Yes, I kind of knew that, but it's the only way. I could code something, but if I do and make it public, the hacks will just be adjusted to bypass that too. So, you need to do it yourself and keep it to yourself, then and only then will it be a very strong defense.Pileyrei wrote:Thank you for the link. All I can say is that kind of effort is way above my pay grade/skill level
Dealing with a persistent cheater
-
- Masterful
- Posts: 660
- Joined: Tue Feb 12, 2008 2:47 pm
- Personal rank: Happy fool :-)
Re: Dealing with a persistent cheater
Retired.
-
- Masterful
- Posts: 745
- Joined: Tue May 05, 2009 3:10 pm
- Personal rank: UT Survivor
Re: Dealing with a persistent cheater
What are the chances of you doing it, not telling anyone and giving it to me?TheDane wrote:Yes, I kind of knew that, but it's the only way. I could code something, but if I do and make it public, the hacks will just be adjusted to bypass that too. So, you need to do it yourself and keep it to yourself, then and only then will it be a very strong defense.Pileyrei wrote:Thank you for the link. All I can say is that kind of effort is way above my pay grade/skill level
-
- Masterful
- Posts: 660
- Joined: Tue Feb 12, 2008 2:47 pm
- Personal rank: Happy fool :-)
Re: Dealing with a persistent cheater
Not that great I'm not having much spare time to code, and I've already got my hands on a few projects ...... so .... not anytime soon I'm affraidPileyrei wrote:What are the chances of you doing it, not telling anyone and giving it to me?
Retired.
-
- Godlike
- Posts: 1204
- Joined: Mon Aug 31, 2015 10:31 pm
Re: Dealing with a persistent cheater
Neither that. Caches can be converted into original files, like ".u" etc..., and the code can be read from a .u file even from UnrealEditor. Obfuscating the code could help. It's not about hiding it, it's about making it more difficult to decipher, because nothing can be hidden, even dll's can potentially be deciphered. I was trying to read the checksum of files through unrealscript to be able to tell if a dll is modified or not, but even the checksum would be sent client-side and so it could be spoofed.TheDane wrote:Yes, I kind of knew that, but it's the only way. I could code something, but if I do and make it public, the hacks will just be adjusted to bypass that too. So, you need to do it yourself and keep it to yourself, then and only then will it be a very strong defense.Pileyrei wrote:Thank you for the link. All I can say is that kind of effort is way above my pay grade/skill level
Some of the stuff I created:
Mods: VisualStreamPlayer, TeamColorOverlay, FunkyMoves, CommandSystem, FunkyPointer, AdvancedMutator, CommandEvent, ParticleSystem, LifeSucks
Gametypes: UTRoyale, UnrealRace
Hacks : Create/Write files with UScript, Read files with UScript, Running files with UScript
Maps: CTF-(POF)-Escher_Fix, CTF-(NotYet)HyperBlast, DM-(NotYet)Condemned, CTF-StalwartXS, UR-Hyperblast, DM-3072-ItalyKinda, DOM-NRMC-Cathode, CTF-TAMC-UnderPressure
Concepts: RabbitHole, Builder gun, HeatMap, Playable arcade cabinet, Stalwartception, Non Conventional Weapons, MainFrame
Memes: Meme#1, Meme#2
Mods: VisualStreamPlayer, TeamColorOverlay, FunkyMoves, CommandSystem, FunkyPointer, AdvancedMutator, CommandEvent, ParticleSystem, LifeSucks
Gametypes: UTRoyale, UnrealRace
Hacks : Create/Write files with UScript, Read files with UScript, Running files with UScript
Maps: CTF-(POF)-Escher_Fix, CTF-(NotYet)HyperBlast, DM-(NotYet)Condemned, CTF-StalwartXS, UR-Hyperblast, DM-3072-ItalyKinda, DOM-NRMC-Cathode, CTF-TAMC-UnderPressure
Concepts: RabbitHole, Builder gun, HeatMap, Playable arcade cabinet, Stalwartception, Non Conventional Weapons, MainFrame
Memes: Meme#1, Meme#2
-
- Masterful
- Posts: 660
- Joined: Tue Feb 12, 2008 2:47 pm
- Personal rank: Happy fool :-)
Re: Dealing with a persistent cheater
as in strong defense, I mean that the script only runs on one single server, so the chances for a hacker to make the effort to bypass it is limited. Nothing is unbreakable, but once you code it, you can easily change it over and over again for the cheats to not work.
Retired.
-
- Godlike
- Posts: 10507
- Joined: Wed Jul 15, 2009 11:36 am
- Personal rank: coffee addicted !!!
- Location: Cologne, the city with the big cathedral.
Re: Dealing with a persistent cheater
Maybe also an interesting option ...setting the server to private and give the PW only member you trust. Who ever wants to join has to contact you ...and if this guy is a stinker. Change the PW and tell only the trusted player the new one.
