aquarius Posted January 22, 2008 Report Posted January 22, 2008 make the security closed-source Quote
»doc flabby Posted January 22, 2008 Report Posted January 22, 2008 (edited) make the security closed-sourceThat is pretty much a given. Making it closed source does not necessarily mean it cannot be attacked however. The original VIE encryption was closed source. Continuum's encryption is breakable as well. (of which i'm not going to elaborate further, but it has some weaknesses) Hm though, the fake client could always use the legit module :/ It could, but surely the purpose of the closed source module would be to discover if a fake client was using it. If it was, it could just refuse to work, or even better,it could report it to the server (after an unspecified/random period of time). The aim of this design is to make the only attack vector the module. (which is closed source). There is a weakness to this approach, as it will be known where all the anti-cheat logic is, making it easier to know where to attack. Edited January 22, 2008 by doc flabby Quote
Goldeye Posted February 7, 2008 Report Posted February 7, 2008 Cerium's idea is what I've had in mind. Closed source security that is simply tedious to break. Security through obfuscation to the point where it's just not worth it.A simple way to make it extremely challenging is to have the results of tests sent to the server and keep the server-side handling private. Private as in the binary itself shouldn't be openly available. An easy way to do this is to have a central server (say, the biller?) process and verify the integrity of output from the module. Give the security module numerous tests for any form of covert tampering. Check for binary integrity, a debugger attached, proper functioning of parts of modules, etc. Send the results, which should be different each time (using a different 'encryption' technique' for each test) over to the central server. If something's abnormal, cut them off so they have no way to test their hacks. Given, that would then be as easy to avoid as a ban, but such inconveniences can go a long way. The point is that it typically takes a lot longer to get past a well designed security algorithm than it does to make it, so the few people who try to get past it will be putting in a lot more effort than it takes to combat. In the first place, security not much more complex than continuum's shouldn't even be needed/released until people do try to get past that. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.