|
Quote:
No blood would really suck though.... I'm so pissed off that I'm almost ready to surrender all my mods just to have a decent game for once. I played probably 15 hours the past three days and it was a totally ruined experience. Land-sharking, being painted fluorescent orange when trying to blend in with a bush, inter alia, you name it. All I can say is that if EA wont fix it (they wont) then we the end users must try to, or at least find a half decent trade off. Last but not least, I truely wish more people would learn WTF the console is and learn to vote! If the majority of mohaa players weren't so dense, we could at least punt the goofs from the rarely admined servers. That's my two bits. |
[quote="[NBK] G.I. Jerk":bfcd4]
Quote:
No blood would really suck though.... I'm so pissed off that I'm almost ready to surrender all my mods just to have a decent game for once. I played probably 15 hours the past three days and it was a totally ruined experience. Land-sharking, being painted fluorescent orange when trying to blend in with a bush, inter alia, you name it. All I can say is that if EA wont fix it (they wont) then we the end users must try to, or at least find a half decent trade off. Last but not least, I truely wish more people would learn WTF the console is and learn to vote! If the majority of mohaa players weren't so dense, we could at least punt the goofs from the rarely admined servers. That's my two bits.[/quote:bfcd4] only a dickhead would run a server that kicked every single player joining who had a custom scope or a custom map required for another server. you would end up with 2 fucknuts playing each other on there sooooooo happy that they werent getting spanked by someone "who cheats because they have a custom scope". this can already be achived by arranging a private game on MSN or some such. quite frankly even if the largest server hosts in my ping range started using it i wouldnt play them becuase who can be fucked quitting to remove the custom maps you just used on another server to join that one? do you and i not play on a level playing field because i have desertbase installed ? if you think so then youre fucked..... and if you think not then this client/server system is. r3mix |
You missed what I was getting at.
All I'd like is better admins... WHO DO SOMETHING to prevent this sort of crap. IE.... admin like they should Also... rr3mix..... I don't know how much scripting.... JS, perl, MSDOS batch, python, q3-based etc etc you do. Sorry if it appears that I try to insult your inteligence. (not trying to) If a program CAN be done that DIFFERENTIATES contents of a pk3 the it COULD be done thusly: (examples off the top of my head) IF EXIST /textures/models/weapons/blah blah blah.TGA then IGNORE (this would ignore skins etc etc) BUT...... IF EXIST /blah/blah/blah/ whatever.TIK then RCON PASS CLIENT KICK # THAT's what I'm getting at. Maybe CK knows where I'm thinking at.... apparently you don't. All I'm saying is something needs to be done and anyone who thinks otherwise must be afraid of cheats being stopped for whatever reason. No offence pal.... seriously.... you obvious don't program or script. At least one of my scripts is listed as a security threat by norton anti-virus ;) any of yours? EDITED:::: Look dude.... I been drinking tonight..... In after thought I feel I sounded a little condescending above (and arrogant) I wont HIDE/delete behind an edited post so I'll leave the rest there.... At any rate.... if the PATH can be determined..... so can the purpose. That is to say,.... IF a weapon has a new texture, no harm done.... If a WALL does....it could be a blank TGA file (wallhack).... PATH is everything in determination. Again... sorry for being an ass..... but the cheating HAS to stop |
[quote="[NBK] G.I. Jerk":b57fb]
rr3mix..... I don't know how much scripting.... JS, perl, MSDOS batch, python, q3-based etc etc you do. Sorry if it appears that I try to insult your inteligence. (not trying to) If a program CAN be done that DIFFERENTIATES contents of a pk3 the it COULD be done thusly: (examples off the top of my head) IF EXIST /textures/models/weapons/blah blah blah.TGA then IGNORE (this would ignore skins etc etc) BUT...... IF EXIST /blah/blah/blah/ whatever.TIK then RCON PASS CLIENT KICK # THAT's what I'm getting at. Maybe CK knows where I'm thinking at.... apparently you don't. All I'm saying is something needs to be done and anyone who thinks otherwise must be afraid of cheats being stopped for whatever reason. No offence pal.... seriously.... you obvious don't program or script. At least one of my scripts is listed as a security threat by norton anti-virus ;) any of yours?