Idea for anti-cheating program
Moderator: Moderators
-
maverick256
- Posts: 115
- Joined: 21 Sep 2004, 19:41
How easy is it to get a computer's mac address over the network? If it's not too hard (I think not, but I don't know much about networking, and I don't know if modems have mac addresses), use that as identification for each computer. I'm sure no cheater would want to buy a new network card everytime he changes his nickname.
-
maverick256
- Posts: 115
- Joined: 21 Sep 2004, 19:41
Impossible
Without simulating the entire game at some time (after or during) it is impossible to achieve any reasonable degree of cheating detection in a map with enabled fog-of-war. Anyone disagree?
A "Punkbuster" equivalent would take far too much effort away from making the game better.
If you don't mind finding out after, all it requires is everyone passing all their saved commands to each other and everyone rerunning the simulation after, with the ability to save and run later (say, after you have gone to bed). While this is a fair amount of work, it isn't too bad. Not nearly as much effort as trying to validate every client.
For ladders, if people want to pay a couple $/month, third-party servers could be set up for "official conflict arbitration". You say 90 damage, he says 70, server agrees with you and sets at 90, clients update with value.
A "Punkbuster" equivalent would take far too much effort away from making the game better.
If you don't mind finding out after, all it requires is everyone passing all their saved commands to each other and everyone rerunning the simulation after, with the ability to save and run later (say, after you have gone to bed). While this is a fair amount of work, it isn't too bad. Not nearly as much effort as trying to validate every client.
For ladders, if people want to pay a couple $/month, third-party servers could be set up for "official conflict arbitration". You say 90 damage, he says 70, server agrees with you and sets at 90, clients update with value.
-
PauloMorfeo
- Posts: 2004
- Joined: 15 Dec 2004, 20:53
Well, it was an idea. And you were actually right. It is the fisical address of the card that is assigned to it and that probably no other card (or any other network device) in the world will have.maverick256 wrote:I'll remember not to blab out next time on something I know little about. I always thought Mac address is a hardware address. Oops
I also thought that it couldn't be changed but, it can. That's somewhat weird and makes life easier for hackers. But it also makes life easier for some networking issues.
Firmware is NOT that easy of a solution... there is nothing, to my knowlege, that ammounts to a unique CPU/Motherboard serial #. Some CPUs have CPUID instruction but it can be turned off... motherboards do not come with a serial number that is readable, so far as I've seen at least... some might, but not all. The BIOS string is not a serial number, it more strongly correlates to the mfg. date of the BIOS, the feature set, etc etc.
HDD's do not always have serial #s that can be read... the volume # is not a serial # and it all you have to do to change it is open the drive in a hex editor... yes, there are ways to get manufactuerer info, including serial #, but I have only seen this for IDE, I think I mightve run across a SCSI one... network drives don't work.
monitor and/or video card serial # is possibility but again, there might be exceptions here... if the monitor is not VESA then it might not work (VESA to my knowlege governs the way the monitor / system communicate so if monitor is not VESA you don't have standardized way of knowing what it's telling you). I do have some info on getting a monitor serial #, it's not hard to find, but I won't post it here out of concientiousness.. one of the devs can pm me if they want and I'll give em the link.
HDD's do not always have serial #s that can be read... the volume # is not a serial # and it all you have to do to change it is open the drive in a hex editor... yes, there are ways to get manufactuerer info, including serial #, but I have only seen this for IDE, I think I mightve run across a SCSI one... network drives don't work.
monitor and/or video card serial # is possibility but again, there might be exceptions here... if the monitor is not VESA then it might not work (VESA to my knowlege governs the way the monitor / system communicate so if monitor is not VESA you don't have standardized way of knowing what it's telling you). I do have some info on getting a monitor serial #, it's not hard to find, but I won't post it here out of concientiousness.. one of the devs can pm me if they want and I'll give em the link.
