Obfuscation didn't hinder the game that much.
Mapvote: anyone can do one too;
ZP: same;
Pure: same.
I don't understand why Mapvote was obfuscated, but I assume it was because it has really bad exploits, and I am 100% sure they can all be avoided without obfuscation in the equation.
As for ZP, obfuscation didn't keep "you know who" from creating the "Mass Murderer", also fault from the original coder.
Pure, "you know who" also laughs at its attempts at avoiding cheating, in other words, most of Pure is obsolete nowadays, and only a few things actually still make sense using given that they cover what ACE does not (on client tweaks and such iirc).
It just happens that no one committed in developing alternate versions, obfuscation always played a very tiny role on things, since most coders do not hide their code even after knowing the tools. In fact, all these obfuscation tools are either too weak, or just mess the entire package causing it to malfunction by itself.
In other words, and reiterating what I posted before: personally, I am not worried with obfuscators, and people like Higor even take the effort to post useful code and some theories in how to do new things, so what's the problem exactly?
Ingame package obfuscator.
- Feralidragon
- Godlike
- Posts: 5493
- Joined: Wed Feb 27, 2008 6:24 pm
- Personal rank: Work In Progress
- Location: Liandri
-
- Inhuman
- Posts: 958
- Joined: Wed Mar 31, 2010 9:02 pm
- Personal rank: I am quite rank.
- Location: MrLoathsome fell out of the world!
Re: Ingame package obfuscator.
Don't be sorry. All your observations/comments were just fine.Wises wrote:fair enough too sorry about that all..
I go back to what I was doing.
And just to add to Ferali's observations.
If the idea, and results are known, anybody with the time and a bit of knowledge can
probably recreate the thing, (whatever it is....), with just a bit of effort.
blarg
Re: Ingame package obfuscator.
billybill wrote:I wish you'd spend more time on something else. But I will weigh in on the other side of the debate. Is the debate still happening all these years later?
As ferali put it, if someone made something malicious, and then used a tool like this. It would be much harder to know what was happening. Personally I would check all mods for both security and increased latency issues before i ran them online.
As ferali pointed out, we would find out and it could indeed take longer which means it will go further than what happened to the last guy who messed with the ut community, who has a few hundred captions to his self portrait.
Thirdly if somebody was using these obfuscators all the time, their respect level should overall drop to the point they feel some sort of shame asking for any sort of help. Given that they will not let others learn from them. Now, given the security argument is invalid. You don't want them to steal and use the work? once again Ferali is right on the button. split it into two packages and its done. It's a topic for another thread why so many servers are popping up using an unreleased version of the mod you keep obfuscating and the maps you have monopolied (lack of a better word) as well
Re: Ingame package obfuscator.
I am a man of full disclosure... when I see something can be done to address the issue, provided I didn't handle it myself earlier like I already did numerous times.
Saying I haven't built things for either good or bad to see what the capabilities of both would be lying, it's just that none of those ever leaves my HDD.
There are some issues that are beyond our capabilities, which can only be solved by a certain party(ies), talking here about those with the game's full source code.
When I know these issues can only be fixed by these people, of course I won't disclose such exploits/issues to general public.
I wonder what would have happened if a certain D4 hadn't uploaded his 'console', how long would have the ones on the 'good' side would have taken to realize, had they actually realized.
There's lots of examples like this but this one is what I remember best.
Saying I haven't built things for either good or bad to see what the capabilities of both would be lying, it's just that none of those ever leaves my HDD.
There are some issues that are beyond our capabilities, which can only be solved by a certain party(ies), talking here about those with the game's full source code.
When I know these issues can only be fixed by these people, of course I won't disclose such exploits/issues to general public.
I wonder what would have happened if a certain D4 hadn't uploaded his 'console', how long would have the ones on the 'good' side would have taken to realize, had they actually realized.
There's lots of examples like this but this one is what I remember best.
Re: Ingame package obfuscator.
code > decompiled into memory > executed.. (visible)
obfuscated code > decompiled into memory > executed.. (visible)
no matter which way you look at it.. it becomes 'known/(visable)' at the point of execution.
kinda like upx , everything all nicely encrypted until 'Execution' time... Then TaDa
just like in the good ole days when ppl used IDA to see how things worked.
obfuscated code > decompiled into memory > executed.. (visible)
no matter which way you look at it.. it becomes 'known/(visable)' at the point of execution.
kinda like upx , everything all nicely encrypted until 'Execution' time... Then TaDa
just like in the good ole days when ppl used IDA to see how things worked.
- Feralidragon
- Godlike
- Posts: 5493
- Joined: Wed Feb 27, 2008 6:24 pm
- Personal rank: Work In Progress
- Location: Liandri
Re: Ingame package obfuscator.
The thing with UT is that its byte code is relatively simple to decompile. In languages more full-featured, it's harder since there are more rules, conditions and more things you don't know how they behave, specially when they start to involve multi-threading.
And the more hardware evolves, more layers start to exist since it's able to process them all, enhancing the complexity even further. Unless you're already a veteran, the evolution of hardware and software ends up making the code less prone to theft due to all the layering you need to figure out.
And the more hardware evolves, more layers start to exist since it's able to process them all, enhancing the complexity even further. Unless you're already a veteran, the evolution of hardware and software ends up making the code less prone to theft due to all the layering you need to figure out.
Re: Ingame package obfuscator.
You could 'easily' avoid all of the above by creating your own compiler (not that hard as most source code you need is already online ), custom Op Codes and a custom native virtual machine along with you package to execute the correct Op Codes (Overwrite Hook UObject::ProcessInternal, UObject::CallFunction and UObject::ProcessEvent) I've messed with the stuff above, got it working uptil a certain level.Wises wrote:code > decompiled into memory > executed.. (visible)
obfuscated code > decompiled into memory > executed.. (visible)
no matter which way you look at it.. it becomes 'known/(visable)' at the point of execution.
kinda like upx , everything all nicely encrypted until 'Execution' time... Then TaDa
just like in the good ole days when ppl used IDA to see how things worked.
Obfuscation will never ever keep your code 100% safe, there is always someone with enough knowledge to decompile your stuff. (For example, i have a decompiled utdc, ace, zeroping and leagueAS package of any version here ) If certain things need to be protected, keep the client/server code seperate like Feralli suggested.