Alliedassault - View Single Post

[NBK] G.I. Jerk · 09-29-2002, 12:21 AM

"of course youre insulting me."

To which I recified myself and apologized. A bigger man would accept an apology and not stoop to my currently drunk (but sobering) obnoxious level. Perhaps we're BOTH pigheaded and that precludes that? *shrugs*

"you are correct in your assumption that i have never attempted to learn any programming language... hovever thats entirely beside the point. what you are not respecting is the fact that i am far more intelligent than you..... which negates any benefit that a knowledge of scriptz would have."

And I should take said assertion at face value? That's like saying a lawyer has the "brains" to rebuild his car's engine. We all have our talents which are not applicable to every situtation, intelligent persona or otherwise.

"i get paid a fair bit of money to design and implement systems in every area of our firm..... and that includes telling the linux/perl/sql guru (who quite by coincidence is lightyears beyond you in terms of programming knowledge) to sort his shit out when i look at what he has implemented."

Telling a guy that his application isn't to your liking hardly makes you and expert at it when you need to rely on him does it? *chuckles*

"if you actually had any knowledge of computer security you would understand that the code involved is nothing more than a tool used against the system design..... whether that sytem involves people, processes or code is irrelevant.... the same flaws lead to the same vulnerabilities."

That's hardly compedious. In fact it's quite a rambling screed. I fail to see what you mean. Care to be more succinct??

"knowing how to write script is completely useless if you are not intelligent enough to design a system that can be both usable and not easily circumvented."

As I've said earlier in this thread, the anticheat software seems inherently flawed. To this we agree it seems. Why bring it up?

(snip)(/snip)

"verification of the integrity of files is a pretty basic area and one which has been successfully implemented using standard techniques for some time without and need for variation..... ie if you knew anything you would have learned this shit years ago."

Uh gee.... I mentioned exactly said premise already. Perhaps you missed it? As you say a CRC check is pretty old hat man. BTDT eons ago ;)

"to actually check for the existance of particular files within PK3s such as skins or TIK files, as you have suggested, is completely useless in both verification of stock and foreign files."

Not so I do believe. Unix DIFF or DOS FC commands can verify contents changed VERY easily EVEN IF (assuming text as in the TIK example) the byte count remains the same. Sorry Sir, you stand corrected. Ask your linux/perl/sql "guru" ;)

"so lets run through both these scenarios in order of probably occurance.... firstly to verify the integrity of the stock PK3s from the retail installation. the problems with employing such a check for this purpose are that verification of path does not address any known problem and that such verification is useless in verification of integrity of the file you are checking"

How so? You've already admitted you haven't the foggiest inkling how to do it via code. Care to take a stab at it? Send me the source code?

"to put it bluntly... you dont have a brain."

Hmmm.... At least I know where to start, but as you said,... you don't.

"there is no problem (and i presume never will be) in that i have deleted my skin out of a PK3 file for the "manon". so the implementation of such a check is completely useless in that it does not actually address any problem."

It is extreemly easy to (via code) overlook the missing. To use simple syntax for your benefit. --- IF NOT EXIST *.whatever (texture) GOTO NEXT. That is to say, what isn't THERE can harldy be construed to be possesing a cheat can it?

"there is however a problem that i can alter the "manon" skin to be a brilliant pink to allow me to see the bitch in the dark and against any background. in any implementation this will require that i alter the TGA graphics file that is used by the system to add this colouration. so if your sharper than a brick youll probably realise that actually checking the file integrity is the only option for preventing this type of cheating."

Well obviously this brick is sharper than your comprehension of my earlier posts on THIS thread as it is EXACTLY what I had proposed. No offence intended.

"i first raised the idea of implementing checksums against the stock PK3s in a thread here a couple of months ago, and someone has again mentioned it in the past few days. as i hinted to earlier, implemetations such as MD5 are not subject to attack nor any occurance or error that is worth consideration."

Gee.... great minds think alike as I'd been on the same wavelength as per my earlier posts on this thread. Do you seriously expect a guy to check out ALL umpteen thousand posts to see if said issue had been raised before? Hell half the time it takes 30 seconds to load one silly page this server is so slow

"now onto the other possible scenario from your example which takes us to a much harder area to deal with - and please do let me know whether i have addressed this to your satisfaction :)

if you want to identify known cheats by way of applying any examination of the files contained in PK3 files.... whether stock or foreign.... you can, but with for no effective period worth implementing.

lets say you have a single cheat which consists of a spiked skin by way of an altered TGA file. if this circulates the net and is actually caught by your system, the kick you employed will be effective up until the name of the TGA file or its path are altered.... in which case your ststem will not find the cheat it is looking for. "

Not using checksums as BOTH of us have been thinking. No this is NOT to my satisfaction. PLEASE make Manon "brilliant pink" as you suggest. Then place it for me on the net...ftp...http....gopher...CVS or whatnot. (send URL) I will then write a script (using various executablesof my choosing) that will differentiate in a heartbeat betwixt the two. Then to PROVE the script is doing the work and not my human eye, I will video capture the execution thereof for you to see. I'm putting my money(and reputation) where my mouth is. Will you?

