OpenArena Message Boards

OpenArena Contributions => Development => Topic started by: Logan on November 16, 2009, 06:06:56 am



Title: Punkbuster and programs like it for Open Arena?
Post by: Logan on November 16, 2009, 06:06:56 am
Hey,

Well I've seen my first real aimbot user tonight on the digichalk DM server.

His name was Aragone or something like that, he was a red lizard model.

He was very open about using one, and showed us how well it worked. He used gauntlet only for a while and them started using guns. Lots of people spectated him and were not impressed including myself.

My question is, can we expect to see something similar to Punkbuster that is built to keep cheaters out of the servers? Open Arena needs something like this, as cheaters like this will certainly cause problems and empty servers out.

I am happy to say I kept pace with him most of the time, to the point where he starts saying I'm cheating but I don't want to have to deal with people like that and shouldn't have too.

I don't know if this has been suggested before but It's really time to consider it. Cheaters in FPS are a real downer.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: sago007 on November 16, 2009, 07:19:50 am
There are no plans of a PunkBuster like application. By PunkBuster I mean an application that scans the memory of the client machines for known hacks.

Possible anti cheat measures could be a reputation system and/or an analysis of input.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Logan on November 16, 2009, 07:48:27 am

Possible anti cheat measures could be a reputation system and/or an analysis of input.


Please tell me more?


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: sago007 on November 16, 2009, 09:52:46 am
Please tell me more?
I have at times thought about a serverside way of fixing cheats - technically the correct way of fixing it.

The reputation system
During the last half year I have looked into this while working on my Master's Thesis. My work was about using it in wikis but I have a feeling that it could be used in games too. My idea is to assign a weight to all players. The weight should be based on different parameters: Time played, number and weight of players trying to kick you, number and weight of players you have tried to kick.

A super high weight can give semi-administrator rights or heavier weight to votes making it easier to remove cheaters.
Resetting guid will reset reputation back to nothing so bans based on guid makes more sense. Currently there is no punishment for resetting it.

Analysis of input
I want to use a neural network to identify if it is a human that is aiming. The neural network must support auto learning and different servers might have a different network making it almost impossible to create a reliable aimbot that will trick all servers. This will require a lot of learning data including a lot of really good players playing to help the neural network during the learning process. 


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Logan on November 16, 2009, 09:55:29 am

Analysis of input
I want to use a neural network to identify if it is a human that is aiming. The neural network must support auto learning and different servers might have a different network making it almost impossible to create a reliable aimbot that will trick all servers. This will require a lot of learning data including a lot of really good players playing to help the neural network during the learning process. 

Is this anything like quake live and its ability to place you among similar skill players?


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: sago007 on November 16, 2009, 10:07:19 am
Is this anything like quake live and its ability to place you among similar skill players?
I think the Quake Live system uses a chess-like ranking based on kill/death and points. I have thought about such a system too but not as an anti cheat measure.

I want to take all the mouse movement information recieved during the last 30 seconds and run them through a neural network. As output the neural network will give one of two possible results: 0=not using aimbot, 1=using aimbot. The reason I need a lot of differently skilled players is to learn the network that good players are not necessarily bots.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Falkland on November 16, 2009, 11:20:42 am
I want to take all the mouse movement information recieved during the last 30 seconds and run them through a neural network. As output the neural network will give one of two possible results: 0=not using aimbot, 1=using aimbot. The reason I need a lot of differently skilled players is to learn the network that good players are not necessarily bots.

This sounds really interesting :-)

BTW about the GUID change : actually there's a cvar in ioquake3 that should guarantee unique GUIDs ( cl_guidServerUniq "1" ... if set to 0 the GUID is always different ) for every server.

But what could happen if I will use the same config on another machine ? Will the GUID change or will it remain the same ?

The thing is relevant at least in 2 cases :
1. a player is using the same config of another player
2. a player changes its hardware equipment or the whole machine and it plans to use the same config on it.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: sago007 on November 16, 2009, 11:39:06 am
BTW about the GUID change : actually there's a cvar in ioquake3 that should guarantee unique GUIDs ( cl_guidServerUniq "1" ... if set to 0 the GUID is always different ) for every server.

cl_guidServerUniq does not give any guarenties. It just sends a different guid to every different server on a different IP address. That way servers cannot steal a guid because the guid is only valid for the current server.

guid is written in the q3config file and can be copied if the file is copied. In the future a better system might be introduced. Some people are talking about global stats... in that case the guid needs to be part of a certificate.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Falkland on November 16, 2009, 12:05:42 pm
BTW about the GUID change : actually there's a cvar in ioquake3 that should guarantee unique GUIDs ( cl_guidServerUniq "1" ... if set to 0 the GUID is always different ) for every server.

cl_guidServerUniq does not give any guarenties. It just sends a different guid to every different server on a different IP address. That way servers cannot steal a guid because the guid is only valid for the current server.

