1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anti-Cheat Measures

Discussion in 'FN Information and Issues' started by Sabre, Oct 18, 2007.

  1. Sabre

    Sabre New Adventurer Developer RiP

    4,633
    0
    Aug 24, 2004
    SoCal
    Nothing says ownage like a think tank, I always say. Post your feasible ideas about how to improve [FN] security here.
    Do NOT post any exploits, if you have an exploit report, please send it to Thothie or Blasto ASAP.

    I came up with a simple idea while in class earlier this evening.
    I propose a new cvar called ms_status, which, when enabled, will use the status command in the console and then immediately condump it when;
    -You join a server
    -Another character joins a server

    The condumps could be lumped into a new folder in the msc directory.
    This is not a direct solution; however, with it we can have available without much effort the steamID of any suspected cheater, and then we could subsequently run an investigation; much more streamlined than "Dude, if you find this guy, grab his steamID." ;)
     
  2. Jelly

    Jelly New Adventurer Developer RiP

    1,914
    0
    Nov 25, 2005
    Learning about new and interesting hacks for my co
    You are here --> X
    A method of checking the dll files' hash.
     
  3. Slaytanic_pb

    Slaytanic_pb New Adventurer The True Followers of the Lost

    139
    0
    Feb 1, 2007
    Taipei
    It's not the .dll's

    I doubt anyone has really hacked the .dlls. I think it would be more wise to have any server do a hash check on the MAPS vs the maps officially released when the map changes. So long as this doesn't put a huge overhead on FN or the server, make map changed take a considerably longer time to change, or increase the chance of being dropped by the server. I know this would really suck if it started to make the cost of running FN 2-3x more a month, make map changes take twice as long, or if you get dropped on almost every map change if you play on a server that is far from you.
     
  4. PBarnum

    PBarnum New Adventurer Source Developer Developer RiP

    3,074
    4
    Jun 14, 2006
    How about we make a way where all servers open up their own "surveillance" system.

    Each map session would be recorded so the admin could review to find any suspicious behavior.

    Though, how much space would it take up?
     
  5. J-M v2.5.5

    J-M v2.5.5 BANNED BANNED

    5,705
    1
    Feb 26, 2005
    Chemistry study at the Radboud University of Nijme
    Nijmegen, the Netherlands.
    Re: It's not the .dll's

    I don't know crap about coding, but I'm guessing Adventurer actually did hack the MS: C DLL, because in some topic in here I read that rats gave like 99 999 XP on his (hacked) server.
     
  6. WeissberV

    WeissberV New Adventurer Crusaders

    1,068
    0
    Jan 21, 2007
    Nothing
    England
    oedipus said this ages ago but he said something along the lines of :

    a admin spectate mode so you can look at their screen whiel they are in ur server without them knowing
     
  7. Sabre

    Sabre New Adventurer Developer RiP

    4,633
    0
    Aug 24, 2004
    SoCal
    That could take massive amounts of space if it were of usable quality; however, you could sacrifice quality if you are using chatlogs.

    Is my idea possible?
     
  8. villager

    villager New Adventurer RiP

    1,285
    0
    Nov 21, 2006
    You know those servers on those mods similar to Fire Arms that records everything, like how many shots you've fired with an AK47, headshots and how many kills/deaths you have? I was thinking a similar system but instead with the FN, were it always displays everyones character status, like their skill level, health, mana and what items they currently carry. It could be updated everytime your character is "saved" on FN and displayed on the msremake website.

    Just a thought :S
     
  9. Tentadrilus

    Tentadrilus New Adventurer Blades of Urdual

    1,035
    0
    Dec 31, 2004
    Make something that checks new saves against the last one. If the new save has gained huge amounts of XP or has suddenly gained a load of high-level items, it phones up Blasto while he's sleeping and screams about it in his ear.
     
  10. Sabre

    Sabre New Adventurer Developer RiP

    4,633
    0
    Aug 24, 2004
    SoCal
    And make a database for the [FN] police to log in and check previous histories, as opposed to grabbing rollbacks and dealing with that.
    If we want to apprehend cheaters fast, we need to have faster streamlined processes.
    This database could be an Excel spreadsheet for all I care; hell, that might be better because you can chart progress and such.
     
  11. Blasto121

    Blasto121 New Adventurer Developer The Pirates of Dreadwind

    2,004
    0
    May 24, 2006
    Eugene, OR
    there is already a system that works like that, its called the chat logs. If you have ever noted I don't normally ask for steam ID's. I already have most everyones ID logged in the msc chat logs. It stores not only there name and what they say but there steam ID as well. So anyone who runs a dedicated server should turn on there MSC chat logs.

    this is needed the most, it can prevent the modification of the dll files be it through dll replacement or hex editing.

    we are dealing with hacked dlls not in the normal sense though, its done through hex editing. Its actually a rather complex way of cheating but it would give you the things we have been hearing.

    this would be nice but would require both a web programmer who knows SQL and PHP, or even ASP.NET. Along with someone who can hard code into MS:C the needed functions for sending the information to the SQL web server database. As nice as it would be I don't think we have the ability to do that here... though it might be able to be done through scripts...



    as for making that database with peoples stuff all there, I have asked for a something similar a simple program that can read in what the character files have there levels stats and everything else. However thothie doesn't want any program that can work in that manner, all it would take is for someone to get that program and reverse engineer it and figure out the encryption key used to lock the character files.


    Anyway keep hammering at those ideas, who knows maybe we can implement this stuff.
     
  12. Thothie

    Thothie Administrator Staff Member Administrator Moderator Developer

    15,234
    81
    Apr 8, 2005
    psycho-oligist
    lost
    The DLL’s already check against one another, and the scripting DLL’s are highly encrypted. I don’t think anyone’s cheating by hex editing the DLL’s. It used to be you could mix and match older DLL’s to take advantage of older sploits, but this isn’t possible anymore.

    Security on FN, to my knowledge, is flawless (or rather, has never been breached). There's no flaw with FN. The flaws lie in Mastersword and Half-life itself.

    Primary methods of cheating seem to be (and I midas well spell it out, in order):
    - Parry sploits (easily resolved by removing the ability to level parry)
    - Cheat maps
    - AMX/***mod and other metamods that spawn items / god mode
    - Speed hacks
    - The new memory editor which I shall not name (maybe more common than this position suggests)

    Cheat maps: I’ve the framework of solutions for a solution for but it is a bit tedious to initiate though. (I’ve gotta comb through all 40+ maps)

    AMX: Spawning items I can’t do anything about unless I figure some way to know where items come from. With god mode it maybe possible to lock the player’s invulnerability flag (there’s already partial protection for this cheat). The only for-sure AMX fix is to disallow metamod, which 1) I don’t actually know how to do, and 2) don’t really want to do, 3) would require that we have internal fixes for everything that AMX fixes (map voting system, map crashes, MOTD, chat bug,and ability to ban people proper, etc.) Somewhere there’s an AMXmodX Sven who’s source we maybe able to use to help in that endeavor, but there’s also, 4) it limit’s the community’s ability to help fix stuff. The map voting I’ve been wanting to move internally for awhile now, but the rest of the functions I’m uncertain of.

    Speedhacks: I’ve found a solution for that's already been partially implemented. (And I'm impressed with myself in this instance, as VAC hasn't managed to block speedhacks for the past, what is it, four years?). Thank MiB and Shurik3n for help with that.

    The new memory editor I am absolutely powerless against, and it is not VAC detectable, which seems to make all other efforts null and void, so I’m hesitant to even bother wasting time on any of this.
     
