Jump to content

Recommended Posts

Posted

I am trying to secure my custom packets better because I found out you can just send packets to any mod if you know the channel id of that packet and some folks are using this to cheat. There is a mod out there that will send a packet to my mod from a hacked client on a server and can be used to spawn anything. I've already taken steps to fix it. I've even doubled up on security for the issue, but I wouldn't mind adding a 3rd layer.

 

In my server packet handler, where I receive my event.packet, I would like to get the ModID of the mod that sent the packet, than I can just compare with my own ModID and return anyone using a different mod. So, is there a way to get the ModID from a custom packet?

 

Thanks.

Posted

You are kinda wrong:

1) Yes, anybody can send packets to anybody.

2) Yes, you can "hack"-send packet.

, BUT:

1) In all mods, all logic happens on server.

2) Client only tells server that key/button in gui was pressed.

3) Server does all logic and processing.

4) You can't change server code from client.

5) If client mod part does logic and sends to server packet, what he has to do AND server does that, then it's wrongly coded mod and must NOT be used on servers.

 

So, as you can see, if you hack packet, nothing will happen, because server does logic and server knows that this player can't do that. And if mod that you saw has "client the almighty controller" logic, then you should report it to mod author.

Posted

I'm aware of all that, and I agree with you (except the nothing will happen part). All my logic is server side. I've even fixed the problem. I just want extra security to know that someone can't hack my packets. Stuff CAN happen when packets get hacked, they can trigger server logic that shouldn't be triggered unless under certain circumstance. The circumstance is irrelevant though, since it is a straightforward question.

 

The question still stands, can I get the ModID from a custom packet?

Posted

I'm aware of all that, and I agree with you (except the nothing will happen part). All my logic is server side. I've even fixed the problem. I just want extra security to know that someone can't hack my packets. Stuff CAN happen when packets get hacked, they can trigger server logic that shouldn't be triggered unless under certain circumstance. The circumstance is irrelevant though, since it is a straightforward question.

 

The question still stands, can I get the ModID from a custom packet?

As far as i know, (if you are using SimpleNetwrkWrapper,) no. Only by writing it yourself...

 

Posted

Yup, my logic was flawed. There was a hole in my logic I didn't realize until someone found a way to exploit it. I have fixed it. I was just hoping for extra layers of security, it just seemed like a good idea.

Posted

Network security 101:

There is NO POSSIBLE WAY to trust the packets you receive.

The client ALWAYS lies.

So no, there is no possible way to add this protection in, you just need to verify that the client should be doing what it's telling you it's doing.

I do Forge for free, however the servers to run it arn't free, so anything is appreciated.
Consider supporting the team on Patreon

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Announcements



×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.