ET open source code X Cheating

Fusen · 2004-01-30 03:04:31 UTC

I want the ability for any player to request a pb_screenshot that way if you think someone is cheating you can do it yourself and have proof or be found wrong with proof instead of just shouting at someone when no one beleives you

Justin Bieber

puubert · 2004-01-30 04:19:48 UTC

I always assumed PB looked at programs that ran concurrently and interacted with ET. As a cheat program would. I’m not claiming to understand the ins and outs of PB, just asking a question. How does PB pick up differences in gamecode?

Also note that the cheats mentioned by Piggy are almost certainly not based on changing the gamecode (simply because the gamecode has not been available for very). So their existence doesn’t tell us anything except that cheats are possible. Anyone with half a clue should have known that already.

I’m not talking about Piggy’s cheats. I can’t even remember what he was talking about. I thought I was asking a valid question. No need to be an arsehole about it. I’m talking about in the future. Is there a guaranteed way to pick up a modified gamecode with a cheat in it? Liek I said, I don’t know if it’s possible to do, but I’m sure I’m not the only person to think of it, and if it is possible, then someone will try it.

Mjolnyr · 2004-01-30 07:16:07 UTC

The key point for PunkBuster-ET fighting against cheaters, is a stricter GUID authorization mechanism.

Why there are much fewer cheaters in RtCW is: once one’s GUID is banned, he/she is sentenced banishment from that server forever. And it’s very difficult to gain another GUID to replace his/her banned one. So cheaters must take this risk very seriously (we may suppose, existed cheaters are already banned, and potential cheaters are subdued.)

On the contrary, GUID is easily acquired in ET, far too easily. So that, banning has little effectiveness in ET.

I’ve heard that EvenBalance is experimenting their new GUID administration function: server administrators can reject those newly-acquired GUIDs to attend their servers. This could stop those cheaters / intending TKers a bit, I suppose. However, it’s not publically announced yet. Hope this function could be announced soon.

SCDS_reyalP · 2004-01-30 07:24:46 UTC

For the most part, I don’t know what PB does. There are a few things from the documentaion. There are other things I know it could do, based on my experience as a programmer.

they recently introduced and MD5 check feature, where the admin can specify certain files that must match between client and server. This is much like the ‘pure’ checking built into id games, but maybe with a stronger hash, and the ability to check all files rather than just those in .pk3 files. By default, I don’t think this is on in ET.
they might do the same thing with some required game files automatically. I know for some time that they didn’t, and people were using hex edited or patched .exe files.

The above will pretty much stop people from just re-compiling the game code and using that to cheat. The built in pure checking should serve the same function for client dlls (cgame and ui). Note that the client .dlls are found in mp_bin.pk3, which, by pure checking, must be the same on both client and server. If you create your own cgame, it should get overwritten by the one in mp_bin.pk3 (or whatever mod .pk3 if you are playing a mod) if it doesn’t match the one in the .pk3.

Because those things are done at a file level, it is still possible that a cheater could modify the game by hooking their dll in at runtime. There are various ways PB could counter act that by examining the ET process and it’s associated modules.

Note that modifying the game itself is probably the oldest form of cheating in online games. Only after games started to verify their integrity did cheaters resort to external programs, or wrapping system files (as the recent opengl hacks do)

Also note that anything which can be done with the source code, can also be done with hex editing, if you are good enough and have the time to spend. Before you laugh, I have made significant changes in programs functionality by disassembling and hex editing (no, not ET).

Now inherently, the problem PB tries to solve is unsolveable. Alan Turing demonstrated the equivalence of hardware and software, and from that, you can prove that it will always be possible to cheat in the currently popular internet game designs. Punkbusters goal is to make this hard, and respond as cheats are found.

