Hey, isn’t it possible to add anticheat into a mod?
I already thought about to add a command like g_checkcvars “anticheat.cfg”.
Admins could put cheat cvars into it (it’s pretty same as punkbuster had) and the mod will check client cvars.
There is a hackermod for ET, isn’t it possible to revert this?
Also someone know what happened to this?
http://forums.warchest.com/showthread.php/16644-CETPUB-open-beta?highlight=anticheat+mod
Punkbuster did a bit more than just check some cvars.
As for the link the e-mail was chaplja… and if I’m not mistaken that’s the guy behind TZAC so, I guess that’s what happened to that 
I know but I just wondered. Seems like it was CETPUB -> etace -> TZAC and all made by chaplja
But I mean someone knows if it worked?
Would be great because players don’t need to download an exe and it isn’t a global server like tzac had.
I highly doubt a cvar scanner can cause loads of bluescreens to hundreds(thousands?) of users after a single update. It clearly is/was not just a cvar scanner.
http://entirely.pro/tzac/ Here you can read about what happened to tzac.
You can create such mod but it about as useful as having a potato tell you if someone is cheating. Any random copy&paste coder can bypass it. Most bots also support custom cvars so good luck trying to figure out okaythisisacheatcvarIjustcreated_aim 1.
I knew about this custom cvar check but I think much ppl are to inexperienced and don’t know about it. Also older bots don’t support it.
This cvar scanner just would be one feature. Maybe there are more ways to code such stuff into a mod. :o
Best system right now is spectating
[QUOTE=Micha;435445]I knew about this custom cvar check but I think much ppl are to inexperienced and don’t know about it. Also older bots don’t support it.
This cvar scanner just would be one feature. Maybe there are more ways to code such stuff into a mod. :o
Best system right now is spectating :D[/QUOTE]
some servers run new beta nitmod which has already cvar scanner and binaries checksum
[QUOTE=Micha;435445]I knew about this custom cvar check but I think much ppl are to inexperienced and don’t know about it. Also older bots don’t support it.
This cvar scanner just would be one feature. Maybe there are more ways to code such stuff into a mod. :o
Best system right now is spectating :D[/QUOTE]
New mods usually break compatibility hence I wouldn’t worry about old bots. The main problem is that you don’t even need to store the cvars on ET -> scanner won’t do much. Binary checksum is a bit more effective way keep cheaters away I suppose, but afaik ETPro had that too and there are tens of bots for ETPro. It is quite hard to create an anti-cheat without installing anything on users’ computer that checks for injection etc.
Hello!
Think perhaps about an anticheat that could work as the idea of an Ethernet Frame Analyzer ?
That could perhaps protect W:ET dedicated servers on the used ports for W:ET.
(If check only necessary ports : it let the possibility to host some other different games on the same machine without problems…)
With also punctual check of frames to detect abnormal UDP traffic for cheating and flood attack.
It is not necessary to check always for cheating : but to check regularly for example to sample the frames every Z minutes.
Not necessary to quick ban/kick but can be possible to create a list of abnormal players .CSV like… can be slow kick/ban (like the idea of tzac).
Inspired by the idea of that anti-flood script :
http://et-zone.de/downloads/?action=download&id=14
It could perhaps be the most effective way to prevent cheating… but it require the modders to participate… or at least motivated persons == because it could require to manage some different plugin/add-on, depending of the different MODs versions available on the market.
Because the frames verification could be a bit different depending of the different versions of mod.
is that possible to search more if frames are normal ; than to search for abnormal frames ?
(…in fact to search if some frames are regularly “not normal”… or contain “abnormal game values” like some that could be “incredible values”) ==> out of limits == auto-kick/ban
thanks
[QUOTE=razor;439738]Hello!
Think perhaps about an anticheat that could work as the idea of an Ethernet Frame Analyzer ?
That could perhaps protect W:ET dedicated servers on the used ports for W:ET.
(If check only necessary ports : it let the possibility to host some other different games on the same machine without problems…)
With also punctual check of frames to detect abnormal UDP traffic for cheating and flood attack.
It is not necessary to check always for cheating : but to check regularly for example to sample the frames every Z minutes.
Not necessary to quick ban/kick but can be possible to create a list of abnormal players .CSV like… can be slow kick/ban (like the idea of tzac).
Inspired by the idea of that anti-flood script :
http://et-zone.de/downloads/?action=download&id=14
It could perhaps be the most effective way to prevent cheating… but it require the modders to participate… or at least motivated persons == because it could require to manage some different plugin/add-on, depending of the different MODs versions available on the market.
Because the frames verification could be a bit different depending of the different versions of mod.
is that possible to search more if frames are normal ; than to search for abnormal frames ?
(…in fact to search if some frames are regularly “not normal”… or contain “abnormal game values” like some that could be “incredible values”) ==> out of limits == auto-kick/ban
thanks[/QUOTE]Flooding is not possible on any updated mods afaik, unless you’re talking about DDoS in which case this makes no sense.
What exactly would you analyze in the frames? There’s nothing suspicious in a cheater’s IP packet compared to legit player’s IP packet. Exactly the same data.
