Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Categories

Dark Dreams of Furiae - a new module for NWN:EE! Buy now
Attention, new and old users! Please read the new rules of conduct for the forums, and we hope you enjoy your stay!

CEP & EE Changes: Lunacy?

See this thread on Brownies and Wmics

Unless I'm missing the big picture, any PW module that uses the CEP has the floodgates open for extra races outlined in their racialtypes 2das, yes? You can close it on the server end, but you're not really closing it because it's open on the client end, and all haks are pre-loaded at character creation. Am I overlooking the obvious? I must be or there would be more of an outcry than this. If this were true, then this would require an extra re-distrubution of every PW's custom hak.

So, what are CEP PW admins to do?

Comments

  • SherincallSherincall Member Posts: 387
    Detect the race OnClientEnter, then use BootPC() to kick them with a meaningful message. Ugly, but works well enough.

  • Sylvus_MoonbowSylvus_Moonbow Member Posts: 1,055
    edited June 2018
    Pretty easy fix. Modify racialtypes.2da and put that modified closed selection in a new hak name your server is using. Anyone after that point will get a hak missing error or at least it does that in single player, who knows if they fixed this for multiplayer to let players know what specific haks are missing on connection or it simple spits out a connection error. Then all players will be forced to get the new hak with your changes denying these two races.

    Another option is to check the racial type for wolfhead and browniehead characters and boot them onenter of your pw.

    This was posted in another thread by Zeroark and gives you an idea of how it would be done.

    int RACE_FEAT_WEMIC = 51;
    int RACIAL_TYPE_BROWNIE = 53;

    if (GetRacialType(oPC) == RACIAL_TYPE_BROWNIE)
    { // AUTO BOOT PLAYER FROM JOINING SERVER

    }

    if (GetRacialType(oPC) == RACIAL_TYPE_WEMIC)
    { // AUTO BOOT PLAYER FROM JOINING SERVER

    }

    dTd
  • Grizzled_DwarflordGrizzled_Dwarflord Member Posts: 168
    I get it, thank you again. Where is the Bat Beacon I must light for the CEP to make some changes to their hak system? I've tried posting on their forums but I get nothing. It seems that only the default player races should be included in their top hak, and all the extra races and definitions should be included in their cep_add_races.hak.

  • ShadooowShadooow Member Posts: 394
    edited June 2018

    See this thread on Brownies and Wmics

    Unless I'm missing the big picture, any PW module that uses the CEP has the floodgates open for extra races outlined in their racialtypes 2das, yes? You can close it on the server end, but you're not really closing it because it's open on the client end, and all haks are pre-loaded at character creation. Am I overlooking the obvious? I must be or there would be more of an outcry than this. If this were true, then this would require an extra re-distrubution of every PW's custom hak.

    So, what are CEP PW admins to do?

    Yes, it is open on client's end. Unless CEP releases new version that comes with these races disabled. Even then, smart player will be able to edit the hak and make them selectable for himself.

    However, NWN server should disallow joining players with race that is not player race by eyes of the server. IE. if you edit racialtypes.2da on the server side and set both races not to be player races anymore.

    If you modify racial_types.2da on your end properly (ie. when self-testing with the modified haks, you will be unable to select the race when joining your server) and the server still allows player to enter, there are two possibilities:
    1) your server doesn't use ELC - in such case you need to use script which was already suggested
    2) there is a bug in NWN:EE and it doesn't check whether race selected by players is player-race on server and this should be reported.


    In either case, question is why CEP allowed Wemic and Brownie as player races when they were never selectable by player due to missing GUI. You can't really blame BeamDog for this.

    Anyway, fact is, that all servers with CEP had their "gates" opened all this time. It was possible to enter with Brownie or Wemic race from the day 1. However, this was only possible by using exploits with character creation or lately my nwncx_patch plugin which added the same feature as NWN:EE and thus only few PW admins ever encountered it.

  • Grizzled_DwarflordGrizzled_Dwarflord Member Posts: 168
    edited June 2018
    Bear in mind that I am talking about PW multiplayer only. Single-player does not concern us in this thread since everyone is free to choose what they want to do in singleplayer.

