Possible Hacking Solution!

[Feelmyheal]

Hey all!

It just occured to me that, as there is no gamelock on this particular game, Packet Editing is a very high possibility for hack attempts.

Just to explain, for those who dont know, Packets are clumps of information sent to and fro from the server.

Typical Example -

-You (The Client) click somewhere on the screen.
-Packets are sent from the Client to the Server, to check if the character can move there, and the move is made accordingly).
-Packets are sent FROM the server, to move your character accordingly.


With specific programs, it is possible to alter these packets. This is highly illegal, and very noticeable, but it is possible that the packets are being altered ever so slightly to avoid suspicion. In this case, They might be using WPE Pro or some other such Packet Editing devices.

But what interests me, is that a packet normally ranges from 2 KB to about 20 KB. There are keyloggers available that are roughly 4KB in size (This is a new keylogger, that was available as open source, for the purpose of learning. Obviously, these "Students" got tricky). What is even MORE interesting, is that these keyloggers are SO versatile, they can be attached to Data Packets. So one of the biggest threats, is attaching keyloggers via Packets. Think about it. The next time you even do something as simple as trade with someone, you might be getting infected with something that has the potential to destroy your char.

I am still quite unsure about this, but Ill do my bit of research on this and get back to you earliest this evening. (Latest tomorrow at this time).


I also heard about some Opera Browser Bug which reveals passwords. Im not too sure about this, but would like to bring this to the attention of the GMS as well.


So my only request, Please alert GMs to this topic, I may be totally wrong, but why take the chance?


Thanks for reading, and if anyone here has knowledge about Packet Editing and IP tracking, I request you to PM me here on forums.

-Sainath

[Ladyrowena]

Hi Sainath

I dont have much info myself but can refer you to a few good books if you have the time go for computer networks by Tanenbaum


Also there are many sites which can detail out stuff like iptracking etc i dont remember the name but u can google it i think so it is something like antihacking etc etc...

Hope this helps

[Eos]

Hey all!

It just occured to me that, as there is no gamelock on this particular game, Packet Editing is a very high possibility for hack attempts.

It's been done before by people, and their characters were banned or de-levelled as punishment.

But what interests me, is that a packet normally ranges from 2 KB to about 20 KB. There are keyloggers available that are roughly 4KB in size (This is a new keylogger, that was available as open source, for the purpose of learning. Obviously, these "Students" got tricky). What is even MORE interesting, is that these keyloggers are SO versatile, they can be attached to Data Packets. So one of the biggest threats, is attaching keyloggers via Packets. Think about it. The next time you even do something as simple as trade with someone, you might be getting infected with something that has the potential to destroy your char.

Interesting point you've made. My reply to the last line i highlighted is-there is no direct IP connection between player's PCs-everything is routed through the server.
Keyloggers are dangerous-which is why it's better to not play at a cafe.

There's one trick that's been used by smartasses before-during a trade, say you agreed to sell for 1 million wz, the person waits for you to press confirm, then quickly removes one zero so that you end up getting only 100k instead of 1M wz. After that s/he disappears. This is usually done with an anonymous char.

I also heard about some Opera Browser Bug which reveals passwords. Im not too sure about this, but would like to bring this to the attention of the GMS as well.

Yup, there are all sorts of bugs out there-bottom line is you've gotta be careful where you access the game. Ideal case would be to ONLY play from a trusted and secured machine at home. You can never trust a public PC at a cafe, even if user accounts there are locked down without admin privileges.

[Feelmyheal]

Interesting point you've made. My reply to the last line i highlighted is-there is no direct IP connection between player's PCs-everything is routed through the server.
Keyloggers are dangerous-which is why it's better to not play at a cafe.

Exactly! But packets ARE moved to the other person, Via the server. There is no direct connection, agreed, but they can still be achieved by the following -

1) Packet deflection. Some servers just deflect the packet to the client. In this case, the client is screwed.

2) If the hacker sends a dispatch to the server itself, (Assuming the server does not detect it), then the keylogger can be controlled by the hacker, from his PC, by sending packets to the KEYLOGGER, and not to the server. This is VERY rare because most servers can detect this easily, and Im quite sure the A3 server can.

There's one trick that's been used by smartasses before-during a trade, say you agreed to sell for 1 million wz, the person waits for you to press confirm, then quickly removes one zero so that you end up getting only 100k instead of 1M wz. After that s/he disappears. This is usually done with an anonymous char.

Well this falls under the category of scams, so no point discussing it here, eh? This just requires the player to be careful during trades and not rush like the world is about to end.

[Feelmyheal]

This may be a bit out of my league, but I strongly urge the Devs to take a look at this, It may be highly beneficial -

http://eng.nprotect.com/nprotect_gameguard.htm

[Pero]

Even then how does people who doesn't share passwords and doesn't even enter a cafe get hacked ?

[Feelmyheal]

Read my first post.

[Pero]

To big ..and i am lazy to read the full crap

[Feelmyheal]

If you consider that to be "Crap", then I have nothing more to say to you.

One of the things I HATE the most is people using the "Fix it but dont get geeky on me" Attitude.

[Sandeepndedh]

ok lots of misconception this guy has,


you cannot attach any thing at packet level, WPE pro has jus ability to send crafted packets. Even if u successes in attaching you need to execute that code on any platform in order to load in to system( i m using lay man terms as much as i can) and trust me on a3 India server packet crafting is not possible......


Nike Name: Sandy......