Plugin Request: Security - Pure Client Check

Discussion in 'Archived: Plugin Requests' started by tremor, Jan 5, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    tremor

    I know this can be done, and has to be done. For server admins who want to have any type of real control over an environment, an economy and their Minecraft World at large... as long as there are client side components that do not jive with your plans as a server admin, you will be at the mercy of cheaters, trolls and hackers.

    A Pure Client Check would make a request upon client connection for an md5 checksum of the client code. This might have to be a core feature of bukkit rather than a plugin. Think of it as PunkBuster for Minecraft. The goal would be to eliminate the use of modified clients to prevent things like ore detection. This would be server configurable for admins who just don't care. This could also include an option to force usage of the default texture pack (to eliminate invisible block packs) or a selection of approved texture packs.

    I hope someone picks this idea up... I would make an effort myself but I barely find the time to play let alone code.
     
  2. I will be honest with you, doing a client check is a catch 22.
    to do a check the minecraft client needs to be modded.
    People could hack the client check mod and imitate a legit client connecting.

    the only real way of preventing ore detection if you have the CPU and network capacity to, is to have the server "hide" ore blocks as smoothstone to clients, and only show them to the client (send a block update) when they get within a certain radius (5-7 blocks).
     
  3. Offline

    tremor

    In response to your quote: "People could hack the client check mod and imitate a legit client connecting." I thought a scan of valid client code would be exactly how to prevent this??? If the client code base is changed in anyway, even in the slightest amount, it won't pass a pure check. It's not foolproof, but it is sure to go along way. What about even a client wrapper? Hooked into a master server that scans for certain behaviors or code manipulation. If services like Punkbuster can be implemented for Call of Duty and Quake... can't the geniuses of the Minecraft development community come up with something?
     
  4. Offline

    feverdream

    Services like Punkbuster can be fooled by aimbots too.

    And I don't even think - somebody please prove me wrong - that the client even supports this. So you would need a client mod used to check to make sure the client was not modded..
     
  5. Offline

    ElliottB

    The only solution that is feasible is to approach it is in a way like HL-Guard from days long ago. A third party application that must be run before the launch of minecraft and hooks into/reads the memory of the client. This application would check itself, of course, on runtime and connect to the server or a master server. With either approach, it could either go off a basic 'is standard' check or have a detection library that is downloaded or packaged with it on release.

    Let's call it MC-Guard.

    MC-Guard checks minecraft against md5 hash, checks for common memory signatures in case of a mod loader that injects mods via memory, and so on. MC-Guard would communicate with the server on a specified port stating the status of the player's install. The MC-Guard server would relay this information to CraftBukkit via a plugin and force an action.

    Essentially this would allow:
    - If player joins and does not also send a MC-Guard data packet to the server's guard software, player is bumped (should be configurable behavior, see history of HL-Guard below)
    - If player joins and sends MC-Guard data to server, allow them to join. MC-Guard client should recheck memory of minecraft every x minutes and resend status.
    - If player's data is modified, server will act. (Warn, kick, ban. -- Configurable)

    HL-Guard was a third party cheat detection by united admins for half-life mods way back in the day. (Prior to steam and the advancement of VAC) Servers would run a server plugin that would do talking to client installs of HL-Guard, much like I described. Servers could be configured to allow non-guarded players but warn them, to block modified files, and to block cheats. This gave server operators much control, and was a way of forcing league standard model packs and make sure cheating was blocked.

    ---

    Now.. only if I wasn't lazy and could implement this. Also, no idea how to accomplish this on all platforms, since the software I'm familiar with has all been windows based.
     
    tremor likes this.
  6. Offline

    tremor

    @ElliotB - Yes exactly what I was thinking only more eloquently laid out. Yes, a modified client or perhaps a separately running wrapper would be needed... and for the people who argue that you're not going to get people to install an extra program to prove they aren't cheating... tell that to the players on my server who are screaming daily for fair gameplay protections. I polled them last night and asked if they would be willing to download and install an add-on in order to play on a more cheat protected server and the response was an overwhelming yes. The ones that said no - oddly enough - are on a suspect cheater list already.