    So, should I assume then that a player can edit their racialtypes2da on their end and open any race listed there, and also choose whatever stat bonus they choose to give that race? For instance, they can open up Ooze as a race, and give oozes +20 to all starting stats. And so the only way to mitigate this -- if one is using the CEP -- is to create a new server hak that redefines and enforces the appropriate racial types, which would also require the player to download the hak, and thus close the door on would-be offenders?

    Races aside, the player could just edit legal races in their 2da -- say human -- and grant them any bonus their greedy little heart desires? And so an OnClientEnter event, while it would catch illegal races, would not be able to catch the legal ones that are on Performance Enhancers.

    Am I on the money, or have I lost it?

  • SherincallSherincall Member Posts: 387
    Depends on whether your server has Enforce Legal Characters set or not. If it is set, the server will automatically compare the character with what is legal using the haks on the server, and reject them if they have been "performance enhanced".

    If you turn ELC off, then yes, anyone can join with custom stats. Servers sometimes turn ELC off so that they can edit the characters (e.g. for subrace bonuses), but then they write an additional ELC check in the scripts and boot such "hacked" characters manually.

  • ShadooowShadooow Member Posts: 394

    So, should I assume then that a player can edit their racialtypes2da on their end and open any race listed there, and also choose whatever stat bonus they choose to give that race? For instance, they can open up Ooze as a race, and give oozes +20 to all starting stats.

    Yes player can do that now.

    Races aside, the player could just edit legal races in their 2da -- say human -- and grant them any bonus their greedy little heart desires? And so an OnClientEnter event, while it would catch illegal races, would not be able to catch the legal ones that are on Performance Enhancers.

    Yes, now when the races abilities aren't hardcoded in the character creation, player can use this to join your server with hacked stats.

    This was possible to do before using at least 2 other methods, but now it is indeed much simpler for them.

    And so the only way to mitigate this -- if one is using the CEP -- is to create a new server hak that redefines and enforces the appropriate racial types, which would also require the player to download the hak, and thus close the door on would-be offenders?

    CEP has actually nothing to do with this. This is possible on all servers no matter what haks are they using, player just needs to know which hak is your top hak and how to make edits.

    CEP just shown this issue because it includes 2 custom races that are set as Player races. So even if you use ELC, server will allows such character and the only way to protect against it is to boot character with wemic/brownie races or, if you are using ELC, change racialtypes.2da on your end and disable both races for players. Then, despite they will still be able to create new character with them, they will be rejected by server when they atempt to enter.

    So basically. Use ELC and you are safe. Those without ELC has been always vulnerable to all kinds of hacked characters and because of the unhardcoded character creation, we can expect that there will be more players that will try to sneak with cheated character into our persistent worlds.

  • Surreal_Surreal_ Member Posts: 5
    edited June 2018
    While I know it is possible to enter servers with a hacked character, is the above method really possible? Surely there is more to it than someone simply knowing what your server's top hak is. Even with ELC turned off someone attempting to join my server with an edited hak file is told they don't have the correct file and can't log in, and this is without any extra scripts to enforce ELC.

    EDIT: Woops, I misunderstood. I will say though that using a custom top hak doesn't even give people joining my server the choice to pick Wemic or Brownie at character creation.

  • ShadooowShadooow Member Posts: 394
    Surreal_ said:

    While I know it is possible to enter servers with a hacked character, is the above method really possible? Surely there is more to it than someone simply knowing what your server's top hak is. Even with ELC turned off someone attempting to join my server with an edited hak file is told they don't have the correct file and can't log in, and this is without any extra scripts to enforce ELC.

    EDIT: Woops, I misunderstood. I will say though that using a custom top hak doesn't even give people joining my server the choice to pick Wemic or Brownie at character creation.

