|
Post by mundas on Mar 29, 2011 10:10:06 GMT 1
I was bored at work so I came up with some ideas how to protect a game such as Rune against cheats. I think i could effectively prevent bytehacks (like cracked security mutators) and recompiled game files,which are the base for any (working) cheat/hack currently around.
There are a few drawbacks however: - The client must have a certain file in his System folder. He would need to download it seperately as it can not be downloaded ingame like "normal" mutators.
-No Linux/MacOS support.
Servers would gain a massive security boost, with the tradeoffs listed above.
I'm willing to make such a security mutator, but only if server admins can guarantee it will be actually used, because making it is not without effort. Otherwise I won't bother. The more servers the better, because that gives cheaters less places to hide.
|
|
|
Post by Karigard on Mar 29, 2011 11:34:43 GMT 1
You have my full support.
|
|
|
Post by Zyroloth on Mar 29, 2011 18:18:08 GMT 1
Aye, with that done I'd host a server again, I guess. So, yeah, go for it^^^^
|
|
|
Post by =[VnB]=BM* on Mar 30, 2011 0:59:02 GMT 1
I think most servers already use the latest anti hacks/cheats. As a serverhoster myself I always plan to use the latest protections, so that won't be a problem. I do think this will be a lot of work, and I wonder if we actually do make a move with it this time. We've always been a few steps behind with this. Also, to be really honest I'm quite suprised you've decided to turn around 180 degrees. You've been a part of spreading this stuff and making them available for public use, making the problem worse than it already is. May I ask why? What is the reason behind this? Ofcourse you have all my support when it comes to stopping these things, just a little bit odd imho. - The client must have a certain file in his System folder. He would need to download it seperately as it can not be downloaded ingame like "normal" mutators. I hope there is another solution than this, I think a function like this on all populated servers will kill a game like Rune. Most of the people playing around nowadays don't have a clue about this stuff, they just join a server and play. This function will result in empty servers, and noobs have no idea what is happening when they start to play this game for the first time. Considering we already have a few players left, and almost have no newcomers... I think it'll work the other way around. The servers will most likely be like a private server for people that know about this stuff. Maybe there is something possible with downloading a new file every time the map changes? This will make it impossible for a hacker to bytehack one file, and keep in their folder. Another question, how do you plan to protect the game from hacks that are almost impossible to check? Different (external) programs that use keybinds for automatic movement and turning (right direction for hitpoints) for example. Do you also plan to ban every custom renderer? Even a renderer can give you the advantage of a wallhack, and there is no anti-cheat mutator that can stop it. Like I said, it'll be a lot of work. I'm just curious what decisions you'll make and what the consequences will be.
|
|
|
Post by mundas on Mar 30, 2011 10:49:37 GMT 1
latest protections? maybe. but the files containing the protections can be altered, so the code running on clients isnt neccessarily the code running on the server. it is simply not possible for mutators to ensure file integrity, which also leads to the problem of recompiled files (and there are a LOT of these around, f.e. zBot) which can do things a mutator can never detect, ranging from wallhacks to automated aiming. it requires new methods to find these.
because things have gotten out of hand. im annoyed by the kiddies that run around with bots and wallhacks and think they are elite hackers. any idiot can cheat in this game if someone gives him a little hint. this new "mutator" would set an end to this type of cheating, and, having talked to most of them, the "notorious hackers" you find in hov are idiots whose work is based on trial and error.
iam aware of this issue, this is why i listed it under drawbacks. im as much against "isolated servers" as are you. there are some things that can be done to soften the effect - the player can be informed why he isnt allowed to connect to the server, and what he must do. its just a matter of communicating it to the people.
i have heard of this, but havent seen it. and i dont know how it could be done. even if it could be done, that still doesnt solve any of the bot issues, because you may be able to ensure integrity of a single mutator, but not the entire game. zbot, etc. will run fine, as they do now.
i need to look into the external programs thing. in the end, all these programs do is simulate key input, which trigger console commands, which (even normal mutators) have access to.
good idea about the renderer, i suppose that can be done.
|
|
|
Post by =[VnB]=BM* on Mar 30, 2011 18:43:14 GMT 1
iam aware of this issue, this is why i listed it under drawbacks. im as much against "isolated servers" as are you. there are some things that can be done to soften the effect - the player can be informed why he isnt allowed to connect to the server, and what he must do. its just a matter of communicating it to the people. I hope there might be something possible with external or redirected downloads ingame or something, that would solve a lot. I'm not really into any of this, maybe something that works the same like nephthys? I think most people don't bother doing this or are just too stupid to understand any of it. i need to look into the external programs thing. in the end, all these programs do is simulate key input, which trigger console commands, which (even normal mutators) have access to.. That still makes it very hard to block or detect because you can always simulate random numbers (times) between every buttonpress or action. What makes the difference between a normal player and scripted macros if they both use different techniques every time and if both don't use exact values over and over? It's a problem that will almost never be possible to block if somebody knows what he's doing. Moving around your mouse isn't a cheat and pressing buttons isn't either, very hard and complicated problem. I agree and understand the rest, I'm curious what other people think of it
|
|
|
Post by mundas on Mar 30, 2011 19:01:05 GMT 1
redirected downloads require a patch which must be seperately installed )) Nephtys is only server-side. Cheat prevention requires files to be present on the client's machine, this is crucial.
People are lazy, yes; that's why i said it would require as many servers as possible to run this - imagine the vnb servers, lw server and (possible) ultimate server running this security mod. people just couldn't get around installing it anymore. sure, they could still play on enclave, but that will also be the only place for cheaters to go, so that place (or any other server) will be infested as hell.
i think i can give people a pretty clear instruction what they must do (on-screen, inside rune) if they dont have the mod installed. it could also be in several languages like english and russian. hell, i could even add a button for them which opens their internet browser with the correct site.
and it's not like installing it would be a horribly complicated procedure. run a setup.exe and tell it your Rune path, and youre done.
you're right about this, but there might be other ways to detect them. but i wont get into details here ))
|
|
|
Post by shexpeare on Mar 31, 2011 1:25:50 GMT 1
If you pay for a server you will probably want to use the best protection available. But it all depends on how the mentioned drawbacks effects the server activity. Most admins will probably agree that they want you to make a better server protection. But if their servers become less active they will probably remove it from the server. There is no way to know for sure if this will be a break through or a pointless effort. Personally I find this very interesting. But I can't guarantee anything yet. I won't get involved in the details on how specific cheats are blocked. I simply don't have enough knowledge about that. But as BM said, it's a surprising turn. From making cheats/hacks available for public use to make a server protection. I think having access to the source code is required before it's installed on my servers. It's important to try to make the installation as easy as possible for the players. I also considered the option to open the clients browser with the URL to a download site. You could actually direct the browser to a specific .exe file too. But how would a new player react when the game is minimized and the browser pops up? Another solution would be a simple message "This server is using yadayada-protection. You have to install this security file to be able join. For more info and download: yada.com". No matter how much planning you do there isn't anyway to say it will work for sure. Even the best server protection will be a waste if the players wont bother installing it.
|
|
|
Post by mundas on Mar 31, 2011 7:21:25 GMT 1
The source code will not be made public for apparent security reasons, but i have no problem giving it to karigard so he can review it. I don't see much sense in running it on a single "test server". People won't bother and play elsewhere.
|
|
|
Post by shexpeare on Apr 1, 2011 22:30:18 GMT 1
I understand the source code wont be made public. But as long Karigard can take a look at it I'll be satisfied.
I agree there is no sense in running it on a single server. Most servers has to use it to get the players to install the file. If you make the server protection I'll run it on my servers when it's released.
|
|