FLockClient - Server
FLockClient
ATTENTION: At this time I'm not able to maintain this project. If any experienced developer wants to maintain this project while I can't, contact-me.
FLockClient is a small and simple tool to force players to use the server defined .jar, It might be useful to modded server and also can work to prevent hacked clients, forcing all the players to use a clean .jar. A client-side modification is required.
Pages: Instructions || Permissions || Key Numbers || Jenkins
Features
- Highly Configurable
- Random security keys
- Multiples clients
- Force player to use a defined client
- Permissions to each client
- Download files from the server
- Permanent ban by MAC address
- more
Permissions
Permission | Effect |
---|---|
FLockClient.Debug | Receive in-game debug messages |
FLockClient.F3 | Access access to the "F3" menu |
FLockClient.Texture | Ability to bypass the texture pack lock |
FLockClient.hash.<client> | Access to the <client> defined |
FLockClient.Gui.Debug | Show debug information on download |
FLockClient.ByEmpty | Join the server without the client |
Commands
- /lc ban - Ban the player MAC address
- /lc unban - unBan the player MAC address
- /lc info - Show information about a client
- /lc list - List players using any authorized client
- /lc reload - Reload the configuration
- /lc unex - Re-enable the anti-cheat protection
Attention
This plugin is made to work with a client mode that is available here, if you don't use the mod, the server will not recognise you!
Know Bugs
- Sometimes the kick message will not be properly shown, this is not related to FLockClient.
- Let me know if you find any!
@karim090
reload is not healthy. Bugs starts from it.
@piritacraft
Tente aumentar o KickDelay pra 120.
Eu usei a configuração: http://pastebin.com/wkr3TzvP E percebi que mais ou menos 50% das vezes ele falha falando que o player não esta com o client requerido.
great.. now whit requiere false. and block movemente true i can control clients jars. =)
but still haveing troubles using requiere true, and when you reload the server o the plugin u have to relog because it start to show NotUsing msg
que beleza, ate que enfim alguém fez isso. Valeu furmiga =)
@roelmb
The hash is always random, it will never be the equal to another already sent. of course java obfuscation is breakable, but how did you will find the proper class and methods to install other mods? Will be totally different, plus, hacked clients are also obfuscated, thanks to it, is very hard do install this mod inside a hacked client, unless the 'hacker' is smart enought to decompile an obfuscated copy of the minecraft.jar (assuming you obfuscated it), find all the required classes and methods, install or probably code a simple fly hack since will be even harder try to crack a hacked client, then you will be able to join the server and fly some blocks around until the vanilla antifly kicks you out. Honestly, I dont think a person with that sort of skills will ruin a server to do that and if he do, I'll change one single bit of the hash generator and he will need to do everything again.
@alexey7813
at Settings.yml set Preventions > Movement to false
In the second(!!!) input on server, teleport on place to come for the first time. Is this normal?
@roelmb
That's true, indeed.. I think though that anything that makes hacking more difficult deserves some credit, though. Sure, it might not be 100% foolproof but it will stop the hackers that aren't so smart.
And let's be honest, most hackers aren't that smart.
Its easy to bypass by just intercepting the hash thats being send and save it to a file.
Then you just send the hash inside this file instead of creating one every single time making it possible to modify the source with any mod you like without any problem.
Its not that hard to intercept the hash and send it out with a diffrent plugin then yours.
Deobfuscation is very easy in java so finding out how its being send wouldn't be that hard either. And with a package generator you could just manually send the package trough TCP or UDP to the right port. You have access and they think you can't hack problem solved...
Cool plugins! But is the idea of how to get around it. Intercept system calls to access the file "minecraft.jar" and give it a different file.
To avoid this to confuse the hacker. For example, a random number to call: fclose(fopen('minecraft.jar'));
Alright alright, I'll improve the description. People don't seem to understand what the plugin does.
