Forum: Archive RSS
Hashing advice requested

Announcement

2008-11-05, 13:54 by Keshire
Rules for posting on this site.
Follow them or have your posting rights removed or be banned.

[cut=Full List Of Rules]*  If a topic makes no sense to you, do not ask broad questions about it.  We have a lot of developer posts that will make no sense to someone who doesn't know how to program or has not taken the time to explore the game files.


*  All modifications we release for the xbox will require a modified xbox.  Ask for instruction and then tell us you don't have one will result in banning/deletion of all posts for failure to read instructions.  THERE WILL BE NO SAVES ON THIS SITE SO DO NOT REQUEST THEM.


*  We do not endorse pirating.  Suggesting or asking for such will get you banned.  If you like a game BUY IT.  People worked hard to make something to entertain you, it's the least you can do.  If you are caught without one of these you will be banned.


*  Posting of original game files is strictly prohibited.  If you have code to share post just the code you have made.  Only attach files if you have created an application or something similar that requires the attachment.  If you made many changes to a file but did not change ALL of it then post a PPF or something similar to avoid posting any original code at all.  Do not link to original files either.  Either way it's just the same as posting them here.


*  Harassing admins/moderators through PM/Email because of your own inability to work things out with other people in the forums will result in loss of PM an removal of ability to post.


*  Harassing admins/moderators through PM/Email because of your own inability to read posts and stickies in the forums with any compitence will result in loss of PM an removal of ability to post.


*  Harassing or just flooding a topic/person because you are too lazy to use search will get your posting rights removed.  Search exists for a reason and we won't deal with people that constantly ask for things that are easy to find with search.


*  Public bashing of other members will get your posts removed.  If it is done repeatedly you will get your account banned.


*  Posting a reply to merely say you don't know or you also want to know something is a waste of space and all of our collective time (assuming you weren't asked directly, but if you were it probably should have been done in PM).  Repeated offenders will get their posting rights removed.

*  Do not cross post questions/requests in forums.  Pick the appropriate forum and post it there.  People read in all of the forums and don't need to see the extra spam.


*  Everything on this site is provided AS IS.  If you use a tool that someone wrote here and it crashes your computer, we don't care.  The programmer should be informed with as much information as you can provide in order to prevent that from happening again though.

*  Being an open forum, try to contribute to it.  As in by helping crack file formats or developing new tools or game modifications.  Leeches are never appreciated.  Especially when they are ungrateful for the work that other people put into doing something for them.  Being ungrateful is a very quick path to being banned.


*  Lack of acting like a mature person or inability to type in proper english or something close to it will not be tolerated (i.e. l33t,ALL CAPS, or IM shorthand).


Basically, this is a technically based Fable modding site.  This is NOT a playground. [/cut]

If you have a problem with these rules, don't come here.

Failure to not read the stickies on forums (like this one) is not an excuse.  Failure to read this post is also not an excuse.
LittleCodingFox #1
Member since Nov 2008 · 34 posts
Group memberships: Members
Show profile · Link to this post
Subject: Hashing advice requested
Sorry for making a non-fable thread, but i dont really want to post this on gamedev-related forums since lately everyone on those forums is either too busy posting crap-based replies, or too busy to notice anything i post.

I'm working on a project of my own, think about it as a MMORPG-sized single-player RPG w/ minimal life simulation, and i'm about to work on client/server stuff, and i'm in need of a proper file checksum algorithm so i can receive hashes from the client to the server in order to verify that the client has all the needed files and that none are damaged/modified.

For those wondering, i need networking because the world simulation is quite CPU-intensive, so i'll make an exe exclusively for world simulation.

CRC cannot be used, since it's possible to make fake CRCs for files, even if the client by default doesnt know the checksums, and MD5 seems to have it's own collisions issues.

So, does anybody know of any good checksum algorithms i could use, preferably something that doesnt force me to pay licensing/royalties?

Thanks a lot for your time regarding this message.
This post was edited on 2013-11-21, 08:19 by Keshire.
TodX Administrator #2
Member since Oct 2008 · 16 posts · Location: San Diego
Group memberships: Administrators, Members
Show profile · Link to this post
MD5 will be sufficient to detect file damage and modification.  Generating MD5 collisions is pretty easy, true, but not for a particular file.  Most likely if some one is trying to modify the game and they are that serious about it, they'll just modify the exe to send the hash values the server expects.  This can be done by using a nonmodified copy of the file to generate the hash, but have the game engine actually load a modified file, or just have it read the precomputed hash values from from an outside file.  But if you still want to try for something more secure, there's always the SHA hash functions, I don't believe I've heard of anyone that's made much progress against those.
LittleCodingFox #3
Member since Nov 2008 · 34 posts
Group memberships: Members
Show profile · Link to this post
From the information i've seen on wikipedia, SHA-1 has collisions, SHA-2 has a collision at the 2^64th attack, and SHA-256/224/384/512 ones have no collisions at all.

But if the .exe can be modified, then this wont do much anyhow, since, as you said, they can just get the hashes for the original files and send those hashes instead of the loaded files.

I wonder what i should do to be able to detect that sort of issue. But i wont bother too much with security, else i'll probably get my game unplayable or never work on the game because i'll be too busy with security.

Thanks for your help, TodX!
LittleCodingFox #4
Member since Nov 2008 · 34 posts
Group memberships: Members
Show profile · Link to this post
Well, i just had a fancy idea.

Add a specific extra piece of data to the beginning of the data sent for MD5 generation, so they cant generate a proper MD5 out of the original files.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Not logged in. · Lost password · Registration disabled
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Page created in 133.7 ms (92.7 ms) · 57 database queries in 67.7 ms
Current time: 2019-05-20, 11:44:55 (UTC -07:00)