To go further on it, I would have it produce the obfuscated names randomly on each load of the game script so they're not easily referred to. Second I would try obfuscating all variable names that you can, especially the class definitions like EntityPlayer. Even if you left all your code in plain text, any modification someone tried to make from the client would be seen, verified, and handled accordingly by the server. I would suggest first and foremost to do the server side checks. The second thing I see is just obfuscating the code more. Now the player can super jump and the server is fine with it (verified by numerous 'holy sh !' and 'wtf!?' comments from other players). To change player jump height for example, all it would take is this piece of JavaScript:
It was also easy, for the most part, to identify what certain variables did as they were in plain text. Once the player object was found, it's easy to modify the variables and the world (server side) accepts it. This name for this player object is also static for every game instance, so it's easily referred to every time.
I only tested this out on the player object as a PoC, but it only takes changing a variable within the player object to modify things like player speed, mountable craft speed, etc.įor instance, while you obfuscated the name of the player object within the ig.game object, it was easily found by checking for modifications to the health variable, where another function listed it as ig.game.O1376. Probably the biggest issue I see is the lack of server side checks against changes coming from the client. I wanted to notify you guys though of some security flaws within the game. Saw this posted over on PH and checked it out, extremely impressive game and I'm sure there's a ton of dev time on this. Manyland is a massive multicitizen world so will require a good internet connection. and have a lot of fun together in ways none of us can predict. In an infinite, shared world of abundance, we create new things by drawing them, build new places of any kind, hang out and chat, throw around stuff, shape our own appearances, collect what we like and provide what's needed, make music, party, go swim, enjoy, jump n' run, take care of the world, do sports, come up with puzzles, explore. "The most exciting game I've played so far mainly because of its freedom to shape your world." -Cosmin
"Exploring the world is a blast" -Massively It is an entire universe to explore, in constant change and full of possibility!" -Diogo "***** The only downside is that it can be very addicting!" -Tim McDonald Such a variety of things in this world to do, including things like player-made 'roller coasters' that take you for a ride!" -Joshua C "***** A WONDERFUL game, so fun to explore, build, interact, and create ART. Welcome to Manyland, an open universe we invent and live together! Welcome to Manyland, an open universe we invent and live together!
0 kommentar(er)