[/quote:b57fb] of course youre insulting me. if you werent you would have come to this discussion with a little bit of research on what has previously been discussed on these very same forums, including my posts on a variety of issues concerning the same. you are correct in your assumption that i have never attempted to learn any programming language... hovever thats entirely beside the point. what you are not respecting is the fact that i am far more intelligent than you..... which negates any benefit that a knowledge of scriptz would have. i get paid a fair bit of money to design and implement systems in every area of our firm..... and that includes telling the linux/perl/sql guru (who quite by coincidence is lightyears beyond you in terms of programming knowledge) to sort his shit out when i look at what he has implemented. if you actually had any knowledge of computer security you would understand that the code involved is nothing more than a tool used against the system design..... whether that sytem involves people, processes or code is irrelevant.... the same flaws lead to the same vulnerabilities. knowing how to write script is completely useless if you are not intelligent enough to design a system that can be both usable and not easily circumvented. id also like to make mention that having your script included in an antivirus program is not particlarly impressive given the state of variants and the nature of the industry which serves itself by adding more threats to its signature files. however you wanted to discuss this anti cheat without reading what has already been written so lets go at it pal..... firstly you say... [quote:b57fb]"If a program CAN be done that DIFFERENTIATES contents of a pk3 the it COULD be done thusly: (examples off the top of my head) IF EXIST /textures/models/weapons/blah blah blah.TGA then IGNORE (this would ignore skins etc etc) BUT...... IF EXIST /blah/blah/blah/ whatever.TIK then RCON PASS CLIENT KICK # THAT's what I'm getting at."[/quote:b57fb] first of all i can say quite confidently that you have little to no knowledge of computer security or programming in this regard. verification of the integrity of files is a pretty basic area and one which has been successfully implemented using standard techniques for some time without and need for variation..... ie if you knew anything you would have learned this shit years ago. to actually check for the existance of particular files within PK3s such as skins or TIK files, as you have suggested, is completely useless in both verification of stock and foreign files. so lets run through both these scenarios in order of probably occurance.... firstly to verify the integrity of the stock PK3s from the retail installation. the problems with employing such a check for this purpose are that verification of path does not address any known problem and that such verification is useless in verification of integrity of the file you are checking to put it bluntly... you dont have a brain. there is no problem (and i presume never will be) in that i have deleted my skin out of a PK3 file for the "manon". so the implementation of such a check is completely useless in that it does not actually address any problem. there is however a problem that i can alter the "manon" skin to be a brilliant pink to allow me to see the bitch in the dark and against any background. in any implementation this will require that i alter the TGA graphics file that is used by the system to add this colouration. so if your sharper than a brick youll probably realise that actually checking the file integrity is the only option for preventing this type of cheating. i first raised the idea of implementing checksums against the stock PK3s in a thread here a couple of months ago, and someone has again mentioned it in the past few days. as i hinted to earlier, implemetations such as MD5 are not subject to attack nor any occurance or error that is worth consideration. now onto the other possible scenario from your example which takes us to a much harder area to deal with - and please do let me know whether i have addressed this to your satisfaction :) if you want to identify known cheats by way of applying any examination of the files contained in PK3 files.... whether stock or foreign.... you can, but with for no effective period worth implementing. lets say you have a single cheat which consists of a spiked skin by way of an altered TGA file. if this circulates the net and is actually caught by your system, the kick you employed will be effective up until the name of the TGA file or its path are altered.... in which case your ststem will not find the cheat it is looking for. on the other hand if the system used the actually reliable checksum system employed for the verification of the stock files it would fall down in a similarly short period for similar reasons. simply changing the colour of my 255 red spiked skin to 254 red will alter its checksum to one which is not blacklisted in your system. since i am beginning to bore of this i will summarise it for you. you dont have a brain. you dont have any knowledge of system security so please dont invoke your "achievements" as anything of merit. your system does not address any known cheat so it is useless. please bless me with your comments script-boy. r3mix ps. in addition to altering the actual TGA files to create "spiked" skins there may also be some use in altering the shader file. i do not know enough about skinning to know exactly what uses can be abused through the shader file, however it is a reasonable assumption that the usefullness of a cheat is far greater if the skin itself is altered to a bright colour rather that whatever effects the shader file employs. however in the same respect any system that is intended to verify the integrity of the stock files will include the textures, scripts and shaders with equal importance.[/code] |
[quote:70aff]Look dude.... I been drinking tonight..... In after thought I feel I sounded a little condescending above (and arrogant) I wont HIDE/delete behind an edited post so I'll leave the rest there.... [/quote:70aff]
you already shook my cage pal. so now we gonna do this till its done. lets hear your reply to my post. r3mix |
"of course youre insulting me."