Kendle · 2004-01-30 08:59:05 UTC

Well they’d have to be a REALLY good player… I consider myself above average and on n00b servers I’m usually 1:1 ratio for headshots:kills. That’s pretty close to a 2:1… that’s REALLY impressive… especially to be that consistant to get almost 2 headshots on EVERY kill… I don’t know, something like that to me sounds a bit sketchy. But that’s just me, and I’m probably wrong. :bored:[/quote]
I agree Larry, and Piggy says he has the demos and was spec’ing the guy and is convinced he was cheating. That’s good enough for me! My only point was that the screenie itself isn’t, IMO, evidence of cheating per se.

As for whether the release of the game code will spawn more cheats, well I think that’s been pretty much covered by other posts already. It still remains, IMO, that cheating isn’t a big problem in ET, and I don’t think the release of the source code is going to change that.

pgh · 2004-01-30 09:41:53 UTC

Hehe go Kendle, killed the thread

Finally someone gets back to the point of the thread…

You think that I think that it will increase the ammount of cheats released but I have a sneaky suspicion it wont increase the ammount of players using them. The one main thing that makes me think this is the ammount of servers and the way the game works. CS, was exactly the same nearly… ofc it was piss easy to tell if a CS player was cheating but, one main thing that made it as noticiable was the ui/gametype. You died, you spectated (Half the time all you had to do was say, <Whatever is cheating btw> and that player would leave… in ET, you die, you limbo… from this you can get a view of different players and can see how they play. The stats options too means it can be quite a blatant give away, dito with accuracy.

Tbh, time will tell. If anything, I couldnt give a shit now - If someone wants to cheat, fine by me, just better not do it on my servers, the ones I play on and the leagues we play otherwise theres a panz0r with there name on it followed by a callvote :>… Im just more looking foward to the good things to come from this source being released. (Someone please fix the recoil on the Rifles and put the old Grenades back in :>)

Hydra · 2004-01-30 12:59:41 UTC

Since the important code is serverside, you will not be able to use such cheats without setting up your own server (on which you can do anything anyway), and therefor the release of de source just won’t do shit for cheaters.

puubert · 2004-01-30 14:56:19 UTC

Thanks for explaining that Reyal. I’ve only done 1 semester of basic C programming so 99% of stuff is above me. I wasn’t sure if PB could pick up those differences, but it seems that they got it covered enough to stop an avalanche. My biggest “concern” (if you could call it that) was if PB couldn’t reasonably guarantee gamecode virginity as it were, then cheaters would distribute recompiled versions of ET with cheats built in.

pgh · 2004-01-30 15:32:55 UTC

Another suffering from ‘I dont read posts syndrome’.

Okie… so, explain how these people and these cheats managed to work in order for them to get caught if, as you stated Hydra, ‘all the important code is serverside’.

Bludd · 2004-01-30 15:48:11 UTC

Nooo! Recoil is mandatory! Have you ever shot a hunting rifle with a scope? I love the way you are utterly disoriented after firing a sniper rifle while zoomed in as tight as possible, because it’s REALISTIC. Sure, it makes for some damned frustration when trying to snipe people, but erm, should it really be so easy that you can smoke a cigggie, watch TV, and occasionally glance back at the monitor to place the crosshair over the next enemy? Nah, we want it to be so difficult that it sucks! I also like the way ET added muzzle lift to the pistols which wasn’t in RTCW, and I even wish there was some on the SMGs.

Hydra · 2004-01-30 16:25:50 UTC

sigh

Aimbots work on the datastream between you and the server, they work as a proxy. They don’t rely on the gamecode at all because the server decides whether or not a bullit hits, and how much damage it does. Thiese things you cannot influence at all without access to the server.

bandit5k · 2004-01-30 16:26:03 UTC

In ET recoil can be reduced in a very simple way. In CS the remove the +lookdown commands because they can be use to remove recoil. In ET they are not removed. Its not exactly a cheat but its an unfair advantage. I found it when testing the ET Demo.

Bludd · 2004-01-30 16:53:46 UTC

I would define anything that alters the intended behavior of the game as a cheat. But, I don’t want to get into a flame war about cheating. Some people love to get their hands dirty and see what can be done with any program. The reason coders who make cheats for games get flak is because of the fanatical egos that some people foster over their performance in online games. All coding is of interest to a coder. But ya, I’d say an anti-recoil script would qualify as a cheat, because the gun is supposed to have recoil. For that matter, cg_drawgun 0 is a cheat, because the gun is supposed to block your view. That cvar is cheat protected in CoD, BTW.

