Register for your free account! | Forgot your password?

Go Back   elitepvpers > Aion > Aion Main - Discussions / Questions
You last visited: Today at 03:27

  • Please register to post and access all features, it's quick, easy and FREE!

 

What do people consider "Acceptable" for devs guarding a bot program?

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Nov 2008
Posts: 66
Received Thanks: 16
What do people consider "Acceptable" for devs guarding a bot program?

Not sure how to better phrase the question.

Many bots you see nowadays require the end users to sign up on a forum, or get a license key given by the dev, or something.

Often times you see people complaining, "OMG UR GUNA STEAL MY ACUNT"

To which the developer rolls his eyes in a "***** please" fashion, as logic clearly isn't a strong suit for the end user.

Many times this safeguarding/complaining cycle drives many developers to keep their works private.

So what do you consider an acceptable way to safeguard a semi-public bot/hack/program from people you don't want to use it?



Storb is offline  
Old   #2
 
elite*gold: 0
Join Date: Feb 2006
Posts: 629
Received Thanks: 195
Quote:
Originally Posted by Storb View Post
Not sure how to better phrase the question.
You're confusing two different things and attempting to ask them as one question. I will answer both questions below.

Question 1: What can I do to make users of my program know that I am not stealing their information?

Quote:
Originally Posted by Storb View Post
Often times you see people complaining, "OMG UR GUNA STEAL MY ACUNT"
Users trust you or they don't. Regrettably, many people just download and run anything, out of desperation I guess. If people are scared you're going to steal their information then they shouldn't run your software. People who claim you're going to steal their information when they are asked to CREATE a *NEW* username and password are just plain stupid, since your username and password aren't necessarily (and SHOULDN'T BE) the same as your game login.

Asking for a login and password (created for the bot itself) is unrelated to Aion credentials unless the user believes you are key-logging them or tricking them into providing their game credentials. And if the user thinks you might be key-logging, they shouldn't have downloaded or run your software!


Question 2: What can I do to safeguard my code and other intellectual property contained in my program?

Quote:
Originally Posted by Storb View Post
Many bots you see nowadays require the end users to sign up on a forum, or get a license key given by the dev, or something.
Quote:
Originally Posted by Storb View Post
Many times this safeguarding/complaining cycle drives many developers to keep their works private.

So what do you consider an acceptable way to safeguard a semi-public bot/hack/program from people you don't want to use it?
You eluded to an answer there: Not release it.

That isn't to be snarky, but there really isn't anything you can do to make your program secure against crackers. The fundamental problem is that since your computer must be able to read/interpret/run the program, a user with enough patience could also do the same. A user with administrator access or ownership of the program on the computer can also EDIT that code which they're viewing. So they take one of your logical checks and hardcode a successful result, which immediately defeats your efforts.

Trying to protect your source code is sort of like an arms race and those who crack software generally have the upper hand. If you do well, you might confuse them for a week or two... but it really is a matter of time before any particular software is cracked.

You can look into things like "code obfuscation", "anti-debugger", and the like... but in the end nothing is bullet-proof.


Quote:
Originally Posted by Storb View Post
To which the developer rolls his eyes in a "bitch please" fashion, as logic clearly isn't a strong suit for the end user.
I don't necessarily agree with this, a malicious "bot" author could do plenty of bad things, not limited to stealing accounts. People need to be careful about what they download and run, or wait for someone they trust to become involved and check things out for them. Quite honestly the malware-to-legit ratio for programs on ePvP or the broader Internet is just plain bad.

The problem is that it is hard to diagnose the *INTENT* of the program.

For example... if you are on your bank website and another program is capturing your banking information, it is bad. But if you are on your banking website and talking to someone in VOIP chat with push-to-talk and your VOIP program is watching, notices, and reacts to you pressing that key... that's not a problem.

If this weren't the case, anti-virus heuristics would've solved the problem a long time ago and we wouldn't even be having much of this discussion.


lucid is offline  
Reply



« Previous Thread | Next Thread »



All times are GMT +2. The time now is 03:27.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.