Easily doable on Discord. A channel readable for the approved players. If one is a cheater kick him out of that channel and change the PW.
Easily doable on Discord. A channel readable for the approved players. If one is a cheater kick him out of that channel and change the PW.
-
- Skilled
- Posts: 165
- Joined: Mon Jan 24, 2011 3:22 am
- Personal rank: Codezilla
Re: Dealing with a persistent cheater
Patreon: https://www.patreon.com/FreeandOpenFeralidragon wrote:Trial and error is sometimes better than any tutorial, because we learn how it works for ourselfs, which kills any doubts about anything
-
- Godlike
- Posts: 3776
- Joined: Fri Jan 14, 2011 1:53 pm
- Personal rank: -Retired-
Re: Dealing with a persistent cheater
UTP was fantastic and worked very well...however it still suffers from one simple thing that prevents it from being anything more than a neat proof-of-concept project: Because UT has no CD key or serial assigning game ownership there's no foolproof way to positively ID someone every time without them being able to bypass it. Without that you can't ban even if you catch them. Serious cheaters, the kind that expend effort to be able to keep cheating, well they just alter their IP through a VPN and use third party tools to change/hide identifying information. There are multiple ways around bans, so much so that it's almost a trivial matter to do it. Oh, and ACE is bypassed before it gets out of each new round of beta testing.
If you could somehow wave a wand and implement installation serials that were tied to a central server then UTP would be back in business in a big way. I also think there would be a pretty substantial contraction of the player base right along with that. There's a lot of cheating/exploiting/hacking going on.
If you could somehow wave a wand and implement installation serials that were tied to a central server then UTP would be back in business in a big way. I also think there would be a pretty substantial contraction of the player base right along with that. There's a lot of cheating/exploiting/hacking going on.
So long, and thanks for all the fish
-
- Godlike
- Posts: 1963
- Joined: Sat Sep 17, 2011 4:32 pm
- Personal rank: Dame. Vandora
- Location: TN, USA
Re: Dealing with a persistent cheater
I don't think I've heard of this in use yet but sounds interesting for sure!TheDane wrote:all you need to know about banning him/her/it once and for all is right here: https://stackoverflow.com/questions/434 ... ial-number
Code it native, have nploader to launch it - viola! Linux players can ** **** ********** and use wine
Lol Jack, I like the sound of the Nuclear Cheat Kill... would ask about it but I don't wanna get in trouble speaking about in on board too.
-
- Skilled
- Posts: 165
- Joined: Mon Jan 24, 2011 3:22 am
- Personal rank: Codezilla
Re: Dealing with a persistent cheater
Say if someone were to rebuild the entire game (which I am, for UT4) what in you opinion is reasonable algorithm for the player detection scheme. Sure installation serials seems a way, but someone can certainly make keygen by reverse engineering to scramble the indentity.JackGriffin wrote: If you could somehow wave a wand and implement installation serials that were tied to a central server then UTP would be back in business in a big way. I also think there would be a pretty substantial contraction of the player base right along with that. There's a lot of cheating/exploiting/hacking going on.
I ask this because you have experience in UT99 community (that I know of). Hardware hashing (processor or motherboard) is certainly a way but estimating them legitimately from serverside seems a distant dream to me.
I also understand I am very close to hijacking this thread.
Patreon: https://www.patreon.com/FreeandOpenFeralidragon wrote:Trial and error is sometimes better than any tutorial, because we learn how it works for ourselfs, which kills any doubts about anything
-
- Godlike
- Posts: 3776
- Joined: Fri Jan 14, 2011 1:53 pm
- Personal rank: -Retired-
Re: Dealing with a persistent cheater
Dane knows his shit so I spent last evening reading up on polling hardware for identifying information. Yeah, it's doable but you really need a third-party solution to account for the many varieties of hardware. There's also ways to mask your information, alter your registry entries, etc. This doesn't even begin to address the legalities of doing so, which I think would be the biggest problem. You'd also need to use a solution that exists outside of normal unrealscript.The_Cowboy wrote:Hardware hashing (processor or motherboard) is certainly a way but estimating them legitimately from serverside seems a distant dream to me.
It's a messy way of trying to deal with what a generated serial key assigned to a player does. Yeah, you can make keygens but making someone register a key before it's actively used in public servers is a pretty robust way to control access. There are ways to do this now in UT, like tying your game to your steamID, but it would be herding cats to try to get everyone on the same page. Without a central check system it would be up to the admins to work together and we all know what happens there.
You know where to find me Cham. I'm for sure doing this little project so if you want in just let me know. I'm going to end up making a mailing list for the people who want to keep involved. It will remain private for everyone involved. This is a touchy subject (lol) so discretion is the order of the day. Honestly I'm surprised at the people who have already emailed me to get access. Guess I'm all in on this one now.Chamberly wrote:would ask about it but I don't wanna get in trouble
So long, and thanks for all the fish
-
- Godlike
- Posts: 5498
- Joined: Wed Feb 27, 2008 6:24 pm
- Personal rank: Work In Progress
- Location: Liandri
Re: Dealing with a persistent cheater
I was about to not say anything at all, but given the activity (and kind of) this topic I will say the following: I still defend complementary server-side solutions, by checking the behavior of players rather than which cheat are they running in their machine.