    NWN doesn't actually compare haks between client and server. Neither it is sending haks. Server simply sends a list of haks that player must have and these haks will be (now in NWN:EE) opened when creating new character. However their content is loaded from client side, which is why this all can happen. It is also why player will always able to select wemic/brownie on CEP servers unless as you realized you won't put a custom top hak over it. This is because players are downloading CEP from vault and that version has them enabled, even if you disable them on your end, whether they will show up or not in character creation is controlled by files in player's CEP version.

  • SherincallSherincall Member Posts: 387
    Surreal_ said:

    While I know it is possible to enter servers with a hacked character, is the above method really possible? Surely there is more to it than someone simply knowing what your server's top hak is. Even with ELC turned off someone attempting to join my server with an edited hak file is told they don't have the correct file and can't log in, and this is without any extra scripts to enforce ELC.

    EDIT: Woops, I misunderstood. I will say though that using a custom top hak doesn't even give people joining my server the choice to pick Wemic or Brownie at character creation.

    Yeah. Random example: Arelith uses no haks, and doesn't have ELC. So you can just put a custom 2DA into the override, log in and make a "hack" character with high stats, and it will let you in. But you won't be able to do much since they have a custom OnClientEnter script that validates your character in the same way ELC does, and they will boot you. The difference is just that they coded this check themselves, instead of the game doing it.

  • NeverwinterWightsNeverwinterWights Member Posts: 259
    edited June 2018
    Hmm. So you guys are talking about a possible PW player exploit, how to do it, and a solution to the problem. Interesting.

    Post edited by NeverwinterWights on
  • SherincallSherincall Member Posts: 387
    Seeing as ELC is turned on by default, and has a very descriptive name of "Enforce Legal Characters", I think it's perfectly fine to say that turning it off is done at own risk.

    Besides, the only exploit here, if unmitigated, is getting powerful PCs. The "don't discuss exploits in public" is more about exploits that bring down the server, steal credit card info and similar.

  • ZeroarkZeroark Member Posts: 22
    Hi, didn't read all the thread, but if the question is still outstanding, I've uploaded a package for anybody looking for a solution. Let me know if it works for you on the vault! (I've tested it on my module and other 2, but more feedback would help!)

    https://neverwintervault.org/project/nwn1/other/cep-265-additional-races-fix

    DerpCity
  • Grizzled_DwarflordGrizzled_Dwarflord Member Posts: 168
    Thank you, everyone, for your feedback. One of my hesitations for using ELC was that in 1.69 it slammed the door on some Domain/Spell overrides that we had in place. I assumed it would continue to operate the same way in EE and be unforgiving. However, that does not appear to be the case. ELC appears to be working under some new guidelines. Again, many thanks.

    DerpCity
  • ShadooowShadooow Member Posts: 394
    edited June 2018

    Thank you, everyone, for your feedback. One of my hesitations for using ELC was that in 1.69 it slammed the door on some Domain/Spell overrides that we had in place. I assumed it would continue to operate the same way in EE and be unforgiving. However, that does not appear to be the case. ELC appears to be working under some new guidelines. Again, many thanks.

    ELC always allowed custom feats, classes, spells, domains. So you misremember. The only case when this will be rejected is when player uses custom spells.2da in override that, for example, gives him premonition as bard spell, and the same override will not be installed on server side. Ie, when custom content doesn't match for client and server.

    (and of course, when you made the feat to grant permanent bonus to ability using NWNX...)

  • Grizzled_DwarflordGrizzled_Dwarflord Member Posts: 168
    We were using Sphere of Chaos, which was probably the culprit as it was a mostly abandoned spell Bioware still had in the 2das.

  • LaputianBirdLaputianBird Member Posts: 107
    The only thing that ELC does is enforcing whatever ruleset is loaded by the server. It allows or disallows custom domains, classes and whatever not per se, but just whether they match or not what the server engine loads.
    Hence, first extend your ruleset server-side, and then make sure it is distributed to the clients.

    If you remember it didn't allow some characters in due to an invalid domain, it means the domain was invalid server-side, i.e. the custom domains.2da was missing from the server, or there was a mismatch with its clients

    Shadooow
Sign In or Register to comment.