Re: Yahoo Games Progrmaming Language
From: Andres Perez (enrico.salvo_at_europe.com)
Date: 12/29/03
- Next message: pete: "Re: How to be a good programmer?"
- Previous message: James Rogers: "Re: help with a contest problem..."
- In reply to: Jeff Schwab: "Re: Yahoo Games Progrmaming Language"
- Next in thread: Tristan Miller: "Re: Yahoo Games Progrmaming Language"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 29 Dec 2003 01:28:31 -0800
Jeff Schwab <jeffplus@comcast.net> wrote in message news:<Y8mdnV8SQqeaPXCiRVn-iQ@comcast.com>...
> Niki Estner wrote:
> > Why are you so sure they actually transmit scores?
> > Wouldn't they rather transmit player moves (I never played any one of the
> > games) and do all the score calculation on the server?
> > Like when I press "NEW HAND OF CARDS" this sequence gets (someway encoded)
> > sent to their server, which sends back the values of the cards given, and so
> > on.
> > Also makes the client download smaller - no overhead for game logic,
> > cryptography...
>
> That was my original assumption, but Leif responded that the game was
> client-side. I took him to mean the whole game. Your idea of a servlet
> doing the administrative work and an applet acting as a thin client
> makes much more sense to me.
Here's how Yahoo games work (Domino game applet taken as an example):
1. Written in Java
2. Obfuscated with an unknown obfuscator (most probably in house
developed)
3. Comunication between applet and server through sockets using
propietary protocol (Domino games servers listen at port 11999, for
example)
4. Communication between applet and server is encrypted with
dinamically generated symmetric encryption and decryption keys (4
bytes each)
5. As a matter of fact, only the initial handshake is plain text:
applet (A) -> Server (S): open socket to game server port 11999
S -> A: YAHOO!
A -> S: Y
S -> A: XXXXXXXXYYYYYYYY
A -> S: encrypted traffic from now on...
XXXXXXXX is the key used to encrypt text sent to the server
YYYYYYYY is the key used to decrypt text sent by the server
6. Game moves are sent to the server to be transmitted to the other
player
7. The server "keeps an eye" on this communication and will disconnect
inmediately if it detects an "abnormal" packet / game sequence, an
unknown instruction or even a byte out of place...
8. Score is calculated and maintained on the server and sent to the
players when game ends
9. Some actions are performed client side, for example, in Yahoo
Domino, when a hand ends, the applet generates a new set of bones
(game pieces). This is possible because the server sends a seed
number, as part of the game parameters, to both players (obviously the
same seed) so that a generator can use that seed and produce the same
sequence of cards at both ends of the game.
All this can be verified by simple observation of Yahoo's HTML pages,
APPLET tags, applet code (decompiled thanks to JAD), packet sniffer
(IRIS, ethereal, anyone will do...) and a lot of patience... ;-)
What you can do:
1. Write a game clone in a language of your choice (I've used VB6 to
do some experiments with limited functionality)
2. Decrypt communication between server and client (This has already
been done)
3. Decompile the java classes (aprox. 150) and try to make some sense
of it (I've tried this but unfortunately I'm no Java expert and
besides... obfuscation is really obscure, maybe JAD is not decompiling
properly?)
4. Use some sort of program (debugger? profiler?) that plugs into the
Java VM and shows what instructions are being executed in real time,
so you can somehow figure out the program flow. This is the most
interesting approach, because even though you will see obfuscated
code, at least you can pinpoint which code does what! This has not
been done, any ideas???
For example, I'm trying to make a clone of Yahoo Domino and I'm stuck
at trying to figure out how to generate "a new set of cards" (so to
speak). This is done at client side with 100% probability as there is
no network activity (sniffer reports no packets sent/received).
If any Java gurus are reading this and find it challenging... drop me
a message... ;-)
- Next message: pete: "Re: How to be a good programmer?"
- Previous message: James Rogers: "Re: help with a contest problem..."
- In reply to: Jeff Schwab: "Re: Yahoo Games Progrmaming Language"
- Next in thread: Tristan Miller: "Re: Yahoo Games Progrmaming Language"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
