Register for your free account! | Forgot your password?

Go Back   elitepvpers > Coders Den > .NET Languages
You last visited: Today at 01:33

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement

AsyncServerClient: Simple, open-source, cross-platform Async TCP Server-Client

Discussion on AsyncServerClient: Simple, open-source, cross-platform Async TCP Server-Client within the .NET Languages forum part of the Coders Den category.

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Jan 2012
Posts: 22
Received Thanks: 17
Lightbulb AsyncServerClient: Simple, open-source, cross-platform Async TCP Server-Client



AsyncServerClient: Simple, open-source, cross-platform Async TCP Server-Client project (with SQL and 3-Way Handshaking support) for .NET Assemblies built in .NET Core

AsyncServerClient teaches you how TCP based Async Server-Client works actually with the three-way handshake architecture, as simplified as possibly. It is designed in the bare-minimum struct.



Uses : .NET Core 2

Controls and wizards are available for users to:

* Deep detect feature to incoming-outgoing packets
* Analyze server-side or client-side packets with deeper details
* Send packets with any data type
* Three-Way TCP Handshaking feature
* Blowfish encrypted secure packets (You can also add new algorithms easily)
* Not complex, not hard, best project to understand TCP Async Server-Client Networking

Please don't forget to give a �� if you like.






_DeaLyDeviL_ is offline  
Thanks
1 User
Old 03/16/2019, 19:43   #2
 
elite*gold: 0
Join Date: Feb 2009
Posts: 1,077
Received Thanks: 510
Quote:
Originally Posted by _DeaLyDeviL_ View Post
*Three-Way TCP Handshaking feature
The fuck are you talking about? Usually your Operating system should take care of the 3-Way-Handshake of TCP, and not a single line of code by you should be dedicated to implementing the 3WHS.
What you implemented is a Handshake for encryption, and it's insecure AF.
Your Blowfish key is 32 bit Integer, and can be brute forced within seconds by any modern day computer. Your signing algorithm utilizes on the Hardness of the discrete log problem, but also only operates on 32 bit integers, meaning any modern day computer can crack this within seconds.
Also you are using Random.NextBytes, which is only a very weak pseudo randomness, meaning the random numbers you generate (and on which all of your security depend) can be predicted by an attacker, making everything you did basically useless.

If you want to have a secure TCP connection, use TLS implemented by a modern day library like the OpenSSL. Never (in a productive project) try to implement it yourself, ever. You will make mistakes, and your approach will be less secure (and performant) the libraries which are written by dozens of professionals over the course of decades.

After this is out of the way, here are some minor nitpicks:
Why using SQL? As this is meant to be an example, why use SQL at all doesn't this overcomplicate everything? Just use text files, no special software (SQL server) is than required and it fulfills the same purpose. Personally, as long as concurrency doesn't get a big problem (i.e. hundreds of connections at once) I usually always use files, because installing an sql server, creating the database structure and implementing the SQL functionality is hell of a lot work that I can just skip


Code:
while (s_master != null)
            {
                lock (m_Locker)
                {
                    try
                    {
                        Socket client = s_master.AcceptSocket();
                        [...]
                }
                Thread.Sleep(1);
            }
Accept is blocking, meaning this line of code could eventually take for ever. I think what you want to do is lock the server so it can't be set to null (i.e. stop listening) until the accept action is performed. But as s_master.AcceptSocket could take indefenetly, this could block you whole program.
I would recommend you to rethink your locking philosophy, because actually this lock is never used again if I can see correctly, rendering it completely useless, except to prevent startListener from interfering if executed multiple times, but this should be prevented by your design in the first place. So this lock just handles a case that shouldn't (be possible to) occur. Seems useless to me.

Lastly (I've only taken a short look at the server, I bet there are much more problems within the part I didn't read):
Quote:
Originally Posted by _DeaLyDeviL_ View Post
It is designed in the bare-minimum struct.
Why the fuck is it then overengineered like that? I know .Net developers often suffer from OOP-Tourette, but I can write a bare minimum TCP server, using OpenSSL for better security than yours in C in around 200 lines of Code (Including cross platform switches). A bare minimum C# project shouldn't be more than 4 times as much code than the bare minimum C variant.

