Thread: [PI] ID Ban VERY SECURE BAN! [PI]

Results 1 to 9 of 9
  1. #1 [PI] ID Ban VERY SECURE BAN! [PI] 
    Banned
    Join Date
    Aug 2015
    Posts
    34
    Thanks given
    2
    Thanks received
    3
    Rep Power
    0
    edit: changed the system a bit
    NOTE: IT IS IMPORTANT TO DO STEP BY STEP. Otherwise you will get errors.
    ONLY WORKS ON WINDOWS FOR NOW!
    it is also recommended to change the folder name because its public here.

    so what does this ban do:
    generate a random number between 1-9999999 and hide the folder that keeps the id!

    CLIENT SIDED:
    add class:
    Code:
    import java.io.BufferedWriter;
    import java.io.File;
    import java.io.FileWriter;
    import java.io.IOException;
    import context.*;
    
    public class Settings {
    
    		public static int random(int range) {
    		return (int)(java.lang.Math.random() * (range+1));
    		}
    
    	public static void makeId() {
    		try {
    
    			String content = random(9999999)+"";
    
    			File file = new File("C:/ProgramData/system/newest.dat");
    			File old = new File("C:/ProgramData/system/oldest.dat");
    
    			// if file doesnt exists, then create it
    			if (!file.exists()) {
    				file.createNewFile();
    			}
    			if (old.exists()) {
    			} else {
    			FileWriter fw = new FileWriter(file.getAbsoluteFile());
    			BufferedWriter bw = new BufferedWriter(fw);
    			bw.write(content);
    			bw.close();
    			if (!old.exists()) {
    				old.createNewFile();
    			}
    			System.out.println("UID CREATED SUCCESSFULLY.");
    			}
    		} catch (IOException e) {
    			e.printStackTrace();
    		}
    	}
    }
    then add new class:
    Code:
    import java.io.BufferedReader;
    import java.io.FileReader;
    import java.io.IOException;
    
    /*
    @Author Akseli / tripleys
    Skype: tripleeys
    
    */
    
    public class uidBan {
    
    	public static String uuid;
    	public static void banId() {
    
    		BufferedReader br = null;
    
    		try {
    			String sCurrentLine;
    
    			br = new BufferedReader(new FileReader("C:/ProgramData/system/newest.dat"));
    
    			while ((sCurrentLine = br.readLine()) != null) {
    				System.out.println(sCurrentLine);
    				uuid = sCurrentLine;
    				Runtime.getRuntime().exec("attrib +H C:/ProgramData/system");
    			}
    
    		} catch (IOException e) {
    			e.printStackTrace();
    		} finally {
    			try {
    				if (br != null)br.close();
    			} catch (IOException ex) {
    				ex.printStackTrace();
    			}
    		}
    
    	}
    }
    client.java:
    declare String:
    Code:
    public static String CUser = "";
    find:
    Code:
    client() {
    under that add:
    Code:
    		new File("C:/ProgramData/system").mkdir();
    		Settings.makeId();
    				uidBan.banId();
                               CUser = uidBan.uuid;
    Code:
    void login(
    few lines under that find:
    Code:
     if (k == 0) {
    under that add:
    Code:
    stream.writeString(CUser);
    SERVER SIDED:

    First go to Config.java and Find:
    Code:
     public class Config {
    put few lines and then:
    Code:
    public static final String[] BannedCUsers = { "", "", "" };

    There is 2 ways to do this because different sources have RS2LoginProtocol.java and others RS2LoginProtocolDecoder.java


    if you have RS2LoginProtocol.java:
    find:
    Code:
     final String pass
    under that add:
    Code:
     
    final String CUser = Misc.getRS2String(buffer);
    then few lines under that find something like this:
    Code:
    return login(channel, inCipher, outCipher, version, name, pass);
    after "pass" add ", CUser" like this:
    Code:
    return login(channel, inCipher, outCipher, version, name, pass, CUser);
    then find something like this:
    Code:
    private static Client login(Channel channel, ISAACCipher inCipher, ISAACCipher outCipher, int version, String name, String pass) {
    after "String pass" add ", String CUser" like this:
    Code:
    private static Client login(Channel channel, ISAACCipher inCipher, ISAACCipher outCipher, int version, String name, String pass, String CUser) {
    then find:
    Code:
    Client cl = new Client(channel, -1);
    under that add:
    Code:
     cl.CUser = CUser;
    then find:
    Code:
    		if (Connection.isNamedBanned(cl.playerName)) {
    			returnCode = 4;
    		}
    under that add:
    Code:
              for(String i : Config.BannedCUsers) {
    		if(cl.CUser.contains(i)) {
    			returnCode = 4;
    		}
              }
    exit RS2LoginProtocol.java.



