We need people who are developing in Unity and writing servers for 3D Online game

Lotuss

Member
May 7, 2017
281
428
As you know SPD25 creating server for 3D online game 3DXChat. You can acready try game online with other people Link


But we need help creating and updating the game and much more.
If you own Unity and writing servers for it, write here, or in pm. We will be glad to your help.
 
  • Like
Reactions: FzoneN1

vPyxi

New Member
Jul 24, 2017
4
2
I work as a professional C# dev irl on my company's server software that deals with ~20k active users at a time.
I'd be interested in donating a bit of my time if the offer's still up and you're looking for people still :)

EDIT: I've realized this is a mod for the game and a re-implementation of the server.
I have a decent amount of experience modding Unity games and general reverse engineering in the area, as I used to be focused on reverse engineering VRChat and making hacked/modded clients for it.
I also have some experience with re-implementing servers as well, I made a small Discord client a long time ago that could connect to their official servers and my own implementation of the Discord service that had an identical API.
 
Last edited:

Lotuss

Member
May 7, 2017
281
428
I apologize for not seeing your message right away.
Yes of course. This is a hacked server that Spd25 made. Unfortunately he stopped working on him, and most likely will not. It was made as a test for a small number of people. Now in this game, the constant online more than 60, comes to 120. I think that if the game is stable online will grow high
Now the registration system has been cut out of this game, also as the login system. For now, this is the most important thing, since DDoS attacks periodically go to the server and because of this it is difficult to play.
We need to understand the code of the game, parse it and add the registration and entry system to it.

It is desirable that it be through any site, I will provide hosting. Or in the game add a registration form.
Well, add a working login form, which is now disabled.

And make the simplest form of ddos protection. for example, with only one person playing with one ip. Also, if any ip address sends too many requests, it should be blocked.

While it is the most important thing for stability.

Thank you for agreeing to help, all files i have a in header in thread
 
Last edited:
  • Like
Reactions: vPyxi

Lotuss

Member
May 7, 2017
281
428
Just as if you think that something needs to be redone, the decision is yours, as you an expert.
 

vPyxi

New Member
Jul 24, 2017
4
2
Gotcha. I just started poking around, I'm a little disappointed in SPD25's work because they decided to obfuscate the changes he made to the client, and the server is using IL2CPP from Unity as a way to obfuscate itself.

Considering that there's no real way to base any new code off of what SPD25's work, it'd probably be a little quicker in the end to just restart a write our own server.
I got a clean copy of build 390 and I'll just work off of that and post updates when I do.

Would it be better if I posted updates in the other thread whenever they come?

I saw there was a Discord link in the original post, but there's no actual channels that are open for communication there.

EDIT: You may also want to merge your two posts to avoid a double-post :)
 
  • Like
Reactions: Lotuss

Lotuss

Member
May 7, 2017
281
428
Gotcha. I just started poking around, I'm a little disappointed in SPD25's work because they decided to obfuscate the changes he made to the client, and the server is using IL2CPP from Unity as a way to obfuscate itself.

Considering that there's no real way to base any new code off of what SPD25's work, it'd probably be a little quicker in the end to just restart a write our own server.
I got a clean copy of build 390 and I'll just work off of that and post updates when I do.

Would it be better if I posted updates in the other thread whenever they come?

I saw there was a Discord link in the original post, but there's no actual channels that are open for communication there.

EDIT: You may also want to merge your two posts to avoid a double-post :)
When you do, I will simply replace the topic with your version, just give me a link to download. Well, I'll give you the right to edit the topic too.
The server now stands at Ryahn, on the hosting, I think it is worth asking to put your version on the hosting when it is ready.
 

haole146

New Member
Jun 15, 2021
1
0
I work as a professional C# dev irl on my company's server software that deals with ~20k active users at a time.
I'd be interested in donating a bit of my time if the offer's still up and you're looking for people still :)

EDIT: I've realized this is a mod for the game and a re-implementation of the server.
I have a decent amount of experience modding Unity games and general reverse engineering in the area, as I used to be focused on reverse engineering VRChat and making hacked/modded clients for it.
I also have some experience with re-implementing servers as well, I made a small Discord client a long time ago that could connect to their official servers and my own implementation of the Discord service that had an identical API.

hello friend any news about the project?
 

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Respected User
Donor
Jun 10, 2017
9,948
14,548
hello friend any news about the project?
Not here that you'll have news, partly because the guy you pinged was Last seen on Dec 28, 2019, partly because the game have been thrown out of the forum, due to the abandon of the offline version, the toxicity of its community, and suspicion of malware.
 

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Respected User
Donor
Jun 10, 2017
9,948
14,548
:unsure: interdasting
Is there know group that seek proliferation (deliberate) throu porn games or assets?
Er... probably ?

Honestly I don't know but, being one, I know from first hand that perverts are no different from other people. They have an anti-virus and use sites like , submitting any suspicious files to the labs, that then will investigate whatever the use of this file. Therefore, the said labs are investigating, this is sure, but I don't know if, like they are doing for more regular software, they also do it on their own or not.
As for the assets, and I would include Ren'py games, and perhaps RPG Maker ones, I'm not sure that this many people understand that they can also be a threat by themselves. There's few to no limitations to what their scripts can do and access, therefore they can have embedded malware.
And while anti-virus also investigates the behavior of code ran on your computer, they almost all exclude the behavior of scripts. Partly because the malware code would be obvious for anyone curious, partly because they are also handmade by amateur coders and so erratic behavior are frequents ; it would be annoying as fuck if every time you launch your work in progress script, your anti-virus was doing a behavior scan beforehand.
This mean that you should always be careful with Daz assets that are compiled scripts that you acquired from third party sites, they aren't guaranty virus/malware free. And the same apply for those you get from regular stores, except that there's less risk of malicious code since the author is traceable (he's expected to want to get his money).

