7 replies to this topic

[smartie]

Talking to another player online yesterday, it became apparent that he knew my IP address. How did he find this? I am aware the old westwood style ladder showed this info but I can't see this anywhere on the new xwis ladder.  

[Showtime]

its in a file in ur ra2 when u have played some 1

[Niek]

[Mikoz]

 

Sometimes....

 

It is! 

[Chlorpromazine]

its in a file in ur ra2 when u have played some 1

No, it's not. Xwis.dll actually NOPs the function that writes the file containing the IP addresses of players.

Besides, there's better ways to do this. Nowadays, IPs are harvested on a large scale through the IRC.

Those better ways are:

• IRC-Relay
• Pcap
• Hooking the function that extracts/processes IRC lines

The IRC-Relay is obviously the easiest and most popular way, also very flexible and powerful because you can manipulate/delay/drop/inject lines before they reach the game/server. Simple relays can be detected with good confidence by reading the hosts file or testing a socket on which the relay is not listening but the server is. A lot of players have and do use this. Relays have been around since 2001.

Pcap is hard because you have to analyze headers and reassemble the TCP stream yourself before you can extract and process lines. But fun thing to do and it's the only thing of these 3 that's not against the rules and because it's non-intrusive there's just no way to detect it and no way for you to mess up the data between the server and client. The only one I know of has been made in 2011 and then rewritten in 2015 by the same engineer.

Hooking is very doable, but requires quite some reverse engineering knowledge. I'm not aware of anyone ever making one this way and I don't know anyone capable enough that could to do this other than Olaf and myself. I think Olaf already found the function to inject lines, at least in the QM screen.

Edited by Chlorpromazine, 19 March 2018 - 12:56 PM.

[Chlorpromazine]

Thinking about this...
 

Simple relays can be detected with good confidence by reading the hosts file or testing a socket on which the relay is not listening but the server is. A lot of players have and do use this. Relays have been around since 2001.

Just resolving xwis.net and checking whether it points to the loopback address could do the job.

 

Hooking is very doable, but requires quite some reverse engineering knowledge. I'm not aware of anyone ever making one this way and I don't know anyone capable enough that could to do this other than Olaf and myself. I think Olaf already found the function to inject lines, at least in the QM screen.

One could probably get away with simply hooking the send() and recv() calls along with connect() and closesocket() to keep tabs on the connection. So it should be easier than first thought.

Edited by Chlorpromazine, 31 March 2018 - 09:40 PM.

[zzattack]

but how will you defeat a reverse proxy if its not transparent

[Chlorpromazine]

Relays for RA2, as you and I know them, are by definition non-transparent reverse proxies. 

 

What you should be asking is the case in which you install the relay on some server on a public network. This makes it a bit harder to detect, indeed. But it's not like we're designing ways to catch cheaters, Frank.