Other Preventing Modified Clients Idea

[Marcus101RR]

Dear Terrarians,

The worst thing about Terraria is anyone can join with a modified, hacked, pirated, or injected client to a server and join it as long as the Protocol Version is the same. We need something that separates these clients from one another to only allow the original client user to join (GOG / Steam). I was thinking of a few things...

• MD5 Hash EXE checkup?
  • The server checks the clients MD5 HASH and sees if it matches the default GOG or Steam version, if so, the player joins the server, if not it kicks them and tells them to check their files.
  • This would be parallel to the protocol check, since that would make things easier to check the version of the terraria client and then their md5.
  • If I remember correctly. MD5 hash for exe are unique? They cannot be cloned right? If so, scratch this idea.
• Custom Generated Encryption Key within Terraria.exe?
  • A code that generates a unique code based on something else? Such as the size of the Exe file, last date modified, etc?
  • Something that cannot be replicated by a hacker or modder in order to fool the server to think its the original client itself.

I have been trying to figure ways on how to truly prevent the nasty bad apples of Terraria to stop playing the game and ruining it for everyone else.

Sure we can password protect it, whitelist, etc. However, we can never reach the level of MineCraft where there are thousands of players on a server at this rate. We need security, we need something that secures that purpose of the games intention. Play it like it is, or join a server that actually allows modding/hacks. Simple.

Perhaps the Developer team can work on something like this in their future updates? I can't imagine there is no way to add some kind of protection system...

 

[Sigma90]

• MD5 Hash EXE checkup?
  • The server checks the clients MD5 HASH and sees if it matches the default GOG or Steam version, if so, the player joins the server, if not it kicks them and tells them to check their files.
  • This would be parallel to the protocol check, since that would make things easier to check the version of the terraria client and then their md5.
  • If I remember correctly. MD5 hash for exe are unique? They cannot be cloned right? If so, scratch this idea.

All hashes can be 'cloned'. (Technically, it's known as a collision.) It's the side-effect of mapping an infinite number of inputs to a finite number of outputs. For the most part though, MD5 is usually still OK for verifying file integrity. And there are plenty more (and better) hash functions that can be used. It should be a simple check.

There is also server passwords to restrict who joins. (But they're no good for a public server.)