PDA

View Full Version : Graal Security


Gambet
12-30-2004, 10:39 AM
Please dont take this offensive, AT ALL.


But, have you guys turned lazy all of a sudden on Graal security? When i say Graal security, i mean the patching of hacks and such. I see people using trainers all the time, and im just wondering what happened with the security system that should disconnect anyones account which reads illegal data. I think that a good system should be used so that hacks/trainers can easily be patched, and so that hacking/trainer using can be nearly impossible on graal. Just wondering, because maybe it hasnt been a main priority or something, when it really should be one of the priorities to look at.

Oh and, the current (or old) system, was really cheap. You could use hacks/trainers, but they will only be detected when you go through a warp link, which i find pretty cheap. That means that hackers/trainer users could just go into a room they wanted to hack inside, and then turn on their hack/trainer AFTER passing the warp link. Dont you think the security system should automatically detect illegal data in accounts? Or does it only scan accounts after the character passes through a warp link? If so, maybe a new one should be put into effect/use.

Just wondering. ^^

WanDaMan
12-30-2004, 11:20 AM
Era has a great system to prevent hacking, I suggest anyone to make there system the same.

I'd go into detail but I'm not sure how Jenn's done it.

Rick
12-30-2004, 11:36 AM
Jen didn't make it.

WanDaMan
12-30-2004, 12:03 PM
Oh, I thought she did. Well she's improved it since Artmoney was brought to graal..

Snakeandy7
12-30-2004, 01:24 PM
She re-made almost all of the scripts. PShifter added the fkey logger.

unixmad
12-30-2004, 01:30 PM
We will release soon a version that will make trainers lot more hard to do.

The idea is to put the online editor in a special binary so all debugging tools and other trainer helper will be only usable if you are the owner of the playerworld.

Snakeandy7
12-30-2004, 01:36 PM
So owners would have acess to the f6/4 stuff? (f4 for the levels, f6 for the scripts?)

thesaiyan
12-30-2004, 03:43 PM
Jen didn't make it.
You haven't seen the new security measures she has made. They trump the old ones by far.

matt8891
12-30-2004, 04:25 PM
Please dont take this offensive, AT ALL.


But, have you guys turned lazy all of a sudden on Graal security? When i say Graal security, i mean the patching of hacks and such.
Just wondering. ^^

I think it's due to the fact that alot of globals are helping with Graal3D.

Gambet
12-30-2004, 10:10 PM
I think it's due to the fact that alot of globals are helping with Graal3D.


This is something that shouldve been done a while back, and then constantly updated as new hacks were released.

CaTigus
12-30-2004, 10:12 PM
No... Graal's security has always been poor.

Gambet
12-31-2004, 02:17 AM
No... Graal's security has always been poor.


Has anyone in this thread EVER said that is was good? Because thats what this thread is about making your post completely useless.

The Admins need to fix up the security system completely.

SSJ2_Gogeta
01-02-2005, 10:30 AM
Its better then what it use to be.

URBANLEGEND
01-03-2005, 01:35 AM
Its better then what it use to be.

Errrrrrrrrt! WRONG!

More things can be done on 2.2 now than could Pachuka could of done with the original client.

Benm00t
01-03-2005, 03:24 AM
Yeah, talking about security and trainer using, Bomboria Trade has been getting a bombing causing people including me (which is when the fun stopped) to get disconnected.

See pictures.

air_archmage
01-03-2005, 03:37 AM
that bastered who ever did it got me d/qed ><

bloodpet
01-03-2005, 03:38 AM
yes this is a huge security issue. One of these times somoen going to have stuff on table and get kicked off and lose it all .. and probly get restore which would make me mad that the get restored and my brother didnt.. =/ but oh well.. all i ask is gets fiixed so i dont lsoe any of my items again.. i can find out who did this and how even.. I cna find otu anything you want to know.. I got conenctions with info from both sides which i use ot help staff out .. :p

Benm00t
01-03-2005, 03:42 AM
w00ps, i forgot the best screen shot of them all, the one that did disconnect me.

Observe:

bloodpet
01-03-2005, 03:59 AM
thats insane.. but from the looks of the pic the table is haxing.. its only thing without a bomb on it .. oO .. dont worry ill try and find otu everythign i can on this... :) if you got any info you can forum pm me it :)

bloodpet
01-03-2005, 04:49 AM
unix.. with this mean no more offline? or still be an offlien ? because this brings up the isue of how does a lat apply for lat withotu fist havign acess or pratice?

Doahh_p2p
01-03-2005, 06:14 PM
thats insane.. but from the looks of the pic the table is haxing.. its only thing without a bomb on it .. oO .. dont worry ill try and find otu everythign i can on this... :) if you got any info you can forum pm me it :)


NPC's are "Haxing"

You can't put a bomb on an NPC

Sildae
01-03-2005, 06:22 PM
More things can be done on 2.2 now than could Pachuka could of done with the original client.
But at least developers can hide the important thing on the server side, thus denying hackers access to it.

bloodpet
01-03-2005, 11:36 PM
well.. some serverside thigns can be triggered using triggeraction. I do recal this happened and mas warped people to jailand a spar.. oO and i do know who did it on npulse. he happens to trooper..

Admins
01-12-2005, 05:42 AM
The new Graal versions (v2.3 will be released in a few days) add a lot more security, also we have added several things in the server to easier block hack attempts and detect speed trainer usage, not all of those things are enabled yet because they need good configuration. Offline editor and online client are separated, so scripting commands like toweapons don't exist online anymore. Explosions and bombs can be blocked with "putbombenabled=false", "puthorseenabled=false", "noexplosions=true".
Some part of the security also includes good scripting - if you are using triggers then keep care to always double-check the parameters, never trust them.

Slash-P2P
01-12-2005, 07:07 AM
I scripted this for Element. Look at newfeatures to find the F-Keys that you want disabled, and put the numbers in the array (F4,F5, and F6 are already in it). I remember hearing something about serverwarp not working on the trainers? Anyways, I made it remove all the players weapons.


if (actionserverside) {
if (strequals(#p(0),badkey)) {
with (getplayer(#p(1))) {
for (i=0;i<weaponscount;i++) removeweapon #w(i);
}
sendtonc Hacker: #p(1) hit invalid key: #p(3) (#p(2));
savelog2 invalidkeys_log.txt,#p(1) hit invalid key: #p(3) (#p(2))#K(13);
}
}
//#CLIENTSIDE
if (created || initialized) {
this.removeditems = false;
setstring this.ikn,F4,F5,F6;
this.ik = {115,116,117};
this.ikc = arraylen(this.ik);
this.t = .15;
timeout = .05;
}
if (timeout) {
timeout = this.t;
this.badkey = -1;
for (i=0;i<this.ikc;i++) {
if (keydown2(this.ik[i],true)) this.badkey = i;
}
if (this.badkey >= 0) badkey();
}
function badkey() {
if (this.removeditems == false) {
this.removeditems = true;
triggeraction 0,0,serverside,-FKeys,badkey,#a,#v(this.ik[this.badkey]),"#I(this.ikn,this.badkey)";
}
serverwarp playerworld44;
}

If your truly a security psycho, you could make all your NPW's classes.

Evil_Trunks
01-12-2005, 07:23 AM
If your truly a security psycho, you could make all your NPW's classes.
How does that help at all?

Sildae
01-12-2005, 07:10 PM
How does that help at all?
I am assuming that the F6 debugger does not show classes.