[Release] Remote GM Tool Source

→VandRalaus← · 12/21/2013, 20:36

Releasing the remote gm tool's source that i released a month ago, for those who are interested in the idea of remote development, the source includes everything in the tool, didn't edit source since i release the tool.

ill also release the console server that supports the new security system that works on the tool, it makes getting an authorized client's ID hard af, because the ID is basically a HWID, BUT! the thing that makes it more secured is adding DateTime.Now to string before hashing.

have fun people! i hope that some programmers will improve this idea!

P.S : if you're serious about developing it, add me at skype for help if needed, i guess it'd be fun to co-work on it (but i don't have much time) also, with no offense, please don't pm with stupid questions, google can satisfy most of your needs!

RGT source :

Console soucre :

up coming patch server, all done need testers, add my skype if interested

M>M · 12/28/2013, 13:32

nice work

and i like the new security system it's really clever

~~TheBrain_~~ · 12/29/2013, 00:02

Quote:

Originally Posted by →VandRalaus←

ill also release the console server that supports the new security system that works on the tool, it makes getting an authorized client's ID hard af

i've been digging thru the code, asmuch you think its safe it actually is not.

please read The OSI Model from Wikipedia to give you some insight,

Perhaps you'll find some better ways of understanding the security between host and device.

Also look into ; SPI,AH,ESP and IKE. you'll learn alot from these.

Further more, you really need to use #region ~ #endregion in your code to keep things clean and simple..

hopefully i gave you some advice that can help you out.

→VandRalaus← · 12/29/2013, 10:28

Thanks TheBrain i'll take a look when i can, but i know that there are many ways to crack a server-client system, thats why i tried to keep the security server sided as much as i could, basically the client only sends HWID and commands, and still after all, the server needs to approve it manually so i thought thats enough for now

, maybe there's something i didnt notice, tell me if u can, cuz tbh i thought even if people mess around with the client, wouldn't be able to get authorized since it happens manually, and also I've added DateTime.Now before hashing HWID so... and thanks btw, this's what i was hoping the console server to get, improvement

And about the region thingy, ye ill start using it, cuz honestly i wasnt gonna release the source first, it wasnt so hard to find stuff since i wrote them, but yeh, since every new project will be an open source, ill use them

Edit : hmmm yeah got ur point after reading the wiki link u posted, well im not sure, feel free to edit source, everyone can edit it, thats why i released it

(Ill see more later, working on another project atm, a patch server

)

~~TheBrain_~~ · 12/29/2013, 18:47

As the setup (the way you coded it) i can '' listen '' to both channels and tap in/out a packet, edit the source and send it again in the same time i repeat a session.

just like having a wireless key of a car, and you're standing quite far from it. u tap ur keys and i got your signal. your car never got closed, just made the bleep sound.

(cant explain simpler than this)

→VandRalaus← · 12/29/2013, 21:03

And what do u suggest? Making special message code format like the army did in the old days? xD but then i wont be able to release sources i guess...

~~ismokedrow~~ · 12/29/2013, 22:40

To be honest you can't release the source of server and call it "Secure" because by definition most security is through obscurity (meaning purposeful confusion of data)

→VandRalaus← · 12/30/2013, 09:39

You are right smoky, but i wanted people to see this idea and build more tools based on it.. but yeah ill take TheBrain's advice and soon ill release obfuscated exe only :P

glandu2 · 12/30/2013, 12:31

the security should not be based on obscurity, especially with a c# or java program (obfuscation may help though)

But should be based on the strength of the used keys. So if you want a great security level, use asymmetric keys that the user provide or your tool generates (if we can dig into a gameserver to be able to run it with new features, it's also possible to see what your tool do even obfuscated).

At least, don't use a fixed key even with the most obscure protocol for a minimally serious remote tool. (and also not a home-made encryption algorithm, already existing ones are generally already implemented in whatever language).

Also if you want a readable by many source code, you should split it into several files (at least separate gui / logic code)