Raised This Month: $ Target: $400
 0% 

Protecting the Plugin Author Name


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
dutchmeat
Senior Member
Join Date: Sep 2006
Old 01-29-2007 , 03:43   Protecting the Plugin Author Name
Reply With Quote #1

Hi,
this is a question for advanced programmers,
this is actually meant for a RTCW(Return to Castle Wolfenstein) mod, there are many people that use a Hex progam to change the mod's name into theirs(Also called Modstealing).

So i made a Proof Of Concept of how to protect a name(string)...

Code:
#include <amxmodx>

public plugin_init()
 
{
 register_plugin("Name Check","1.0","dutchmeat")
}
 
new alfabet[][0] = { "a", "b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"}
 
//new alfabet[][] = { "a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"}
//         0   1   2   3   4   5   6   7   8   9   10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26
public function(){
new name[10] = "dutchmeat";
new number;
for (new i=0; i<8; i++) {
 for (new j = 0; j < 26; j++) {
  if (name[i] == alfabet[j][0])
   number = number + j;
 }
}
if (number != 86) //The perfect name check !?!
 return;   //return if the name is correct
console_print(id,"The name is incorrect...")
}

// D u t c h m e a t
// 3 20 19 2 7 12 13 0 19 = 86
//This should check if all the characters match, if they do, they copy the 'alfabet' number into the var 'number',
//If number matches '86', the string should be 'dutchmeat' 
__________________
before you criticize someone, you should walk a mile in their shoes. that way, when you criticize them, you're a mile away and you have their shoes.

Last edited by dutchmeat; 01-29-2007 at 06:07.
dutchmeat is offline
dutchmeat
Senior Member
Join Date: Sep 2006
Old 01-29-2007 , 08:16   Re: Protecting the Plugin Author Name
Reply With Quote #2

Code:
char alfabet[] = { 'a', 'b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'};
char name[] = "dutchmeata";
int number = 0,a,j;
int strl = strlen( name ); //9 in this case.
for (a=0; a<30; a++) {
for (j = 0; j < 26; j++) {
if (name[a] == alfabet[j])
number += j;
}
}
if (number == 86 && strl == 9 ){
printf("Woohoo! we have a correct name\n");
}else{
printf("The name is incorrect.\n");
}
Explanation:
Every name has it's own number, for example amxx has the number '23' (a = 0, + a = 0 + x=23)
//new alfabet[][] = { "a","b","c","d","e","f","g","h","i","j","k"," l","m","n","o","p","q","r","s","t","u","v","w ","x","y","z"}
// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
In this case the 'name number' is 86.
So if the 'name number' is correct, there's a second check to match the length of the name.
This is C++, and not small, but you can easily port it if you need it...
I hope someone find it useful.
__________________
before you criticize someone, you should walk a mile in their shoes. that way, when you criticize them, you're a mile away and you have their shoes.
dutchmeat is offline
MaximusBrood
Veteran Member
Join Date: Sep 2005
Location: The Netherlands
Old 01-29-2007 , 08:24   Re: Protecting the Plugin Author Name
Reply With Quote #3

This 'protection' can be easily circumvented, you only have to change one integer.
Also, your code has one unneeded for() loop. (the second one)
__________________
Released six formerly private plugins. Not active here since ages.
MaximusBrood is offline
dutchmeat
Senior Member
Join Date: Sep 2006
Old 01-29-2007 , 08:26   Re: Protecting the Plugin Author Name
Reply With Quote #4

I don't think that that integer is shown in a game dll, and why is the second loop unneeded? i need to check every character with the alfabet.
__________________
before you criticize someone, you should walk a mile in their shoes. that way, when you criticize them, you're a mile away and you have their shoes.
dutchmeat is offline
MaximusBrood
Veteran Member
Join Date: Sep 2005
Location: The Netherlands
Old 01-29-2007 , 10:15   Re: Protecting the Plugin Author Name
Reply With Quote #5

Quote:
Originally Posted by dutchmeat View Post
I don't think that that integer is shown in a game dll.
Of course it is stored, how else do you think it is going to check that the sum is 84?

Quote:
Originally Posted by dutchmeat View Post
and why is the second loop unneeded? i need to check every character with the alfabet.
Yes, you're right. I misread it because you have a stupid way of adding the numbers, just use the char numbers.
__________________
Released six formerly private plugins. Not active here since ages.
MaximusBrood is offline
schnitzelmaker
Senior Member
Join Date: Apr 2006
Location: HERE
Old 01-29-2007 , 10:39   Re: Protecting the Plugin Author Name
Reply With Quote #6

Why not use md5 or an random integer.
Code:
md5 - Calculates the md5 keysum of a string.
md5 ( const szString[], md5buffer[34] )

Quote:
Also how do you know the num is 86 ?(if you haven't viewed the source)
Dissamble it.
__________________
schnitzelmaker is offline
dutchmeat
Senior Member
Join Date: Sep 2006
Old 01-29-2007 , 10:37   Re: Protecting the Plugin Author Name
Reply With Quote #7

Have you ever coded for q3 games?
You will see when the game is compiled in either a .dll or .qvm, there isn't much left to decompile, only the most important strings and variables.
Also how do you know the num is 86 ?(if you haven't viewed the source)
__________________
before you criticize someone, you should walk a mile in their shoes. that way, when you criticize them, you're a mile away and you have their shoes.
dutchmeat is offline
dutchmeat
Senior Member
Join Date: Sep 2006
Old 01-29-2007 , 10:44   Re: Protecting the Plugin Author Name
Reply With Quote #8

There is no way you can disamble the gamedll of a q3 game in a proper way.
__________________
before you criticize someone, you should walk a mile in their shoes. that way, when you criticize them, you're a mile away and you have their shoes.
dutchmeat is offline
schnitzelmaker
Senior Member
Join Date: Apr 2006
Location: HERE
Old 01-29-2007 , 10:53   Re: Protecting the Plugin Author Name
Reply With Quote #9

Best is using md5,or did you know that this "755d08eef0a2c557877828998eda3d75" is your name?

Quote:
There is no way you can disamble the gamedll of a q3 game in a proper way.
There exist allways an Way.
__________________
schnitzelmaker is offline
cybermind
Senior Member
Join Date: Oct 2004
Old 01-29-2007 , 16:31   Re: Protecting the Plugin Author Name
Reply With Quote #10

Quote:
Originally Posted by dutchmeat View Post
There is no way you can disamble the gamedll of a q3 game in a proper way.
Sure there is. You can disassemble any .dll or .so and with enough knowledge you could find out (via debugging) where the check takes place. I personally have made a disassembler for .qvms, and while not as feature-rich as a usual disassembler, it does the job.

Quote:
Originally Posted by Zenith77 View Post
Wow. I was about to talk to BAIL about this concept. But it actually queries the forums MySQL database for the author's username (or nick if there was an option added), to make sure the plugin hasn't been changed nor can players with the wrong STEAM_ID even use their names in game.
You could still change it if you know what you're doing. Assuming you were using strcmp to check the strings for equality, the code would comapre the result of strcmp with 0. If the values are both 0, then the strings are equal. If it's not, they are not equal. All you would need to do is change the op that does the comparison to check if they're not equal (i.e. if strcmp returned -1 or 1). I don't know the AMX opcode set off hand, but it is doable.

Last edited by cybermind; 01-29-2007 at 16:35.
cybermind is offline
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 00:43.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode