Gaming Application to Demote Hacking.

Discussion in 'Programming & Software Development' started by Auto-Jager, Feb 11, 2007.

  1. Auto-Jager

    Auto-Jager Member

    Joined:
    Jun 9, 2006
    Messages:
    20
    Location:
    Adelaide Prospect Massive
    The basic idea is to create an application that scans a users machine for hacks locally. This app will do normal stuff like server browsing friends list news etc. but will also scan the users machine making sure that they arnt cheating.

    The direct use of the application will be in a league type community where all the servers will only be accessable via this application and all users will argree to install and run this app in order to play cirtain servers and participate in the leagues.

    I am not a programmer and have a majorly limited knowledge of any types of code. So basicly im looking for any one who whould like to help by donating time and knowledge to develoup a prototype and hopefully a fully functional open source application.

    This is mainly prompted buy valve and almost all anti cheat software being just crap. People are openly cheating in all servers all the time and admins dont have the time and resources to ban them all.

    Any adivce and or help would be much appreciated.

    D00M.7RA1N
    Zenith.Elite
     
  2. Buzzard

    Buzzard Member

    Joined:
    Apr 10, 2002
    Messages:
    758
    Location:
    Dandenong
    Do you think it will be simple to do a better job than VAC / PunkBuster?
     
  3. Logistics

    Logistics Member

    Joined:
    Feb 7, 2003
    Messages:
    1,016
    Location:
    Sydney
    Should ask yourself, will a person let you scan their system :Pirate:
     
  4. houseofzeus

    houseofzeus Member

    Joined:
    Mar 25, 2005
    Messages:
    3,195
    Location:
    St. Lucia, Brisbane
    Sony don't :p
     
  5. Elyzion

    Elyzion Member

    Joined:
    Oct 27, 2004
    Messages:
    7,198
    Location:
    Singapore
    Awesome, making it open source allows them to easily find the holes in the application to expolit hacks once again.
     
  6. f3n1x

    f3n1x Member

    Joined:
    Mar 20, 2003
    Messages:
    1,704
    Location:
    Armadale, Melbourne
    Some less intelligent folk might get the idea that you know what your talking aout.. and im not really comfortable with that idea.. mainly because its untrue.

    Let me clarify what you're saying here...

    You're promoting obscurity over collaborative process design and peer review as a means of security?

    Have a good read of this article you might find it alters your perception of the matter.

    Edit: linking the article might have helped. :), i'll find it.

    Edit2: http://www.securityfocus.com/columnists/269 isn't the article i refered to originally but it makes the point just as well.
     
    Last edited: Feb 12, 2007
  7. breech

    breech Member

    Joined:
    Mar 6, 2002
    Messages:
    1,881
    Location:
    GalaxyWorld
    did i miss something? what article?
     
  8. Oblong Cheese

    Oblong Cheese Member

    Joined:
    Aug 31, 2001
    Messages:
    10,595
    Location:
    Brisbane
    I'm pretty sure you've got no idea what you are talking about. There's no such thing as 'security through obscurity', despite what anyone else may tell you, and while at the outset, open-sourcing something like this may attract the leet haxor kids to find exploits, it'll also attract many other developers with good intentions.

    Consequently, the exploits are found and fixed as fast, if not faster, than there is code written to make use of the exploits.
     
  9. OP
    OP
    Auto-Jager

    Auto-Jager Member

    Joined:
    Jun 9, 2006
    Messages:
    20
    Location:
    Adelaide Prospect Massive
    like i said. i have limited very very limited knowlegde of programming... not even limited i basicly have none...

    But i do have a good grasp of how things work, im not stupid i just never got into coding its just not my thing.

    Firstly. the abouve post is correct open sourcing it will allow it to be exploited quite eazily. but it will however develoup a good structure quite quickly. once it is running as perfectly as can be hoped for it will no longer be open souce and it can be put to use. updated as needed.

    please realise this isnt a peice of software.. it is only an idea at this stage.

    as for users allowing there machine to be scanned... if they have nothing to hide and are behind the idea of hack free gaming im sure they will gladly oblige. Knowing that the scaning will only take place when you are gaming and will only be scanning for other applications on your machine and any suspect changes also.

    I cannot tell you how i plan to implement such scaning cus i have no idea.. that is why i am posting here. i want to know if its possable and how effective it could be.

    Running this app locally in order to join specific servers could mean that these servers will be as close to 100% hack free as ever.
     
  10. Rolan

    Rolan Member

    Joined:
    Jun 27, 2001
    Messages:
    330
    Location:
    Sydney
    Sounds like a good idea, scanning cheats like viruses.

    The reason viruses are usually a step ahead of their scanners is because they are written to spawn variants and spread. So unless cheats writers feel like they need to add the characteristics of viruses to their progs, this could probably be done. And of course that's not the goal of those cheating progs.

    Nevertheless, this builds another hurdle for cheats to be written and used.

    Good idea I'd say.
     
  11. Agg

    Agg Lord of the Pings

    Joined:
    Jun 16, 2001
    Messages:
    31,989
    Location:
    A Reported Post Near You
    Ah-hah, that explains why closed-source Windows is so secure, and open-source Linux is so riddled with security problems. ;)
     
  12. Elyzion

    Elyzion Member

    Joined:
    Oct 27, 2004
    Messages:
    7,198
    Location:
    Singapore
    Linux has a large community tho. So the open source model works. I don't believe it would work for this sorta project.
     
  13. bigiain

    bigiain Member

    Joined:
    Dec 27, 2001
    Messages:
    179
    Location:
    Sydney
    John Carmack (Mr Quake) wrote about this problem way back in '99 when the Quake 1 source code was first released (which resulted in a _lot_ of client side cheating during network games)...

    http://www.bluesnews.com/cgi-bin/finger.pl?id=1&time=19991226003141

    His conclusion: "Nothing in online games is cheat-proof (there is allways the device driver level of things to hack on)"

    He did though, propose a very similar idea to yours, saying that it would make cheating harder than it already is, but it can't possibly actually solve the problem permanently against a determined and skilled enough attacker...

    <edit> just found some more '99 vintage discussion of this here: http://www.catb.org/~esr/writings/quake-cheats.html </edit>

    big
     
    Last edited: Feb 12, 2007
  14. shift

    shift Member

    Joined:
    Jul 28, 2001
    Messages:
    2,941
    Location:
    Hillcrest, Logan
    The problem with it being open source is that it would be very easy to build a version that reports everything as normal without doing any checking at all.

    Even if you're doing hashes of files etc, a version can be built that just reports a known good value.
     
  15. Kabal

    Kabal Member

    Joined:
    Aug 1, 2001
    Messages:
    1,045
    Location:
    Melbourne
    Yeah its pretty easy to say that theres no such thing as security through obscurity but at the end of the day there is a little bit, and it doesnt really apply to this situation.

    Take into consideration DRM mechanisms such as FairPlay and WindowsMedia. At the core of those there is a key used to decode the encrypted file - that key is hidden. If you had access to the source then the DRM would not work.

    In the case of an online game the only way to make it truely secure would be for the server to do EVERYTHING - zero trust in the client at all for, anything (including video rendering!). This is obviously not possible. So you are stuck with scanning and other DRM-ish techniques to stop cheating - both of which rely on security through obscurity (and has been proven to never REALLY work in the end).
     
  16. Deltoid

    Deltoid Member

    Joined:
    May 24, 2003
    Messages:
    9,515
    Location:
    Brisbane
    I agree with Kabal. As another user said so long as the code is open source there isn't much to stop a user taking the source, stripping out the part that checks the computer for cheats and just returning a positive result.
     
  17. f3n1x

    f3n1x Member

    Joined:
    Mar 20, 2003
    Messages:
    1,704
    Location:
    Armadale, Melbourne
    The same thing can be done, just as efficiently to closed source software with reverse engineering (sometimes its more efficient, but thats not something i wish explain here).

    Example:

    Take binary data xyz from tcp/file/whatever and push it to an 8Bit Buffer assigning it a variable named varX.

    In attack said code, the only difference in the logic i see with opensource vs proprietary code is that in open i can see that varX is the name of the variable that points to the buffer.

    I can still see that there is an unchecked buffer accepting input that is assumed to be 8bits in length, and that if i send more i may be able the compromise the security of the entire machine with arbitrary code execution.

    So it stands to reason that whilst you don't have the high level code syntax, all the logic is still is plainly viewable, and thus open to attack. There is no way around this fact. The machine must have code to execute, if the machine can see the code, so can i.

    Neither open or closed source are inherently more insecure, what really matter is the skill and dedication to security of the developers and process designers.

    There are ways to detect and defeat every workaround that people have suggested here as a weakness the opensource model, none of them are easy.
     
  18. Deadly Bulb

    Deadly Bulb Member

    Joined:
    Apr 12, 2002
    Messages:
    199
    CEVO CMN
    CAL ACS
    ESEA Client
    ESL Aequitas

    All do what you're describing for CS. Just google up some info to see how they work. For the most part details on how they work are kept relatively secret, and for good reason. Some of the basics are:
    -logging configs, running programs, certain registry keys
    -taking screenshots at random intervals and uploading them once the match is complete
    -scanning memory for cheats

    Aequitas logs are publicly available, take a look at them to see the kind of things it monitors. e.g:
    http://www.esl.eu/eu/enc/2006/cs/5on5/groupstage2/match/3788872/

    Open source would be a mistake. Making people too afraid to cheat because they don't know what the anti-cheat does is even more effective as catching cheaters in the act.

    In addition to AC software, having players submit smoke screenshots and demos works well for Counter-Strike online league play.
     
    Last edited: Feb 12, 2007
  19. OP
    OP
    Auto-Jager

    Auto-Jager Member

    Joined:
    Jun 9, 2006
    Messages:
    20
    Location:
    Adelaide Prospect Massive
    oh god...

    you know, you would think every gamer who cheats has actually writen the exploits them selves the way you people are going on about it.

    Firstly, we are here to stop people who are cheating. People who cheat are almost 100% morons who have no skills and wish to rage every one they meet.
    People who hack... i find rarely play the games.

    This is not a global anti cheat goal. I wish to make it so that gaming communities who want to stop cheating can employ this application and have their members use it.

    And dont say that almost all communities "want" to stop hacking, as i find no one realy does any thing active about it, not in the australian gaming community any way.

    Look... any one who is a capable programmer and is willing to help can contact me via email or msn

    D00M.7RA1N@gmail.com

    I would simply like to brainstorm and get a vantage point of how this will and will not work from a programmers point of view.
     
  20. R3Dl2ULZ

    R3Dl2ULZ Member

    Joined:
    Oct 26, 2006
    Messages:
    1,238
    Location:
    The Hills, Sydney
    Auto-Jager is right about it being morons who actually use the hacks. they just pay for it and it does everything else.
    i do think that for people to agree to using the software you would need to disclose what sort of thing it checks for. i wouldnt install something that actually scans my hard drive for hacks. but i personally would agree to something that scans active processes for known hacks and modifications.
    since the software would only be used in tournys i doubt there would be enough demand for the people that write the hacks to bother writing things to get around the AC software. and as someone said exploits could be fixed before coding to exploit them was released.
    im sure there would be enough programmers that game who would be willing to help close the exploitable parts.

    Punkbuster is a pretty good anti-cheat program. i play BF2142 a fair bit and havent witnessed anything that im certain was a hack.
     

Share This Page

Advertisement: