Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FakeClient

Comments in 'Tools' started by LegendsOfMCPE, Jun 2, 2014.

  1. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Then it must be a bug only for me that MCPE generates chunks instead of loads chunks.
  2. Pocketart
    Offline

    Pocketart Active Member

    Joined:
    Aug 31, 2013
    Posts:
    55
    Minecraft User:
    Pocketart
    #no_offense
    I don't really like the idea of this project...
    It dangers my server, and to be precise,... ive never had problems crashing while logging in before
    AND... it takes me less than 5 seconds(on ipad) and less than 10 seconds(on S4) to load all server data while connecting... no point
    and when you say "quizzes" to test the user's license... that doesnt really make the app secure... all I have to do is look into the application file... and hunt for "if---> else" statements (probably the easiest way to make quizzes) and the answers will be there. Its either that, or id like to point out that just because youre a plugin developer,... doesnt mean that you are not going to abuse the application.
    For example: who remembers Kevinwangchina? or VanishedKevin?
    remember what he did? he put "op kevin" directly in his plugin codes.
    If people like him ever get their hands on this application,... they will abuse it to the MAX
    besides... my friend is in the "shadow clan or "shadow team" or "shadow army" or whatever that was... they were supposed to be professional server hackers/greifers... but anyway... he told me that most of them are MCPE mod developers and custom plugin developers (be careful! your plugin dev might be a hacker)... they KNOW the api!

    To conclude,... i think this application should have stronger security systems.... as hackers these days are becoming more and more powerful.
    i recommend setting up a "register and login" system... and only let known plugin developers register up for it(make sure to verify with them on PM forums)...... then use tough authentication(mail, password, security questions, facial scan,... etc...) to let the verified plugin developers log in to use this application. I also recommend you to make it so that the "code that includes the application functions" would be downloaded from a data server... and then temporarily loaded into the application... then when the user "kills" the app... the temporarily loaded data would be deleted................................................... This is to prevent malicious users to directly extract the application code and use it for bad purposes.
    PEMapModder likes this.
  3. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Or another simple methods is to let the server owner download a plugin where the bot will auto stop if there is no packets from the server (due to the downloaded plugin) that tells that this server allows bots.
    The bad thing is, a real developer can just download the source, modify it, recompile it and delete all limitations.
  4. Dinokiller
    Offline

    Dinokiller Notable Member

    Joined:
    Sep 22, 2013
    Posts:
    376
    Minecraft User:
    Dinokiller_
    He has a point. A part from the if..else part because Android apps are compiled.
    PEMapModder likes this.
  5. LDX
    Offline

    LDX Notable Member Plugin Developer

    Joined:
    Oct 2, 2013
    Posts:
    1,397
    Plugins:
    14
    There are no "hackers". The shadow army just hijacks PocketServer servers with the default RCON password.
    Darunia18 likes this.
  6. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,167
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    i think we misunderstood about the loading chunks and generating chunks word :p
  7. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    RCon password aren't random?
  8. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,167
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    in pocketservers only :p
    LDX likes this.
  9. Tuff
    Offline

    Tuff Active Member

    Joined:
    Jan 25, 2014
    Posts:
    203
    Minecraft User:
    Roboroug2
    You should make and distribute on the forums a plugin that will allow only one bot per server, and limits the bots capabilities if necessary. Then real developers wishing to test their plugins can do so, and server owners wishing to protect themselves from bots just need to install your plugin and no bots will be allowed. That would make the solution server-side, and server owners wouldn't have to worry about bot spammers.
    PEMapModder likes this.
  10. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Or simpler, server owners who wish to have this bot login-able on their servers (I.e. the plugin developers) must install the allow-bot plugin.
  11. shoghicp
    Offline

    shoghicp Staff Member PocketMine Team

    Joined:
    Aug 22, 2013
    Posts:
    433
    Plugins:
    14
    Minecraft User:
    shoghicp
    https://github.com/shoghicp/RakLib/ will alow the creation of custom clients in the future. You have to secure the server using proper means, not by obfuscation since there are other people that will be able to bypass that.
  12. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    What if I send to the server that the protocol version is (0x80 + current protocol) (for example use a plugin to allow protocols 128 larger too) and if the server doesn't have a plugin that allows this protocol the connection will be refused?
    LDX likes this.
  13. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Example:
    PHP:
    <?php

    namespace LegendsOfMCPE\FakeClient;

    use 
    pocketmine\network\protocol\Info;

    class 
    Main extends \pocketmine\plugin\PluginBase{
        public function 
    onEnable(){
            
    $this->getServer()->getPluginManager()->registerEvents($this$this);
        }
        public function 
    onPkReceive(\pocketmine\event\server\PacketReceiveEvent $evt){
            if(
    $evt->getPacket()->pid() === Info::OPEN_CONNECTION_REQUEST_1){
                if(
    $evt->getPacket()->structure 0x80){
                    
    console(($evt->getPacket()->structure === 0x80 Info::STRUCTURE "A ":"An outdated ")."FakeClient bot logging in from ".$evt->getPacket()->ip."!");
                    
    $evt->getPacket()->structure -= 0x80;
                }
            }
        }
    }
    iJoshuaHD likes this.
  14. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
  15. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Another thing is captcha, we could implement it through pixelart. A plugin project of @LegendsOfMCPE
    iJoshuaHD likes this.
  16. Pocketart
    Offline

    Pocketart Active Member

    Joined:
    Aug 31, 2013
    Posts:
    55
    Minecraft User:
    Pocketart
    As long as theres a way to disable bots for a server,... ill be fine
    PEMapModder likes this.
  17. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,167
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    you can only allow bots in your server if you install the plugin that allows it, otherwise no bots can join.
    Darunia18 likes this.
  18. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Yes and as I said, those hackers may even not know how to bypass this xD even if they can modify the source.
    iJoshuaHD likes this.
  19. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,167
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    unless they have the source code of mcpe :p
  20. TheRealJ2KK2J
    Offline

    TheRealJ2KK2J Active Member

    Joined:
    Mar 10, 2014
    Posts:
    121
    Minecraft User:
    J2KK2J
    if my interwebs was that fast :p
    LDX and Comedyman937 like this.

Share This Page

Advertisement