Buying Flyff SecurityFeatures and Systems

03/14/2017 03:06 Xenodas#1
I'm looking for flyff security features that can disable or prevent my neuz/source into getting hacked, I look at how Fantasia did theirs, and they made their Game Resource into 1 big .pack files, I was wondering if that is fine and will lessen the hackers that can infiltrate my server?

I'm willing to pay someone who can make my concepts on systems a reality in flyff, and can give my server a nice security, I tried AEScrypt but I don't think it's doing its job.

Kindly comment here then give me a pm if you're interested. Thank you :)
03/14/2017 10:42 NickHough#2
Hey,

1 big pack file isn't always the best way round anything as it will require a longer amount of time to search that pack file for individual files as to the smaller ones where you specify folder to look through for types of different files, which is why many games have smaller files that linger. Also if not done properly it will be a bitch to patch files as you would need to open the pack file, find the file that is different then replace it, but again depends on how it is done. Some pack files are just folder structures in a single file (i assume fantasia did this, or i hope they did xD)

As for AEScrypt, if you aren't skilled with cryptography having something this advanced can cause even more problems then you'd think. But based on implementation it may not work properly.

Please list security concepts you'd need so that gives people (and me) an idea of what you're looking for.

As for game resources, if they are encrypted/compressed or what ever, it won't necessary prevent your server getting hacked, it will just take more then a typical noob with a tool to do so. But there is always ways around things like encryption as the decryption algorithm will have to be stored in the client somewhere and the determined hacker will take the time to decrypt your files.
03/14/2017 20:01 cookie69#3
Quote:
Originally Posted by NickHough View Post
Hey,

1 big pack file isn't always the best way round anything as it will require a longer amount of time to search that pack file for individual files as to the smaller ones where you specify folder to look through for types of different files, which is why many games have smaller files that linger. Also if not done properly it will be a bitch to patch files as you would need to open the pack file, find the file that is different then replace it, but again depends on how it is done. Some pack files are just folder structures in a single file (i assume fantasia did this, or i hope they did xD)

As for AEScrypt, if you aren't skilled with cryptography having something this advanced can cause even more problems then you'd think. But based on implementation it may not work properly.

Please list security concepts you'd need so that gives people (and me) an idea of what you're looking for.

As for game resources, if they are encrypted/compressed or what ever, it won't necessary prevent your server getting hacked, it will just take more then a typical noob with a tool to do so. But there is always ways around things like encryption as the decryption algorithm will have to be stored in the client somewhere and the determined hacker will take the time to decrypt your files.
It is always a pleasure to read your comments and I am a little bit curious about people who want to secure files and data. I mean, what is the point to secure all the RES files etc if we can do anything client-sided by just modifying the game client memory?
Even the official game client is bypassed easily in ring3 without any coding effort. Some other hacks like modifiyng the game client itself will or can be done using sofisticated techniques that run in ring0 IMO but you normally don't even need to alter the client itself, just RPM/WPM are enough to bot, dupe,stat,..
03/21/2017 13:05 NickHough#4
Quote:
Originally Posted by cookie69 View Post
It is always a pleasure to read your comments and I am a little bit curious about people who want to secure files and data. I mean, what is the point to secure all the RES files etc if we can do anything client-sided by just modifying the game client memory?
Even the official game client is bypassed easily in ring3 without any coding effort. Some other hacks like modifiyng the game client itself will or can be done using sofisticated techniques that run in ring0 IMO but you normally don't even need to alter the client itself, just RPM/WPM are enough to bot, dupe,stat,..
Sorry for the late reply.

Yes, the reason the official game is easily bypassable is because the original source has been released, if you make enough changes to the released sources, such as re-checking every features and making sure there is a serverside check for each action to verify that action the source becomes easily more secure.

To create bots you only need to access ring2 and maybe ring1 depending on device you are trying to control, as most bots replicate real human interaction it'd mostly be limited to ring2 and accessing keyboard and mouse control.

So to secure your server, you'd need to make sure all significant checks are made server side and just encrypt and compress client files to save space and make it more difficult for anyone to steal your custom edits.
Also note that most of the sophisticated programs are based on the open Flyff source (v15) and utilize the exploits in the original game source. If you employ obfuscation or even encryption to your files client side this will make it a tiny bit more difficult to use these publicly available programs. But what you've got to really do is have point to point encryption on packets, and have a asymmetric encryption this way you only give out the public key and keep the private key to yourself.
03/21/2017 18:44 cookie69#5
Quote:
Originally Posted by NickHough View Post
Sorry for the late reply.

Yes, the reason the official game is easily bypassable is because the original source has been released, if you make enough changes to the released sources, such as re-checking every features and making sure there is a serverside check for each action to verify that action the source becomes easily more secure.

To create bots you only need to access ring2 and maybe ring1 depending on device you are trying to control, as most bots replicate real human interaction it'd mostly be limited to ring2 and accessing keyboard and mouse control.

So to secure your server, you'd need to make sure all significant checks are made server side and just encrypt and compress client files to save space and make it more difficult for anyone to steal your custom edits.
Also note that most of the sophisticated programs are based on the open Flyff source (v15) and utilize the exploits in the original game source. If you employ obfuscation or even encryption to your files client side this will make it a tiny bit more difficult to use these publicly available programs. But what you've got to really do is have point to point encryption on packets, and have a asymmetric encryption this way you only give out the public key and keep the private key to yourself.
Nice explanation ty :)