-
maverick256
- Posts: 115
- Joined: 21 Sep 2004, 19:41
and that is going help You in what way ? just take look at ranges of Deustche telecom and You will get the point it's waste of energy ...Xon wrote:Thats why you should have support for banning IP rangesDwarden wrote:Banned IPs? You think it's effective ? Give me break ... Most of cheaters today sit on ISP with dynamic IP ranges (modem, cable, ADSL etc) ...
maverick ... using MAC address is waste of time ... could be changed easily in most devices and in any modern OS ...
-
maverick256
- Posts: 115
- Joined: 21 Sep 2004, 19:41
well, when you change the Mac address, it is only changing the address the OS reports, not the actual hardware Mac address embedded in the networking card (or am I mistaken?). That's why I say if you can somehow get at the hardware Mac address it can work (but I guess that's not easy). And yes, banning IP ranges doesn't work well, and can potentially lead to misban on innocent players.
MAC address isn't really the best option.
Once I ghosted several machines with the same Windows XP image. They all ended having the same MAC address. Assigning IP addresses from a DHCP server through MAC addresses was... bad. At least the ghosted Linux machines worked well.
Also I don't think you can get the address directly from the card since the operational system protects the hardware. You have to ask the OS first.
.
About the "I'll only play with my friends" commentary, you may do that but that's not a reason to make a program w/o security. We're good programmers after all
With that said, I think it's possible to help those "play with friend" cases. The player could mark the other player as Trusted, thus avoiding aditional cheating checks. That way it won't waste the precious computer resources.
-----------------
Ok, before asking how we stop them, may I ask how would they cheat? Introduce me to a Cheating 101.
Once I ghosted several machines with the same Windows XP image. They all ended having the same MAC address. Assigning IP addresses from a DHCP server through MAC addresses was... bad. At least the ghosted Linux machines worked well.
Also I don't think you can get the address directly from the card since the operational system protects the hardware. You have to ask the OS first.
.
About the "I'll only play with my friends" commentary, you may do that but that's not a reason to make a program w/o security. We're good programmers after all
With that said, I think it's possible to help those "play with friend" cases. The player could mark the other player as Trusted, thus avoiding aditional cheating checks. That way it won't waste the precious computer resources.
-----------------
Ok, before asking how we stop them, may I ask how would they cheat? Introduce me to a Cheating 101.
Re: Idea for anti-cheating program
I think it's the wrong aproach : beter build a network of trusted & user-generated IDs than generating systematic IDs.Dwarden wrote:(combined strong hash of HDD serial number, motherboard serial number, videocard serial number etc)
Lets think about PGP applied to gaming "account" :
-A new player generates a key pair, giving it a pass phrase
-He starts the game, entering his pass phrase
The key pair is used to authenticate and maybe crypt the connection (could be quite slow though).
There are built-in god things : players that knows eachother can sign their keys, building the famous "trust network". Someone cheating would spend his time generating soon-banned keys while regular players would gather "key signatures" and would become more and more trusted. If such trusted key pair + passphrase were stolen, it could be revoked the usual way.
And most important the authentication hasn't to be centralised. The pass phrase is "hold" in the private key (th private key can only be used with the pass phrase) and the public key is sent when 2 peers start exchanging data, so we don't even need a public-key directory.
And to the user, it would be like creating an usual account : "What is your login", "What is your pass phrase", "There are your account files, don't make everybody get them. There is the file you can use to revoke your account in case it gets stolen, put it safe somewhere". They don't even need to know they are using cryptography.
[EDIT]reformulated some parts, added some ideas[/EDIT]
Last edited by Subdino on 15 May 2005, 16:12, edited 1 time in total.
I don't think it's a good idea at all.10053r wrote:You could add a "just kidding" to the network protocol.
First, it would make the server's bandwith use explode with useless data.
Second, playing the "obfuscation by mass" - or any obfuscation of any kind except cryptography - in an open-source game is a definitelly wrong idea - as it was pointed out before.
Keep it clean, keep it simple.
Make unauthorised reading and, most important, modification of data packets impossible - so we get back to the asymetric cyphering stuff, like PGP.