Official gpci() reply by Kalcor

1. This paste contains more information about what gpci() is, how it work and how you can use it. Be sure to read it thoroughly before making anything with it, since it is NOT unique.
2.  
3. ------------------------------------------------------------------------------
4.  
5. http://webcache.googleusercontent.com/search?q=cache:jG5MEwZLqYgJ:forum.sa-mp.com/showthread.php%3Fp%3D1965706+&cd=8&hl=en&ct=clnk
6. http://webcache.googleusercontent.com/search?q=cache:_4QGjwkooroJ:forum.sa-mp.com/showthread.php%3Fp%3D1968244+&cd=1&hl=nl&ct=clnk&gl=be
7. // Links don't work anymore as of 22nd October 2012
8.  
9. ------------------------------------------------------------------------------
10.  
11. Kalcor's reply
12.  
13. Xentiarox: What exactly is the purpose behind this thread?
14.  
15. It is not an SHA1. The fact that you think it is makes me think you are connected to some cheater/bot websites, which is exactly why the function exists and why it's not (and will never be) documented.
16.  
17. Here is all anyone needs to know about gpci:
18. - It is a non-reversible (lossy) hash derived from information about your San Andreas installation path.
19. - It is not a unique ID.
20. - It was added to assist owners of large servers who deal with constant attacks from cheaters and botters.
21. - It has been in SA-MP for 2 years.
22.  
23.  
24. The sad reality is that there are more people working on ways to attack SA-MP than there are people working on SA-MP. And it has been that way since the mod was first released. If that wasn't the case, there would be no need for such features like this and we could be open about every change made.
25.  
26. I have pledged that I would never add anything to SA-MP that I wouldn't use myself. So SA-MP will always be free of any spyware, malware or unique tracking codes.
27.  
28. You can use it in combination with an IP address range such as 111.111.*.* for banning. It just depends how concerned you are about accidently blocking innocent players. gpci isn't a unique ID.
29.  
30. ------------------------------------------------------------------------------
31.  
32. [MM]IKKE's reply
33.  
34. Your windows user name is included in the hash.
35.  
36. If you use the default group "WINDOWS" with user "homeuser", and I do the same, we will both have the same serial. That's why this is - as Kalcor pointed out - not the ultimate method against cheaters. Many people use "WINDOWS\User" or comparable user accounts.
37.  
38. Though I do like what has been suggested before - save a unique serial in the registry of computers and keep it saved, even after uninstalling. A lot of programs do this to detect trial expirations etc.
39.  
40. Of course there will always be some people able to spoof everything they send to the server. However we should more be talking about the average cheaters - those who just download a certain program and use that program. Those who only know how they can change their IP. For instance, most of these average cheaters will not be able to change their MAC address.
41.  
42.  
43. ------------------------------------------------------------------------------
44.  
45. Another note: most serials ARE unique. If you find a cheater and/or ban evader with a unique serial, you CAN make a ban system using the serial ONLY. However, be careful since most serials which are NOT unique are extremely common (up to 5% of your database can have the same serial).