sicilian 0 Posted May 25, 2005 <span style='font-size:10pt;line-height:100%'><span style='color:blue'>This is a list of common security enhancements which could be integrated in every game developed by BI. THE MOST POWERFULL ENHANCEMENT I CAN IMAGINE IS A SERVER SDK! You can find a description below... The listing builds up on latest OFP1 measurements!</span></span> <span style='font-size:12pt;line-height:100%'>General Security Issues:</span> - checkfile including whitelist and wildcards (also extended to check the application main directory) - executable + dll protection with md5 or sha checks (leave crc32 behind) - code security for the executable (runtime string decoding) - dynamic encoded network packets including the ID - all game files have to be in same versions without differences through out the countries <span style='font-size:12pt;line-height:100%'>General Ingame Issues:</span> <span style='font-size:10pt;line-height:100%'>Primary</span> - observer/spectator & recording mode - retry timeout on 3 times false set admin password - banning ID range including wildcards & whitelist - banning nicks - ban/kick for a certain time - ban entry comment on direct input via admin command <span style='font-size:10pt;line-height:100%'>Secondary</span> - optional client side logging functionality  (ID, nick, date)  (players, maps, score, kills, time) - save xml profile of others ingame - hide path of xml (optional) - clicking XML URL starts browser - new admin command: freeze <id> <time> (to freeze a player for specific time) <span style='font-size:12pt;line-height:100%'>Server side issues:</span> - new logging functions including loglevels, max. file size, overwrite yes/no - invalid ID protection without fade activation, easily block those IDs - pre-runnning local checkfile and stored results for faster comparison when clients are connecting - server API for community created programs - new API port which can be defined manually <span style='color:red'><span style='font-size:14pt;line-height:100%'>Server SDK:</span></span> The following content is only regarding to the SDK! <span style='font-size:10pt;line-height:100%'>Communication interface to specified ingame connectors. This should only be possible with the server version so community created programs can exchange its data directly with the server engine. This makes it possible to bring outter messages/variables or even admin commands into the game without the need of playing on the server. e.g. srvcon.dll (API to the Server) # possible public functions: ~ connect(server, APIport, adminpw) as long // 3 times false given password sets specific timeout for retry (prevents bruteforce/dictionary attacks) ~ disconnect() as long ~ message(msgstring, channel, side) as long // displays specified message ingame on selected channel and side ~ getdata(channel) as string // greps the actual channel data from the server ~ exec(admin command) as long // executes any admin command ~ start() as long // starts server ~ restart() as long // restarts server ~ stop() as long // stops server ~ close() as long // closes server for other players ~ precheck() as long // above mentioned pre-runnning checkfile ~ ban(start_id, stop_id, comment_for_all) as long // above mentioned ID range # possible public properties:  (if possible changes without the need of restarting the server) most server settings as GET & SET ~ hostname as string ~ motd() as string ~ reportingIP as string ~ checkfiles() as string ~ maxplayers as int ~ loglevel as int all query informations as GET ~ map as string ~ players() as string .... stability and watchdog properties as GET ~ serverload as double ~ fps as double ~ loadedfiles() as string ~ memoryused as long Advantages: + common interface for all BI games + provides community with more advanced possibilities to solve upcomming problems + minimum support from BI's side + community created external content can be easily connected to the game + no need of extra costs for anti cheat measurements like Punkbuster + easy to use programming interface Disadvantages: - high time costs to provide such a SDK - if fifth advantage is right there are no external AC measurements available at release</span> <span style='color:blue'>Feel free to fullfill but remember it is a GENERAL/COMMON issue!!!</span> Kind regards Share this post Link to post Share on other sites
-IT-Q- 0 Posted May 25, 2005 i deeply second this request ! most ofp leagues have been running now for several years and we have made a lot of expierences during this time. i think BIS has learnt after some time that this is a big issue for the game and its continued existence & longevity. there are organised groups working on cheats for almost every game and this development will intensify in the future. ArA and other future games by BIS hopefully will get again and even a more huge multiplayer audiance will have to match with those problems. therefore a really good and well thought out concept has be developed from the start. ofp has already some good technology in there. yet we hope that BIS is listing the mp community once again and helping them the best they can to combat this very problem. there has been a lot of personal commitment by fans the past to fight against it. please support us even more in the future ! best regards Share this post Link to post Share on other sites