Working through your example was quite an effort (c.a. 1-2 hours have I required only for writing this response), so calling it bare minimum is hell of an underestimation (or overestimation? I have no idea which fits better in this context)

PS: This forum has an release and a coding snippet subforum in the Coding Section for those kinds of threads, the .Net Subforum is usually for questions


warfley is offline  
Thanks
1 User
Old 03/16/2019, 20:53   #3

 
elite*gold: 15
Join Date: Jul 2018
Posts: 39
Received Thanks: 4
Good lucky dude.
tupcufiko is offline  
Thanks
1 User
Old 03/16/2019, 21:34   #4
 
elite*gold: 0
Join Date: Jan 2012
Posts: 22
Received Thanks: 17
First of all, thank you for your valuable comment. I have to say a few things. Firstly, i understand your rage clearly. And i think, you didn't read somethings that in the README. And I would like to remind you that I did the project in 2015.

Quote:
Originally Posted by warfley View Post
The fuck are you talking about? Usually your Operating system should take care of the 3-Way-Handshake of TCP, and not a single line of code by you should be dedicated to implementing the 3WHS.
What you implemented is a Handshake for encryption, and it's insecure AF.
1. I didn't implement the 3WHS, its coming from (a blowfish based tcp handshaking framework made by pushedx)

Quote:
Originally Posted by warfley View Post
Your Blowfish key is 32 bit Integer, and can be brute forced within seconds by any modern day computer. Your signing algorithm utilizes on the Hardness of the discrete log problem, but also only operates on 32 bit integers, meaning any modern day computer can crack this within seconds.
2. Eveybody knows Blowfish is too bad and F* waste. Yes, you of course can crack it within seconds. But SSA.dll uses Blowfish to encrypting somethings. That's why I'm stick with it. I would also love to use RSA-4096, then you can't crack this unless if you have a super computer, isn't it?

Quote:
Originally Posted by warfley View Post
If you want to have a secure TCP connection, use TLS implemented by a modern day library like the OpenSSL. Never (in a productive project) try to implement it yourself, ever. You will make mistakes, and your approach will be less secure (and performant) the libraries which are written by dozens of professionals over the course of decades.
3. My main goal wasn't to make super secure 3WHS. It was easy and simple system as far as possible using SSA.dll. So I would love to use TLS 1.3 too!

Quote:
Originally Posted by warfley View Post
Why using SQL? As this is meant to be an example, why use SQL at all doesn't this overcomplicate everything? Just use text files, no special software (SQL server) is than required and it fulfills the same purpose. Personally, as long as concurrency doesn't get a big problem (i.e. hundreds of connections at once) I usually always use files, because installing an sql server, creating the database structure and implementing the SQL functionality is hell of a lot work that I can just skip
I do not remember exactly what I would do with this project 4 years ago. It was probably part of the project. Why did you get rage at that? Server and SQL are inseparable lovers.

Quote:
Originally Posted by warfley View Post
Accept is blocking, meaning this line of code could eventually take for ever. I think what you want to do is lock the server so it can't be set to null (i.e. stop listening) until the accept action is performed. But as s_master.AcceptSocket could take indefenetly, this could block you whole program.
I would recommend you to rethink your locking philosophy, because actually this lock is never used again if I can see correctly, rendering it completely useless, except to prevent startListener from interfering if executed multiple times, but this should be prevented by your design in the first place. So this lock just handles a case that shouldn't (be possible to) occur. Seems useless to me
The most sensible comment part for me. Thanks for that. Because I didn't know what is Blocking-NonBlocking sockets then. But now, maybe i can write a better struct for main accepter. What about this one?

