Good day. A friend keeps a server one online RPG-shki. Many people learned how to dump a server by sending obviously wrong packets using the WPE PRO program (such a package editor, writes and can change and forward). So, my task is to write a client application and somehow prevent these smart players from using this software.

What kind of help I want from you, dear professionals - these are just tips on where to dig and dig? Personally, I have no ideas, unfortunately. You can search in processes and kill, but here there are some critical moments. First, the program must have rights. Then, the process can still be hidden by some HideToolz, but you can also go around this and find the same software. But the main problem is that it is enough to send one packet and the server is lying. As I did now - my program communicates with the server via a TCP socket every 10 seconds on a gibberish, and if the program is not running in a person, the admin sees this and can throw a person out of the game, but the whole thing is that the server will fall in any In case if the person is in the game, although not, the wrong authorization package is sent and the server goes down. I thought in the direction of interception of functions like Recv, Send, but this prospect somehow does not make me happy, never engaged in interceptions, I am not a pro and will not master a competent interception. And do not go deep into the system, IMHO.

In general, submit ideas, please. Thank you in advance for your valuable help.

PS I am writing to RAD XE5, server to centos, the server part of the program works under wine =)

  • Is your server application or not? If yours, can you change it? Wine on the server from Delphi is cruel. - KoVadim
  • Server application? If what drives the game, then no, not mine. There are no sources, I can not change (then there would be no problems at all). And the cruel application under Vain is my delights =) So far, we do not take it into account. We must somehow prevent the launch / operation of WPE on the client side. Well, this is how I understand. - Sergeich
  • 2
    In my opinion it is obvious that the problem needs to be solved on the server, and not on the client. Solving the problem on the part of the client is a useless and ungrateful task. Authorization packages are also encrypted? If not, then they can be caught and checked on the server, if so, it is not clear why the server lies down when it receives an incorrectly encrypted packet? If this is a server application bug, can the developers have already fixed this bug? - kot-da-vinci
  • one
    @Sergeich, but you don’t know anything about encryption and the fact that you don’t know the protocol between the client and the server, there’s nothing in the question text. In general, the proxy works like this: on the IP, with which the client works, the program hangs up, which forwards the data to another IP (real server), which responds, of course, to it, considering that it is the client, and it in turn forwards the data to the client. It is clear that the proxy can change the data or not send them at all. Only, here, without knowledge of the exchange protocol, there is nothing to catch. - avp
  • one
    @Sergeich And how could one detect packet interception on the client side? Most likely nothing. - kot-da-vinci

0