  13. Blasto121

    Blasto121 New Adventurer Developer The Pirates of Dreadwind

    2,004
    0
    May 24, 2006
    Eugene, OR
    correct and I intend to keep it that way.


    thought I saw some hex editing going on.... meh whatever its still bad. We can fight the memory editing by forcing checks against the client and server on the values of monsters can't we? If a difference is detected clients get kicked. Though that would add to the amount of information being flung about between server and client.[/quote]
     
  14. Blasto121

    Blasto121 New Adventurer Developer The Pirates of Dreadwind

    2,004
    0
    May 24, 2006
    Eugene, OR
    *network hickup*
     
  15. *-Foggyspy-*

    *-Foggyspy-* New Adventurer

    61
    0
    May 19, 2007
    I could help you with that. i know all kinds of tricks and things you can do with the memory region that can make it unuseable. and ways to prevent some use of the program, and crash the game when unfair play occurs.
     
  16. Shurik3n

    Shurik3n New Adventurer Developer RiP

    1,365
    0
    Aug 15, 2006
    I could do this,

    and with a little reading I could do that.

    I have in my mind a way to accomplish it, but I would need a better method to extract player data. The only time I know of it being decrypted and read is upon character loading, then its saved into encrypted variables. Sending a bunch of SQL info out whenever a character is loaded would put even more stress on the server, theres ways to minimize this which I will be considering.

    Theoretically, I could make a program to decrypt character files, read the info and send it to the SQL server, but I have been instructed not to fool with decryption, and it would probably be a bad idea anyways.
     
  17. Sabre

    Sabre New Adventurer Developer RiP

    4,633
    0
    Aug 24, 2004
    SoCal
    @Blasto, regarding my initial idea:
    That idea is intended for those that are not hosting a server, and encounter a suspect of hacking. Chatlogs do indeed work great, but they are not accessible to the server visitors, unless they request them, and in some cases that may be nigh impossible.
     
  18. Blasto121

    Blasto121 New Adventurer Developer The Pirates of Dreadwind

    2,004
    0
    May 24, 2006
    Eugene, OR
    true, though does the average person really need everyones steam ID?
     
  19. Sabre

    Sabre New Adventurer Developer RiP

    4,633
    0
    Aug 24, 2004
    SoCal
    No, which is why it's a CVAR; we can let people know to look out for some fewl and they can ninja his ID when they find him, before he ninja leaves...Or something like that.
    Real situation:
    Me: *Joins a server, sees a level 50 adventurer*
    Me: So, it looks like you cheat.
    Adventurer: *disconnects promptly*
    Me: Adventurer? ms_status 1 owned.
     
  20. Jon

    Jon New Adventurer RiP

    Use mySQL to manage peoples level/inventory.

    Im not really sure if this is possible because its all done by "flags" ( I think). I had a some experience with it when I ran a TSRP server. Maybe we can use somehow to keep track of peoples items and levels. I have no clue how, but Im just talking about nothing at this point. lawl
     
  21. Shurik3n

    Shurik3n New Adventurer Developer RiP

    1,365
    0
    Aug 15, 2006
    Most of my experience with SQL comes from writing TSRP plugins, and subsequent web pages to show their stats and such. But the point of using SQL for this would NOT be to use it to save players, but rather to collect their info and compare it over time with an easier to read method than loading up rollbacks one by one and comparing them. I've got the whole design worked out in my head, and it seems feasible, but I'm going to invest time it in unless you guys think it would help weed out cheaters.
     
  22. Shurik3n

    Shurik3n New Adventurer Developer RiP

    1,365
    0
    Aug 15, 2006
    EDIT: whoops
     
  23. Shurik3n

    Shurik3n New Adventurer Developer RiP

    1,365
    0
    Aug 15, 2006
    EDIT: whoops
     
  24. Sabre

    Sabre New Adventurer Developer RiP

    4,633
    0
    Aug 24, 2004
    SoCal
    I would think that it would DEFINITELY help; if for nothing else, it will allow faster investigation.
     
  25. Shadeska

    Shadeska New Adventurer

    398
    0
    Aug 9, 2007
    Staying alive.
    Backwater County, NC
    Edit: Woops

    Edit: Woops

    Edit: Woops

    Do I hear an echo?

    And back on topic...
    I think cheating is going to reach a point where we can only catch people by watching them at home and hacking their computer like those Zionist bastards.
     

Share This Page