Mod Security

From Warzone Wiki
Jump to: navigation, search

In a Client-Server Relationship it is very important that the Server checks everything the client sends to it. This is because someone who is proficient in programming (a Hacker for example) can modify any data the client sends to the server. It's therefore important to employ a zero trust policy when creating mods

[edit] Possible security weak points

[edit] SendGameCustomMessage

Main article
An attacker can modify the payload in any way they desire. Let's take a Diplomacy Mod for example, where the Host can decide which player should win at any time. A naive approach using Server_GameCustomMessage(...) would be

function Server_GameCustomMessage(game, playerID, payload, setReturn)
    if payload.type == "makePlayerWin" then
        makePlayerWin(game, payload.playerid)
        -- makePlayerWin(game, playerid) could be a function that later on adds an order which sets the territory owner of every territory to the player associated with the supplied playerid
    elseif ... -- other functionality

An attacker with the associated playerid of (for example) 12345 who analyzed the source code of the mod (remember, the source code of every mod is publicly available on Github) can now see that the Hook never actually checks if the client who sent the CustomServerMessage is really the host (indicated by the playerID parameter of the Server_GameCustomMessage function). The attacker could therefore send following Lua table to the Server:

    type = "makePlayerWin",
    playerid = 12345

and automatically win as soon as the turn advances. The actual process is more complicated but that's about how an attacker could use the security vulnerability to gain a decisive advantage.

The obvious and right solution is to additionally check inside the if condition if the playerID supplied to Server_GameCustomMessage belongs to the host.

function Server_GameCustomMessage(game, playerID, payload, setReturn)
    if payload.type == "makePlayerWin" and game.ServerGame.Settings.StartedBy == playerID then
        makePlayerWin(game, payload.playerid)
    elseif ... -- other functionality

this now makes the functionality secure against custom client data crafted by an attacker

[edit] GameOrderCustom

Main article
The Server Mod Hooks which accept the GameOrderCustom should only depend on the payload, as hackers may, as with SendGameCustomMessage, modify all fields (Message, Payload, CostOpt and OccursInPhaseOpt) to gain an advantage. Note that, since hackers can modify Payload too, it is essential to verify that it was even possible for the player to send the received Payload in the first place. All other Fields should be recreated by the Server.

Personal tools