Make a custom launcher to prevents cheats

Discussion in 'Programming' started by firestorm7893, Jun 7, 2015.

  1. Hi i'm new to the forum and i am wondering if there is a way to make a launcher that checks if your minecraft jar is original and automatically log you into the server that i'm making. (i'm not english so i'm sorry if i make grammar mistakes)
     
  2. Not really, it will always be decompilable.
     
    • Agree Agree x 2
  3. General security rule is that anything on the client end is insecure. So long as the client has access to your software it can be modified and manipulated. Security must happen at the server side.
     
    • Agree Agree x 2
    • Like Like x 1
  4. You could make it in a language like C or C++. Of course, it can still be edited -- but I think most cheaters will just go cheat somewhere else where it already works.
     
    • Agree Agree x 1
  5. ok but most of the users that use cheats aren't programmer so would this help to prevent cheats?
    I read that there is a software called crema that can obfuscate java code by scrambling the symbolic informations
    (wow really fast response, thanks guys :D)
     
  6. My professionalism wants to say simply don't do it. Why invest time in a launcher that ultimately cannot provide the service it's designed to perform?

    To answer your question though, it depends on how popular your server is. There will be plenty of people who are looking for an easy target and will simply move on to the next. A low popularity server will have less players and therefore a lower chance of running into someone willing and capable of working around it. But you only need to attract the attention of one person who just wants to see if they can or show off to their friends.

    Once one person gets around it, they might tell others how. Then the launcher becomes useless. Or the one person keeps it to themselves and becomes the sole cheater for a while. This is just a theory, but if everyone thinks that the server is cheat proofed, the cheater is less likely to be caught.

    I also want to point out that modifying your launcher or even using it isn't necessary for someone who knows how to perform simple packet manipulation using readily available programs. This is assuming that you would need to send a message to the server essentially saying "The Client is Good". Otherwise, the launcher would be optional anyways.
     
  7. Most players will just give up if you make them download a custom client (or download anything manually for that matter).
     
    • Agree Agree x 3
  8. I think it would be easier to code a stand alone anti cheat program in C++, Then it would be to modify or, create your own launcher. It would offer better security against decompiling than java and, It would be a simple drag 'n drop system for the player.

    The way this concept would work is as follows. Client logs in to your server and, Is given temporary/limited permissions. Your minecraft server informs the client to visit your website to get full details on how to become a full access member. In those details, You say you have to download this anti cheat program that communicates with your anti cheat server (Which would take about the same time as it would to create a whitelist application and, get approved). When both the anti cheat client and, server are running, The player is given full access. As soon as the anti cheat server detects that the anti cheat program is down on the player side, It changes the players permission group to limited access.

    Such limited access could prevent the player from leaving spawn, disabling pvp for the player, etc.
     
  9. Not suspicious at all.
     
    • Agree Agree x 1
  10. Perhaps. But, This is common practice in many communities. Where cheating or, espionage is a concern. I've witnessed this a couple times first hand and, Talked to someone who coded a system like I mentioned. He did admit after some time talking, That he could remotely format the hard drives of the players using his program. But, That's not the agenda of everyone.
     
  11. Cldfire

    Cldfire Retired Moderator
    Retired

    Let's just put this this way: security != popularity.
     
    • Agree Agree x 1
  12. If that was the case, Banks wouldn't exist at all.
     
  13. Cldfire

    Cldfire Retired Moderator
    Retired

    What's your point?

    A.) Banks aren't secure

    B.) The only reason banks are popular is because... it's a bank, it's necessary

    C.) This is Minecraft we're talking about, not a bank. Minecraft servers aren't anything like banks, last I checked.
     
  14. That's a red herring fallacy.
     
    • Agree Agree x 1
  15. Bank vaults and computer security cannot be compared in the manner you are attempting. You cannot physically break into a bank vault
    anonymously from the comfort of your home using freely available tools with as much time as you need and pretty much no potential for external oversight or intervention.

    A better comparison would be if the bank would give you a safe that you bring home with you that contains a "free access to all the money" card and you are not allowed to open it. Not only are you not allowed to open it, the bank will never require you to return the safe. The safe is really thick metal and has a lock that only they know the code to. They would think this is OK because by their logic, most people would not bother to try getting inside because it's too difficult or people don't know the code or people would not think of doing what it takes to get inside.

    If anything, a bank vault is more closely related to server side security but really, physical and digital security are two different beasts.
     
    • Informative Informative x 1
  16. I have already made a launcher with c++ so i can technically modify that launcher to download the minecraft jar and compare them to see if something changes and then start minecraft giving full access to the server. Would this work?
     
    #16 firestorm7893, Jun 8, 2015
    Last edited: Jun 8, 2015
  17. So how does the server know that mc was started through your launcher and not a hacked one?
     
  18. this is the problem i don't know how to make the server know that you are using my launcher
    (note: i decided to modify an spminecraft launcher in java to force the download of a single version)
     
  19. i found an installer that install a custom minecraft jar and this jar does what i want to do
    http://client.wildadventure.it/
    but i can't figure out where the jar tells the server that you are using that jar :/
     
    #19 firestorm7893, Jun 9, 2015
    Last edited: Jun 9, 2015
    • Friendly Friendly x 1
  20. This is not really secure: Edit the jar -> look at the code that sends the packet or scoop it out with wireshark and edit the 'hacked' client to also send this data on launch. It is impossible to be able to 'trust' a client.