Code:
private readonly ManualResetEvent m_manualResetEvent = new ManualResetEvent(false);

protected void DOBeginAccepter() {
	while (m_listenerSocket != null) {
		m_manualResetEvent.Reset();
		try {
			m_listenerSocket.BeginAccept(new AsyncCallback(DOConnectionAccepter), m_listenerSocket);
		} catch { }
		m_manualResetEvent.WaitOne();
	}
}

protected void DOConnectionAccepter(IAsyncResult iar) {
	Socket socket = null;

	m_manualResetEvent.Set();

	try {
		socket = m_listenerSocket.EndAccept(iar);
	} catch (SocketException e) {
		throw new Exception("XXX " + e.ToString());

	} catch (ObjectDisposedException e) {
		throw new Exception("YYY " + e.ToString());
	}

	//...
   
}
I really don't know, I created this structure in my previous project. What do you think?

Quote:
Originally Posted by warfley View Post
Why the fuck is it then overengineered like that? I know .Net developers often suffer from OOP-Tourette, but I can write a bare minimum TCP server, using OpenSSL for better security than yours in C in around 200 lines of Code (Including cross platform switches). A bare minimum C# project shouldn't be more than 4 times as much code than the bare minimum C variant.

It just for advertising actually. And also i can write in around a few lines in Rust with better and more secure way (Including cross platform switches) if you want to race.


_DeaLyDeviL_ is offline  
Thanks
1 User
Old 03/16/2019, 23:15   #5
 
elite*gold: 0
Join Date: Feb 2009
Posts: 1,077
Received Thanks: 510
Quote:
Originally Posted by _DeaLyDeviL_ View Post
First of all, thank you for your valuable comment. I have to say a few things. Firstly, i understand your rage clearly. And i think, you didn't read somethings that in the README. And I would like to remind you that I did the project in 2015.
It's not down to your implementation, but more about the thread in general. If you know your algorithm is unsecure than you should write this in bold red in the thread. I've seen quite often (surprisingly sparse in this forum) that someone just thought: Well i can do security on my own, or someone just copying projects like yours and think they have somewhat of a secure connection. Thats the main reason for the bold red part of mine, so anyone who enters this thread can see that this is not something to base your project on. Thats why I used such a harsh language.
Also I like swearing

I personally like implementing such stuff on my own, and having examples online is great, but it often leads to someone beeing fooled and thinking that they could use this code.

Quote:
Originally Posted by _DeaLyDeviL_ View Post
2. Eveybody knows Blowfish is too bad and F* waste. Yes, you of course can crack it within seconds. But SSA.dll uses Blowfish to encrypting somethings. That's why I'm stick with it. I would also love to use RSA-4096, then you can't crack this unless if you have a super computer, isn't it?
Blowfish (at least with 16 iterations) isn't even that bad, it's still considered secure but not fit for the future.

Regarding RSA, you are still save with "only" 1k bit. Onion Routing for example only uses 1k RSA. With regards to supercomputer, and rising performance it is recommended to use 2k-3k bit. Personally for my PGP key I use 4k to get maximum security (as I intend to use this key as long as possible)

Whats way cooler is elliptic curve cryptography, its super simple and gives you with 200 bits around the same security as 2000-3000 bit RSA, and is thereby fast as fuck.


Quote:
I do not remember exactly what I would do with this project 4 years ago. It was probably part of the project. Why did you get rage at that? Server and SQL are inseparable lovers.
I didn't raged about that, i just was still in the swearing mode from above. SQL databases are great for servers I know, but if I would download such an example and trying to get it to run, it would be really annoying to have to install and configure some SQL server.


Quote:
The most sensible comment part for me. Thanks for that. Because I didn't know what is Blocking-NonBlocking sockets then. But now, maybe i can write a better struct for main accepter. What about this one?

