SCE is currently in Development phase for Forge / Sponge.
This mod / plugin is used as a way to protect a players client, while giving the Server Admin the ability to approve of who can, or cannot connect. This is not hack proof, however, it is a means of preventing (or allowing) players from modifying their clients. There are also some other client functions that have been implemented, and will list them all out once I’ve ported the mod over.
Because this is dependent upon permissions, and because I don’t think perms have been incorporated yet into Sponge, I may have to rewrite some portions
Full version : 1.6.4 (This is an old Beta version that I was working on. Never completely finished, logic still needed some tweaking, but works for the most part):
Wont be able to hack / crack this one! Currrently, its too secure, so some of its features will be removed. Just copying the .class files is tricky because of how secure it is.
Even if they hacked / cracked it, it’ll take me 2 minutes to reob, recompile, and the hacker would have to do it all over again.
Gonna put up some screenshots of its functionality, so keep checking back. Also, I haven’t touched it in 6 months or so, so I don’t support it at all in its current state.
So how do you plan to do this when practically all client side mods don’t report anything to the client?
Remove “near 100% hack-proof” as its incorrect especially considering the real definition of hack in this context is “a clever solution to a tricky problem”.
What is the point of this? You just said even if they did de-obfuscate it, you’ll just re-obfuscate it and recompile. Nothing that would be after you found out that the client had been exploited, most likely after the would be hacker has already achieved his goal on a number of clients.
My second point is why would someone even bother attempting to exploit MC? If client exploitation was your goal it is inifitely easier to search databases of known exploits for other programs such as skype, irc, teamspeak? All things used by people that play minecraft.
Not having a go at you, but it seems kind of pointless to imply safety via this client when the rest of the system isn’t secure.
Correct, I wont be saying that. Its not really a claim, its functional as is. I haven’t touched it in 6 months, but the way it works is just like any other non-forge client mod. Simply copy your .class files to the client.
With forge, it should be even easier… copy to your /mods folder, and done.
And I’m not saying its completley hack proof, maybe im being a bit unrealistic in saying near 100%, but either way its gonna be tough hacking it. All data to and from is completely random… using RSA and SHA.
[quote]What is the point of this? You just said even if they did de-obfuscate it, you’ll just re-obfuscate it and recompile. Nothing that would be after you found out that the client had been exploited, most likely after the would be hacker has already achieved his goal on a number of clients.
My second point is why would someone even bother attempting to exploit MC? If client exploitation was your goal it is inifitely easier to search databases of known exploits for other programs such as skype, irc, teamspeak? All things used by people that play minecraft.
Not having a go at you, but it seems kind of pointless to imply safety via this client when the rest of the system isn’t secure.
[/quote]
The point is to secure the client from any modification by a player… period. It will force a player to use and only use the vanilla launcher with approved client / mods. If using Forge, it’ll force all players connecting to use the server approved mods.
Deobfuscating it will certainly be tough, but confident it’ll take a while to do it. Most will give up. But if it did, and we have players using the client, then all it would take is a few minutes for me to put out a “patch”. At that point the player and server owner can go back to what they were doing… playing. The hacker on the other hand would have to start over from scratch on hacking the client.
So I take it you’ve taken a look then! Awesome… oh, I’ve followed a lot of your stuff on bukkit!
Well, you’re right. People are gonna have problems with it. I personally know the contents, and its more of a project for myself that I love working on.
The principles of Information security are not to allow exploitation through poorly designed defenses, then put out a patch re-using those same defenses as a update to stop the attempted exploiters.
Thats like putting a lock on a door to stop intruders, then once they break in, putting another door up with the same lock.
I believe, based on this claim, that you have never in your life met a hacker.
If you give the client access to the code, it can and will be hacked. The only thing even remotely hack-proof is 100% serverside code.
I’m going to continue to rely on open-source serverside plugins like NCP to ensure clients don’t get overpowered hacks going.
Because I know it works, I know how it works, and I know nobody but me and the author can edit its code.
Nope, never met a hacker in my life. However, I used to be a hacker / cracker… cracking software, removing the security layers that prevented applications from being copied, distributed, etc.
Wow, completely amazing. Nothing but negativity towards a guy to who simply is working on something that people have complained about since the dawn of Minecraft. Amazing.
From the searching out topics, to creating a thread, to even trying to update a thread on my own project… pessimistic negativity. Even from an admired, respected, and well known Bukkit programmer.
Currrently, its too secure, so some of its features will be removed. Just copying the .class files is tricky because of how secure it is.