Keep in mind that you cannot prevent cheating, but you can improve fairness, and if you can identify cheating behaviors from a player with your naked eye, odds are those same patterns can be detected by properly written code for the same effect, and act on the cheater accordingly, which may not even result in a ban, but in just in a worse experience for the player, such as missing shots and limiting turn rate, all that good stuff, even if only to make the game more fair to the actual legit players and demotivate the player from either using cheats or leave the server altogether.
Keep also in mind that some players are genuinely good, and that there are some human beings actually capable of snapping 180º if needed, there are a few pro players in other games known for that capability, and as they are streaming, you can clearly see their fast hand movements, quite inhuman.
This to say that such a server-side solution has downsides, in which really good players may get accidentally punished for being too good, but at least it evens out the gameplay to everyone else, and in the worst case scenario you just loose these really good players which are just a tiny fraction of all players, and even tinier fraction compared to actual cheaters.
Just my 2 cents
Keep in mind that you cannot prevent cheating, but you can improve fairness, and if you can identify cheating behaviors from a player with your naked eye, odds are those same patterns can be detected by properly written code for the same effect, and act on the cheater accordingly, which may not even result in a ban, but in just in a worse experience for the player, such as missing shots and limiting turn rate, all that good stuff, even if only to make the game more fair to the actual legit players and demotivate the player from either using cheats or leave the server altogether.
Keep also in mind that some players are genuinely good, and that there are some human beings actually capable of snapping 180º if needed, there are a few pro players in other games known for that capability, and as they are streaming, you can clearly see their fast hand movements, quite inhuman.
This to say that such a server-side solution has downsides, in which really good players may get accidentally punished for being too good, but at least it evens out the gameplay to everyone else, and in the worst case scenario you just loose these really good players which are just a tiny fraction of all players, and even tinier fraction compared to actual cheaters.
Just my 2 cents
-
- Skilled
- Posts: 165
- Joined: Mon Jan 24, 2011 3:22 am
- Personal rank: Codezilla
Re: Dealing with a persistent cheater
Apparently there is the "Third Route" which is actually rendering the client screen on admin's screen (kind of like CCTV surveillance, which is ACE snapshot's next level). One can have the complete control over client machine and a lot can be done given the Engine native rendering code (UT4). If client can see themselves botting, so can the admin. And the best part, it can be opensourced as it can't be " ScreenShot Cleaned" in real-time (assuming there is some serverside pureness establishing algorithm).Feralidragon wrote:I was about to not say anything at all, but given the activity (and kind of) this topic I will say the following: I still defend complementary server-side solutions, by checking the behavior of players rather than which cheat are they running in their machine.
And then there is always AI at the disposal. Write an agent, who over time, learns what a cheating behavior really is and then starts reporting them after the training. I wonder if "Reinforcement Learning" can find applications here.
That is what I am really clueless about . Things rapidly escalate to the "Quis custodiet ipsos custodes?" scenario and then, inevitably, ugly (read "Digital Fortress" and you will know what I am talking about).JackGriffin wrote: This doesn't even begin to address the legalities of doing so, which I think would be the biggest problem.
Patreon: https://www.patreon.com/FreeandOpenFeralidragon wrote:Trial and error is sometimes better than any tutorial, because we learn how it works for ourselfs, which kills any doubts about anything
-
- Godlike
- Posts: 3776
- Joined: Fri Jan 14, 2011 1:53 pm
- Personal rank: -Retired-
Re: Dealing with a persistent cheater
@Isense (or anyone else really)
Can you send me the log information on this guy? Joins/scans/whatever. I'm not so interested in chat so you can paste me the credential info if it's not too much trouble.
BTW, I reached out to a couple of former (like way-back) community members I've been following for years. I had no clue that UT was as insecure as it is. The level of damage you can do to the client as a server is WAY beyond what I thought was possible. I literally had to say "No, that's too much."
Can you send me the log information on this guy? Joins/scans/whatever. I'm not so interested in chat so you can paste me the credential info if it's not too much trouble.
BTW, I reached out to a couple of former (like way-back) community members I've been following for years. I had no clue that UT was as insecure as it is. The level of damage you can do to the client as a server is WAY beyond what I thought was possible. I literally had to say "No, that's too much."
So long, and thanks for all the fish
-
- Godlike
- Posts: 1038
- Joined: Mon Aug 31, 2015 12:58 pm
- Personal rank: Dialed in.
Re: Dealing with a persistent cheater
-
Last edited by esnesi on Wed Dec 02, 2020 9:17 pm, edited 1 time in total.