How about encrypting the data, and receiving input from the server that the program then decrypts and sends back
For example
..Server stores and sends a random string to the client, used for authentication
SERVER -> CLIENT: cat173
..Client saves the data, and encrypts it as "xHas77TbgZ" through an algorithm that the server understands
CLIENT -> SERVER: setscore=1337&pass=xHas77TbgZ
..Server decrypts the data, and make sure that the decrypted output is "cat173".. if it isn't, there's obviously something wrong, if not, send a new code to the client, and continue on
SERVER -> CLIENT: dog662
..etc
That way a "hacker" (lol) would have to find out your algorithm you use. I know that I couldn't be arsed to if it was me. Checking the wireshark output was a lot easier :P
That's a pretty good idea...
Or Async encryption.
Or just hash it?
[QUOTE=h2ooooooo;25577347]How about encrypting the data, and receiving input from the server that the program then decrypts and sends back
For example
..Server stores and sends a random string to the client, used for authentication
SERVER -> CLIENT: cat173
..Client saves the data, and encrypts it as "xHas77TbgZ" through an algorithm that the server understands
CLIENT -> SERVER: setscore=1337&pass=xHas77TbgZ
..Server decrypts the data, and make sure that the decrypted output is "cat173".. if it isn't, there's obviously something wrong, if not, send a new code to the client, and continue on
SERVER -> CLIENT: dog662
..etc
That way a "hacker" (lol) would have to find out your algorithm you use. I know that I couldn't be arsed to if it was me. Checking the wireshark output was a lot easier :P[/QUOTE]
Then the algorithm could be easily found out viewing the code..
[QUOTE=iNova;25584851]Then the algorithm could be easily found out viewing the code..[/QUOTE]
Sure it could, but as I said, it'd make for example me not bother, since I couldn't just check it with wireshark.
[QUOTE=h2ooooooo;25585205]Sure it could, but as I said, it'd make for example me not bother, since I couldn't just check it with wireshark.[/QUOTE]
Security by obscurity. AKA No security.
[QUOTE=gparent;25638655]Security by obscurity. AKA No security.[/QUOTE]
With enough eyes all bugs become shallow.
Even with a program which was perfectly secure in that score can only be changed by the program using the input from the Windows messages, the system as a whole can never be fully secured.
You could send it WM_MOUSEMOVE messages from a different process or even hook the input function using Detours and send false inputs.
Then even [i]if[/i] you couldn't do anything from a software level, you could use a microprocessor (E.g. A PIC or AVR.) to emulate a mouse and hence send false inputs. (Or even just modify a real mouse.)
Oh and if you were to use something like time rather than an input from a HID, you could still manipulate that or just manipulate the memory. (AKA Cheat Engine or a similar system.)
[QUOTE=yngndrw;25658977]Even with a program which was perfectly secure in that score can only be changed by the program using the input from the Windows messages, the system as a whole can never be fully secured.
You could send it WM_MOUSEMOVE messages from a different process or even hook the input function using Detours and send false inputs.
Then even [i]if[/i] you couldn't do anything from a software level, you could use a microprocessor (E.g. A PIC or AVR.) to emulate a mouse and hence send false inputs. (Or even just modify a real mouse.)[/QUOTE]
Most people don't go that far just to cheat in a not so important "competition".
[editline]26th October 2010[/editline]
There's no way to block EVERY possible way of cheating :v:
[QUOTE=Dj-J3;25659032]Most people don't go that far just to cheat in a not so important "competition".
[editline]26th October 2010[/editline]
There's no way to block EVERY possible way of cheating :v:[/QUOTE]
There really is, it's called blocking everything. So it would also block anything that isn't cheating.
Sorry, you need to Log In to post a reply to this thread.
