Cheat Engine

XxRaPiDK3LLERxX84

This is the feature I keep on getting stuck on, I'm trying to improve my program that I've been working on for my steam group, however this feature is complicated. Can anyone help me? Also I'm using Visual Basics.

Thanks!

Zanzer · Posted: Wed Dec 30, 2015 5:24 pm Post subject:

Considering a database would be useless locally, you would need to host a database and web server online.
From your client program, submit the username and password to your web server.
The web server would lookup the values within the database and return a success/failure.
Your client application would then accept/reject the login.
Of course, this approach would be easy to simply hack your client application to always receive a success message.
You would, instead, need to host all of the content online as well and your client application is merely an interface.
Good luck!

Dark Byte · Posted: Wed Dec 30, 2015 5:44 pm Post subject:

Unless you trust the users 100% do NOT let it connect to the database directly, and do NOT let the user send SQL queries.

Write a web API that exposes procedures and functions which will do what you wish to the database, but only limit to what they are supposed to do.

e.g:
login(username, password) would query the database and then send a sessionid back to the user if a match. (and store the sessionid with ip in a table in the database)
example url fetch request: http://bla.com/login.php?username=xxx&password=xxx
(Which would then return a sessionid raw or in an xml file, or whatever you like to use)

fetchStats(currentsessionid) would then query the database, fetch the stats, and then send them to the user (if the ip matches the session)
example url fetch request: http://bla.com/fetchStats.php?sessionid=xxx

alternate methods:
http://bla.com/api.php?command=login&username=xxx&password=xxx
http://bla.com/api.php?command=fetchStats&sessionid=xxx

Just use your imagination

pkedpker · Posted: Wed Dec 30, 2015 7:51 pm Post subject:

Haha I know of 1 application for the game I play which uses MySQL for it's backend where it grabs the lastest item id list and prices and stuff like that..

I just wanted to see if it's possible I decompiled it and found the hostname to the MySQL server and tried connecting it remotely using my MySQL Query Manager and to my surprise it worked xD I seen all the tables etc.. I backed them up to my computer in case, some other guys do what I did and drop all the tables.. I did drop 1 of the tables to see if it was possible and it worked but I restored my backup after it..

Wonder if that's a security risk to the hostname as well..? since I could probably upload backdoor php scripts using the SQL query no?.

Brings me back.. when I ran a private server I wanted people to put screenshots on my little website and next day I check my computer's screenshot folder and there was a bunch of Shell.php files in there, glad those assholes didn't delete any my files, haha I checked one of them out it had full access to all my folders etc.. I got really scared and ya that's how I think my private server files got leaked.

XxRaPiDK3LLERxX84 · Posted: Thu Dec 31, 2015 3:33 am Post subject:

Thanks a lot for the information! I'm currently registering MySQL which gives you 5MB of space... is that less?

atom0s · Posted: Fri Jan 01, 2016 3:37 am Post subject:

5MB is not much space to hold information in a database. It wont take long to fill that if you store a handful of data.

XxRaPiDK3LLERxX84 · Posted: Fri Jan 01, 2016 9:25 pm Post subject: