In response to Kaioken
Another idea i have is an extreme one that when a host, hosts and the developer doesn't log in the game 5mins after world was started the game will close this will allow the host to only be able to host if the developer is going to join which allows the game only to be hosted when he wants it. This will stop any packet watching or any other problems from arising because there computer will go down from natural things power cuts, crashes etc.

Would you like to play a game that has to constantly be restarted every 5mins? i think not.

But there are limits like the host isn't rouge and the server goes down crashes etc and they need the developer to come.

Seems in the end you can never have full control because some asshat will ruin it for you with a private server. Looks like hub_password is the only way.
In response to Yorae
Yorae wrote:
Another idea i have is an extreme one that when a host, hosts and the developer doesn't log in the game 5mins after world was started the game will close this will allow the host to only be able to host if the developer is going to join which allows the game only to be hosted when he wants it. This will stop any packet watching or any other problems from arising because there computer will go down from natural things power cuts, crashes etc.

The host may still be able to fake the login or set the "developer_logged_in" variable to 1.

At the very least the host may feel the inclination to release the host files, or perhaps annoy your new host.

Bottom line is: if your host wants to screw you over like that, s/he can. No way to stop it. However most hosts don't want to continue hosting a game they've given up on. And the ones that do are easily subdued with hub_password.

The issue is not that the hosts are able to do it; the issue is that the developers feel powerless.

-- Data
In response to Foomer
Foomer wrote:
Well is there a way to determine which file at which location is being checked for access?

(Its easy to get that information with the source code in front of you, but what if you don't have it?)

Set up the DNS redirection and the web server. Then let the check run. It will fail, obviously, but it'll also cause the URL to be written to the web server's logs. Then you know the location.

You can overcome any bans applied by the failure simply by backing up the game's directory beforehand, and then replacing it with the backup once you know the URL. BYOND games are sandboxed, so they can't hide that information anywhere else. (Barring exploits, but that's going too far.)

What I'd do is not check for the host's key itself, but rather a salted hash of the host's key. If they don't know the salt, they can't reproduce the hash, so knowing the location doesn't help them much since they don't know what to put there.

I'd also generate the salt at runtime instead of having it printed explicitly like "thisismysalt", so that it doesn't show up in the DMB's string table. A DMB string table decrypter is easier to make than a fully-fledged DMB decompiler.
Page: 1 2