Why would you want to make OS handle kicks, that makes absolutely no sense. You would have to drop the client anyway (= function call in ET engine.) even if you blocked IP on ip tables or else the clients would “stay” on the server for a while. ET engine can do it just as well so there’s no reason to make it any more complicated.
Cheaters are hooking the client to get information (since that has to be given to the client in order to draw or predict anything). No abnormal frames are sent to server by bots.
Hello !
Thanks your answer. Sure can be wrong… like for sure everyone ! Hopefully, there are more ideas in many heads… 
And everyone can have wrong seeing.
Everyone can be wrong : we just need to test the facts.
It is why we need to ask us more…
Note : Please, first, we suggest you to correct your message to not flood the Forum “by replying With Large Quote”… it is not necessary to copy the full message of others, it make forum unreadable.
1) You said : “Flooding is not possible on any updated mods afaik, unless you’re talking about DDoS in which case this makes no sense.”
==> wrong the indicated script is always useful, including if you have lastest ETDED versions ! If you host a dedicated you should know that…
2) You said : “There’s nothing suspicious in a cheater’s IP packet compared to legit player’s IP packet. Exactly the same data”.
==> prove it by exact facts : please perform and furnish advanced analysis. Please recalls us a bit more how cheat work ?… if there is no exchange between the client and the server how is it possible to cheat ?
==> Do you mean that all other players IP and information are available on all every client side ? : in that case it could be a serious security problem for all client playing W:ET !
3) You said : “Cheaters are hooking the client to get information (since that has to be given to the client in order to draw or predict anything). No abnormal frames are sent to server by bots.”
==> 3A] If we follow what you mean : that W:ET servers are sending all the client information to all game clients… oops if what you say is right Serious security problem as said in 2)
==> 3B] it could require to fake client References : *** in that case there should be some abnormal information in the Frames *** ! or serious problem in how client/server system have been made and working :o
Data must not be received and sent to the wrong address : if is possible it is because you fake the address/reference of the other clients : in that case it must be abnormal information that should appear in the data exchange analysis…
but as you said if it is not the case : we return to the point 2) [In that case 2), there is a serious problem of security : stop playing !].
4) You said : “clients would “stay” on the server for a while” if kicked/ban by FireWall:
==> where is the problem ? We do not want the cheaters to have the answer by some instant kick (oh no! my new cheat not work I know it in 2 seconds !). TZAC have decided that, and this is not a problem, if it took a moment before to kick/ban : it will result more time necessary for cheaters to develop cheat = it will reduce a “new cheat making risk”.
5) Since when a client that have his IP added to a Firewall continue to rest connected ? if we go on the way to trust what you say (that is surprising)
==> at least when server reload between each maps cheater will be kicked. On W:ET servers there are some peoples that abuse of the ban/kick system to crash the server : can you like the idea to kick some kind of persons that use some cheat that could crash your server when you kick/ban them ? some think that is wrong ; but let us think this is right because we have already seen that in reality.
Note : Cheaters change of GUID, of IP, and of MAC address.
6) We listen to you:
In you case there are some few possibilities only… we do not know which one…
==> If you have a real advanced skill or if you be an anti-cheat creator : in that case great respect to you
==> But if you be a user of Cheat or a Creator of cheats ? a Competitor game maker ? You Like W:ET to die ? Please pass you way…
==> if you be simply wrong for some part : enjoy nobody is perfect, and us first
7) The facts are : !!! Many players complain about cheating but it exist no reliable solution now. An now some cheat look like to be “like natural players” : it is now hard to catch the new cheaters.
8) In all the cases if you have things that prove what you be saying ; please Feel free to provide your data related to your advanced technical analysis ; and please let those interested to try & test… if you be right
If nobody is never wrong : it mean that we test & try nothing !
==> Sure Everyone can be wrong… but if some have the skills : we suggest to all skilled readers of that forum to inquest and to test : if these proposed ideas can became operational (or not).
You said : “ET engine can do it just as well so there’s no reason to make it any more complicated.”
==> W:ET is a very nice game
But everyone know that W:ET engine have some problems ; just because it is now an old technology : and it is why cheating is so easy. Anti-cheating development cost a lot. The only way to reduce the cost of time and money for anti-cheat development : is only by thinking about some alternative solution that can perhaps help, to solve for most part, the cheating problem.
We speak about “to be able to do all”… sure nobody is forced : but if you can do more, you can also do less Sure the one that do more can also do the less !.. and why do less when you can do more and more reliable ?
And if you do one thing related… you can generally extend an idea.
In all the cases Thank you for what you be speaking about
Please to test these possibilities… we enjoy all feedback.
thanks
Hello,
I don’t really understand what are you trying to say. Flooding by connecting with multiple clients with a program such as q3fill is fixed on most/all? actively/inactively? developed mods. If by flooding you meant distributed denial of service (DDoS) there’s nothing you can do about it except having a very good network.
