Patrix,
I made that statement (about pre-compiled script) after testing output from https://github.com/mabako/squirrel-compiler, ended with index '<function_name>' does not exist error. Did second try with simple hello script and it's seems that it is this compiler case. So I revoke that statement.
I've experimented with many different time measurements, with both native and script code. The highest relative error with defined period within my module was below 1.7%. With squirrel script on G2O I managed to get 55% relative error. That's completely unreliable.
Publishing this source code would be equal to providing clear solution to nearly everyone, not for someone who's able to mess with reversing.
Deleting client-side module won't suffice. It will call event on server side. There is no need for additional hash checking, because modules are already handling it. Careless patching of the module will also be detected in a few cases. It contains some server validation with randomness and basic crypto. However, I see many possible attack vectors. I'm well aware of methods you mention. I do not intend to make it immune to any possible interference. In it's first release, bypassing is harder while source code isn't public. That's designed to stop most of users. For now. Current state allows to bypass module with just creativity, any knowledge is not essential (with source code).
I will gladly share the source code, but conditionally. Only when it meets Kerckhoffs's assumption.
I made that statement (about pre-compiled script) after testing output from https://github.com/mabako/squirrel-compiler, ended with index '<function_name>' does not exist error. Did second try with simple hello script and it's seems that it is this compiler case. So I revoke that statement.
I've experimented with many different time measurements, with both native and script code. The highest relative error with defined period within my module was below 1.7%. With squirrel script on G2O I managed to get 55% relative error. That's completely unreliable.
Publishing this source code would be equal to providing clear solution to nearly everyone, not for someone who's able to mess with reversing.
Deleting client-side module won't suffice. It will call event on server side. There is no need for additional hash checking, because modules are already handling it. Careless patching of the module will also be detected in a few cases. It contains some server validation with randomness and basic crypto. However, I see many possible attack vectors. I'm well aware of methods you mention. I do not intend to make it immune to any possible interference. In it's first release, bypassing is harder while source code isn't public. That's designed to stop most of users. For now. Current state allows to bypass module with just creativity, any knowledge is not essential (with source code).
I will gladly share the source code, but conditionally. Only when it meets Kerckhoffs's assumption.