[MPQ] Forcing players to play with custom patches

[blukkiee]

Alright so right now I've got the spell made. When I try to put the new Spell.dbc in the patch, all spells mess up and you have 10 seconds before the client crashes. When I use the new Spell.dbc for the server, everything is fine.

I will try some more but I've also come to the conclusion that even without the patch, you can learn the spell. If the spell is not on the serverside and only on the clientside, there is nothing to learn (my guess).

It would look like this:

Client: Yes - Server: No: no
Client: Yes - Server: Yes: yes
Client: No - Server: Yes: yes
Client: No - Server: No: no

So we've again made 0 progress to any clientside checks.

Is there a way you can modify the client version (i.e. 866 and check this with the core? The core must check this, because the core doesn't allow connections from wrong client versions afaik.

[stoneharry]

Is there a way you can modify the client version (i.e. 866 and check this with the core? The core must check this, because the core doesn't allow connections from wrong client versions afaik.

The logonserver config controls what builds can connect. If you can change the build via a mpq edit then you can only allow that build in the logonserver config.

[blukkiee]

I think it is all scripted in the launcher and not in any other file, I can't find anything related to the build version in the patches and the core doesn't really give me any clue where they get it from...

[homer91]

*removeme*

[blukkiee]

They say it can only be done with a warden-like program, which is not supported yet.

[The-Eradicator]

They say it can only be done with a warden-like program, which is not supported yet.

That's bullshit, there's a lot of ways to enforce custom patching for the majority of your players.

You could build a launcher, and have your realm authentication require a packet sent from the launcher before the initial WoW packet, which would be sent when they hit "Play". If that packet isn't sent they aren't using the launcher, thus not using the patch, therefore deny login. The allowed login would last for two or three minutes.

You could embed an addon in the MPQ files like Blizzard's addons do. This addon simply sends a version check across the addon channel. Serverside, listen for that message. If it isn't sent, disconnect the player.

That names only two methods, and there are several more.

[blukkiee]

The launcher is a great idea. I will try to make one myself - if I would not be capable to make one would it be ok for me to contact you?

Edit: They can use a launcher without using the custom patch. How would I fix this?
Edit2: This might be of any use? http://www.zezula.net/en/mpq/mpqformat.html

Edit3: This guy told me it's possible to embed add-ons in .MPQ files. This way you could let the addon send some code/packet/string to the server and only then it would allow connection to the server. Any of you can confirm this? If true, I do not know how to so if anyone can help that would be great.

[homer91]

blukkiee, please add me on msn
[email protected]

[The-Eradicator]

Edit: They can use a launcher without using the custom patch. How would I fix this?

Try reading the post.

Edit2: This might be of any use? MPQ Archivy - MPQ file format

You obviously have no idea what you're looking at.

Edit3: This guy told me it's possible to embed add-ons in .MPQ files. This way you could let the addon send some code/packet/string to the server and only then it would allow connection to the server. Any of you can confirm this? If true, I do not know how to so if anyone can help that would be great.

I have a name. Aside from that, read the damn post. Unless something has changed since TBC (which is doubtful) you should be able to find the Blizzard addons in one of the MPQs. That's where they get them from when they're extracted to the interface\addons folder. You should be able to do the same thing.

[blukkiee]

Try reading the post.

Your explanation wasn't very clear. You say if they aren't using the launcher they aren't using a patch either - but they are two seperate things. They can use the launcher and still not have the patch in their data folder.

(Just a note, if you don't WANT to help then don't)

[The-Eradicator]

Your explanation wasn't very clear. You say if they aren't using the launcher they aren't using a patch either - but they are two seperate things. They can use the launcher and still not have the patch in their data folder.

(Just a note, if you don't WANT to help then don't)

if [patch exists] then [send packet], [start wow]

Serverside:

if [packet was sent in the past two minutes] then [allow login] else [deny login]

[blukkiee]

Yeah I should've thought about that :') Thanks.
I will have to look into this packets, never worked with it before.

[blukkiee]

Any way to prevent them from making a custom file that contains nothing but has the same name?

[The-Eradicator]

Any way to prevent them from making a custom file that contains nothing but has the same name?

Yeah, you can. This would require a more complicated process, you'll want to use TCP instead of UDP.

On the server side you'd want hashes of all the patches available.

Code:

public enum Packets : byte
{
    CMSG_LAUNCHER_AUTHENICATE = 0x00,
    SMSG_LAUNCHER_AUTHENICATE = 0x01,
}

public enum LoginResult : byte
{
    LOGIN_SUCCESS = 0x00,
    LOGIN_PATCH_OUTDATED = 0x01,
    LOGIN_PATCH_INVALID = 0x02,
}

Then it would look something like

CLIENT -> CMSG_LAUNCHER_AUTHENTICATE [SHA-1 hash of patch]

SERVER: Compare list of hashes

If hash is outdated send SMSG_LAUNCHER_AUTHENTICATE [LOGIN_PATCH_OUTDATED]

If the hash isn't in the list send SMSG_LAUNCHER_AUTHENTICATE [LOGIN_PATCH_INVALID]

If the hash is in the list, and is the latest patch send SMSG_LAUNCHER_AUTHENTICATE [LOGIN_SUCCESS], and allow login from that IP for the next minute.

The only way to circumvent this protection would be to write a launcher that duplicates this process and uses the hash from the patch as a constant.

That is highly unlikely, however, since that would require the user to watch the packet process, download the patch, make a hash from the patch, spend an hour or two figuring out how to write code for it, all so that they can't see half the stuff on your server.

[homer91]

Nice idea, thank you!!!