[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Open Source Games and Cheating - a paradoxum?

Joachim Breitner wrote:
>My train of thought starts here: Open Source will not
>require local changes to the game to run and modified
>versions will have to to be able to connect to
certain >servers.  But the mainstream which will get
table >packaged versions must be stopped from running
>modified >versions on public servers (the servers you
>usually play >and where tournaments - partly with
real >money prizes - >are held). So we need a way for
the >server to tell if >the client is modified

You can not do this.  Quake3 hashes itself before
starting, and then uses this hash for checksumming all
outgoing network communications.  This is why when bot
developers originally tried to modify the q3
executable, they failed, as the server would boot them
and they had no idea why.  In June 2002, I released
the  Online Gaming Cheats Quake3
Bot[http://ogc.ath.cx].  Within a month, my bot became
so rampant in quake3 that ID software was forced to
release a new version with "integrated anti-cheat
technology", even though they announced a year before
that they would not release any more updates for
quake3.  So now quake3 contains a program called
"punkbuster"[http://www.evenbalance.com], which is
subcontracted by ID software for the sole purpose of
stopping my bot.  In theory, their design seems
impossible to break - they have an autoupdate system
which automatically downloads the anticheat modules
and so can update very quickly and frequently when a
new cheat comes out.  It seems like this would pretty
much end public cheats, right? Wrong. I also coded an
autoupdate system into my bot, so now my bot wraps the
anticheat module loader and hashes it, then looks up
for "anti-anti-cheat definitions" in its database for
this hash, and if it doesnt have them, downloads them
from the master OGC site.  Now, their autoupdate
system is reduced to nothing, they release an update,
and 5 minutes later I have an update out which NOP's
out their cheat-scanning routines.  This tactic of
anticheat disabling rather than evasion has so broken
their design that they even changed their EULA to
allow them to ban users of my cheat across all servers
globally(which so far, has not happened to one of my
users yet).  

You can not, and will not, ever, stop online cheating.
 Closed source is no more secure than open-source to
someone who can read assembly faster than C.  All you
can do is hope that your game sucks and won't attract
hackers.  By the way, the code for the bot I wrote and
described in this email can be found at
http://ogc.ath.cx, so you can see for yourself just
how easy it is to beat any kind of anti-cheat system.


Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

Reply to: