Latest Cheat Upsurge! Countermeasures?
- Thread starter Temporalis
- Start date
-
Hey - turns out IRC is out and something a little more modern has taken it's place... A little thing called Discord!
Join our community @ https://discord.gg/JuaSzXBZrk for a pick-up game, or just to rekindle with fellow community members.
i agree that we didn't really figure out that there is a need for these rules
but still i think it would be better to introduce that rule (thur's ain't bad) than blindly trusting any1
but... oh well. what can one do against some1 who cheats (with normal netspeed shown) w/o aimbot but w/ radar only
forcing screenshots?
but still i think it would be better to introduce that rule (thur's ain't bad) than blindly trusting any1
but... oh well. what can one do against some1 who cheats (with normal netspeed shown) w/o aimbot but w/ radar only
forcing screenshots?
those who have netspeed = 0 whilst others haev their "shown" are using a hacked league as version ... the thing is unless the league admins actaully start caring about cheating you won't be able to do squat ... they need to actaully catch em in the act they say .... kinda sad but that's the case :/
i very much doubt that utpure is responsible of crashing your pc.. if it would be that alone a lot more would crash
it's possible that with sth "wrong" on ur pc + utpure it crashes .. however not utpure alone
imho
it's always easy to put the blame on sth that's had bugs (not like this before afaik) in over the past and doesnt have a too good of a rep
IMO cheats will continue to plauge game servers no matter wtf is done if a patch comes out they hack it if a new gaming engine is used they hack it for them its easy and it spoils the fun from great games, but im pretty sure we will al just have to put up with it.
I left counterstrike many moons ago because of this problem and when i found out all the top clans cheat in clanbase i uninstalled it, i hope ut doesnt have the same ending for me.
I left counterstrike many moons ago because of this problem and when i found out all the top clans cheat in clanbase i uninstalled it, i hope ut doesnt have the same ending for me.
u should watch a n00b with an aimbot on lavafort 
that makes everything up u had to take from lame cheaters
on topic:
i dont think that this will be a permanent solution to the problem since pure is too easily hacked but still... it gotta be annoying to keep up with the latest aimbots as a user of a bot
for admins as well though![:\](/images/smilies/submitted/smark/ohwell.gif "Oh Well :\")
that makes everything up u had to take from lame cheaters
on topic:
i dont think that this will be a permanent solution to the problem since pure is too easily hacked but still... it gotta be annoying to keep up with the latest aimbots as a user of a bot
for admins as well though
Hmm. Perhaps it *is* worth looking at an MD5 based encryption system.
One little thing in this scheme that may have been missed. Even if the system was hacked, it's *mind numbingly* easy to update it back to the original challenge. Cracking it once doesn't make the next time any easier, unlike pure.
hmm. time to do some more head scratching..
One little thing in this scheme that may have been missed. Even if the system was hacked, it's *mind numbingly* easy to update it back to the original challenge. Cracking it once doesn't make the next time any easier, unlike pure.
hmm. time to do some more head scratching..
if u do it properly i doubt it's gonna get hacked .. even if it does u can implement sneaky ways to find out
too risky to even try and hack it imo 
CSHP/PURE/LeagueAS sec alternatives.
Hiya, long time etc...
Anyway, just wanted to point out that almost all potential approaches to cheat protection functionality has already been covered by the Pure/CSHP team.
Any game running a clientside protection scheme is hackable and there is no way around it, period.
The only thing you can do is actually make it hard and then give the potential to update the schemes as cheats come out which is what the CSHP/Pure team already does.
I would like to see EPIC releasing the code and artwork for an OpenSource project (they could if they want release the code but keep the artwork under a free license or something) and then see a true focus toward building in security AND fixing the known bugs in the engine.
As the engine is know it just sucks considering it has more holes than frigate has.
/e[N]eq
Hiya, long time etc...
Anyway, just wanted to point out that almost all potential approaches to cheat protection functionality has already been covered by the Pure/CSHP team.
Any game running a clientside protection scheme is hackable and there is no way around it, period.
The only thing you can do is actually make it hard and then give the potential to update the schemes as cheats come out which is what the CSHP/Pure team already does.
I would like to see EPIC releasing the code and artwork for an OpenSource project (they could if they want release the code but keep the artwork under a free license or something) and then see a true focus toward building in security AND fixing the known bugs in the engine.
As the engine is know it just sucks considering it has more holes than frigate has.
/e[N]eq
Ah...
Sorry didnt read this post or Phears which summed up the issues...
1) Yes, it's intrusive. ....
Yeah this was the big issue when CSHP/Pure team looked into it, especially since EPIC had NO plans whatsoever to release new patches that could include functionality for clientside hashes.
2) The Multi-OS thing is an issue, simply because for portability you would have to release source code, removing a small part of the security. ...
Any scheme that is based on producing hashes for clientside static data is unsecure and very easy to circumvent. To be really secure you would have to base the hash on gamedata that was downloaded from the server which would mean recompilation and download of all actor code for each map. It would also mean banning all clientside mutators since they could potentially be unsafe, this could be solved by the server keeping a repository for allowed clientside mutators and to have them downloaded on request.
In short it means having the server control the whole gamespace (script/program wise anyway which isnt that big especially if it has been compressed).
