Ignacius

Server-side enforcement of client-side mods

Recommended Posts

I've been tooling around with ways that servers could prevent players from using certain mods client-side, or even require them to have certain mods to be able to connect.

 

The best I've come up with is a mod that client-side would send a list of all mods the client is currently using to the server, and the server parses that list and rejects the connection if a violation is detected, with a message to remove blocked mods and/or install required ones.

 

That part I believe would be simpler to implement than the following topic Id like to get feedback on, and that's the issue of spoofing: if a player wanted to circumvent this enforcement and had even basic knowledge of Java, it wouldn't be difficult to make the server think that they don't have a mod installed - refactor the package/class name, for a simple example. I'm no hacker or even cybersecurity expert but I'm certain it wouldn't be difficult for someone who is.

 

I looked to RSA's private/public key system for inspiration on how to ensure the mod itself is transmitting the information on installed mods authentically, but how to ensure the mods themselves are authentically identified? e.g. if this system just transmitted the list of .jar filenames detected in the mods directory, it's not difficult to rename a jar file. :)

 

Perhaps an SHA hash of the jar file might work, though different versions of the same mod might raise an issue there (especially without update notifications). If a server provided a list of exact download link for mods required to connect though that might suffice for players to comply.

 

Anyone have input/ideas/suggestions for this? I'm open to any, positive or negative.

Share this post


Link to post
Share on other sites

It would be trivial to mod your mod and force it to transmit only what the player wants you to see. Whether it's hashes or filenames doesn't really change anything, and cryptography doesn't help you as the modified mod will have access to all the keys and secrets.

Share this post


Link to post
Share on other sites
Posted (edited)

Yep, not going to happen. Whatever you try to enforce it can be worked around.

 

What is the underlying intention here? Are you trying to stop cheating, or trying to ensure that a player has a particular feature provided by a mod?

Edited by Adambean

Share this post


Link to post
Share on other sites
Posted (edited)
21 minutes ago, Adambean said:

Yep, not going to happen. Whatever you try to enforce it can be worked around.

 

What is the underlying intention here? Are you trying to stop cheating, or trying to ensure that a player has a particular feature provided by a mod?

 

The idea would be to let a server choose what mods they want and don't want clients to have... To require clients to have certain mods, but equally as important to require that clients *not* have certain mods.

 

Some examples--

Require your players to have the No Tree Collision mod when connecting to your server.

Prohibit your players from using the LiveHudMap and ESP mods when connecting to your server.

 

Not *per se* to prevent cheating (the scope of cheating is a topic for another day anyway), only to prevent players from breaking rules you'd like to enforce regarding the usage of mods.

 

The usage scenarios for this capability are tremendous - mods are so powerful, yet the separation of client and server in the WU code is so shotty, where so many things that you'd want to confirm/permit server-side are possible to circumvent by changing the client.

The best example I can give is the sort of hackish bypass that the Improved Compass or Toolbelt mods are able to perform to fool your client into thinking it's 99 QL and grant you the maximum benefit possible for those items. (Not to say that the mod isn't useful for a great many players - I mean only to point out that this kind of thing is possible without any changes to the server, which ideally would be the entity to enforce the QLs of your items.)

 

I did figure it would be relatively easy to circumvent, but there is no good way to get the list of mods that a client has installed/doesn't have installed (let alone verify that the mods their client reports is an accurate, authentic list), and thus you'd essentially be "trusting" your players to follow your rules and hopefully catch them if they do such a thing.

Edited by Ignacius

Share this post


Link to post
Share on other sites
Posted (edited)

Ah ok, sounds like you kind of want what Steam Workshop does. (Natural Selection 2 for example uses this to make workshop mods optional or required on a per-server basis.)

 

Part of the problem is that I believe servers have no underlying way of asking a client what mods they are running. This certainly isn't part of WU as standard, and to my knowledge ago's mod loader doesn't have this feature either. I think you'd need to get ago's attention on this, as I believe the ideal place to implement such a mod detection protocol would be in the client/server mod loaders themselves considering pretty much everyone else's mods are extended from the mod loaders ago developed. It would then be up to individual server mods, such as the one you want to implement, to use a mod detection protocol and impose rules. You'd be able to, in theory, detect vanilla players if they return no response at all. (Or cheaters wanting to evade your rules in a crude way.)

 

Currently the only thing coming close to this is ago's server packs mod, which can be used to deliver a custom in game map to players that have the corresponding client-side pack receiver mod. This is a server-to-client delivery though, and I would guess that the client mods do the asking "got any packs for me" rather than servers saying "here are the packs you need to get".

