Subset Games Forum

It's awesome to see that this is actually on the way good job man.

kcd.Spektor wrote:

Greywolf208 wrote:Will this be free?

While it will be in alpha/beta in think it will be free.
And I really hope to earn something from it once it is released.

Unfortunately this game copies way too much from Ftl (you even said yourself you wanted it to be like ftl) to be legally sold unless the devs are really nice . You could probably get donations and so on though so don't give up on the project.

Wattsy2 is right, in that no FTL IP can be used for any kind of commercial product (i.e. name, assets, characters, story, music, etc.) but absolutely don't give up on the project! This is really cool, and if you have any questions at all about copyright, etc. please don't hesitate to shoot me an email.

Wattsy2 wrote: Unfortunately this game copies way too much from Ftl (you even said yourself you wanted it to be like ftl) to be legally sold unless the devs are really nice . You could probably get donations and so on though so don't give up on the project.

This is a separate game heavily inspired by FTL, so there should be no problem with selling it as a separate product.
As long as there are no FTL resources included in the game files.
For now there are only a few files left in the game that were actually taken from the FTL resources(I think some backgrounds and some ships/systems), all other images were crappily redrawn by me(but in a way to look like the FTL ones), or they were taken from the net.
And untill I find someone who can draw som good graphics for the game to be it's own, the game will be free.
Once the game has all of it's own resources(images, sounds, music) - then I will try to get it on steam green light.

isla wrote:Wattsy2 is right, in that no FTL IP can be used for any kind of commercial product (i.e. name, assets, characters, story, music, etc.) but absolutely don't give up on the project! This is really cool, and if you have any questions at all about copyright, etc. please don't hesitate to shoot me an email.

Once I release alpha, I would be very glad if you'd have a look at it and say your opinion on what might cause copyright problems.

@kcd.Spektor - Not a problem at all! I'll actually be looking forward to it.

Latest update:

1. Pilot system interface(Captain's bridge) - now has ability to change ship crew/owner


2. Changed a bit the way Captains bridge(Piloting system) looks.
Now there are separate pages for different screens.


Looks nice


3. Fixed some bugs

4. Made some minor changes.

I finished the secure login / serverlist library. The first idea was to encrypt the whole connection. But because of the way kryonet is built, that would mean rewriting most of kryonet. The second idea was to do it similar to what minecraft does / did. The client connects over HTTPS to the central login server to log in. Then the game server connects to the login server and asks it to confirm the authentication of the client. Of course this can be disabled on the server side (and you should add a config option to do that). The biggest advantage compared to the first idea is the better performace. A MITM attack is possible but the attacker can not get the password from the kryonet connection. A replay attack is not possible which means that a "hacker" can only take over existing connections made via his malicious server.

Another feature of the library is the serverlist. You can announce a server on the internet and get a list of all servers (please add a config option to enable internet announcement and disable it by default to prevent lan servers from flooding the list).

If you use maven you can add the library like that: If you use gradle, use the instructions from here: https://docs.gradle.org/current/usergui ... orial.html

Before you use any other function you have to call On the server side you can announce the server using something like To enable the authentication replace the line where you add your listener with On the client side you can create a new account like this and check the login using To enable the authentication replace the line where you add your listener with The source code of a small demo application is available here: https://bitbucket.org/jrb0001/chat/
If you want to set up your own serverlist, you need a Java EE application server. You can download the newest release of the serverlist from here: https://jenkins.692b8c32.de/job/serverlist.692b8c32.de/

jrb00001 wrote:I finished the secure login / serverlist library. The first idea was to encrypt the whole connection. But because of the way kryonet is built, that would mean rewriting most of kryonet. The second idea was to do it similar to what minecraft does / did. The client connects over HTTPS to the central login server to log in. Then the game server connects to the login server and asks it to confirm the authentication of the client. Of course this can be disabled on the server side (and you should add a config option to do that). The biggest advantage compared to the first idea is the better performace. A MITM attack is possible but the attacker can not get the password from the kryonet connection. A replay attack is not possible which means that a "hacker" can only take over existing connections made via his malicious server.

Another feature of the library is the serverlist. You can announce a server on the internet and get a list of all servers (please add a config option to enable internet announcement and disable it by default to prevent lan servers from flooding the list).

If you use maven you can add the library like that:

Code: Select all

<dependencies>
    <dependency>
        <groupId>de._692b8c32</groupId>
        <artifactId>kryonet-extras</artifactId>
        <version>1.0</version>
    </dependency>
</dependencies>
<repositories>
    <repository>
        <id>692b8c32.de</id>
        <name>692b8c32.de</name>
        <url>https://jenkins.692b8c32.de/plugin/repository/everything/</url>
    </repository>
</repositories>

If you use gradle, use the instructions from here: https://docs.gradle.org/current/usergui ... orial.html

Before you use any other function you have to call

Code: Select all

ServerList.setUri(SERVERLIST_URI); // For example "https://serverlist.692b8c32.de/"

On the server side you can announce the server using something like

Code: Select all

announceTimer = new Timer(true);
announceTimer.schedule(new TimerTask() {
    @Override
    public void run() {
        ServerList.announce("chat", "Chat-Server " + serverName, "1.0", ""); // gameName, serverName, gameVersion, payload
    }
}, 0, 30 * 1000);

To enable the authentication replace the line where you add your listener with

Code: Select all

AuthenticationPacketRegisterer.registerClasses(server.getKryo());
server.addListener(new AuthenticationFilterServerListener(listener, true, "chat")); // listener, enableAuthentication, gameName

On the client side you can create a new account like this

Code: Select all

ServerList.register("chat", name, password); // gameName, userName, userPassword

and check the login using

Code: Select all

ServerList.login("chat", name, password, null); // gameName, userName, userPassword, challenge (does not matter if you only want to check whether the credentials are valid)

To enable the authentication replace the line where you add your listener with

Code: Select all

AuthenticationPacketRegisterer.registerClasses(client.getKryo());
client.addListener(new AuthenticationFilterClientListener(listener, name, password, "chat")); // listener, userName, userPassword, gameName

The source code of a small demo application is available here: https://bitbucket.org/jrb0001/chat/
If you want to set up your own serverlist, you need a Java EE application server. You can download the newest release of the serverlist from here: https://jenkins.692b8c32.de/job/serverlist.692b8c32.de/

OMG man.
I just get the feeling that this is an overkill.
Can't we just make the password encrypted when we send in from client to server and when it is stored on server side?

There are two questions:
How do you want to store it on server side?
Easy, use a hashing algorithm (eg SHA-512)

How do you want to send it to the server?
Difficult, because I do not know a good way without sending it as plaintext / using reversible encryption.

• Symmetric encryption is useless because it has to be the same key on all servers and clients.
• Hashing is useless because the server can not validate the password or replay attacks would be possible.
• Asymmetric encryption: Client sends encrypted password: How does the client know the server's public key?
• Asymmetric encryption: Server sends a challenge, client signs and sends it back: You want a password and not a keyfile, right? MITM attack is possible.

Did I miss something?

jrb00001 wrote: [*]Asymmetric encryption: Client sends encrypted password: How does the client know the server's public key?

How about like this:
1. Every time the universe is generated there is a new key generated for encryption on server side.
2. Once the client connects to the server he will receive the key(I'll make sure this works)
My questions are:
1. How to encrypt a password using a key?
2. What is a key? An integer? a String?

Also:

Symmetric encryption is useless because it has to be the same key on all servers and clients.

Why is this useless?
Why not have the key hardcoded somewhere?