Fixing the python injection problem

This is a solution for the hacking problem in toontown. I can create a .diff/.patch if you would like.

First off, I created the TTDllInjector as a proof-of-concept for myself. Note to self: never send a proof-of-concept to a friend, it will end badly. If you would like proof, give me some form of proof that you can be trusted(admin status on the forum, commit access, etc) and I will send you a link to the source code.

The injector works by hooking a function in python24.dll and then checking if there is code waiting to be executed, if there is, execute it when that function executes. Why in that function? Python is very finicky when it comes to running it in different threads(or I can’t code multithreaded python).

My idea to patch it, is to start a separate thread that checks the first 5 bytes of the two python functions that can be used to execute this hack efficiently, if they are abnormal, eithre patch them back, or crash out.

What do you think?

Edit: here is my attempt at fixing it, I havn’t setup VC++2008 settings to be able to compile python, so It may or may not work.

I think if you can hack toontown then there are bigger problems.
My personal opinion is that server/client arch should always follow a “never-trust” the client, type of style.

Anyone can always hack the client, heck you can latch cheat engine on to practically any game and get speed hacks. It’s the servers job to detect when they’re hacking and ban them or alert an admin IMHO.

This is just my ten cents, fixing client-sided hacks is almost useless unless it’s an incredibly easy fix. Otherwise, the server should be checking.

Of course as I said this is only my opinion :laughing:

This is a very easy fix. And since no one who is hacking toontown knows C++ the slightest bit this will stop it all

This may be true, it may be better to take this up with toontowns support too, by the way, panda3d has no relation to toontown except the fact that this is the game engine it uses, in fact disney uses their own compilation of it, only as a suggestion.

I was saying that the problem is more huge than this; nobody needs knowledge in C++ to use cheat engine, just select the process “toontown.exe” if it is that, and click “enable speedhack” and then select a speed. all the sudden you are 40 times faster than everyone else flying around the map.

My only point was that perhaps disney should take more caution in their games if they are this easily hackable… :smiley:

Amazingly TT has time synchronization with your computer’s clock making the speedhack ineffective. TT customer support will not do !@#$, I’ve contacted them before. The lead/head TT devs lurk on these forums

That is pretty amazing actually, gonna have to find out how they do that now. :wink:

Then I wish only the best. I’ve delt with many game companies that have no interest in supporting their current users, only on getting more users. Something game companies highly underestimate is what a polished game can do for your reputation.
Ignore adding content, and make the content you do have nice content, it’ll get tons of players and then you will get money. Then work on adding more polished content.

I see. :wink: [/b]

I’m pretty sure it’s a panda3d feature

Well done.