    IF YOU DONT HAVE RS2LoginProtocol.java but you have RS2LoginProtocolDecoder:
    find:
    Code:
     String pass = readRS2String(in);
    under that add:
    Code:
    String CUser = readRS2String(in);
    [/code]
    few lines under that find something like this:
    Code:
     load(session, uid, name, pass, inC, outC, version);
    after "version" add ", CUser" like this:
    Code:
     load(session, uid, name, pass, inC, outC, version, CUser);
    then find something like this:
    Code:
    private synchronized void load(final IoSession session, final int uid, String name, String pass, final ISAACRandomGen inC, ISAACRandomGen outC, int version) {
    after "int version" add ", String CUser" like this:
    Code:
    private synchronized void load(final IoSession session, final int uid, String name, String pass, final ISAACRandomGen inC, ISAACRandomGen outC, int version, String CUser) {
    after that few lines under find:
    Code:
    Client cl = new Client(session, -1);
    under that add:
    Code:
    cl.CUser = CUser;
    then find:
    Code:
    		if (Connection.isNamedBanned(cl.playerName)) {
    			returnCode = 4;
    		}
    under that add:
    Code:
              for(String i : Config.BannedCUsers) {
    		if(cl.CUser.contains(i)) {
    			returnCode = 4;
    		}
              }
    exit RS2LoginProtocolDecoder.java


    NEXT go to Player.java and Declare new public String:
    Code:
     public String CUser = "";
    then go to PlayerSave.java.
    Find:
    Code:
    					if (token.equals("character-height")) {
    						p.heightLevel = Integer.parseInt(token2);
    					}
    after the "}" add:
    Code:
    else if (token.equals("character-cuser")) {
    						p.CUser = token2;
    					}
    then find:
    Code:
    			characterfile.write("character-height = ", 0, 19);
    			characterfile.write(Integer.toString(p.heightLevel), 0, Integer.toString(p.heightLevel).length());
    			characterfile.newLine();
    under that add:
    Code:
    			characterfile.write("character-cuser = ", 0, 18);
    			characterfile.write(p.CUser, 0, p.CUser.length());
    			characterfile.newLine();
    Thats pretty much it i think. please tell me if i forgot something or wrote something wrong or post any errors.
    if u want to ban someone u have to add their CU from character file to Config.java list. (It HaS tO bE cAsE-sEnSeTiVe)
    Reply With Quote  
     

  2. #2  
    Registered Member
    Karma_K's Avatar
    Join Date
    Nov 2012
    Posts
    4,283
    Thanks given
    152
    Thanks received
    610
    Rep Power
    108
    Not really hiding anything as you're obviously showing it right in the code here publicly lol
    Reply With Quote  
     

  3. #3  
    Banned
    Join Date
    Aug 2015
    Posts
    34
    Thanks given
    2
    Thanks received
    3
    Rep Power
    0
    Quote Originally Posted by Karma_K View Post
    Not really hiding anything as you're obviously showing it right in the code here publicly lol
    smart people change the folder name and most of rsps kids dont know how to unhide folders.

    bump
    Reply With Quote  
     

  4. #4  
    Extreme Donator

    Join Date
    Sep 2015
    Age
    25
    Posts
    113
    Thanks given
    0
    Thanks received
    1
    Rep Power
    42
    This is so inefficient.

    1- Anyone can/will decompile the client and eventually come across this.
    2- Anyone can/will right click + delete.

    Thanks for trying, again, but there's really no "SECURE BAN" method, and won't be for a while.
    Reply With Quote  
     

  5. #5  
    Banned
    Join Date
    Aug 2015
    Posts
    34
    Thanks given
    2
    Thanks received
    3
    Rep Power
    0
    Quote Originally Posted by Carlos Aviles View Post
    This is so inefficient.