 

Another thing to consider is when players do not meet your mod rules is how you tell them this. A particular problem as it's already too late to load any additional mods as soon as the player sees the server browser. -- You could kick the player out but I don't think they're going to read the reason in the WU crash description. (They'll just play elsewhere.)

 

I think the biggest difficulty will be enforcing this effectively. No matter what you do if someone really wants to work around your mod rules, they will, even in a way that fools you into believing they are following your mod rules. (But yeah, you knew this, so we need not discuss this point further.)

 

None of this is an answer but potentially interest to discuss a future path for the mod loaders.

Edited by Adambean
  • Like 1

Share this post


Link to post
Share on other sites

No client/server game can do what you want, Ignacious.  None.  The server CANNOT access the client's operating system, can you imagine the security issues involved with that?  The server can only communicate with the game's client software, and that is 100% under the control of the user, not the server.  The server can ask the client what mods are installed, but there's no way the server can know if the answer is accurate or not.  It cannot look at the file system for itself, it has to trust that the answer given by the client is the truth.  It's possible in every single game of this type for the client to be modified to pretend it's not using any mods at all, let alone mods that are forbidden by the server owner, or anything in between.

 

Wurm Online does have this problem, don't kid yourself, but the risk to the player is orders of magnitude higher than it is for Wurm Unlimited players.  Someone who has spend hundreds in real money on their character will not risk being perma-banned, and bans happen in WO via by log analysis and physical observation of suspected cheaters by the GM team.  Someone playing WU on your server can always just go play somewhere else.  Nothing lost, very little risk.

 

 

 

Share this post


Link to post
Share on other sites
6 hours ago, Ricowan said:

No client/server game can do what you want, Ignacious.  None.

 

I agree with the majority of what you've said there, but I would emphasise that no client/server game can do what he wants perfectly.

 

For the majority of players that do not cheat (though I'm not certain what percentage that is on WU) there have already been implementations of this feature, Steam Workshop for one. For WU it would get tricker though as it would require JARs to be hot-loaded. I don't know how that'd be done, though Minecraft modders have done this with the Forge client/server mod pair. (Possibly works by exposing a very flexible API instead of really hot-loading JARs.)

 

Then again, the majority of players probably don't even use a client-side mod loader either, so I think the amount of people this would benefit is going to be low.

Share this post


Link to post
Share on other sites

I'd like to add that with Wurm Unlimited, I don't think what you're trying to do is very ethical, nor practical. 

I wouldn't play on a server that asked for that level of access to my PC and was not also an official server. I have that opinion and I don't even know how one would cheat in this game other than some macro or whatever, which could be used without any interaction with the client other than the mouse clicks. 

If there's some other level of "cheating" you see, then I don't know to what you're referring, but if you want a server like that then just slap a password on it and let your friends play and they can let you come over to their house and randomly inspect their PCs to ensure they aren't "cheating."

Not trying to sound rude here, but jeez - we get enough invasive stuff with every other aspect of life. Leave it alone, man. 

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
On 8/31/2019 at 2:52 PM, Necromateur said:

I'd like to add that with Wurm Unlimited, I don't think what you're trying to do is very ethical, nor practical. 

I wouldn't play on a server that asked for that level of access to my PC and was not also an official server. I have that opinion and I don't even know how one would cheat in this game other than some macro or whatever, which could be used without any interaction with the client other than the mouse clicks. 

If there's some other level of "cheating" you see, then I don't know to what you're referring, but if you want a server like that then just slap a password on it and let your friends play and they can let you come over to their house and randomly inspect their PCs to ensure they aren't "cheating."

Not trying to sound rude here, but jeez - we get enough invasive stuff with every other aspect of life. Leave it alone, man. 

 

Not trying to sound rude here, but it doesn't sound like you have a grasp of the concept here. Perhaps I've misunderstood you as well. Admittedly, the discussion of spoofing was a bit overkill, brainstorming ways that a secure "handshake" could be done between server and client, but a mod that sends a list of the other mods a player has installed and either allows them to play or kicks them off with a message saying "we don't want you to use those mods on our server" does not even require access to anything on your PC other than a list of files found in your Wurm Unlimited folder, which is already accessible to any other mod you have installed anyway.

 

Additionally, as I was discussing what would be a JAR file executed solely in the Wurm Unlimited JVM, there's no other part of your PC, operating system, or anything else being brought into question here.

Edited by Ignacius

Share this post


Link to post
Share on other sites

all of the privacy aside, it would probably take only a few minutes to decompile any client mod you may come up with, then change it to send false info to your server mod, making the entire thing pointless.

Share this post


Link to post
Share on other sites
On 8/31/2019 at 8:52 PM, Necromateur said:

I'd like to add that with Wurm Unlimited, I don't think what you're trying to do is very ethical, nor practical. 

