> An idea might be that the half-life game itself (valve guy stuff) would do > more of a "security check" on the mod being loaded. The game is provided > the location of the .dll (or .so) to load, so why not do something like a > CRC on the mod, compare it do a crc of the actual distributed file by the > mod authors, and if it matches, let it load. <snip>
Unfortunately, CRC isn't all that reliable a way to test if two files are identical. If I remember correctly (can't be arsed to find my Numerical Recipes in C right now) the CRC of a file can be made anything you like by setting a contiguous number of bits in the file, equal to the number of bits of the CRC, to a certain value. For example, if you're doing a 32-bit CRC, then by setting 32 contiguous bits anywhere in the file to certain values, you can make the CRC be any arbitrary number. This means you can make a modified client.dll have the same CRC as the unmodified one, just by changing 32 consecutive bits of it. However, there are other kinds of checksums similiar to CRC that may be better suited to this task. I'd also like to point out that as long as the server and client are distributed together, cheaters and crackers will be able to find and exploit vulnerabilities in a game's multiplayer system. Even though they cannot *modify* the server code when playing online, they still have copies of the server on their own machines, which they can dissassemble and pick apart at will. That means they will be able to find vulnerabilities (which always exist, no matter how much you try to eliminate them) and exploit those vulnerabilities to cheat. ---Reedbeta __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