"on the other hand if the system used the actually reliable checksum system employed for the verification of the stock files it would fall down in a similarly short period for similar reasons. simply changing the colour of my 255 red spiked skin to 254 red will alter its checksum to one which is not blacklisted in your system."

Well, enough arguing. Put your money where your mouth is. (only those who never take on challenges, never lose... I'm prepared to.) If I turn out to be wrong then SO BE IT! We would then know that this is a failed method and lets move on to the next. I assume you as much as I wish to find the answers to this dilemma? Right?

"since i am beginning to bore of this i will summarise it for you.
you dont have a brain.
you dont have any knowledge of system security so please dont invoke your "achievements" as anything of merit.
your system does not address any known cheat so it is useless.

please bless me with your comments script-boy.

r3mix"

System? I haven't even begun to start on such project. In fact I never said I had the time to take on such an undertaking. As far as SECURITY goes, NOBODY knows it all. In fact it seems every week Micro$haft has a new security update out for their various OS's and they WROTE the frikiin things.
I will say this however, I've been a *nix sysop for four years now and have yet to find anyone in my bawx.

"ps. in addition to altering the actual TGA files to create "spiked" skins there may also be some use in altering the shader file. i do not know enough about skinning to know exactly what uses can be abused through the shader file, however it is a reasonable assumption that the usefullness of a cheat is far greater if the skin itself is altered to a bright colour rather that whatever effects the shader file employs."

It's a very reasonable assumption. Changes are easily discernable via unix DIFF and DOS FC commands. Hexidecimal can aslo be used for other files types

r3mix,.... I'm going to try to apologize (never said "sorry" the 1st time but i figured you got my drift) AGAIN. I've been boozing it up, and i get a little pugnacious at such times. It would seem that we BOTH have been thinking much along the same lines and that somehow it wasn't acknowledged. Needless to say argiung between us WONT fix the problem. Putting our heads together (with others) might. Care to move on?

]NBK[ CAGE RATTLER ;)