I wouldn't play on a server that asked for that level of access to my PC and was not also an official server.

Not trying to sound rude here, but jeez - we get enough invasive stuff with every other aspect of life. Leave it alone, man. 

 

This argument is irrelevant to the original intention too. Steam Workshop already allows game servers to do this in other games, though is completely sand-boxed, so the risk is almost none.

Share this post


Link to post
Share on other sites
Posted (edited)

The question isn't whether it's easy to hack such a model, the question is, will it prevent the target group from using unwanted client mods? Any system can be hacked, nobody refutes that, but there are more factors involved than that. Most players have no idea how to write a client mod. The few who can write client mods, what motivates them to hack a system, and would they openly spread such a hacked client mod or keep it in secret for themselves? Will such a anti-cheat solution intimidate cheaters from going to such a server? Unless they are programmers and know how to hack a client mod, I think most will be intimidated, yes. It also tells the players what is ok and what isn't, very clearly. Using some client mod that isn't permitted, you can always say you just didn't know it was, but hacking a client mod that is made to prevent specific client mods, how do you talk your way out of that?

 

I've implemented a simple anti-cheat client mod solution for my server, we're testing it out to see that it's working alright. We don't block players from playing or joining if they have restricted client mods installed, instead they get a warning message, a staff channel on Discord is notified, and they get a "heavy conscience" in their inventory which only can be removed by either a CM or by removing forbidden mods. It updates itself regularly from the server, and generates hashes from the installed mods that are sent to the server for confirmation. This is experimental at the moment, but a hashing algorithm will be sent from the server as java bytecode and is loaded at runtime into the client to generate the hashes, which will make it a bit more difficult to hack. This isn't meant to be absolutely secure, it's meant as one layer of security towards the target group, and it's a feature that's been requested by a majority of the players.

Edited by Tenniel
  • Like 2

Share this post


Link to post
Share on other sites

This is all just my opinion, so take it as you will...

 

The target group in this discussion is the "Dishonest Player".  Honest players will obey the server rules set down by the server owners, and that is likely the overwhelming majority of players, unless the server rules are particularly draconian, I guess.

 

The dishonest player doesn't need to be able to hack a client side mod, or the client itself.  All they need to be able to do is ask Google for a hacked version someone else has done already.  If they're really motivated they can watch a few YouTube tutorials and do it themselves.  Yes, "openly spread such a hacked client mod" doesn't have to be a thing.  There were (and probably still are) hacked versions of Wurm Online's client that were distributed on the sly but discoverable if you knew what you were searching for.  They had minimaps, ESP, etc.  In WO.  Let that sink in.  

 

Share this post


Link to post
Share on other sites

Well, we only go by the WO rules stated in the forums, so nothing draconian really, with the exception of a limited number of client mods which are permitted. It's a PvP server, so the players feel that for instance ESP and such mods are not very funny to play against. So, let's say we have a dishonest player then, in this scenario it is not a hacker but someone who will google for mods to install. He installs Ago's client mod launcher and the ESP mod. Our server will say that he have to install our client mod. He can then look for a hacked version of our mod or install our mod.

 

If he installs a hacked version, who has hacked it? Note that this is a small server with a small player base. With a client mod that updates on a regular basis, the hash will also update on a regular basis, and so the hacked version will only work if it's been hacked from the most recent version. Realistically, who would hack the client mod like that and publish as fast as a new version comes? It has to be some maniacal individual with a grudge, someone who want to put down the server for some reason. I'm sure there are other more efficient ways to do that without having to spend that amount of time, just go to the server and social engineer your way in and poison the community. In such a situation, the server has larger things to worry about than a hacked client mod.

 

Anyway, if we exclude the extreme situation, and think of the normal cheater as simply someone who enjoys cheating by installing some client mods, he will most likely not find any hacked version of our custom client mod.

 

In the case that we implement the hashing algorithm and send as bytecode directly from the server to the client. In such a case, the hacker has to read the network communication or RAM to extract the bytecode, it's another layer of complexity which requires a higher skill. Add to that, that the sent hashing-algorithm is sent randomly, you never know which algorithm you'll get, only the server knows that. It can be extended a bit more, with further complexity that requires more skill of the hacker. There's no money involved, and no political agenda, the hacker just really either want to break the system for personal reasons, or really dislikes the server. This situation is just not likely enough to worry too much about.

  • Like 2

Share this post


Link to post
Share on other sites

And you're releasing these server and client mods for everyone to use, or are they going to remain exclusive to your server?  If the later, then I agree, nobody will bother unless they have some vendetta against you or your server, but I'm guessing not many people will join your server with those requirements (manually downloading and updating the client mod often).

 

If you're releasing these mods for general public use (which is the purpose of this thread, by the way) then yes, I can see one or more people capable of modding the game maintaining a "fixed" version of the client mod.  Depends on how popular it gets, how many servers implement, etc.

 

¯\_(ツ)_/¯  I don't really care either way.  I play on servers that don't have a problem with the QOL client mods I like to use, and as I read the news about the developers feelings about WU, I'm playing less anyway.

 

Share this post


Link to post
Share on other sites
Posted (edited)

There's been no interest so far in this model from anyone. I'm not publishing the server side mod for anyone to check out, it will of course have to remain secret for the moment. Client side is released, it's available on our web page, but it's customised specifically for our server. It's simple enough that anyone could easily implement their version of the model if they wanted to, and I'd be happy to help anyone setting up a system like that themselves. We actually have pretty good online numbers, and alts are blocked so the online numbers is the actual number of players, not just a few with four alts each. Perhaps you missed reading my initial post, but this mod is requested by the player base, because they've been to other servers which didn't listen to their wishes and they've been asking over and over to implement this mod. It's not been a priority from my part, but now I've put some time on it and it seems to be working alright, a few bugs still remains.

 

I didn't say you have to manually update the client mod, did I? It's automatically updating itself of course, and also all permitted client mods are automatically updated to the latest version. The auto updater can be turned off, it's an optional feature.

 

If there's any interest I could create a public version of the mod, that is not tailor made for a specific setup, just send a PM and we can talk about it. I don't install any server mods I've not written myself, and everything is written into one integrated application, so extracting parts of the code for only a part of the functionality is a bit messy, and time consuming. I did release my entire code base though, about a year ago.

 

No, by the way, the purpose of this thread is not about releasing these mods for general public use, OP asked "Anyone have input/ideas/suggestions for this? I'm open to any, positive or negative." which is what I'm responding to :)

 

Well, if you play on a NxNx server, where N>1, then I don't either see the purpose of blocking QoL client mods, but WU servers that emulate the WO 1x1x skill system will have problems when the players feel that some are cheating, and I totally understand that. If you want to just play Wurm as creative mode, then just start a local server and get yourself GM powers and be as creative as you like, nothing wrong with that. If you have a server however, where the game play is about the community, the economy, and the healthy competition amongst the players, then "cheat" mods will be a threat to the balance of the server.

 

 

The only thing you have to confirm is that the client mod hasn't been changed in any way. If you make a checksum or hash of some kind of the client mod, using bytecode sent by the server, then you can assume the rest of the client mod list isn't fake. The bytecode sent by the server should be a class that implements an interface, and so the client and server mods can then be released openly, and each server host will have to create their own server specific hashing algorithms sent from server to client as bytecode. That way each server would have it's own custom model, and if you manage to hack one server, you automatically won't hack every other server.

Edited by Tenniel

Share this post


Link to post
Share on other sites

End of the day the server admins decide how they want to run their own server and the players decide where they want to play.

 

I will add though that saying things like 'cheat' mods is just a point of view, if it was part of the game already you would accept it as that, you may still not like it's there but you wouldn't call it a cheat.

Share this post


Link to post
Share on other sites

Firstly, by going out publicly stating that you have an anti-cheat mod on a PvP server, you are now attracting a whole new class of ######s.

 

To a malicious guest, an environment where everyone is walking around with a false sense of security is hard to beat. In fact, it's very attractive. Thus, a group of individuals wanting to go in and "wtfpwn some newbs" will happily spend thirty minutes to instrument install() to work with another directory.

 

They're not out to ruin your server, they're after a bit of fun -- and having the (disallowed) edge is fun (to some).

 

What you will have now is an escalation which will inevitably end up with passing code to the client. This means you are now allowing servers to execute arbitrary code on a user's machine. That's ... not good and you should probably be very clear with your users if you do this.

 

With the above in mind, I'll end with a friendly piece of advice: if you get a tight-knit group of experienced PvPers on your server in the near future, get rid of them. :)

 

Share this post


Link to post
Share on other sites

Lol, sure, thanks for the advice :) In the end it's the players running the server, as a server host that's about the first thing you have to realize and accept. Otherwise you'll become a tyrant in the eyes of the players. The community has to run itself and as a host you work on developing the server in the direction of the "contract" between you and the players, the agreement that made them join the server. If you break that contract they will eventually leave.

 

You have to be responsive to the players and if they feel that other players using mods that give them an advantage is to cheat, then it's cheating. Our contract is that we use the WO rules but accept a limited number of client mods. The rules state that installing prohibited mods is a bannable offence. Having an anti-cheat system is only a first line of defense. Obviously, if any player can pass that line, they will have to be really careful not to be noticed because on a small server anyone who gain skills in an alarming rate will be noticed or if they have advantages other don't have.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.