    I kind of see this as a diagram of how it would work in theory.
    1. Player runs Modified Client or Separately Running Authentication Client (MC-Guard Client)
    2. It Queries Bukkit MC-Guard Server Plugin
    3. Server Plugin requests MD5 Checksum & other key signatures from the MC-Guard Client.
    4. Plugin acts according to information received, and rechecks every so often (configurable setting)
    5. This could tie into a global server that collects and reports information, and autoupdates the client and server plugin based on the most recent hacks and cheats found.

    ElliotB Said: "Now.. only if I wasn't lazy and could implement this. Also, no idea how to accomplish this on all platforms, since the software I'm familiar with has all been windows based."

    AFAIK - JAVA is platform independent ;)
     
  7. Offline

    Selbram

    And no matter how you look at this Notch has already stated he does not like/hates client mods.
     
  8. Offline

    tremor

    Thank you Captain Obvious! Notch does not like/hates ALL MODS IN GENERAL INCLUDING SERVER MODS - so much so that he obfuscates his code to make it more difficult to modify on all levels.

    Let's face it.. there are large and glaring oversights that I don't think Notch ever considered and probably wont ever consider. He's too interested in creating a new NPC and shiny toys to create a game that actually works right. And that's why we have server mods like Bukkit. To create functionality, and improve upon Minecraft.

    I don't know why everyone seems so against developing something that might actually make this a great game to play and run. This is a deep and terrible CORE FLAW - that until addressed, makes every plugin, every modification and every server in the existence of the SMP World an utter joke.

    @Selbram - thank you for your worthless one-line injection of something we all already know that does nothing to contribute to the discussion at hand except for troll it.

    And if you would have taken a little extra time to really read the ideas, we wouldn't necessarily need to make a client mod, but a 3rd party application that "ALSO" runs on the players computer... much like alot of the hacks and cheats that they use.

    I'll accept criticism of this idea.. but lets keep it technical.
    • Why would it be difficult to create a standalone application that is run by the player, that can communicate with a Bukkit plugin that will scan their system for potentially illegal events?
    • What are some potential ways the players could get around this system and how to minimize that risk?
    • Would it be feasible to create a global repository to collect the data gathered, analyze and update the plugins and standalone apps to keep ahead of the cheats as they get coded and recoded?
    • What other potential programming roadblocks stand in the way?
    Requesting More "Can Do" attitude... less troll.
     
  9. Offline

    ElliottB

    My only reason for saying I'm unsure of how to do it cross-platform is I'm personally unaware of how you'd do certain things in java. Such as watching the memory of another java application and doing this reliably. I'm sure it's do-able, but I just don't have the knowledge. I do know of how to do it in C, but most of what I know relies on windows specific tricks.

    One way to try to prevent people getting around not having a detection plugin is to enforce it greatly, like I mentioned in my first post. I'd leave this configurable, but one server setting could be that if there's no response from the client side software, it would just boot the player out.

    And as far as keeping up with or ahead of cheats, that's the problem with any detection system. Look at virus companies for example. Really you'd just have to write detections as you go, but just watching the basic files and some key parts of the game's memory should catch a large chunk of them.
     
  10. Offline

    Selbram

    Wrong, Notch has made it clear that he is okay with server mods and that he was directing his dislike of mods at clients specifically.

    This could work if new users, without the special client, were allowed to login to a protected server for a short duration. Allowing them to see a motd with some information on how to get the client.

    If this is something you would like to take on then go for it. I can say that this is not an immediate concern for the bukkit team.

    Your welcome! I love being called a troll! It makes me feel full of rainbows!!!
     
    wizjany, Ryan and Lamp like this.
  11. Offline

    EvilSeph

    This is notch's department and I don't see this happening due to the fact that everyone enjoys modifying Minecraft (texture packs, minimap etc.).
     
  12. Offline

    wizjany

    This. Asking a client for a checksum of its code requires a client sided mod. Even if it's not the Minecraft client (in the case of MC-Guard or w/e) the connecting player can just send the server whatever the server wants to hear (default minecraft.jar checksum or w/e). Even with MC-Guard, (which the people who actually want to play would get annoyed at, e.g. Ubisoft's DRM) the data packets can be spoofed.
    I have seen countless suggestions for more security against hacks etc, but the fact of the matter is that someone will always find a workaround of some type. If you're really that desperate for a server without hackers or griefers or trolls I suggest you set up a whitelist and ban anyone who does something you don't like.