Kaitnieks 0 Posted May 25, 2005 Very nice ideas and I hope BIS implents them. How ever, MD5 checksum can create massive delay in the game loading/playing time because it needs go trough various processes wich could give problems. But yes further more nice ideas. Share this post Link to post Share on other sites
shinRaiden 0 Posted May 25, 2005 This actually would be a useful area for dual-core CPU's. Fork off the security checking processes to cut the lag etc. Dedicated hardware crypto-chips have never really caught on, and even IPSEC accelerator chips are rather limited to high-end specialty NIC's. Just need to make sure that the processing isn't totally client-side like how early versions of NT4 gave the clients the hash's and let them check for authentication. Share this post Link to post Share on other sites
sicilian 0 Posted May 25, 2005 @Kaitnieks The md5 check is only thought on important dlls and the executable. Therefore it can be processed fast because of less files to be processed. @shinRaiden I already developed such things for OFP1 on a 1GHz Athlon and it really runs smooth. Also other testers didn't report any lags. And this is not directly implemented and even not processor optimized code! It isn't as hard as you think to realize such things. More ideas are welcome here! Especially developers thoughts... Share this post Link to post Share on other sites
Gadger 0 Posted May 25, 2005 @ May 25 2005' date='17:30)']i deeply second this request !most ofp leagues have been running now for several years and we have made a lot of expierences during this time. i think BIS has learnt after some time that this is a big issue for the game and its continued existence & longevity. there are organised groups working on cheats for almost every game and this development will intensify in the future. ArA and other future games by BIS hopefully will get again and even a more huge multiplayer audiance will have to match with those problems. therefore a really good and well thought out concept has be developed from the start. ofp has already some good technology in there. yet we hope that BIS is listing the mp community once again and helping them the best they can to combat this very problem. there has been a lot of personal commitment by fans the past to fight against it. please support us even more in the future ! best regards Cannot of put it any better Q, this is a must need! Share this post Link to post Share on other sites
Baphomet 0 Posted April 1, 2006 I don't want system requirements to go up because of some garbage running in the background that isn't directly relevant to OFP. I don't play on public internet servers and I don't want that added load on my pc. Share this post Link to post Share on other sites
Daniel 0 Posted April 2, 2006 I don't want system requirements to go up because of some garbage running in the background that isn't directly relevant to OFP.I don't play on public internet servers and I don't want that added load on my pc. So seeing as this doesn't apply to you I don't see why he shouldn't want your comments either. Share this post Link to post Share on other sites
klamacz 448 Posted April 2, 2006 well, sorry if its included in post (i dont understand clearly all points) - possibility for admin to check actual visual and game properties (like LOD limit, visuals, particles on/off and so on) for any player. Result should be saved to logfile or to xml. - possibility for admin to request actual view of player using command like #getscreen <nick>. Screen in jpg or other compressed format should be send to server. This is much complicated because of data transfer and lags, but can and should be used by admins only couple of times per game and of course without player's knowledge Share this post Link to post Share on other sites
