Ok thanks, but my code kick players on all devices everyone help please PHP: public function onPacketReceived(\pocketmine\event\server\DataPacketReceiveEvent $e){ if($e->getPacket() instanceof \pocketmine\network\mcpe\protocol\LoginPacket){ if($e->getPacket()->clientData["DeviceOS"] = 1){ $e->getPlayer()->close();
You should be warned that DO NOT TRUST THESE VALUE AND USE THEM FOR SECURITY MEASURES you are highly advised to only use these as a statistic here's a visualization of someone using that as means like blocking XYZ versions because they like to discriminate against clients ----- *at somewhere* bouncer: hello sir, please kindly tell me what mobile device you use guest: umm i uses XYZ(whitelisted) mobile phone(because they know the bouncer are told not to allow XXX brand phones) bouncer: you may pass (without even asking user to show their phone or any effort to confirm user's claims) ----- Now swap the location with airport boarding and bouncer with police and question with "do you have any deadly weapon" which IMO this is the worst it can get, if you are ever using that kind of information make sure no consequences can happen if users choose to fake it, like example if i said i have no deadly weapon while hiding one, it could cause a disaster, but you are fine if your plans are just to poll your user base which if one or a few faked users wont spell anything as bad as examples listed above TLDR: Moral of the story, make sure no consequences can happen if users choose to fake it and DO NOT USE IT if it would spell disaster, you should use something better like a body scanner for the example above
Because you have to use === (or ==) and not =. If you go with = it will definetly always return a valid value which causes a true condition in the if clause. Your code: PHP: if($e->getPacket()->clientData["DeviceOS"] = 1){ Besides that, I agree with @Thunder33345. I just want to emphasize that.
as for now they are no conventional means to hide such, but a capturing man in the proxy should be able to decode MCPE protocol and edit it then send it back to the server, it's not hard it just take time to get software and stuff set up but if there a critical vulnerability or something they want, they wont hesitate to put some effort into it actually they can do things even if there's nothing they want, maybe just as a way to laugh at plugin developers on twitter or to proof that method is fundamentally flawed or just have too much time on hands Side note: this is a theory i am not a network engineer if you want a more common mistake is client side verification using javascript