    TL;DR all attempts can and will be bypassed and the only end-all method is a whitelist.
     
  13. Offline

    tremor

    I'll put on an x-ray texture pack and just go ransack everyone's chests and mine out all the good ore and tick everyone off... on every server I can find. Server's should be able to enforce a texture pack - specially ones that want to be RPG Servers - I found a Star Trek themed one that had a texture pack they "Suggested" - and with it... it was really really cool.. If a server had the option push a texture pack to the client and enforce it that would really enable more server creativity... and potentially eliminate the transparent blocks problem.. but that's a different topic altogether.

    And @ wizjany and everyone else who say... why bother? people will find a way to hack and cheat anyway.... that is the lamest GD thing I have EVER heard. Why make Gov't documents confidential? Wikileaks will find a way to leak them anyway! Why lock the door on your house? A determined thief would break in anyway! This is a silly approach... to basically life in general. And a whitelist is not foolproof either.. someone intent on cheating will play legit at first.. and when no one is looking... so why bother?

    @Selbram - "This could work if new users, without the special client, were allowed to login to a protected server for a short duration. Allowing them to see a motd with some information on how to get the client."
    Now that's more like it.. very good point.. a player would need to receive a notice upon connection.. "This server is protected by MC-Guard, Download the plugin at bukkit.org in order to play here". And I apologize for any name calling, or otherwise offensive things I may say... I am just very passionate about this topic... and it makes me sad to see people saying it cant' be done or it's not even worth it because people will find a way around it anyway... the goal is to make it a hard as we can, so we can eliminate by percentage.

    Me and a teammate have successfully written a standalone program that monitors and logs everything that the official minecraft client does. I figure as we develop farther, we could run this more like an antispyware program, and the only thing that it needs to tell a server every X often minutes, is that is installed and running on the players computer. I think we could even potentially make this enforce a texture pack. As of right now.. all it does it monitor and log though, we actually wrote it to debug the server, but I think there is potential.
     
  14. Offline

    feverdream

    People can complain all day, but untill you find a way to safely scan the address space of a java application without it crashing it, or hogging down the CPU wiht recrursive pointer cheks, etc, this entire thread is dead in the water.

    Even then the point is the client does not support this. And there is no way to be sure the person did not just run a "ident spoof" app that pretends to upload the correct data for a cheated/patched client
     
  15. this is would go against hacking laws. in order to do this you would need to retrieve the minecraft.jar by a method called "hacking".
     
  16. Offline

    DerpinLlama

    Except the irony of the situation is in fact that your program would be the spyware program that users would have to install just to access your server.

    No it wouldn't actually, as users would have to chose to install it.


    Well, sorry for bumping the thread but this needed saying.
     
  17. Offline

    SunShe

    It's never good to protect something in the client side, can always be cracked. And now with win7 x64 it's more easy to hack on each programs/games. Exemple of xTrap or GameGuard, so useless on win7/x64 at ring0 (Alias npggnt for GameGuard). Bunkbuster lol it's not really a protection, it scan just some adresses in memory to compare it and with PBSS (screen color injection detection) easy to bypasse is not really what i call a protection. And you talk about MD5, there too easily to rebuild the check structure, Client size detect and company too.... seriously it's not a good idea and by the way players wanted to play on your server with your client can't play from webbrowser. And again you said "and rechecks every so often" probably by a thread timer easily to detour it. Better to see for protect your game by the server side. (Glory at python/pascal or other assembler luve)
     
  18. Offline

    mindless728

    hmmm, maybe a application that the client runs that downloads the minecraft jar from the server (the SMP server you want to play on, not notch's), checks it (MD5), then runs it (from within the program), i would suggest it being written in C/C++ as to prevent as many hackers as possible from reverse engineering it

    then as an additional check have it scan the memory for changes in memory coming from an outside source
     
  19. Offline

    DerpinLlama

    That wont help at all, anyone could just run Wireshark and have another program emulate your one - and send what the server considers to be a valid hash along.
     
