How to the goddam game cheat-free

[ElTorito]

Headline correction: How to make the goddam game cheat free


Headline correction II: Idea TO and NOT How to make the goddam game cheat free


Well - excuse my swearing, but it comes from long time irritation and frustration (not that I strongly blame ID) from 1) cheaters and 2) the uncertainity that some was cheating or just good.

1) is obviuos, and...
2) are discussed, because it's postulated that there are few. I say, one is one to much... (well i think it's mostly wallhacks, but that's allso a strong cheat).

So I have been thinking that a good and secure method would be...

Slightly change the client code between each map, so that any external hooks (hacks) that rely on specific entry points and/or memory contents in the client code would render completely invalid.

The should be an arbitrary code-part that the client gets from the server (a few kb or so, that dl fast), at regular intervals - yes, even at every round maybe - but so that the client would not run without this internal update.

You name it, but understand the principle...

The method with Punkbuster - as far as I know - was to secure that the client code was original and unchanged (during game too - i guess). This was a more static method (program) that could be hacked..

Problem with control programs is, that thay are simply hacked themselves...

My suggestion is to constantly change the code so any attemts to interfear is impossible.

It is in essence, simply this kind of dynamics that makes is difficult to inccorporate cheats..

A simple analogy is the difficulty to track an inernet user with a dynamic IP-address.

My suggested method should then be several times stronger...

hows bout that...

[megaman3]

This guy is a god among men. He just solved an impossible programming riddle even without being a programmer or knowing english.

Easy ban btw. Look at his previous posts.

[Lorfa]

Slightly change the client code between each map, so that any external hooks (hacks) that rely on specific entry points and/or memory contents in the client code would render completely invalid.

The should be an arbitrary code-part that the client gets from the server (a few kb or so, that dl fast), at regular intervals - yes, even at every round maybe - but so that the client would not run without this internal update.

They will just add a routine into the injected code that waits for this info.

A program cannot operate with complete randomness, it must still behave the same way and it is this consistency that allows a hack to work.

Of course they could make their security better, but it would appear that they have very few resources to spend on the game in general. So they make some minor improvements here and there, and break current cheats, but the cheat authors always redo them and they have more time and energy to spend on making their cheats than the QL devs have to refute them.

[ElTorito]

tx for your response Lorfa..

I'm only outlining an idea that could be a plausible solution I intuitively think is the way aka some dynamics that is communicated between the server and client.

This is of course not a solution as the headline said... sry for that...It could sound arrogant...

Of course they could make their security better, but it would appear that they have very few resources to spend (on the game in general. So they make some minor improvements here and there, and break current cheats, but the cheat authors always redo them and they have more time and energy to spend on making their cheats than the QL devs have to refute them.

Yes, I also think that ID has the capability to do make some strong protection, but it's boiled down to time, energy and priority etc.

I've been a professional programmer many years. I have done a billion lines in x86 assembly code and I know the trick from the old DOS days when we hacked through the bios just to show we could beat the protection - lol.

I've been peeking into the released Quake mod making, but did'nt want to use the time. Instead I helped Maverick with his NoGhost mod (You can find me in his thanks list).

They will just add a routine into the injected code that waits for this info.

lol - I've done this many many times, waiting at some code point to get the cream.

Say the client recieves a piece of code and jump there to run this unknown code. The trick is make it impossibe to track what it is doing..Anyway it could require some dirty programming aka selfmodifying code which noone really likes.

A program cannot operate with complete randomness, it must still behave the same way and it is this consistency that allows a hack to work.

Naa - of course not - but it's possible the change jump-tables and/or relocates subroutines. This is of course not changing the behaviour, only how the things are placed.

Again I will use an example: The principle with cryptography are a public and private key where an interceptor cannot decode the message due to the interaction between the keys..

Some way it must be possible to make it quite a hell to hack a game that is online and capable of interchange data with a server.

I just try to give shot from what i have of knowledge...

[ElTorito]

This guy is a god among men. He just solved an impossible programming riddle even without being a programmer or knowing english.

Easy ban btw. Look at his previous posts.

sry YMCMB - I did'nt first realize that it could sound arrogant...

[BuzzBlade]

The things you are so trivially talking about are actually already invented and work in hardened linux... I know, I run this.

And to be honest the way proprietary drivers work you will never implement the said ideas w/o triggering the security mechanism somewhere along the chain, NVIDIA and ATI code for pretty colors and bloom, not security. Hardened linux developers often times discourage or block proprietary drivers because they are not designed by security programmers, terribly vulnerable and even a common programmer trying to suggest something outside the scope of management suggesting in house modification of existing API will most likely get shot down by a target goal set by a target budget not meant to include fancy pants coding and analysis. This is just touching the possibility that graphics drivers are a source of exploit...

You can't reinvent the wheel for a legacy game w/ a niche community making us offers we can't refuse to say afloat...

You can't even implement the existing wheel w/o a bunch of crazy overhead, like for example... no windows support BLAWL.

[ElTorito]

.
Yes the problem is, that the server cannot rely on the data from the client are not modified to the players advantage... (aim etc).

The most obvious - like superspeed - can be detected because of the apparent unnormal movement (location).

So the real solution is to secure no intervention in the game program, OS and protocol stack.

[sponge]

.So the real solution is to secure no intervention in the game program, OS and protocol stack.

If you can do this on average hardware, then you have just eliminated viruses, rootkits, and other malware forever, along with also creating the perfect anti-piracy scheme.