I don’t need to prove exact facts. You can download & install wireshark, get a bot, capture packets with & without it. If you want to know how bots work you can read it on your favourite botting site. Short explanation: server has to send data about other client’s locations & what they’re doing on the server in order for client to actually be able to draw/predict anything that is happening. This data gets passed to the bot aswell, which then can use it to draw people behind walls, calculate where to aim etc. No IP information about other clients is sent in regular packets.
I never said servers send everything about clients to every client. I said cheaters hook the client to get information (= information about player location, weapons they use, health, name etc.) about other players. You really need to study how the system works.
Point was, you wanted use OS to kick players, which can only be done by what I said before. There’s absolutely no reason to do so when you could just aswell use ET engine calls to drop the client instantly. It doesn’t matter if the client gets dropped in 1 sec or 5 minutes, the cheater will still know the cheat is detected.
I never said client stays connected. It times out and hangs on the server for a few minutes for nothing if you block it. Why would you want to do that on OS level when you can do it just fine on ET engine? If it’s possible to crash the server with the ban/kick system then you’re running a buggy mod which needs to be fixed. I have never had this problem myself.
Cheaters can change GUID, IP and MAC address and there’s absolutely nothing we can do about it. They can also spoof hardware IDs. Why exactly did you mention this here? Doesn’t really make sense to me.
After almost a decade of playing ET I still consider it by far the best FPS there is. I’m also an active ET mod developer (etjump) so there’s absolutely no reason for me to want the game to die. Just because I know a little about how things work doesn’t mean a) I’m a cheater b) I’m a cheat coder c) I’m a capable anti cheat developer d) developing another game. I’m a mod developer and a player of the game, that’s all.
The fact is you don’t really understand how complicated a working anticheat software is. You can’t just analyze legit packets to detect cheaters (because there’s absolutely nothing in them!). You need to install software that scans player computer for anything that might be hooking the client and not even that works if you’re against a skilled cheat coder. Plus are you even legally allowed to scan user’s computer like that?
Like you said anti cheat development costs. Even huge companies like Valve have problems with cheaters even though their games are still in active development. Why on earth would anyone waste money on developing an anti cheat on a game that is 10 years old, would bring them absolutely no money and would be cracked quickly?
It is a pretty difficult task to get rid of all cheaters. The only way is to play with people you trust. If you don’t have enough people to play with, then you have to invite randoms and hope they don’t cheat.
Thanks,
Zero
I agree with Zero.
Also it would take to much time to make a anticheat for et. Just thought about to make a little more admin power against cheaters (like admins could check for cvars or maybe make screenshots of his view).
[QUOTE=Micha;440102]I agree with Zero.
Also it would take to much time to make a anticheat for et. Just thought about to make a little more admin power against cheaters (like admins could check for cvars or maybe make screenshots of his view).[/QUOTE]
The problem is, noone forces cheat coders to store cvars in a way ET client can send them to server. Also there has been cases of people using some other guys config which contained cheat cvars such as cg_aimbot 1 just to troll the players. They would then get kicked/banned by punkbuster. If you just look at cvars you will most likely ban innocent clueless players that downloaded a config from somewhere.
Yes noticed this on punkbuster but I think it could be interesting. It still could put a warning into a log and pm admins or something. So they could take care and spec him.
Yeah I suppose you could do that but do you really think admins will be objective after they see a cheat cvar on a client. Only stupid cheat coders would store them on client.
At the very least you can mitigate it. We use two systems in ET:L. AntiDDoS developed by TheDushan in OpenWolf and leaky buckets form ioquake3.
Exactly. Although I can imagine how (in)effective cvar scanners are, I am not against them in principle. However, it is a disaster when they are configured and used by inexperienced admins. We’ve removed tons of deprecated and completely useless cvars in ET:L and now we get complains from players being kicked from some Nitmod servers by the new NxAC system because it doesn’t detect some utterly useless cvars. As far as I understand it, it’s not a fault of Nitmod developers but the server admins who don’t know what they are doing.
[QUOTE=Radegast;440424]
Exactly. Although I can imagine how (in)effective cvar scanners are, I am not against them in principle. However, it is a disaster when they are configured and used by inexperienced admins. We’ve removed tons of deprecated and completely useless cvars in ET:L and now we get complains from players being kicked from some Nitmod servers by the new NxAC system because it doesn’t detect some utterly useless cvars. As far as I understand it, it’s not a fault of Nitmod developers but the server admins who don’t know what they are doing.[/QUOTE]
Exactly, i already told them to remove every cg_ cl_ and r_ cvars from their cvarlists, because they can force them with forcecvar and sv_cvar features, but there are still a lot of violations reported to ETMods master server for false positives caused by these deprecated cvars…
Our sample config right now is http://etmods.net/NxAC/cvarlist.cfg
It’s based on an old PB config, and there are probably plenty of cvars missing, unfortunately.
It is of course useless against cheats that don’t use any cvars…
Cvar scanner returns an empty string if the cvar doesn’t exist, and that’s why they get kicked on servers with innapropriate cvarlist…
Sure but as far as I know some hacks still use ingame cvars like wl_ eth_
So I think the system can hekp abit.
‘I wont name them on this forum :)’