New Ingame-Identification System
•
6 Dec 2013, 02:56
•
Journals
I was brainstorming with a friend on a possible way to identify players ingame and came up with the idea of a LUA that would provide a decent identification system that would be hard to spoof.
Specifics:
Possible problems:
What we need:
Ways to contact me:
DARKI I LOVE YOU FULL HOMO
Specifics:
- A unique username and password could be created by you on our website (which gathers hardware info to limit the creation of accounts to prevent attacks)
- There would be a command that displays all players who are logged in as well as their ETPro GUID and part of their IP (like TZAC did), which could be screenshotted and uploaded to Clanbase as was done with TZAC GUIDs
- Off-site verification could be done to ensure that the IP and ETPro GUID are the same as the ones provided during registration
- Could be added to all servers by uploading a few small files
- Users wouldn't have to install anything
Possible problems:
- Feel free to comment with concerns
What we need:
- Support from the community for adding this to competition
- Some assistance from community members who are experienced in web servers
- A server to host this on (shouldn't be a lot of space)
Ways to contact me:
- xfire: etforeigner
- irc: foreigner @ #america.et
- cf pm
- cf comments
DARKI I LOVE YOU FULL HOMO
- ETPro guid could be easily changed just by changing MAC address (every network card has that), I am afraid that would be possible in this case as well
- controlling IP address? Even if you decided to control subnet, not full IP (for example, I have dynamic IP which changes at least once a day and each time I restart router), it does not cover scenario where player switches internet (If my regular inet goes down, I hook up my mobile internet and I am good to go again)
Above mentioned method meets every criteria UAC is currently being used for. This however is by a far a better alternative and, most likely something I'd be willing to use as opposed to running spyware on my PC.
1. ETClient: Sends Command /login myUserName myPassword
2. ETServer: Server sends IP with guid ,username,password to WebServer
3. ETServer: Wait for response (Possible mini lag spikes, so maybe pause game if there is one active)
4a. WebServer: Check if correct info
4b. WebServer: Notify any changes that have happened (IP,guid not same)
5. WebServer: If correct info and guid (Possibly ip) not changed send verfication
6. ETServer: If correct allow player to play etc.
7a. ETServer: Save currently logged in players to temp file
7b. ETServer: automatically log in players until they disconnect (When they disconnect delete them from file)
edit: and this can all be done with LUA.
7b. ETServer: automatically log in players until they disconnect (When they disconnect delete them from file)
Eh, I don't think I'd want to give anything write or delete access on my server. This could lead to quite a heavy vulnerably. I get what you're trying to do but ditch the IP checks, you can check for country ranges if you like, but other than dumping them to a table there really is no genuine use for them. Some American ISPs still stick to static IPs, Europeans don't. I can switch IP within any of the German ranges at will and in two seconds tops. Also, as said previously, as long as it's tied to an account (as will be tied to clanbase), go with ETPro guids, yes they're spoof-able, yes they can be altered with miniscule amount of work, but they're tied to an ACCOUNT, all of which will be logged and flagged if alterations appear excessively. No point in spoofing either, if I'm playing with my account under someone elses guid - that's... pretty much a dead give away.
The main issue here is that we don't have enough experience with LUA on etpro to know how much info you can gather about the user, in order to generate a hardware GUID. This is the most we know is possible, but of course there could be other features.
Lol I see filus and oxy already whine about it like they do with everything haha