	(#21)
[NBK] G.I. Jerk is Offline Senior Member Posts: 292 Join Date: Apr 2002 Location: Calgary, Ab. CanaDUH	09-29-2002, 12:21 AM "of course youre insulting me." To which I recified myself and apologized. A bigger man would accept an apology and not stoop to my currently drunk (but sobering) obnoxious level. Perhaps we're BOTH pigheaded and that precludes that? shrugs "you are correct in your assumption that i have never attempted to learn any programming language... hovever thats entirely beside the point. what you are not respecting is the fact that i am far more intelligent than you..... which negates any benefit that a knowledge of scriptz would have." And I should take said assertion at face value? That's like saying a lawyer has the "brains" to rebuild his car's engine. We all have our talents which are not applicable to every situtation, intelligent persona or otherwise. "i get paid a fair bit of money to design and implement systems in every area of our firm..... and that includes telling the linux/perl/sql guru (who quite by coincidence is lightyears beyond you in terms of programming knowledge) to sort his shit out when i look at what he has implemented." Telling a guy that his application isn't to your liking hardly makes you and expert at it when you need to rely on him does it? chuckles "if you actually had any knowledge of computer security you would understand that the code involved is nothing more than a tool used against the system design..... whether that sytem involves people, processes or code is irrelevant.... the same flaws lead to the same vulnerabilities." That's hardly compedious. In fact it's quite a rambling screed. I fail to see what you mean. Care to be more succinct?? "knowing how to write script is completely useless if you are not intelligent enough to design a system that can be both usable and not easily circumvented." As I've said earlier in this thread, the anticheat software seems inherently flawed. To this we agree it seems. Why bring it up? (snip)(/snip) "verification of the integrity of files is a pretty basic area and one which has been successfully implemented using standard techniques for some time without and need for variation..... ie if you knew anything you would have learned this shit years ago." Uh gee.... I mentioned exactly said premise already. Perhaps you missed it? As you say a CRC check is pretty old hat man. BTDT eons ago ;) "to actually check for the existance of particular files within PK3s such as skins or TIK files, as you have suggested, is completely useless in both verification of stock and foreign files." Not so I do believe. Unix DIFF or DOS FC commands can verify contents changed VERY easily EVEN IF (assuming text as in the TIK example) the byte count remains the same. Sorry Sir, you stand corrected. Ask your linux/perl/sql "guru" ;) "so lets run through both these scenarios in order of probably occurance.... firstly to verify the integrity of the stock PK3s from the retail installation. the problems with employing such a check for this purpose are that verification of path does not address any known problem and that such verification is useless in verification of integrity of the file you are checking" How so? You've already admitted you haven't the foggiest inkling how to do it via code. Care to take a stab at it? Send me the source code? "to put it bluntly... you dont have a brain." Hmmm.... At least I know where to start, but as you said,... you don't. "there is no problem (and i presume never will be) in that i have deleted my skin out of a PK3 file for the "manon". so the implementation of such a check is completely useless in that it does not actually address any problem." It is extreemly easy to (via code) overlook the missing. To use simple syntax for your benefit. --- IF NOT EXIST .whatever (texture) GOTO NEXT. That is to say, what isn't THERE can harldy be construed to be possesing a cheat can it? "there is however a problem that i can alter the "manon" skin to be a brilliant pink to allow me to see the bitch in the dark and against any background. in any implementation this will require that i alter the TGA graphics file that is used by the system to add this colouration. so if your sharper than a brick youll probably realise that actually checking the file integrity is the only option for preventing this type of cheating." Well obviously this brick is sharper than your comprehension of my earlier posts on THIS thread as it is EXACTLY what I had proposed. No offence intended.* "i first raised the idea of implementing checksums against the stock PK3s in a thread here a couple of months ago, and someone has again mentioned it in the past few days. as i hinted to earlier, implemetations such as MD5 are not subject to attack nor any occurance or error that is worth consideration." Gee.... great minds think alike as I'd been on the same wavelength as per my earlier posts on this thread. Do you seriously expect a guy to check out ALL umpteen thousand posts to see if said issue had been raised before? Hell half the time it takes 30 seconds to load one silly page this server is so slow "now onto the other possible scenario from your example which takes us to a much harder area to deal with - and please do let me know whether i have addressed this to your satisfaction :) if you want to identify known cheats by way of applying any examination of the files contained in PK3 files.... whether stock or foreign.... you can, but with for no effective period worth implementing. lets say you have a single cheat which consists of a spiked skin by way of an altered TGA file. if this circulates the net and is actually caught by your system, the kick you employed will be effective up until the name of the TGA file or its path are altered.... in which case your ststem will not find the cheat it is looking for. " Not using checksums as BOTH of us have been thinking. No this is NOT to my satisfaction. PLEASE make Manon "brilliant pink" as you suggest. Then place it for me on the net...ftp...http....gopher...CVS or whatnot. (send URL) I will then write a script (using various executablesof my choosing) that will differentiate in a heartbeat betwixt the two. Then to PROVE the script is doing the work and not my human eye, I will video capture the execution thereof for you to see. I'm putting my money(and reputation) where my mouth is. Will you? "on the other hand if the system used the actually reliable checksum system employed for the verification of the stock files it would fall down in a similarly short period for similar reasons. simply changing the colour of my 255 red spiked skin to 254 red will alter its checksum to one which is not blacklisted in your system." Well, enough arguing. Put your money where your mouth is. (only those who never take on challenges, never lose... I'm prepared to.) If I turn out to be wrong then SO BE IT! We would then know that this is a failed method and lets move on to the next. I assume you as much as I wish to find the answers to this dilemma? Right? "since i am beginning to bore of this i will summarise it for you. you dont have a brain. you dont have any knowledge of system security so please dont invoke your "achievements" as anything of merit. your system does not address any known cheat so it is useless. please bless me with your comments script-boy. r3mix" System? I haven't even begun to start on such project. In fact I never said I had the time to take on such an undertaking. As far as SECURITY goes, NOBODY knows it all. In fact it seems every week Micro$haft has a new security update out for their various OS's and they WROTE the frikiin things. I will say this however, I've been a nix sysop for four years now and have yet to find anyone in my bawx. "ps. in addition to altering the actual TGA files to create "spiked" skins there may also be some use in altering the shader file. i do not know enough about skinning to know exactly what uses can be abused through the shader file, however it is a reasonable assumption that the usefullness of a cheat is far greater if the skin itself is altered to a bright colour rather that whatever effects the shader file employs." It's a very reasonable assumption. Changes are easily discernable via unix DIFF and DOS FC commands. Hexidecimal can aslo be used for other files types* r3mix,.... I'm going to try to apologize (never said "sorry" the 1st time but i figured you got my drift) AGAIN. I've been boozing it up, and i get a little pugnacious at such times. It would seem that we BOTH have been thinking much along the same lines and that somehow it wasn't acknowledged. Needless to say argiung between us WONT fix the problem. Putting our heads together (with others) might. Care to move on? ]NBK[ CAGE RATTLER ;)