sicilian 0 Posted April 3, 2006 well, sorry if its included in post (i dont understand clearly all points)- possibility for admin to check actual visual and game properties (like LOD limit, visuals, particles  on/off and so on) for any player. Result should be saved to logfile or to xml. - possibility for admin to request actual view of player using command like #getscreen <nick>. Screen in jpg or other compressed format should be send to server. This is much complicated because of data transfer and lags, but can and should be used by admins only couple of times per game and of course without player's knowledge @placebo I posted this in general section because this isn't a special request for ofp mp only as statet bold in the 1st line of my initial post! It is meant for ALL mp games BI is developing and will develop in future! ...but nice seeing ppl reactivating my post after nearly a year is gone  @klamacz The first point means that a ofp admin should be able to see what a player uses as video settings. The admin should be able to get the data of all settings from each player. This result set could be logged or put in xml on the server itself. The second point is meant as screenshot function... The ofp admin should be able to request a automatic screenshot from any player over a console command without the players knowledge. ofp will take the screenshot and immediately send it to the server where it should be stored. Hopefully it's a bit more understandable now... Share this post Link to post Share on other sites
klamacz 448 Posted April 3, 2006 thanks sicilian I should say that my english is poor - I meant that I dont understand clearly all points from first post and those two (about graphics settings and screenshot) are just my and some other polish players small requests well, at least I'm sure now that my post is understandable even if its written by me and I really hope that this topic (thanks sicilian) will give BIS some more ideas how to make multiplayer games better and fair. Share this post Link to post Share on other sites
crashdome 3 Posted April 3, 2006 The second point is meant as screenshot function... The ofp admin should be able to request a automatic screenshot from any player over a console command without the players knowledge. ofp will take the screenshot and immediately send it to the server where it should be stored. I'm not sure how you're going to get that large chunk of data over the network without anyone noticing. Share this post Link to post Share on other sites
noccie 0 Posted April 3, 2006 if u call a 50-150kb file a "large chunk" maybe its time for u to read about a thing called broadband. i also guess u have never downloaded an xml or extra soundfiles ingame? Ontopic : i support these ideas 100% as we all know what inadequate anti-cheat support did for ofp (both public and competetive play) Share this post Link to post Share on other sites
Metal Heart 0 Posted April 3, 2006 It's different when you transfer stuff in the middle of the game. Jpeg compression might cause a small but noticeable stutter and sending the ~150kb file over 256kbit bandwith would take five seconds when using the whole bandwith, a lot longer if you send it little by little to avoid lag and detection. Share this post Link to post Share on other sites
mattxr 9 Posted April 3, 2006 Im sure they will have there own cool anti-cheat system they can do anything .. there BIS Share this post Link to post Share on other sites
sicilian 0 Posted April 4, 2006 It's different when you transfer stuff in the middle of the game. Jpeg compression might cause a small but noticeable stutter and sending the ~150kb file over 256kbit bandwith would take five seconds when using the whole bandwith, a lot longer if you send it little by little to avoid lag and detection. I thought punkbuster or any other thing like this are doing it right away? Therefore it has to be possible even while playing! Share this post Link to post Share on other sites
sicilian 0 Posted April 4, 2006 thanks sicilian I should say that my english is poor - I meant that I dont understand clearly all points from first post and those two (about graphics settings and screenshot) are just my and some other polish players small requests well, at least I'm sure now that my post is understandable even if its written by me and I really hope that this topic (thanks sicilian) will give BIS some more ideas how to make multiplayer games better and fair. Oh sorry, forgot that these points are not included in my initial post. It's one year ago as I said and in that time we also want these things to be checked... That's why I explained. btw: Your first point about the settings is discovered by OFPSentry... Share this post Link to post Share on other sites
Placebo 29 Posted April 4, 2006 ...but nice seeing ppl reactivating my post after nearly a year is gone Ooops, missed that part Hmm well it seems the thread is back amongst the living so it can stay there Share this post Link to post Share on other sites
sicilian 0 Posted April 6, 2006 Regarding code security again... Dunno what language you will use for upcomming games, but there are plenty of tools to obfuscate the code! The point OFP wasn't obfuscated is a main lack in its structure which gives groups like tkc the most chances to do their dirty business! Watch out http://www.strongbit.com/execryptor.asp for example... Share this post Link to post Share on other sites