And if they don't use the special client? Do they just get away with hacking? "Hey, hackers, please install this Minecraft so we know you're not hacking. Thanks!"
@roelmb
@fichita
The client will read byte by byte of the minecraft.jar and generate a custom hash using the read data and the random security keys that the plugin will send to the client. If you change one single bit of the minecraft.jar, the generated hash will not match the generated in the server side. Making the server not recognising your client as valid.
I'll not release the source yet, and I have no plans to do it in the future, in fact, I wish I could upload the plugin obfuscated.
This does not replace your anticheat plugin and I truly recommend having one installed in case of emergency.
@roelmb
I think the plugin make a hash of the whole client and compare if match with the same used as permitted client
I made a test with nodus and xenon and works perfectly only 1.4.7 with reisminimap and optifine is permited in my server
By the way if the source is not available it might stay that way... just my thinking
I don't get it how it protects against cheats... Does it scan the jar for diffrences? Does it generate a hash by looking at a piece of bytecode? How exactly does it generate the hash. With other words. Is the source available somewhere? Because i'm pretty sure this doesnt protect your server against hacks if they dont interfere with the same classes too much...
Just uploaded v1.3, should fix the problem of people using the right client being kicked.
@fichita
Fixed v1.3
Just noticed this.... but everything looks like is working fine...
at net.minecraft.server.v1_4_R1.ThreadServerApplication.run(SourceFile:849) at net.minecraft.server.v1_4_R1.MinecraftServer.run(MinecraftServer.java:427) at net.minecraft.server.v1_4_R1.MinecraftServer.q(MinecraftServer.java:494) at net.minecraft.server.v1_4_R1.DedicatedServer.r(DedicatedServer.java:224) at net.minecraft.server.v1_4_R1.MinecraftServer.r(MinecraftServer.java:530) at org.bukkit.craftbukkit.v1_4_R1.scheduler.CraftScheduler.mainThreadHeartbeat(CraftScheduler.java:344) at org.bukkit.craftbukkit.v1_4_R1.scheduler.CraftTask.run(CraftTask.java:53) at me.FurH.LockClient.listener.LockPlayerListener$2.run(LockPlayerListener.java:130) at org.bukkit.Location.distance(Location.java:364) at org.bukkit.Location.distanceSquared(Location.java:381) java.lang.IllegalArgumentException: Cannot measure distance between world2 and world 2013-03-13 06:16:26 [WARNING] [FLockClient] Task #22 for FLockClient v1.1 generated an exception
@karim090
If your name is green on /lc list, it means that you are identified like using the valid client. There are some isues with a small safe-guard that are kicking people even if they are using the client, I'll upload a fix for that asap.
@fichita
red names are people using the client but not a valid one, like if they changed something in the .jar.
Hi, when i do /LC LIST i receive the list of members wich are using the MOD client , some names with minecraft in brackets cus that is the autorized client, but other names are in RED, without the brackets, why is that ???
@FurmigaHumana
sry man :p
i mean. i tryed alot you plugin/mod, and i got it:
i setted KickDelay: 15000 o.0 and the first login work fine, but the otherones no. those times i got not-using msg. and whit alot kick-delay y get java.net.socket.exepcion: conection reset.
oh, and if i reload, server kick me giving invalis msg
seem like want work, but still not working for me :(
this is my terminal servel
and, white te Requiere opcion false, dont see the "valid msg" but if i do /lc list i see "1 active client" thats mean is identifying me whit the valid jar?
@karim090
Please, try to improve your english so I can understand you.
@x_clucky
Which is taking too long by the way, when was the last time we heard about it?
@BoomerBR
Eu adicionei uma safe-guard pra evitar ao máximo que os jogadores entrem sem o cliente instalado, é muito mais dificil segurar quem não tem o cliente do que quem esta com o cliente errado, eu vou ter que repensar umas partes dessa safe-guard, vou tentar enviar a v1.3 essa semana ainda.