Register FAQ Search Today's Posts Mark Forums Read
Go Back   JazzJackrabbit Community Forums » Maintenance & Feedback » JJ2+ Issue Tracker

Feature Request Pesky Bots

Dysla2003

JCF Member

Joined: Jan 1970

Posts: 2

Dysla2003 has disabled reputation

Jul 13, 2020, 11:33 AM
Dysla2003 is offline
Reply With Quote
Pesky Bots

Hello I have a decent idea that would prohibit current pesky bots that seem to connect out of jazz.exe
It has been really a hassle to host or even play at other servers as there are programs that cause many players (as sometimes 10 at once) to join and leave not to mention they are spamming with one interval ms. Also I noticed that these programs are able to mess my server's settings by sending specific datas while those same ip addresses cannot do that from their jazz.exe (when connected that way). I really thought of deleting this game because of this issue. But I thought I might report this before new update release.
So my idea was to add an encryption algortihm into send packets that would prohibit them even getting into server from outside of jazz.exe in the first place. A simple data such as "apple" could be encrypted into "NNdnf43k" to simply send it. I hope those bots cannot get into the servers in the future as it makes this game unplayable. I was playing in aleyaz server when 10 players joined with weird names and all I saw was random bullets flying out of nowhere.
Mayale

JCF Member

Joined: Jan 1970

Posts: 2

Mayale has disabled reputation

Jul 13, 2020, 11:47 AM
Mayale is offline
Reply With Quote
Yes, I also saw those bots too. They are annoying as hell and I am agreeing with Dysla2003.
Violet CLM Violet CLM's Avatar

JCF Éminence Grise

Joined: Mar 2001

Posts: 10,736

Violet CLM has disabled reputation

Jul 16, 2020, 02:16 PM
Violet CLM is offline
Reply With Quote
Thanks for the report! We don't currently have the best idea for how to address this but we definitely agree that it's a problem. Any technical details anyone wants to provide about these connections will be appreciated.
__________________
Dysla2003

JCF Member

Joined: Jan 1970

Posts: 2

Dysla2003 has disabled reputation

Jul 16, 2020, 03:48 PM
Dysla2003 is offline
Reply With Quote
Well basically it is not difficult to make a bot for jazz jackrabbit apparently as I've taken a look at it by myself. Even chat datas are sent plainly and anyone can replicate them.
However there is an encryption algorithm such as 'private key' method which can be implemented to stop this trouble. Simply server creates a key such as "55 83 A1" in hex - sends it to client to communicate with it throughout the game. This private key is private to only this client so that other clients have different private keys, hence everytime the datas are distorted thus stopping anyone from plainly copy pasting jazz packet protocols.

tldr; server creates a key for client(a), this key is blended with the in-game packets to create the encrypted datas.

Clients that don't abide by this rule are kicked, for better banned out. Actually the key point here is to obfuscate the algorithm, it does not matter how you salt them, this will simply stop people from copy pasting their packets from sniffing programs into their favourite compilers. And by salting I mean that everytime client joins, the data should be different. Otherwise people will keep spamming servers with join and leave but will be unable to spam chat. Because if you dont make the packets dynamic the entrance still will be available for bots as it is the same everytime hence "lets copy-paste and connect"
Mayale

JCF Member

Joined: Jan 1970

Posts: 2

Mayale has disabled reputation

Jul 17, 2020, 05:42 AM
Mayale is offline
Reply With Quote
Yes, you should guys prevent from joining these bots because they are so suspicious and can do many harms to JJ2 servers.
Seren Seren's Avatar

JCF Member

Joined: Feb 2010

Posts: 831

Seren is a name known to allSeren is a name known to allSeren is a name known to allSeren is a name known to allSeren is a name known to allSeren is a name known to all

Jul 17, 2020, 11:01 AM
Seren is offline
Reply With Quote
The solution you're suggesting is an example of security through obscurity and will not be implemented. It would be a temporary duct tape fix that would take significantly more time for us to implement than for a skilled hacker to break.

We're also not strictly opposed to third-party software clients joining JJ2 servers. Our goal is to fix any malicious behavior such bots can exhibit. Spam is something we want to address in upcoming updates. You mentioned "messing with server settings" but without additional details we don't know what this is referring to. To our knowledge, clients cannot modify server settings without appropriate admin rights.
__________________

I am an official JJ2+ programmer and this has been an official JJ2+ statement.
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -8. The time now is 05:11 PM.