[Afronanny]

Quote:

Originally Posted by Carolus I have afronanny, but thanks anyway. Most of the information is either out-dated either too technical (SH part) to dive in without background knowledge, unless you can make it clear for me By the way, how much would you charge to extend SM/MM to include "decent" security. And by security I mean a means to ensure loaded SM plugins are authentic. Also would you be interested in bandwidth or source server hosting as payment?

Both have outstanding security. Most if not all holes in security have been patched out long ago. If you're concerned about SourceMod's security, one of the SM devs could explain it much better than I could.

Define an "authentic" plugin. Do you mean having a blacklist for plugins?

[BAILOPAN]

Java's not a systems language. The term is perhaps overloaded. Java is memory safe, C++ is not, it's bare metal. This distinction is fundamental and Java-based curricula elides it. There are gray lines (like D and Rust), but none here.

The distinction is even more important in the HL2 problem space where reverse engineering and low-level hacking reign supreme.

There be dragons, but if you encounter roadblocks, help is a forum post or IRC /msg away.

[BAILOPAN]

Quote:

By the way, how much would you charge to extend SM/MM to include "decent" security. And by security I mean a means to ensure loaded SM plugins are authentic.

This is a weird use of the word "security" for me.

Quote:

Currently my idea is to use every function/method within the plugin (kinda the unit-testing way) and have the return values put in an md5-buffer, along with a user defined parameter and returning the resulting md5 to the end user

I'm not really sure what all this is for? It seems like an implementation detail and I'm missing the use case.

Quote:

And finally I wish to learn more about MM coding, but I can't seem to find a good trail.

This list might be useful: http://wiki.alliedmods.net/Open_Sour...Metamod:Source

[Carolus]

I've made a zBlock-like plugin (using SourcePawn).

Its purpose is dual :
- Make it easy to administrate a match
- Ensure players they can expect the gameserver to be well configured and fair

The first part is "easy".
The second part has to do with forcing some server side convars and some client side. (I know you can't change client side convars, but you can for example disallow access to the server if they are not set correctly)
There are some things that are a little more tricky, like fixing following things :
- bunny hopping should not be allowed within matches
- the 'crouch bug' should not be exploitable (being able to look over a box while crouched, but not beeing seen by opponents)
- the server should have a 'doorfix' (higher door movement speed)
- disabling the advantage of having certain mat_dxlevel settings combined with ATI graphics cards (shorter flashbang duration)

I am able to adress most of these requirements (except crouch&door).

Now the most important thing that I am currently unable to do is to prevent people to build a fake version of this plugin.

If I'm making the code open-source, it becomes extremely easy to do with no programming knowledge at all.

Its perfectly possible to remove some functionallity or add some unfair functionallity to the plugin and have no one notice.

So my main problems right now are :
a) Ensuring players the plugin is authentic (its code has not been meddled with)
b) Fixing the crouch & door "bugs"

What I'm looking for right now is I way to implement (a)
So my idea is to build an MD5 token, that would be extremely hard to fake.
The most easy way to do that, would be to allow players to call some plugin functionality that would generate an md5 which would be based on both the contents of the plugin (albeit the compiled data) and a user-defined token.

Something like

somefunction(userdefinedstring)
{
md5 sig = new md5();
sig.buffer_append('plugin.smx');
sig.buffer_append(userdefinedstring);

return sig.build();
}

The problem here is that this plugin.smx could easely have been meddled with (or whatever underlying function that feeds the md5)

So, my idea would be to use every possible plugin functionallity and have all of those return values feed the md5. This seems to be a good idea, but one problem here would be that some/most functions don't return anything.

So I'm kinda out of ideas (well maybe there could be a way to directly read the memory where the plugin is loaded and feed that to the md5)...

So what I meant by security was : insuring that loaded plugins are what they say they are.

[BAILOPAN]

Quote:

Originally Posted by Carolus - Ensure players they can expect the gameserver to be well configured and fair

You're fighting a battle that hasn't begun.

Quote:

Originally Posted by Carolus If I'm making the code open-source, it becomes extremely easy to do with no programming knowledge at all.

It's extremely easy to do anyway.

Quote:

Originally Posted by Carolus So, my idea would be to use every possible plugin functionallity and have all of those return values feed the md5. This seems to be a good idea, but one problem here would be that some/most functions don't return anything.

You still have a single funnel point. Obfuscation is a hindrance but not a solution. NB: Someone can also modify functions without touching their functionality (see: detours). Most C++ coders in this community know how to use them.

Quote:

Originally Posted by Carolus So I'm kinda out of ideas (well maybe there could be a way to directly read the memory where the plugin is loaded and feed that to the md5)...

I have a great idea. Give out license keys and tie them to the server IP. Let users request the license key of a server. Everyone loves license keys, right? Right?

Quote:

Originally Posted by Carolus So what I meant by security was : insuring that loaded plugins are what they say they are.

It's not security- more like a phone locking you into only using signed apps. It's not about security: it's about control. We're not going to add functionality like that, it's not our mission. You're welcome to, though.

A while ago leagues realized that to make matches fair and consistent, the best solution was hosting official servers themselves, and force client-side AC. The best way to control is to be in direct control. Letting people operate servers under specific guidelines reduces risk, but does not eliminate it. There's still an element of distrust.

[Carolus]

This battle against badly configured servers has been waged for years.

What I described definately isn't obfuscation. It would allow anyone to read the code and still work.

You wouldn't need detours for that, you could just rewrite the source code...No need to do it at runtime.

Your idea wouldn't work at all, people could just remove the bit that requires keys.

http://en.wikipedia.org/wiki/Security

Also, perfect security doesn't exist. Its only a matter of how hard you need to make it for your opponent before feeling safe.

Oh and about Java not being a systems programming language... Java has something called the JNI. Which allows it to do anything you can possibly do using C++.
If I'd follow your way of thinking C++ isn't a systems programming language either, only native binary code is.

[BAILOPAN]

Heh.

[Matthias Vance]

Quote:

Originally Posted by BAILOPAN I have a great idea. Give out license keys and tie them to the server IP. Let users request the license key of a server.

Quote:

Originally Posted by Carolus Your idea wouldn't work at all, people could just remove the bit that requires keys.

If you have a public list of anything unique to the server (IP, CVAR with license key, w/e) it WOULD work. Players would just be able to check if it's a valid server.

(Just pointing out you're wrong on this, I don't feel like continue the discussion)

[Carolus]

You could indeed check if the IP... is "registered" as authentic..
But it wouldn't tell you if the server is actually running an authentic plugin.

[Matthias Vance]

There is no way you can perform this task, server owners can always cheat on whatever you try to do server-side.