To which I recified myself and apologized. A bigger man would accept an apology and not stoop to my currently drunk (but sobering) obnoxious level. Perhaps we're BOTH pigheaded and that precludes that? *shrugs* "you are correct in your assumption that i have never attempted to learn any programming language... hovever thats entirely beside the point. what you are not respecting is the fact that i am far more intelligent than you..... which negates any benefit that a knowledge of scriptz would have." And I should take said assertion at face value? That's like saying a lawyer has the "brains" to rebuild his car's engine. We all have our talents which are not applicable to every situtation, intelligent persona or otherwise. "i get paid a fair bit of money to design and implement systems in every area of our firm..... and that includes telling the linux/perl/sql guru (who quite by coincidence is lightyears beyond you in terms of programming knowledge) to sort his shit out when i look at what he has implemented." Telling a guy that his application isn't to your liking hardly makes you and expert at it when you need to rely on him does it? *chuckles* "if you actually had any knowledge of computer security you would understand that the code involved is nothing more than a tool used against the system design..... whether that sytem involves people, processes or code is irrelevant.... the same flaws lead to the same vulnerabilities." That's hardly compedious. In fact it's quite a rambling screed. I fail to see what you mean. Care to be more succinct?? "knowing how to write script is completely useless if you are not intelligent enough to design a system that can be both usable and not easily circumvented." As I've said earlier in this thread, the anticheat software seems inherently flawed. To this we agree it seems. Why bring it up? (snip)(/snip) "verification of the integrity of files is a pretty basic area and one which has been successfully implemented using standard techniques for some time without and need for variation..... ie if you knew anything you would have learned this shit years ago." Uh gee.... I mentioned exactly said premise already. Perhaps you missed it? As you say a CRC check is pretty old hat man. BTDT eons ago ;) "to actually check for the existance of particular files within PK3s such as skins or TIK files, as you have suggested, is completely useless in both verification of stock and foreign files." Not so I do believe. Unix DIFF or DOS FC commands can verify contents changed VERY easily EVEN IF (assuming text as in the TIK example) the byte count remains the same. Sorry Sir, you stand corrected. Ask your linux/perl/sql "guru" ;) "so lets run through both these scenarios in order of probably occurance.... firstly to verify the integrity of the stock PK3s from the retail installation. the problems with employing such a check for this purpose are that verification of path does not address any known problem and that such verification is useless in verification of integrity of the file you are checking" How so? You've already admitted you haven't the foggiest inkling how to do it via code. Care to take a stab at it? Send me the source code? "to put it bluntly... you dont have a brain." Hmmm.... At least I know where to start, but as you said,... you don't. "there is no problem (and i presume never will be) in that i have deleted my skin out of a PK3 file for the "manon". so the implementation of such a check is completely useless in that it does not actually address any problem." It is extreemly easy to (via code) overlook the missing. To use simple syntax for your benefit. --- IF NOT EXIST *.whatever (texture) GOTO NEXT. That is to say, what isn't THERE can harldy be construed to be possesing a cheat can it? "there is however a problem that i can alter the "manon" skin to be a brilliant pink to allow me to see the bitch in the dark and against any background. in any implementation this will require that i alter the TGA graphics file that is used by the system to add this colouration. so if your sharper than a brick youll probably realise that actually checking the file integrity is the only option for preventing this type of cheating." Well obviously this brick is sharper than your comprehension of my earlier posts on THIS thread as it is EXACTLY what I had proposed. No offence intended. "i first raised the idea of implementing checksums against the stock PK3s in a thread here a couple of months ago, and someone has again mentioned it in the past few days. as i hinted to earlier, implemetations such as MD5 are not subject to attack nor any occurance or error that is worth consideration." Gee.... great minds think alike as I'd been on the same wavelength as per my earlier posts on this thread. Do you seriously expect a guy to check out ALL umpteen thousand posts to see if said issue had been raised before? Hell half the time it takes 30 seconds to load one silly page this server is so slow "now onto the other possible scenario from your example which takes us to a much harder area to deal with - and please do let me know whether i have addressed this to your satisfaction :) if you want to identify known cheats by way of applying any examination of the files contained in PK3 files.... whether stock or foreign.... you can, but with for no effective period worth implementing. lets say you have a single cheat which consists of a spiked skin by way of an altered TGA file. if this circulates the net and is actually caught by your system, the kick you employed will be effective up until the name of the TGA file or its path are altered.... in which case your ststem will not find the cheat it is looking for. " Not using checksums as BOTH of us have been thinking. No this is NOT to my satisfaction. PLEASE make Manon "brilliant pink" as you suggest. Then place it for me on the net...ftp...http....gopher...CVS or whatnot. (send URL) I will then write a script (using various executablesof my choosing) that will differentiate in a heartbeat betwixt the two. Then to PROVE the script is doing the work and not my human eye, I will video capture the execution thereof for you to see. I'm putting my money(and reputation) where my mouth is. Will you? "on the other hand if the system used the actually reliable checksum system employed for the verification of the stock files it would fall down in a similarly short period for similar reasons. simply changing the colour of my 255 red spiked skin to 254 red will alter its checksum to one which is not blacklisted in your system." Well, enough arguing. Put your money where your mouth is. (only those who never take on challenges, never lose... I'm prepared to.) If I turn out to be wrong then SO BE IT! We would then know that this is a failed method and lets move on to the next. I assume you as much as I wish to find the answers to this dilemma? Right? "since i am beginning to bore of this i will summarise it for you. you dont have a brain. you dont have any knowledge of system security so please dont invoke your "achievements" as anything of merit. your system does not address any known cheat so it is useless. please bless me with your comments script-boy. r3mix" System? I haven't even begun to start on such project. In fact I never said I had the time to take on such an undertaking. As far as SECURITY goes, NOBODY knows it all. In fact it seems every week Micro$haft has a new security update out for their various OS's and they WROTE the frikiin things. I will say this however, I've been a *nix sysop for four years now and have yet to find anyone in my bawx. "ps. in addition to altering the actual TGA files to create "spiked" skins there may also be some use in altering the shader file. i do not know enough about skinning to know exactly what uses can be abused through the shader file, however it is a reasonable assumption that the usefullness of a cheat is far greater if the skin itself is altered to a bright colour rather that whatever effects the shader file employs." It's a very reasonable assumption. Changes are easily discernable via unix DIFF and DOS FC commands. Hexidecimal can aslo be used for other files types r3mix,.... I'm going to try to apologize (never said "sorry" the 1st time but i figured you got my drift) AGAIN. I've been boozing it up, and i get a little pugnacious at such times. It would seem that we BOTH have been thinking much along the same lines and that somehow it wasn't acknowledged. Needless to say argiung between us WONT fix the problem. Putting our heads together (with others) might. Care to move on? ]NBK[ CAGE RATTLER ;) |
Quote:
|
I'm going to try to keep this brief, both because I don't want to rehash old material and also since I simply came here to take a short break from coding DMz Dogtag and want to get back to it.
General notes on security: All security, be it game cheat protection or securing your biz's puters from in/external threats, is a Cold War scenario. If you put a certain amount of time, money and effort into it you can achieve a level of relative safety, with ever decreasing returns for increasing expenditures. However there will always be more threats, no matter how "high" your security level, since there are many smart folks out there looking for more bugs, exploits, etc; be they white hat or black hat. Gaming security is very much in it's infancy compared to the general state of computer security. Difference checks, CRC, MD5, etc: Basically all do the same thing, the give us a way to verify files against a known good. MoHAA was very crippled by not having basic sv_pure functionality, which does, to quote John Carmack himself, "disallow native DLL loading if sv_pure, requires clients to only get data from pk3 files the server is using". Idealy it should work something like this: the client generates a checksum (CRC32, MD5, etc) for each and every exe, dll and pak file, which it blindly sends to the server. The server then forces the client to skip using any pak file that doesn't match, and if the exe or dlls have been changed then it won't even play on that server. There is alot of room for details and such but that's the basic blocks. Back to the Cold War, already in progress: There is always a way to up the stakes, for example we could write a program that sends the known good checksum for the default exe, dll and pak files no matter if they have been changed or not. So why bother with the checks at all? Mostly because it will stop at least SOME players from cheating, and because on the scale of things it's worth the time, money and effort. The cycle definately results in better software for everyone eventually, but as I said games have a long way to go security wise. This is why I'm spending time working on various MoHAA fixes that I know: * can be circumvented * already have a cheat freely available * there are much worse cheats out that need to be fixed (but I can't fix em, ex: wallhack) * stop at least some players from cheating that otherwise would be Lately the guys from EA have posted over on the PlanetMoH forums asking for bugs and cheats in MoHAA so they can fix them before releasing Spearhead. I've sent them my entire list, including notes on sv_pure and security measures needed. They've already fixed the MG-42/Ladder, Grenade Switch Team bugs and a bunch more. [url=http://www.forumplanet.com/PlanetMedalOfHonor/user.asp?gid=19000986&mid=868436:97078]HessTruck[/url:97078] is the EA guy who is requesting all bugs and cheats, send them in a private message and lets see em get fixed folks. Don't be afraid to send in the common bugs that you hate, however do be clear, concise and legible; this guy is getting alot of mail so make sure he reads yours. Here's the [url=http://www.forumplanet.com/PlanetMedalOfHonor/topic.asp?fid=5221&tid=791275:97078]earlier thread[/url:97078] on this from Chris Shelton of EA. I could go on, but I want to get back to coding so I can get the beta out ASAP. As Raph Koster, head designer for Star Wars Galaxies and former head for Ultima Online, says in the Laws of Online World Design; "Never trust the client. Never put anything on the client. The client is in the hands of the enemy. Never ever ever forget this." |
Quote:
As for verification..... You do it in steps.... verify if exists or not. THEN look at either checksum or contents therein. In fact I mentioned three methods..... md5/crc , diff/fc and hex. All I suggest is use ALL the available methods when and where applicable and practicable. Why wait for CK to write it? Well in all honesty my problem lies in the fact that I don't know how to serialize UDP packets to and from the server. If it were TCP I'd give it a go no problem at all since its now a challenge. My other problem lies in the fact that I haven't yet learned (or bother to) how to query the server for it's pk3's etc etc. I may be into scripting but q3 is still 1/2 greek to me. That's the same reason why I can't (tried already for two weeks straight--gave up) make a real-time TK monitor. I've already worked out how to parse the logfile (using both mohaa's and autokick's combined) to determine teams and kills. But it only works on my machine since I can read the file from harddisk but can't get live rcon status. I need to be able to do it from a live rcon for it to be a useful program that can be run by anyone. |
|
| All times are GMT -6. The time now is 12:51 PM. |
Powered by vBulletin® Version 3.8.12 by ScriptzBin
Copyright ©2000 - 2025, vBulletin Solutions Inc.
© 1998 - 2007 by Rudedog Productions | All trademarks used are properties of their respective owners. All rights reserved.