Code:
private readonly ManualResetEvent m_manualResetEvent = new ManualResetEvent(false);

protected void DOBeginAccepter() {
	while (m_listenerSocket != null) {
		m_manualResetEvent.Reset();
		try {
			m_listenerSocket.BeginAccept(new AsyncCallback(DOConnectionAccepter), m_listenerSocket);
		} catch { }
		m_manualResetEvent.WaitOne();
	}
}

protected void DOConnectionAccepter(IAsyncResult iar) {
	Socket socket = null;

	m_manualResetEvent.Set();

	try {
		socket = m_listenerSocket.EndAccept(iar);
	} catch (SocketException e) {
		throw new Exception("XXX " + e.ToString());

	} catch (ObjectDisposedException e) {
		throw new Exception("YYY " + e.ToString());
	}

	//...
   
}
I really don't know, I created this structure in my previous project. What do you think?
Im not so much into .Net (im usually more low level programming, thereby I don't know about all the fancy ways you can do things in C#) but what i would do is:
Code:
while (!terminated) {
  if (!s_master.Pending()) { Sleep(1); continue; } // break fast break even
  Socket client = s_master.AcceptSocket();
  ...
}

void StopAcception() { terminated = true; }
This way you don't need locks at all. terminated is just a bool variable, set it to true and the server will stop. By .pending it checks whether there is a connection request in the operating systems queue, if not it calls the thread dispatcher (sleep(1)) and continues the loop.
If a connection is in the queue, its accepted.

Of course if you have more points that access terminated (for writing) you would need a lock (or not, depends on the situation), but as long as it's kept simple, there shouldn't be anything wrong with that

Quote:
Originally Posted by _DeaLyDeviL_ View Post
It just for advertising actually. And also i can write in around a few lines in Rust with better and more secure way (Including cross platform switches) if you want to race.
Yeah, to me it just looks a little bit overengineered, for what it actually does


warfley is offline  
Reply

Tags
async, c#, client, net framework, server



« Datei einlesen bzw. bearbeiten | - »

Similar Threads
PokeBot.Ninja: Cross-Platform, Powerful UI, Map, beta Captcha support
08/25/2016 - Pokemon Hacks, Bots, Cheats & Exploits - 0 Replies
After many near-sleepless nights of coding (and tons of caught pokemons ;)) I feel it is time to release the Pokemon Go bot I have made. Bot is written in java, meaning you can run it on any system that has the latest version installed:*https://java.com/en/download/ Many of the existing bots are console based, but decent UI is a must-have in my opinion, so that's the reason for creating it. EVERYTHING WORKING AGAIN Download link (redirects to zippyshare) for latest version: Zippyshare.com...
C# Async Socket Server | Client Disconnect Erkennen
08/06/2016 - .NET Languages - 2 Replies
Moinsen, Ich habe ein Problem - Ein Server Welcher Nachrichten empfängt - ein client welcher Nachrichten sendet... Wenn die Verbindung aufgebaut ist und ich bei dem Client den "Stecker" ziehe kriege ich bei dem Server weder eine Exception noch irgend eine Andere Meldung.. Wenn ich nach dem "Stecker ziehen" versuche eine Nachricht an den Client zu senden und per try/catch einen Fehler abzufangen passiert nichts... kein Fehler keine andere Meldung... Bis jetzt habe ich keine Lösung...
[Albion online], real cross platform next gen mmorpg.
03/05/2014 - Foreign Games - 0 Replies
Albion Online Albion Online Webpage http://www.youtube.com/watch?v=SJg2-P3ESjI Key Features Player-driven economy All items AND buildings are player crafted. Build your own villages and towns. Rent out land or industrial buildings to other guilds.
[REQUEST]Cross-Platform Socket Libary
04/06/2013 - C/C++ - 5 Replies
I'm trying to find a Socket Libary in C++ which i could use on Linux , Windows and Mac OS. I already found Socket Classes like WinSock | WinSock2 but they are only for Windows. Hope you can help me ;) MFG Conrew



All times are GMT +1. The time now is 01:33.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

BTC: 3KeUpz52VCbhmLwuwydqxu6U1xsgbT8YT5
ETH: 0xc6ec801B7563A4376751F33b0573308aDa611E05

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2019 elitepvpers All Rights Reserved.