This being said, in the particular case of this online game, it's a question of "suspicions". I don't really remember the discussion, but I think that I would at least remember if an effective proof have been presented.
 

Deleted member 1121028

Well-Known Member
Dec 28, 2018
1,716
3,290
Asked that because as around ~7 To of 3D assets, I've never really cross such things, few nasty blend files and one particulary very nasty Daz script but it seems to be isolate cases. Of course any software, that execute any language script is prone to arbritary code (or so I guess).

But never seen a real coordinated/credible effort to salt distrubution. Maybe too low hanging fruit?
 

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Respected User
Donor
Jun 10, 2017
9,948
14,548
But never seen a real coordinated/credible effort to salt distrubution. Maybe too low hanging fruit?
Between Blender and Daz Studio, it's the second that is the better target because he works connected by default (you've to explicitly tell him to not connect to your Daz account) what imply that the IP Filter/firewall is configured to let it pass. It also offer the possibility to run a script when you load a file that isn't a script, and to hide scripts behind a in between the assets.
But in the same time Daz Studio have less users than Blender and use a language that is a derivation of Javascript, what imply that you have to learn it first, unlike Blender that directly use Python. It's also, here again unlike Blender, a software rarely used by professionals, what mean that among the limited number of targets, you'll have an even more limited number of useful/interesting targets.

As I said previously, it doesn't mean that you are safe, but the risk are really limited. Someone good enough to write a malware or a virus for Daz is also generally good enough to do the same for a target that will generate more benefit for him ; like by example using the script language of Ms Office, that is massively used in companies and so can potentially give him access to some big secrets that worth a lot of money.
 
  • Sad
Reactions: Cul

Deleted member 1121028

Well-Known Member
Dec 28, 2018
1,716
3,290
Between Blender and Daz Studio, it's the second that is the better target because he works connected by default (you've to explicitly tell him to not connect to your Daz account) what imply that the IP Filter/firewall is configured to let it pass. It also offer the possibility to run a script when you load a file that isn't a script, and to hide scripts behind a in between the assets.
But in the same time Daz Studio have less users than Blender and use a language that is a derivation of Javascript, what imply that you have to learn it first, unlike Blender that directly use Python. It's also, here again unlike Blender, a software rarely used by professionals, what mean that among the limited number of targets, you'll have an even more limited number of useful/interesting targets.
Good point about account/firewall. Completely forget it even existed :unsure:.

Far I know, DUF/DSF are pure data files, cannot execute script or call for it. And Daz scripts files (DSE/DSA) cannot be used for scene definition. ie : you have to click on that script. Blend files can fully auto-exec Python script when loaded, I think it's now disabled by default but it's definitely here. I think it's the same for Maya, that can auto-load MEL/Python script, but I need to verify not sure about it.

My scenario was more about pirated asset dealer starting to salt assets, I mean some sites are >1M visits a day that somehow quite 'sizeable' amount even for a one shot. But yeah all in all there is way more valuable target, that's for sure.
 
Last edited:

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Respected User
Donor
Jun 10, 2017
9,948
14,548
Far I know, DUF/DSF are pure data files, cannot execute script or call for it. And Daz scripts files (DSE/DSA) cannot be used for scene definition. ie : you have to click on that script.
I don't really know how it works, since I never had to use it, but you can include an entry to your duf/dsf file in order to link to another file. Each time you'll load the duf/dsf, the other file will be loaded as well. And this other file can be whatever supported data, including a script.


Blend files can fully auto-exec Python script when loaded, I think it's now disabled by default but it's definitely here. I think it's the same for Maya, that can auto-load MEL/Python script, but I need to verify not sure about it.
It's probably the same for any 3D rendering engine. Having the possibility to load, lets say the meshes for some clothes, and in the same time a script that will make few adjustment depending of the context (like by example changing the texture on the fly if the model have a given size, in order to limit a distortion effect) is something really useful.


My scenario was more about pirated asset dealer starting to salt assets, I mean some sites are >1M visits a day that somehow quite 'sizeable' amount even for a one shot. But yeah all in all there is way more valuable target, that's for sure.
Well, in order to not give too obvious bad ideas, I'll answer you by just presenting the key points of the equation:

You've a software that can log-in to a store.
You've a store that offer you the possibility to download again assets that you bought but lost.
You've a software that can execute scripts, that aren't necessarily secured, in the same time that a duf/dsf file is loaded.
You've a guy who earn money through a website that offer access to pirated assets.

Depending of who you are, there's possibly more values than one can think.
 

Deleted member 1121028

Well-Known Member
Dec 28, 2018
1,716
3,290
don't really know how it works, since I never had to use it, but you can include an entry to your duf/dsf file in order to link to another file. Each time you'll load the duf/dsf, the other file will be loaded as well
Hmm no? Duf/dsf files are (and purely definitions) in comparaison to Daz script files, can't do much so far.
If an exploit was somewhat possible and execute scripts/code form there, I think we should have seen 3rd party assets that take full advantage of it ('cause yeah it could get also very handy for legit purpose). I remain quite skeptical :unsure:.

I get couples of other ideas, not sure they will work, but erm, maybe not write that.
 

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Respected User
Donor
Jun 10, 2017
9,948
14,548
Hmm no? Duf/dsf files are (and purely definitions) in comparaison to Daz script files, can't do much so far.
From what I get, it's the kind of "after_load" field that would be filled by a file name. But you're right on one thing, talked a lot about subjects like this one in a past life, but it was on dedicated places, and not sure I feel really comfortable talking about it on a wild public place.