure of that? Some past experience? Some in-depth knowledge of me? Considering you do not know me very well at all, you are not really the most qualified to say that. :-\ Please find three or more examples of this happening in the past, then what you say might have some merit to it.

Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Open Source Graal?
 

Jesus Tseng. It was a joke. Don't take everything so damn literal and offensive. I put the ":grin:" there for a reason.