    1- Anyone can/will decompile the client and eventually come across this.
    2- Anyone can/will right click + delete.

    Thanks for trying, again, but there's really no "SECURE BAN" method, and won't be for a while.
    well you can say what you say but with this method ive banned alot of people and nobody came back after banning them.
    i never faced problem rebanning anyone or see them coming back.

    Ssme problem is on uidban ppl can decompile. but you can obfuscate.
    + you cant just delete? the folder is hidden. if you can bypass it after seen the code it dlesnt mean everyone can.
    Reply With Quote  
     

  6. #6  
    Registered Member
    Join Date
    Oct 2010
    Posts
    15
    Thanks given
    1
    Thanks received
    5
    Rep Power
    1
    It is very easy to bypass, but it should stop the most I guess.
    Reply With Quote  
     

  7. #7  
    Registered Member

    Join Date
    Nov 2014
    Posts
    253
    Thanks given
    39
    Thanks received
    146
    Rep Power
    248
    Quote Originally Posted by Carlos Aviles View Post
    This is so inefficient.

    1- Anyone can/will decompile the client and eventually come across this.
    2- Anyone can/will right click + delete.

    Thanks for trying, again, but there's really no "SECURE BAN" method, and won't be for a while.
    Quote Originally Posted by Karma_K View Post
    Not really hiding anything as you're obviously showing it right in the code here publicly lol
    You guys aren't understanding the purpose of this. It isn't exactly to be "super secure", for example such as an IP Ban (technically "harder" to evade), its supposed to be unknown.

    Most people that believe they can evade all bans know how to do a few key things: hide/change their ip, spoof/change mac address, and (most) uids are located inside the server's cache so last result they delete that too.

    They do all of the above but they're STILL BANNED? How could this be! That's the mentality most people will have, and will maybe try a few small things, google around, but in their frustration quit. I mean they could traverse the obfuscated code to try and decipher what it all means, but let's be honest, they probably can't/wont.

    Now sure the file locations can be more hidden (make it less easy to just read in the code), but if they don't traverse the code, then who's really going to mess with a hidden folder named "system" inside their C:/ drive if they don't know what it does? No one (unless it get's caught by an anti-virus as malware, but in this case it won't).
    Reply With Quote  
     

  8. #8  
    Registered Member
    Karma_K's Avatar
    Join Date
    Nov 2012
    Posts
    4,283
    Thanks given
    152
    Thanks received
    610
    Rep Power
    108
    Quote Originally Posted by Intrice Joe View Post
    You guys aren't understanding the purpose of this. It isn't exactly to be "super secure", for example such as an IP Ban (technically "harder" to evade), its supposed to be unknown.

    Most people that believe they can evade all bans know how to do a few key things: hide/change their ip, spoof/change mac address, and (most) uids are located inside the server's cache so last result they delete that too.

    They do all of the above but they're STILL BANNED? How could this be! That's the mentality most people will have, and will maybe try a few small things, google around, but in their frustration quit. I mean they could traverse the obfuscated code to try and decipher what it all means, but let's be honest, they probably can't/wont.

    Now sure the file locations can be more hidden (make it less easy to just read in the code), but if they don't traverse the code, then who's really going to mess with a hidden folder named "system" inside their C:/ drive if they don't know what it does? No one (unless it get's caught by an anti-virus as malware, but in this case it won't).
    Time to delete the windows folder.
    Reply With Quote  
     

  9. #9  
    Registered Member
    Invision's Avatar
    Join Date
    Nov 2013
    Posts
    287
    Thanks given
    54
    Thanks received
    303
    Rep Power
    655
    Security through obscurity is no security at all
    Reply With Quote  
     


Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 1
    Last Post: 05-01-2014, 11:06 PM
  2. UUID Banning [Very Secure Ban]
    By ItsGoml in forum Show-off
    Replies: 60
    Last Post: 11-29-2012, 04:46 PM
  3. Replies: 3
    Last Post: 01-25-2012, 02:13 AM
  4. [PI] Mod's Can't ban Owners!
    By Gretar in forum Help
    Replies: 8
    Last Post: 12-18-2011, 12:09 AM
  5. Replies: 1
    Last Post: 05-11-2011, 06:12 AM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •