Graal Forums  

Go Back   Graal Forums > Development Forums > Tech Support
Reload this Page Graal's insecurities
FAQ Members List Calendar Today's Posts

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-26-2007, 03:48 AM
Tigairius Tigairius is offline
The Cat
Tigairius's Avatar
Join Date: Jan 2007
Location: Missouri, USA
Posts: 4,240
Tigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant future
Graal's insecurities
Okay, everyone knows Graal is extremely insecure (when it comes to hacking). I just want to know why? Why in god's name are people able to change event names and function names? How come I can just edit one single function name and be able to bypass it? Most crappier games than Graal have better protection. There are a lot of problems that can be (and we shouldn't have to) fixed locally on the server, just by adding simple detection methods, but these things should at least be a challenge to "hackers". There are a lot of things I can't prevent with local protection and there are a few adjustments that can be made to the engine that can solve virtually hundreds of problems.
__________________


“Shoot for the moon. Even if you miss, you'll land among the stars.”
  #2  
Old 05-26-2007, 06:58 AM
Deadly_Killer Deadly_Killer is offline
Registered User
Join Date: Feb 2002
Posts: 227
Deadly_Killer is on a distinguished road
Quote:
Originally Posted by Tigairius View Post
...
Not necessarily.
__________________
- Zidane / Zidaya
  #3  
Old 05-26-2007, 01:31 PM
cbk1994 cbk1994 is offline
the fake one
cbk1994's Avatar
Join Date: Mar 2003
Location: San Francisco
Posts: 10,718
cbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond repute
Send a message via AIM to cbk1994
How is that not so? You can simply open up CE and search for the variable and then change it! Graal's only security for this is it has to be the same length! Hah!

There are programs that let you modify clientside code! Hey guys, ever heard of compiling the code before you send it to the player?

Another thing Stefan could add would be a built-in function checker, but not using GS2 so it couldn't be modified so easily. There could be a list of functions--onwall, onwall2, triggeraction, triggerserver, and other commands like this that are commonly changed, and then it could check that these functions exist every 5 seconds or so. Then it could d/c the player for hacking, and echo in rc

Player bob disconnected for disabling built-in functions (Hacker?)
__________________
  #4  
Old 05-26-2007, 01:45 PM
zokemon zokemon is offline
That one guy...
zokemon's Avatar
Join Date: Mar 2001
Location: Sonoma County, California
Posts: 2,925
zokemon is a jewel in the roughzokemon is a jewel in the rough
Send a message via ICQ to zokemon Send a message via AIM to zokemon Send a message via MSN to zokemon Send a message via Yahoo to zokemon
Quote:
Originally Posted by cbkbud View Post
How is that not so? You can simply open up CE and search for the variable and then change it! Graal's only security for this is it has to be the same length! Hah!

There are programs that let you modify clientside code! Hey guys, ever heard of compiling the code before you send it to the player?

Another thing Stefan could add would be a built-in function checker, but not using GS2 so it couldn't be modified so easily. There could be a list of functions--onwall, onwall2, triggeraction, triggerserver, and other commands like this that are commonly changed, and then it could check that these functions exist every 5 seconds or so. Then it could d/c the player for hacking, and echo in rc

Player bob disconnected for disabling built-in functions (Hacker?)
GS2 scripts are compiled and sent to the client. GS1 scripts are not.
__________________
Do it with a DON!
  #5  
Old 05-26-2007, 03:00 PM
zephirot zephirot is offline
Banned?
Join Date: Sep 2004
Location: Paris
Posts: 1,311
zephirot is a name known to allzephirot is a name known to allzephirot is a name known to all
Send a message via AIM to zephirot Send a message via MSN to zephirot
Quote:
Originally Posted by cbkbud View Post
How is that not so? You can simply open up CE and search for the variable and then change it! Graal's only security for this is it has to be the same length! Hah!

There are programs that let you modify clientside code! Hey guys, ever heard of compiling the code before you send it to the player?

Another thing Stefan could add would be a built-in function checker, but not using GS2 so it couldn't be modified so easily. There could be a list of functions--onwall, onwall2, triggeraction, triggerserver, and other commands like this that are commonly changed, and then it could check that these functions exist every 5 seconds or so. Then it could d/c the player for hacking, and echo in rc

Player bob disconnected for disabling built-in functions (Hacker?)
Does that mean that with my MapleStory hack, I can change some graal values and stuff?
__________________

Quote:
Originally Posted by unixmad
Can you just shut up ?
MAGA
MFGA
MEGA
  #6  
Old 05-26-2007, 01:51 PM
cbk1994 cbk1994 is offline
the fake one
cbk1994's Avatar
Join Date: Mar 2003
Location: San Francisco
Posts: 10,718
cbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond repute
Send a message via AIM to cbk1994
Hmmm, really? I'm almost 100% sure they aren't compiled... if they were, you couldn't just change the function names, and we wouln't have editors (let "hackers" modify any clientside code.
__________________
  #7  
Old 05-26-2007, 02:13 PM
zokemon zokemon is offline
That one guy...
zokemon's Avatar
Join Date: Mar 2001
Location: Sonoma County, California
Posts: 2,925
zokemon is a jewel in the roughzokemon is a jewel in the rough
Send a message via ICQ to zokemon Send a message via AIM to zokemon Send a message via MSN to zokemon Send a message via Yahoo to zokemon
Quote:
Originally Posted by cbkbud View Post
Hmmm, really? I'm almost 100% sure they aren't compiled... if they were, you couldn't just change the function names, and we wouln't have editors (let "hackers" modify any clientside code.
Yeah I am sure that GS2 scripts are compiled when sent to the client. I have asked for some things before from Stefan that had to do with clientside scripts or something (I forgot what it was) and he said it wasn't possible because the scripts were compiled before being sent to the client.

Maybe they found a way to de-compile them?

By the way, all the classic servers except for Zodiac are still using GS1.
__________________
Do it with a DON!
  #8  
Old 05-26-2007, 02:45 PM
Twinny Twinny is offline
My empire of dirt
Twinny's Avatar
Join Date: Mar 2006
Location: Australia
Posts: 2,422
Twinny is just really niceTwinny is just really nice
Send a message via AIM to Twinny
Quote:
Originally Posted by zokemon View Post
Yeah I am sure that GS2 scripts are compiled when sent to the client. I have asked for some things before from Stefan that had to do with clientside scripts or something (I forgot what it was) and he said it wasn't possible because the scripts were compiled before being sent to the client.

Maybe they found a way to de-compile them?

By the way, all the classic servers except for Zodiac are still using GS1.
UN has gone GS2. Classic has alot of GS2 stuff. Also, there are decompilers which can work while the program is running. It looks for common calls/functions in many scripting languages.
  #9  
Old 05-26-2007, 04:15 PM
Tigairius Tigairius is offline
The Cat
Tigairius's Avatar
Join Date: Jan 2007
Location: Missouri, USA
Posts: 4,240
Tigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant futureTigairius has a brilliant future
Quote:
Originally Posted by Deadly_Killer View Post
Not necessarily.
Did you feel the need to post something useless and unneeded on this thread?


Quote:
Originally Posted by zephirot View Post
Does that mean that with my MapleStory hack, I can change some graal values and stuff?
It means you can change onwall to onrall or something and you will be able to walk on walls. There is no process of hackers getting around any type of security, you open a hex editing program and search text onwall, change it and walk around on walls. It means people are changing actionprojectile to actionprojectilr and not getting hurt by any type of projectile. It's unfair that Graal's insecurities are ruining the paying user's time on Graal.
__________________


“Shoot for the moon. Even if you miss, you'll land among the stars.”
  #10  
Old 05-26-2007, 04:28 PM
Deadly_Killer Deadly_Killer is offline
Registered User
Join Date: Feb 2002
Posts: 227
Deadly_Killer is on a distinguished road
Quote:
Originally Posted by Tigairius View Post
Did you feel the need to post something useless and unneeded on this thread?
Sorry, I was referring to this statement:
Most crappier games than Graal have better protection.

Not many games waste the amount of time Stefan does on protecting hacks. Infact, I don't know any games that scan your running processes for hacks.
__________________
- Zidane / Zidaya
  #11  
Old 05-26-2007, 04:38 PM
Twinny Twinny is offline
My empire of dirt
Twinny's Avatar
Join Date: Mar 2006
Location: Australia
Posts: 2,422
Twinny is just really niceTwinny is just really nice
Send a message via AIM to Twinny
There are method to check for edited functions and such. I know you can check bitvalues which will return whether a variable/function has been altered. For example,

PHP Code:
freeze with freezx
freezeplayer with freezxplayer
returnvalue bitflags1001111 
  #12  
Old 05-26-2007, 05:46 PM
Admins Admins is offline
Graal Administration
Join Date: Jan 2000
Location: Admins
Posts: 11,693
Admins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud of
The next Graal version will have better protection against this. I don't want to give details on this though.
Closed Thread

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 01:41 PM.

Contact Us - Graal - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.