SCDS_reyalP · 2004-01-30 19:58:20 UTC

Hydra, some succesful aimbots have been based on gamecode. Knowing where your client thinks the enemy is, and having direct control of the view angles is a very good start to hitting the enemy.

Agrado · 2004-01-31 04:03:36 UTC

It already was beta-tested I believe, and it failed miserably. See cvar sv_minguidage. Also see pb_plist and notice that the ‘valid: <days>’ messages are mostly totally wrong. The minimum GUID age feature would be very useful to help making bans actually work, but it still wouldn’t be a cure-all (since people can easily stockpile GUIDs, assuming they don’t get banned from every server they connect to )

Hydra · 2004-02-02 10:41:33 UTC

True, but PB can easily detect these mods.

Fusen · 2004-02-17 04:41:35 UTC

interesting article here - http://www.xfire.be/comments.php?id=922&category=7

which is about a modified et.exe which basically acts as a wallhack and it was used on a pb server

MEXICO CITY HOTELS

SCDS_reyalP · 2004-02-17 10:26:59 UTC

You can’t make et.exe from the avialable source code. :moo:

More likely it has been hex edited to unlock certain cvars. It is rather sad that PB still doesn’t detect modified .exes. You could in theory do this with the md5 tool (http://www.evenbalance.com/index.php?page=md5tool.php) but this is complicated by the fact that linux and windows have different executables, and only one is included in each install. It is likely also possible to run et from an .exe with a different name…

edit:
Oops, the md5 thing already deals with cross platform issues.

evilsock · 2004-02-17 13:30:06 UTC

You know, there are plenty of WW2 stories of soldiers in the field apparently coming under heavy attack, calling artillery and air-strikes from behind their own lines - often the commanding officer would explain that his section was under heavy fire from ‘thousands’ of enemy troops with ‘non-trivial’ amounts of artillery pieces - it was total crap. Under heavy pressure, troops and their commanders would often be unable to accurately gauge the amount of troops and heavy pieces of hardware leading them to make wild and erroneous guesses.

Now think about PB, the cheaters, and apply that thinking to this situation.

I don’t know the figures, but by getting a handle on the number of players and servers available, it’s possible to understand what the ‘potential’ for cheating could be and also what kind of total percentage this represents in comparison to the total number of legit players. Once you’ve done that, you can begin to make a judgment on the potential impact for the total % of cheaters likely to wander onto legitimate servers and also their effects on non-cheating players. Until you understand those figures there’s really no point at all in having a conversation about it because it’s all just rumor and anecdotes tbh.

For all the controversy it creates, I’d bet that the actual percentages of players regularly cheating is pretty low. Low enough for it to be quite hard to justify some of the retarded PB / server configs that everyone thinks are so important - stop nagging my thin-band so hard ya ’ naffers.

I could tolerate a cheater on a pub server because it’s only one or at worst, a few. Besides, we all regularly come-up against players who are so much better in particular circumstances than ourselves that they might as well be using a hack for all the difference it would make. The whole cheater thing is as much the product of bad-losers than anything else imho and by taking it so seriously without any kind of proportion your just fueling people’s paranoia.

PB is fine AFAIK, so long as it keeps doing it’s job - and I perceive it’s job to be the prevention of historical cheats functioning on current PB enabled ET servers. It’s already a given that it won’t stop private hacks or the very latest cheats - that’s fine by me so long as some anus-player can’t use a hack from 2003 and have it still work on ET servers.

The source code release should just make a modders life a bit more exciting though - shouldn’t it

pgh · 2004-02-17 14:04:11 UTC

If they didnt want to allow the gun to be hid why keep the cvar in? Dito with +lookdown stopping recoil. Its been the case for years, things like rocketjump scripts, altering zooms/fov for visibility and such… its a feature not a cheat.