Plugin System

[pfyon]

Disclaimer: I have no experience with MQ2 or the packets sent between the server and client. All of my responses are based off the assumption that eq was designed and programmed properly (ie, don't let your client choose how much dmg it wants to do).

As drakelord said, warping can be easily checked server-side (check locations of the player in a time frame, check buffs/effects and see if it's possible to move that far).

Damage should be calculated by the server anyway, and clients shouldn't be able to communicate directly, so I don't understand how dmg hacks work.

I did download the mq2 source the other day so I could look at how it works, but haven't gotten around to it.

[drakelord]

Quote:

Originally Posted by pfyon

Disclaimer: I have no experience with MQ2 or the packets sent between the server and client. All of my responses are based off the assumption that eq was designed and programmed properly (ie, don't let your client choose how much dmg it wants to do).

As drakelord said, warping can be easily checked server-side (check locations of the player in a time frame, check buffs/effects and see if it's possible to move that far).

Damage should be calculated by the server anyway, and clients shouldn't be able to communicate directly, so I don't understand how dmg hacks work.

I did download the mq2 source the other day so I could look at how it works, but haven't gotten around to it.

I actually found the version that is used on the current EMU. It works through applying hooks. So an application to block it would pretty much end up moving towards a hook war. Mmm, hooks.

[Taurinus]

Yea, and not to mention the fact that a user can rootkit their OS to determine a winner forever (MQ). Not even enforcing a hacked client (not possible) could get around this.

[Tyen05]

If you can make it, than do it. If people have a need for it they will use it.

[demonstar55]

There is no easy way to "fix" the MQ2 "problem"

and yes, anything that is done client side can be exploited

as far as I know, there are no dmg hacks for MQ2

Some odd things that can be hacked are safe fall, falling damage, encumbrance, vision (ultra vision etc), equipping items you can't and using their clickies etc (believe EQEmu code has pretty good protection against this, as in it reports it accurately), invis, sneak

Warping there isn't really a way to fix this, best thing to combat this is checking for change in loc, which the code is already doing, but it generates false positives :/

but of course this can be prevented by forcing the user to run an app on their computer like bane of life plans on doing

MQ2 is mainly a huge problem for PVP, which I understand completely, PVE it only adds problems from the active hacks, mostly

[drakelord]

Quote:

Originally Posted by Taurinus

Yea, and not to mention the fact that a user can rootkit their OS to determine a winner forever (MQ). Not even enforcing a hacked client (not possible) could get around this.

The MQ2 detector would essentially be an active running root kit that can be turned on and off. It would use the WH_DEBUG hook. Problem is, I'm not sure if two applications both have WH_DEBUG hooks, which will run first.

[norsan]

im sory but i would never play on any emu server that would force me to install a third party app in order to play on it call me paranoid but theres no telling what would be in it and if the source for such an app was released well then it would then become useless anyway... interesting connundrum

[drakelord]

Yea. Looking at the MQ source, even client side, there is only so much that can be done about this program.

MQ is completely open source, meaning anyone can make changes to the program and recompile it. It blocks itself from debugger checks by modifying assembly values in the first few sequences of code. Meaning, the only real easy way to check if MQ is running is to check the currently running modules (DLLs) and see if any of the MQ files are running.

One situation there is that someone could change the name of the DLLs. So, to do a further check at this point, you could obtain the memory address of the modules and check one of the functions based on the ordinal numbers, and see if it returns an expected value. But if someone were to find a way to decompile the checker and figure out what is being inspected, all they would have to do is change that function.

Client side checks are hard. It is why Everquest Live still has issues with MacroQuest, and why companies like GameGuard constantly have to update their programs.

In the end, the best we can do is just put in extra checks into the server code, to help prevent certain issues.

