[Req] Client Class Data Finder [AntiHacking][Spout]

Discussion in 'Archived: Plugin Requests' started by emericask8ur, Oct 22, 2011.

  1. Offline

    emericask8ur

    What this would do is Check the Clients Files for any Mods/Hacks what so ever, Class Files etc, in Spout. So the would be the Client side. And if any detection of a modded Class File it will Kick Them Automatically. Good Idea?
     
  2. Offline

    ThatBox

    Cool but difficult. :I
     
  3. Offline

    ZNickq

    nope, impossible to make!
    Well, it's possible, but it would be useless! :p
     
  4. Offline

    MrMag518

    CBanner or whatever its name is has done something like that, like banning the zombe mod and cbj mod.
    So its possible.
     
  5. Offline

    Afforess

    You seem to lack a basic understanding of client/server security.

    What stops the client from reporting that it's 100% unmodded, clean, from a hacked client? :p
     
  6. Offline

    emericask8ur

    Yes, its almost like a "Scanner" as you would say, it will read the class files and see if anything has been Modded, example Fly Mod etc

    How? It prevents hackers!

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 20, 2016
  7. Offline

    feildmaster Retired Staff

    If it's a client side code to prevent hackers, all they have to do is hack the code to say they aren't hacking.

    Done.
     
    ZNickq likes this.
  8. Offline

    Top_Cat

    In no way does it do that
     
  9. Offline

    petteyg359

    Let him implement it, then let some other idiot implement the "hack" for it, then let him implement the new version that checks for the hack against the old version...
     
  10. Offline

    emericask8ur

    Look if it finds a class file its been modded it will Remove them, Like we all know it has somewhat of a base to create the mod, It will Detect it
     
  11. Offline

    Afforess

    It brings the Cold War to mind. Good times. Gooooooooood times...
     
    mooman219, ZNickq and Walker Crouse like this.
  12. Offline

    Top_Cat

    It's client side, adding more code client side doesn't make it more secure.
    The client is not a child eating a lollipop, it has SAS training... *pew* *pew* *pew*
     
  13. Offline

    emericask8ur

    Ok guys, just forget about it, Nvm
     
  14. Offline

    feildmaster Retired Staff

    Your logic is completely flawed.

    What do you think detects modded files? Checking the code? Checking the code against what? The server? A database of files that are the latest classes? There's no way to detect if someone has "modified" their client. Going to check if their jar has a file? Your server doesn't have access to it.

    Going to give them a download that check it? No one would install it. Going to hack their computer to detect if they are using hacked instances of a game that's more-or-less free to modify as they like?

    Wait. What?
     
  15. Offline

    emericask8ur

    Yes thats what I mean, Because im sure that zombe and other mods have Of course Code that makes it, so like you said if we could scan though and if it detects it will Remove them from the Server, thats why i said Spout
     
  16. Offline

    Cogito

    Guys, the response to this request are inappropriate. There are methods that allow some measure of client side verification, although they may be difficult to implement and can often be overcome with more hacks.

    A very simple example, is to provide the client with a 'secret' when it connects, unique to this session. This secret, along with the files you are looking to protect, are used together to create a response. There are many digests which could be used to do this. The server calculates what the response should be, based on unhacked files. If the response doesn't match, the client is hacking.

    Of course, this relies on making sure the hacked client doesn't spoof all the files, however that is a problem that can be dealt with.

    Regardless, the responses were not at all helpful.
     
    minecraftYord and emericask8ur like this.
  17. Offline

    Afforess

    No there aren't.

    OP wants to make a circle with edges. We told him it's not possible. What did you expect?
     
    Daniel Heppner and petteyg359 like this.
  18. Offline

    olloth

    Almost no amount of effort into that kind of security is worth the effort in java. It IS possible but much more difficult than it sounds to really make it unbreakable.

    EDIT: If you think you can prove me wrong feel free to try and I will find a way to hack it.
     
    Mukrakiish likes this.
  19. Offline

    Asphodan

    I don't think the point is to make a perfect defence, but to make it such a pain in the ass to do to not be worth doing.
     
  20. Offline

    Cogito

    Sorry, did you read my post at all? There are some methods that allow _some_ measure of client-side verification. How do you think Valve's system works?

    I am not aware of any methods that allow total client-side verification - but that was never the claim. In so much that the client is a black box, it is plausible to think that any checks can be faked. However, the effort required to fake is non-negligible, and there are ways of making it incredibly painful.

    Now, aside from any claims of plausibility, the issue remains that some of the replies to this request were unhelpful and in some cases rude. I accept that many were simply trying to convince the OP of their own opinion (be they correct or not) however the manner in which it was conducted was inappropriate.

    Also, everyone knows that a circle is just an n-gon, for significantly large n.
     
  21. Offline

    Afforess

    It's isn't perfect. Any veteran TF2 player can attest to as much.
     
  22. Offline

    Cogito

    I'm not sure why you are quoting part of my reply, agreeing with the part you didn't quote, and otherwise adding nothing to the conversation.

    It's almost as if you are taking me out of context to try and make it look like I said something I didn't.
     
    DrAgonmoray likes this.
  23. Offline

    fysics

     
    Delois and WalkerCrouse like this.
  24. Offline

    FearGrump

    you knwo what? I really like this idea. If someone makes this plugin, ill support them with donations. Plox.
     
    MrMag518 and emericask8ur like this.
  25. Offline

    Kaikz

    It's impossible.
     
  26. Offline

    FearGrump

    nothing impossible.




    i sound like a queer for saying that
     
  27. Offline

    ZNickq

    This thread = epic
     
    emericask8ur likes this.
  28. Offline

    MrMag518

    This is possible, cmon dudes, what's NOT possible in minecraft?

    EDIT: look here for an example:
    And spout?
    both of them shows that this is possible in all ways, just very hard.
     
  29. Offline

    Kaikz

    No.. It's not possible. SpoutCraft is open source, there's nothing to stop me removing this "class check" to just return 100% unmodded. Hell, I can go and create a griefing client based off of SpoutCraft, and there would be nothing you could do to prevent me from connecting to your server.
     
  30. Offline

    olloth

    Exactly. And even if it were not spoutcraft, and you kept it closed source and obfuscated, people will still just decompile and figure it out. There is a whole website dedicated to cracking everything people throw out there.
     

Share This Page