Ok, I know we already have one of these on the board, but I felt that we should put one in the Critical Thinking section. That way, we can have people that really want to solve this problem, and know what they are talking about, ediscuss this topic.

I have thought a bit a bout this and have come up with some possible solutions, but it would be nice to have many people think together, so we can cover all the bases. If you think this is a bad idea don't flame the thread, just leave it. This is for people who are serious about stoping the hacking sutuation. ^_^

Enjoy.

I have read your ideas on hack prevention and we have implented complicated server side prevention processes to elminate most of this problem. I tend to keep quiet about this issues however because if everyone knows my methods then they will also know weaknesses.

Cheers,

Synthlight

i am not that computer smart with programming and stuff like that but couldnt you see what the highest possible score is for a song and make that the max. If anyone gets above that ban them immediatly and not let them in top 10

I'm agree with heyhey's opinion.

It's not a fundamental solution, but I think easy to try.

but hey hey
what about hidden arrows, and gliched ones
you could get higher than the max score by accedent
so, just dont put them on the top 10, but DON NOT ban them.

Umm, surely to ban at once isn't efficient.

If banned, they hackers will change their IP through proxys.
Then the banned IP is only one of their proxys, risk is higher than effect.

well wait a sec, youdon't want to rob tehm of thier achievmentrs, so if we implement a way to know if the song has been beaten fairly, then we assume ther wewre some glithces, and give them the title they earned. But if we know that the song hasn't been played through all the way, then we deny the title and ban them. the only trouble would be testing this. you must make sure it works 100%, because we don't want to ban people for no reason. Plus if we want to start small, we can use basic boolean logic to atleadst stop the smalltime hackers. Unless they can get a copy of the source, they won't know what needs to be set to what, and there could also be an infinite possiblity. So in most cases this would stop most people. THEN we can worry about the people that have NOTHING better to do with there lives.

Or you couls give me the IPs of the people that we know are hackers, and i could send them i "friendly "message".

and synth, i agree, would it be possible to have this discussion through PMs, AIM, e-mail, or matbe a PRIVATE forum? just a thought. ^_^

The thing that's annoying is that most people think that by hiding behind a commercial hack protection program, they are perfectly safe. They need to know that hacking and viruses are serious problems, and that if you do get hacked, they probably won't catch the guy who did it. The Judicial system is years behind technology, and with no suitable laws or guidelines to eliminate the problem, the problem will continue to run unchecked. We need to educate people on computer safety, and we need to get the judicial system's head out of it's ass and catch up with the modern world.

very true. but the only problem is, when n00bs try to get into this stuff, they all make one BIG mistake. They go out and by/read some book released by a "hacker". "all of the secrets of the pro's" that kinda crap.when common sense would tell you, that if a book like that was out anb about, the go'vt would have recalled it in a heartbeat. yeah those books are telling the truth, but those hacks are on average 2 or more years old. Anyone with even mild experience would know that ALOT WILL change in 2 years. so much that it will be a completely different task to hack into the same system. ^_^

(but i thought we should have a private forum for say, all the moderaters, myself, and a couple of RELIABLE members who would like to partake in the topic. that way, we know that only trustworthy people knokw of our discussion, and no hackers, besides me will know of the methods used for defense.)
^_^

well if they just happened to hit a glitch or secret arrow then those should be reported and added to the high scores

yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.

yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.^_^

why the fuck did it double post?? oops, now i made it a triple post, crap! ^_^

HNJhack,

I challenge you to hack the score.. forgot glitched arrows, that is bad conversion and can be corrected. I mean legitimate hacking. I have implemented security measures far beyond what you think I have.

Good luck

Cheers,

Synthlight

i'll go for it.(it will have to be during my free time though, which i kinda lack at the moment with school.)
but i accept. any particular way you wish for me to hack, linux, windows,certain things you want me to do? ^_^

Lol cool. Try and hack yourself onto the number one spot on all the scores, just to see if you can.

Also, about that secret anti-hacking section that nobody could read...what it someone hacked it?

well, that isn't that important, cuz they'd have to know where to look. if synth creates a thread that only appears for us when we log on, then nobody should know. and we would delete this thread.

right now, i'm just gonna see if he was dumb enough to leave ftp access on. and then find his open ports.

if not, then i'll have to actually think about it. ^_^

most of the hackers just watch for packets that are x'ed thru the user to the server, so if u were to encrypt the code thats being x'ed from the user to server they couldnt decrypt it and send a hacked packet

YES!!!!! we have another person that knows what they are talking about!!!!!!!!!

But there is one flaw with that theory. If you ping the server(case people don't know what it is, it's sending chunks of info ,usually 64kb in size, repeatedly to the server. It's only real purpose is to bog the server.) the data will be left "at the door" giving people time to retrieve and change it. Or they could just m,ake a quick copy of it, and send the original back to the server, and see which port is open.(let alona a port scanner is way more efficient.Then once they have the time, they will write an algorithym that will de/encrypt the data. after that it's easy to send files in and out, if you played the song or not.

The one thing I am concerned about is if they get to the source code. Then all hell would break loose. got to go, be back later to finish this post. ^_^

One way to cut down on this is to change your algorithym weekly, but that would be a royal pain in the ass. You COULD use some serious encryption, say 128 bit+.(there is one thing that puzzles me, how little of a life do you have to have in order to hack ffr? relly now, do something important with your time like playing it, ya know, het the scores for real). cryle is a good one for you. ^_^

it fuckin logged me out again, allwell ^_^

I think we should start a pool

Date that HNJ will get through, and if he doesn't get thorugh He gets all your money, minus 5% for me cause im implementing the pool :D

seriously, i'll start writing dates down. 1$ a date, max of three dates a person

wait, if I DON"T get through I get the money?

Even though I should take advantage of this, shouldn't it be the date if i don't get through?
Plus, when i get through, i won't change the 1st place scores, i'll rid them of the hackers/cheaters like AO and such. ^_^

ohyeah, synth, i hope you know that it took NO real effort to gain that info on you and your server. Anyone could do it. I just wanted to let you know how people are finding the server, and the ports for hacking.^_^

You lost me...

i'll rid them of the hackers/cheaters like AO and such. ^_^

Blashphemy. Arch0wl does not hack/cheat.

AO is alternate oblivion. Arch0wl is just Arch0wl.

oye wrong words, synth gets all the money if hack doesnt get through.

why not keep your money. if your gonna do a pool have it so people place bets on the date that i'll get in. if someone wins, THEY win the money, and if several people win, they split it^_^ That makes sense to me. oh and to naijen, i would never say such a thing to the creater of payon v2 and party 4 U.

OHYEAH!!!! now that i have the net on MY pc i can devote much more time to ffr and hacking it. ^_^ yay!

well made it into the server, but i couldn't intercept one of the data packets or see any of the files. ... just gotta try again. ^_^

I have 2 solutions (may have already been said before):

use boolean variables as flags every so often in a song. each song has a different amount of flags, and each flag is randomly located in the song. Every time the player passes the flag it is set to true. if all flags are true by the end of the song, the person didn't hack.

i said that a looooooooooooooooooooooooooooooooooooooooooooooooo ooooooooong time ago. in theory it's a good idea, but still hackable. it's 12:30 time to go to sleep for work a 6:00: ^_^

I have a new idea:

we add up the number of arrows the player has gotten, calculate his highest possible score, and is his score is higher than that, then he's obviously hacking. still hackable, but it reduces the amount of hackers by quite a lot.

But this time you forgot hidden / glitched arrows. The do exist, and that would kill you theory.Sorry.^_^

new idea: find out how long the person played thru that song, and compare it with his score.
you could always throw in the number of arrows gone by, too.

If he's got an incredible record-breaking score after 5 secs., he's obviously a cheater.

but when they hack, they can woit tille the end of the song to send out the hacked data packet. So once again you have failed. Your on the right track, but still got a ways to go.^_^

how about this:

get their number of games, and score on each level.
graph it best-fit line, mode linearly.
get the derivative
if it's too high, then they'r either extremely good or cheating.


I have a new idea, but first I need toknow how often people make it onto the high scores list, approx.

well, that wouldnt really help for hacking, it would just give us an idea of who MAY be hacking.
Funny how this is practically a forum for me and you,lol.^_^ (you are on the right track, some of the best ideas i have been told, still off but close).
First we should find out why the convertion error is taking place, i think it might be from the holds, from things like ssm, when you let off of a hold, it is counted into your score, maybe it is seen as a hidden arrow for ffr when translated. If we can get rid of the hidden/glitched arrows, wee can just set a statement of "if(PlayerScore > TopPossibleScore){ " code for sending packet and score to server for banning and such} else { " code for normal entry}" It would make it alot easier on Synth.^_^

the invisible arrows thing is puzzling.
if you "miss" an invisible arrow does it act as if it were a normal arrow and start your combos from 0 again? if it does, then I don't think I've ever encountered one.

Also, I have no idea how the hacks work. I;ve searching google for a description near the download, but couldn't even find any.....

people are using mem searching progs to find the open ports for the server, and waiting for the data packet to be sent out, thy snatch it and change it, and when they are done they send it back.^_^

i don't believe the glitched arrows end your combo, they only add to your score if you hit them. i really think it is the end-hold note from an ssm dwi.^_^

did he ever get through?...

What about a program that seleted random arrows in the song, and checked to see if a persentage of them were hit? If the percentage wasn't reached, it should compare the score with the highest posible score, and check if an arrow key was pressed within the vicinity of the randomly selected arrow.

I realize this would make it hard for noobs, or people that are realy bad. But if this were applied on the realy hard songs, songs that expierienced people would be good at. It is reasonable to assume that a good player would be able to get near these arrows.

Or maybe have the program check all arrows, or even a combination.

Sincerley,

Dark Mind

that's a good idea. I put some thought into it, and i realized that 1. it can be hacked easily, and 2. it would be alot of work for Synth.

1. if you intercept the data packet right when it is sent out, oyu can changed the values for the variables before it reaches the server. The packet MUST contain those variables. So infact iot would stop about 2% of the people hacking it. =(

FUCK!!. i just realized that as long as the variables are nonencrypted in the packet, no matter how many variable based protection we use, it can always be intercepted and hacked.