[norsan]

I do have to say that if you make any third party app that interferes in any way with the normal intented operation of the eq client (which apparently the one you mentioned making people run to play on bane of life or what ever the server name was) then you are in violation of the eula same as mq2 is and you can get a c&D tossed at you from soe and or they can sue ya so one might take that into consideration before doing anything clientside that alters how the client behaves or communicates with any given server altering the client even with third party apps is expressly forbade in the eula and as i understand it a big no no within the eqemu community as well

[drakelord]

Quote:

Originally Posted by norsan

I do have to say that if you make any third party app that interferes in any way with the normal intented operation of the eq client (which apparently the one you mentioned making people run to play on bane of life or what ever the server name was) then you are in violation of the eula same as mq2 is and you can get a c&D tossed at you from soe and or they can sue ya so one might take that into consideration before doing anything clientside that alters how the client behaves or communicates with any given server altering the client even with third party apps is expressly forbade in the eula and as i understand it a big no no within the eqemu community as well

PLEASE add some periods to this. I can't see where a sentence starts or stops.

And a program that checks for MQ2 would not modify or access Everquest information, so it would not be in violation of the EULA.

[norsan]

mq2 works by accessing and reading the memory blocks that the eq client does that is why it is against the eula so is showeq, so any program that would run checks on the same stuff would also be a violation and he stated that, users would be forced to use a third party program to connect to the server. That means it is screwing with how the client communicates to the server or there would be no way possible to stop anyone not using it from connecting to the server.

[drakelord]

Quote:

Originally Posted by norsan

mq2 works by accessing and reading the memory blocks that the eq client does that is why it is against the eula so is showeq, so any program that would run checks on the same stuff would also be a violation and he stated that, users would be forced to use a third party program to connect to the server. That means it is screwing with how the client communicates to the server or there would be no way possible to stop anyone not using it from connecting to the server.

My program would not have used a third party program to access the server. Rather, you would have to log into a 3rd party app that would monitor your PC for MQ2. If it found MQ2 loading or loaded, it would send a message to the server to ban you. No touching the memory blocks of EQ at all.

[norsan]

would it be open source? I doubt you will find many who would trust a program that they dont knowprecisly what it does when it has to do with monitoring your local pc and sending data to an outside source.

that is still however interfering with the normal function of the communication between the client and server your best bet would be to contact soe and ask their oppinion on it.

As for the memory blocks if you are monitoring the blocks for mq2 it would invariably monitor the main client blocks as that is what mq2 attaches to in order to function within the eq client itself.

In theory it sounds like a good idea but in practice noone would have any idea what kind of information it is monitoring and or what data it is sending to a server. Thats like having a back door just sitting there wide open from a security standpoint.

[drakelord]

Quote:

Originally Posted by norsan

would it be open source? I doubt you will find many who would trust a program that they dont knowprecisly what it does when it has to do with monitoring your local pc and sending data to an outside source.

that is still however interfering with the normal function of the communication between the client and server your best bet would be to contact soe and ask their oppinion on it.

As for the memory blocks if you are monitoring the blocks for mq2 it would invariably monitor the main client blocks as that is what mq2 attaches to in order to function within the eq client itself.

In theory it sounds like a good idea but in practice noone would have any idea what kind of information it is monitoring and or what data it is sending to a server. Thats like having a back door just sitting there wide open from a security standpoint.

FYI, MQ2 performs a full system hook to monitor for the launching of EQ. So you do not need to monitor EQ to check for the existence of MQ2. And no, it is not interfering with communications. It is not reading/modifying/blocking any packets associated with Everquest. It does not touch the memory of Everquest, or even look at EQ with a loving glance.

And I'm not actually going to build this, for as I said earlier, doing so would be pointless.

[Shin Noir]

Personally, running a new Pvp server, I plan to look into a certain key features that really mess with PvP.

Warping isn't a gigantic issue, since the code in there seems to catch a lot, even some false positives. Should look at players running at ungodly speed (bard/gm speed) without bard in group, players "instant camping", players able to see the whole map (Not so upset about that since ranger track works the same way, if it could be coded where players didn't get updates on locations on creatures too far that'd be awesome), there's a handful of other hacks out there.

You can bypass the key check apparantly (It's done on client side I think..)

I plan to write some traps in the server source and if people exploit certain systems once or twice their chars will put on a list and banned at my leisure. *shrugs*.