But this would only control the gamespace code, the clientside would still be hackable as long as any gamerelated info is kept within the client codespace (such as certain object elements are today)
And this would still not solve all potential problems, considering that the source would be open it could mean that some dude could make all textures transparent fairly easy but the new hacks would be engine hacks and not game hacks. So somehow one need to be able to verify the clientside engine as well which is impossible to do (any clientside hash calculcation could be tricked to use prestored original data).
3) Is the big hitter when it comes down to it. ...
Yup.
/e[N]eq
Sorry didnt read this post or Phears which summed up the issues...
1) Yes, it's intrusive. ....
Yeah this was the big issue when CSHP/Pure team looked into it, especially since EPIC had NO plans whatsoever to release new patches that could include functionality for clientside hashes.
2) The Multi-OS thing is an issue, simply because for portability you would have to release source code, removing a small part of the security. ...
Any scheme that is based on producing hashes for clientside static data is unsecure and very easy to circumvent. To be really secure you would have to base the hash on gamedata that was downloaded from the server which would mean recompilation and download of all actor code for each map. It would also mean banning all clientside mutators since they could potentially be unsafe, this could be solved by the server keeping a repository for allowed clientside mutators and to have them downloaded on request.
In short it means having the server control the whole gamespace (script/program wise anyway which isnt that big especially if it has been compressed).
But this would only control the gamespace code, the clientside would still be hackable as long as any gamerelated info is kept within the client codespace (such as certain object elements are today)
And this would still not solve all potential problems, considering that the source would be open it could mean that some dude could make all textures transparent fairly easy but the new hacks would be engine hacks and not game hacks. So somehow one need to be able to verify the clientside engine as well which is impossible to do (any clientside hash calculcation could be tricked to use prestored original data).
3) Is the big hitter when it comes down to it. ...
Yup.
/e[N]eq
Originally posted by Uzi-Suicide
Thur, i personally aint gonna record demos every match. I'm SURE it affects my UT's performance, everytime ive started recording demos i feel like im playing worse.. i dunno what it is.. but something weird happens, maybe it's some psychological thing
Sounds like a case of "can't perform for the camera to me"
When I last tested it I had a Athlon XP 1800+,512 MB DDR RAM and a Raddy 9700.
Any other suggestions, Thur
Re: CSHP/PURE/LeagueAS sec alternatives.
I don't believe so.
Every possible approach whilst staying within the bounds of a downloadable chunk of UScript, certainly.. Determining the integrity of a platform which is inherently untrusted is a difficult task, but not an impossible one.
The concept of a certification authority I outlined is basically drawn from the financial world, where clients in the hands of "untrusted" customers give access to adjust market stats, values etc, an environment where a rogue client will always cause problems.
Remember: When CSS on DVDs was cracked, the entire reason it was blown open so easily was Xing accidnetally left a private key in the compiled code which allowed the encryption scheme to be guessed, then brute forced... And CSS is an *insanely* simple schema.
C and UScript skills and knowledge are widespread, yet only a handful of people have the inclination and skills to produce bots.
How many of them would be inclined to do cryptographic analysis on network traffic as well? Disassemble an exe, and try to reverse engineer the signing and encryption algorithm? or to set up a Seti-like Distributed environment to try to brute force the keys used, knowing that a simple re-compile could reset the clock?
I'm convinced that the bot makers are exceptionally talented people, and I know that the CSHP and Pure makers have spent a long time engaged in this sort of environment, but I also know that major global institutions are rolling out PKI based solutions to a variant of this self same problem.
Perhaps the problem is thinking too much within the "game" box and not seeing this as simply a systems integrity issue.
I think the key thing I am saying here is that the technical possibility exists to prevent cheating with a 99.9% certainty, but the will to implement it is simply not there.
I don't believe so.
Every possible approach whilst staying within the bounds of a downloadable chunk of UScript, certainly.. Determining the integrity of a platform which is inherently untrusted is a difficult task, but not an impossible one.
The concept of a certification authority I outlined is basically drawn from the financial world, where clients in the hands of "untrusted" customers give access to adjust market stats, values etc, an environment where a rogue client will always cause problems.
Remember: When CSS on DVDs was cracked, the entire reason it was blown open so easily was Xing accidnetally left a private key in the compiled code which allowed the encryption scheme to be guessed, then brute forced... And CSS is an *insanely* simple schema.
C and UScript skills and knowledge are widespread, yet only a handful of people have the inclination and skills to produce bots.
How many of them would be inclined to do cryptographic analysis on network traffic as well? Disassemble an exe, and try to reverse engineer the signing and encryption algorithm? or to set up a Seti-like Distributed environment to try to brute force the keys used, knowing that a simple re-compile could reset the clock?
I'm convinced that the bot makers are exceptionally talented people, and I know that the CSHP and Pure makers have spent a long time engaged in this sort of environment, but I also know that major global institutions are rolling out PKI based solutions to a variant of this self same problem.
Perhaps the problem is thinking too much within the "game" box and not seeing this as simply a systems integrity issue.
I think the key thing I am saying here is that the technical possibility exists to prevent cheating with a 99.9% certainty, but the will to implement it is simply not there.