Graal's insecurities
 

Okay, everyone knows Graal is extremely insecure (when it comes to hacking). I just want to know why? Why in god's name are people able to change event names and function names? How come I can just edit one single function name and be able to bypass it? Most crappier games than Graal have better protection. There are a lot of problems that can be (and we shouldn't have to) fixed locally on the server, just by adding simple detection methods, but these things should at least be a challenge to "hackers". There are a lot of things I can't prevent with local protection and there are a few adjustments that can be made to the engine that can solve virtually hundreds of problems.

Not necessarily.

How is that not so? You can simply open up CE and search for the variable and then change it! Graal's only security for this is it has to be the same length! Hah!

There are programs that let you modify clientside code! Hey guys, ever heard of compiling the code before you send it to the player?

Another thing Stefan could add would be a built-in function checker, but not using GS2 so it couldn't be modified so easily. There could be a list of functions--onwall, onwall2, triggeraction, triggerserver, and other commands like this that are commonly changed, and then it could check that these functions exist every 5 seconds or so. Then it could d/c the player for hacking, and echo in rc

Player bob disconnected for disabling built-in functions (Hacker?)

GS2 scripts are compiled and sent to the client. GS1 scripts are not.

Hmmm, really? I'm almost 100% sure they aren't compiled... if they were, you couldn't just change the function names, and we wouln't have editors (let "hackers" modify any clientside code.

Yeah I am sure that GS2 scripts are compiled when sent to the client. I have asked for some things before from Stefan that had to do with clientside scripts or something (I forgot what it was) and he said it wasn't possible because the scripts were compiled before being sent to the client.

Maybe they found a way to de-compile them?

By the way, all the classic servers except for Zodiac are still using GS1.

UN has gone GS2. Classic has alot of GS2 stuff. Also, there are decompilers which can work while the program is running. It looks for common calls/functions in many scripting languages.

Does that mean that with my MapleStory hack, I can change some graal values and stuff?

Did you feel the need to post something useless and unneeded on this thread?


It means you can change onwall to onrall or something and you will be able to walk on walls. There is no process of hackers getting around any type of security, you open a hex editing program and search text onwall, change it and walk around on walls. It means people are changing actionprojectile to actionprojectilr and not getting hurt by any type of projectile. It's unfair that Graal's insecurities are ruining the paying user's time on Graal.

Sorry, I was referring to this statement:
Most crappier games than Graal have better protection.

Not many games waste the amount of time Stefan does on protecting hacks. Infact, I don't know any games that scan your running processes for hacks.

There are method to check for edited functions and such. I know you can check bitvalues which will return whether a variable/function has been altered. For example,

The next Graal version will have better protection against this. I don't want to give details on this though.