Server Side Encryption biggest joke ?!?!? - General Discussion

"""I read on web how cheatrs bypassing game server encryption,,, 1, There i see simple encryption based on XOR Please developers make strong security algorithm , cheatrs / hacker bypassing raknet.dll --------------------------------------------------------------------------------------------------------------------------------------------- I do not understand why developers make server encryption when the algorithm is weaknes and unusable and hackers/cheatrs bypassing for using ESP cheats and etc... 2, It dous look a stupid when developers make new things to game bow,jackhammer,banditowns ... 3, I wonder why developers do not solve gamesecurity?? 4, and next funny moment there 5, I understand why EAC and Server using primite encryption algorithm.

Im going to say and I could be wrong but I think this has to do with Unity

You are 100% wrong lol, Unity doesn't force you to use any specific encryption. "Hur dur blame Unity", classic uninformed response.

and the informed response would be...?!?

I'm not going to speculate because there's almost no information or context to go off of here, but if there's a low effort encryption algorithm being used for something important chances are the blame is on the developers, not the tool, which in this case is Unity. If an analogy would help, blaming Unity for this is like blaming the car manufacturer when you leave your car unlocked and someone breaks in.

And as I did mention ..."I could be wrong" so....lol But holy shit man...take your meds or what today

It's obvious you were completely guessing and had nothing to back up what you were saying, if you have no idea what you're talking about it is better to just not say anything.

You are absolutely correct however dont paint the kettle black without your own paintbrush =O)

As someone who has toyed around with the Assembly-CSharp.dll file from a shitty Unity mobile game, I can say that you are probably wrong. The file was encrypted with XOR, which meant I could just pull the key right out of the file itself and decrypt it (that's how bad it is). If you aren't familiar with it, Assembly-CSharp.dll contains all of the game-specific code. Since it needs to be decrypted before any game code can run, the blame must lie with either Unity or Mono. Now, I don't know what the OP discovered was encrypted with XOR, but given my experience, it seems likely to me that either Unity or Mono is responsible for it.

So the devs stored their admin key in plain text in a end-user accessible files, which is a total no no. Once again this is developer error, how is it the game engines fault that the devs are ignoring basic security practices and common sense?

Because (in the scenario I described) it's literally impossible for the developer's code to run before the Assembly-CSharp.dll gets decrypted, which means the engine does it. If the developer had any control over it at all, it was likely just a checkbox in the editor (disclaimer: I don't actually use Unity). To re-iterate, all the code that the developer is responsible for is in Assembly-CSharp.dll, but if that file is encrypted, how can the developer run "their" shoddy decryption routine? Obviously, the engine must be decrypting it, therefore, the engine is responsible for the shoddy encryption. I don't know how I can spell it out any clearer. Also, claiming that the key is in "plain text" shows that you really don't understand it. Here's a simple breakdown of how you find the key. Open any non-encrypted C# dll in a hex editor, and look for a long sequence of zeros towards the start of the file. Open the encrypted Assembly-CSharp.dll in a hex editor, and look at the bytes in the same address range. The key is in those bytes. Figure out how long the key is by looking for a repeating pattern. Figure out where the key starts by finding an address that is divisible by the key length. You now have the key.

Something from history Devblog 183 Network Encryption ANDRÉ STRAUBMEIER I spent the better part of this week testing, fixing and improving network encryption in cooperation with EAC. We're confident that it's now in a state where it can go live on the vast majority of servers, which is why it's enabled by default starting today. It does come with some performance overhead, but it should be minor enough for all servers to have it enabled without running into problems - particularly since we improved server performance in other areas quite a bit this week. If you're a server owner and you're having trouble with it on your server you can adjust it using the encryption convar. encryption=0 disables network encryption completely encryption=1 uses a very basic encryption algorithm encryption=2 enables the full network encryption The default value is 2 and we highly recommend leaving it that way. Changing the convar at runtime via the server console or RCON is supported, but the updated value only applies to players who connected after the convar change. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Problem is cheatrs/hacker obtain decrypted key and decrypt data packet information ""location player x,y and rotation position in the map for using for wallhack and etc...

Well, the OP's tiny code snippet appears to line up with this blogpost, so the mystery of wtf they were talking about seems to be solved. So, if XOR is being used, the blame is on the server admin for changing convars they don't understand.

I understand why banned on 12 hours on forum if discussion of game security ??? make me laught in my face...