  20. Offline

    SunShe

    Forget this idea,
    It's a joke? C++ its like read an open book, at else not make it in C++. and here it's same, Just make a bridge (Socket Tunnel) for interecept/change the client/jar and again if it's a .jar when you gonna read it and process javaw.exe gonna be created, we meet the same previous problem. for Md5 at year 2011, like i told it's not anymore a good idea for protection, So you can say what you want if a player want hack it ( depend him level of knowedge ) can always reach to hack. and beleive me, Every PE ( or Multi PE one in one ) can always "reverse engineering". (From Kernel32 LoadLibraryA GetProcAdress) or other packer methode.
     
  21. Offline

    DerpinLlama

    Um, once compiled, C and C++ are extremely difficult to convert back to C/C++ code, unlike C# and Java.
     
  22. Offline

    SunShe

    lol it's not a question to get back the C++ or other sub language Source, i talk about assembler language. Are you know how that work a compilation? Native and PCode etc... ? Nvm, i dont want begin this subject right now, it's long years of learning, but for make simple, It's not a question of language. I think your level of knowedge are too focalised/restricted at the "Source reverse" that why you think wrong.
     
  23. Offline

    mindless728

    i know the binary can be reversed engineered, but it is a lot harder (than C#/Java), and on a smaller community trying to find someone able to and willing is harder (smaller since the number of servers that would use this i would imagine would be very small)

    at this point anything is better than the trying to hide it server side and sending Stone blocks to the client unless the player can see the ore as that is very computationally intensive
     
  24. Offline

    SunShe

    Yea, i agree. But sincerly, in Minecraft not need to reach there, if members accepted is "a trust member", i think the question not need to be asked and i dont know but if you see a member hacking like fly or else, ban him and its ok. with current bukkit hooking, you can make all that you want to detect cheaters. and personnaly, if one of my member miss some respect against an other member, so this member is not maked for my server comunity, he can followed him way out, (Ban). But in general all my members is not the first childs retreived in the street. We dont need and dont have any system for detect cheaters, we dont need it. ;)
     
  25. Offline

    mindless728

    i don't completely need it, but my admins and I can't be on all of the time so when one of us is off anything can happen, though i don't take any crap on my server as i am very ban happy
     
  26. Offline

    alexander_q

    This thread deserves to be resurrected. A few points to note:

    -Hacking methods that are not widespread are not a problem. A lone genius who makes an undetectable plugin can only wreak so much havoc.
    -Hacking methods that ARE widespread will struggle to avoid the attention of server administrators.
    -At the present time, the hacking methods that are widespread include client mods and texture packs.

    Let us address those problems that face us now, and worry about more sophisticated hacking when it comes up in the future. The methods that emerge will either be so widespread as to give away their presence, or be so limited as to justify being overlooked. Thus arguments like "hackers will always find a way" or "this particular complicated exploit exists" are irrelevant.
     
  27. Offline

    mindless728

    @alexander_q that doesn't sound like a bad idea until someone implements this and has some severe backlash from server operators that thought they were safe (regardless of what you say, its what you think), that have one/more of the people with the better modding skills get past the protections and grief the server

    then you have the issue of trying to fore all of the people who play on the server to install this mod or use spoutcraft, you will get 10% (this is high balling it) of the people you would have gotten without the mod installation because they will not be able to figure it out
     
  28. Offline

    alexander_q

    Do you mean to say that you're worried about the backlash against the plugin developers? I've yet to encounter a perfect plugin. I think this would only be a real problem if the plugin was paid for.


    If the other 90% of people are either hackers or idiots, I think many server administrators would be quite pleased with the sacrifice. In any case some servers will make this decision, and some will not. Those that have might become highly prized by more serious players.
     
  29. Offline

    mindless728

    in one hand it is nice, in the other servers starting out wouldn't like it as getting members is not easy, but i can understand not having to deal with idiots, just keep in mind that the people who can't figure it out do and will complain and say the server is crap lowering the rating of it
     
  30. Offline

    alexander_q

    That's alright - servers just starting out won't be forced to use it, and you're right, they probably shouldn't at first for the sake of boosting their membership. After that they can walk their players through the install process if they decide extra security is the way to go.
     
Thread Status:
Not open for further replies.

Share This Page