Jump to content


Photo

View IP of player


  • Please log in to reply
7 replies to this topic

#1 smartie

smartie

    Corporal

  • Members
  • PipPip
  • 13 posts

Posted 21 January 2018 - 11:56 AM

Talking to another player online yesterday, it became apparent that he knew my IP address. How did he find this? I am aware the old westwood style ladder showed this info but I can't see this anywhere on the new xwis ladder.  



#2 Showtime

Showtime

    Colonel

  • Members
  • PipPipPipPipPipPipPip
  • 7863 posts

Posted 21 January 2018 - 02:57 PM

its in a file in ur ra2 when u have played some 1



#3 Niek

Niek

    mario

  • Members
  • PipPipPipPipPipPipPipPip
  • 11987 posts
  • Location:Denekamp
  • XWIS Name: Niek

Posted 08 February 2018 - 09:15 PM

:war:



#4 Mikoz

Mikoz

    Colonel

  • Members
  • PipPipPipPipPipPipPip
  • 7081 posts
  • Location:AMSTERDAM
  • XWIS Name: Palacio

Posted 09 February 2018 - 05:40 PM

:war:

 

Sometimes....

 

It is!  :boxing:



#5 Chlorpromazine

Chlorpromazine

    Testosterone Enanthate Trenbolone Acetate

  • Members
  • PipPipPipPip
  • 103 posts

Posted 19 March 2018 - 01:51 AM

its in a file in ur ra2 when u have played some 1


No, it's not. Xwis.dll actually NOPs the function that writes the file containing the IP addresses of players.

Besides, there's better ways to do this. Nowadays, IPs are harvested on a large scale through the IRC.

Those better ways are:
  • IRC-Relay
  • Pcap
  • Hooking the function that extracts/processes IRC lines
The IRC-Relay is obviously the easiest and most popular way, also very flexible and powerful because you can manipulate/delay/drop/inject lines before they reach the game/server. Simple relays can be detected with good confidence by reading the hosts file or testing a socket on which the relay is not listening but the server is. A lot of players have and do use this. Relays have been around since 2001.

Pcap is hard because you have to analyze headers and reassemble the TCP stream yourself before you can extract and process lines. But fun thing to do and it's the only thing of these 3 that's not against the rules and because it's non-intrusive there's just no way to detect it and no way for you to mess up the data between the server and client. The only one I know of has been made in 2011 and then rewritten in 2015 by the same engineer.

Hooking is very doable, but requires quite some reverse engineering knowledge. I'm not aware of anyone ever making one this way and I don't know anyone capable enough that could to do this other than Olaf and myself. I think Olaf already found the function to inject lines, at least in the QM screen.

Edited by Chlorpromazine, 19 March 2018 - 12:56 PM.


#6 Chlorpromazine

Chlorpromazine

    Testosterone Enanthate Trenbolone Acetate

  • Members
  • PipPipPipPip
  • 103 posts

Posted 31 March 2018 - 09:40 PM

Thinking about this...
 

Simple relays can be detected with good confidence by reading the hosts file or testing a socket on which the relay is not listening but the server is. A lot of players have and do use this. Relays have been around since 2001.

Just resolving xwis.net and checking whether it points to the loopback address could do the job.

 

Hooking is very doable, but requires quite some reverse engineering knowledge. I'm not aware of anyone ever making one this way and I don't know anyone capable enough that could to do this other than Olaf and myself. I think Olaf already found the function to inject lines, at least in the QM screen.

One could probably get away with simply hooking the send() and recv() calls along with connect() and closesocket() to keep tabs on the connection. So it should be easier than first thought. :p

Edited by Chlorpromazine, 31 March 2018 - 09:40 PM.


#7 zzattack

zzattack

    Colonel

  • Members
  • PipPipPipPipPipPipPip
  • 5356 posts
  • Location:Eindhoven, Netherlands
  • XWIS Name: zzattack

Posted 31 March 2018 - 10:31 PM

but how will you defeat a reverse proxy if its not transparent



#8 Chlorpromazine

Chlorpromazine

    Testosterone Enanthate Trenbolone Acetate

  • Members
  • PipPipPipPip
  • 103 posts

Posted 01 April 2018 - 12:27 AM

Relays for RA2, as you and I know them, are by definition non-transparent reverse proxies.  :laugh:

 

What you should be asking is the case in which you install the relay on some server on a public network. This makes it a bit harder to detect, indeed. But it's not like we're designing ways to catch cheaters, Frank. :rolleyes: 

 

 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users