My fault ... I want to mean exactly this ... and I'd like to know if the guid generation could be different for the same server if the same config is used in different machines , with the actual system described in the ioquake3 README.

Quote
cl_guid Support
  cl_guid is a cvar which is part of the client's USERINFO string.  Its value
  is a 32 character string made up of [a-f] and [0-9] characters.  This
  value is pseudo-unique for every player.  Id's Quake 3 Arena client also
  sets cl_guid, but only if Punkbuster is enabled on the client.

  If cl_guidServerUniq is non-zero (the default), then this value is also
  pseudo-unique for each server a client connects to (based on IP:PORT of
  the server).

  The purpose of cl_guid is to add an identifier for each player on
  a server.  This value can be reset by the client at any time so it's not
  useful for blocking access.  However, it can have at least two uses in
  your mod's game code:
    1) improve logging to allow statistical tools to index players by more
       than just name
    2) granting some weak admin rights to players without requiring passwords

Anyway I will try to test it on my local test server :-)

guid is written in the q3config file.

Uhm ... not so in the system now : cl_guid is not declared as CVAR_ARCHIVE but as CVAR_ROM ( there's no trace of it on my config :/ )

Code:
// code/client/cl_main.c

...
CL_GenerateQKey();
Cvar_Get( "cl_guid", "", CVAR_USERINFO | CVAR_ROM );
CL_UpdateGUID( NULL, 0 );

Com_Printf( "----- Client Initialization Complete -----\n" );
}
...

In the future a better system might be introduced. Some people are talking about global stats... in that case the guid needs to be part of a certificate.

Yes of course , I perfectly agree here :-)

EDIT : anyway it's important to not use MD4/MD5 algorythms anymore because it's proved that both can be breakable and can generate collisions.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Logan on November 16, 2009, 07:55:32 pm
Interesting stuff. Hopefully something will come of this, besides discussion.
Down with cheaters!


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: SharpestTool on November 16, 2009, 08:17:59 pm
OAX has a non-rcon based server admin system...I'm working on implementing the !ban command to ban IP's simultaneously with the GUID.  Right now if you want to ban both the IP and the GUID, you have to execute the !ban command and using rcon, /addip.

We have options to fight and remove cheaters, please inform the server owners of them.

Without a Punkbuster like solution, we will have to have admins constantly on the look out and policing servers.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: dbX on November 17, 2009, 07:25:07 am
I encountered a cheater with an aim-bot the other day (or just a bot, can't really say if there was a person behind it). I think there was more to it, but can't really be sure. The dude just stood still and fragged people with unbelievable precision (instant targeting). I've been spectating a bit. The bot also changed it's name to that of other people (mine specifically) so it would be harder to kick it.

My point is, I think a good anti-cheat measure would be to disallow people to change their name into a name already used by someone on the same server. This would make them easier to kick. Unfortunately, this still does not prevent them from coming back.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: sago007 on November 17, 2009, 07:53:07 am
My point is, I think a good anti-cheat measure would be to disallow people to change their name into a name already used by someone on the same server. This would make them easier to kick. Unfortunately, this still does not prevent them from coming back.
0.8.5 will both prevent them from taking a name in use and prevent them from coming back.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: dbX on November 17, 2009, 07:59:14 am
0.8.5 will both prevent them from taking a name in use and prevent them from coming back.

This brings a temporary joy into my life :D


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: menganito on November 17, 2009, 11:25:52 am
The other day, we tried to kick a cheater from Super,CTF, the votes kept on passing but with no avail, until I checked the /serverstatus and the name was "nickname        ", instead of "nickname", it was only luck i discovered it, can spaces at the beginning and the end of a name be trimmed by the game? It would make getting rid of them slightly easier.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Falkland on November 17, 2009, 11:40:47 am
The other day, we tried to kick a cheater from Super,CTF, the votes kept on passing but with no avail, until I checked the /serverstatus and the name was "nickname        ", instead of "nickname", it was only luck i discovered it, can spaces at the beginning and the end of a name be trimmed by the game? It would make getting rid of them slightly easier.

Actually multiple spaces are treated as a single space ( or ignored ? I didn't remeber exactly :/ ) ... I think he used one or more TAB char indeed .

That's why I've proposed to not allow special chars in the nickname , only regular ASCII should be allowed [(a-z),(A-Z),(0-9), and some other chars ]


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: SharpestTool on November 17, 2009, 01:04:36 pm
Actually multiple spaces are treated as a single space ( or ignored ? I didn't remeber exactly :/ ) ... I think he used one or more TAB char indeed .

That's why I've proposed to not allow special chars in the nickname , only regular ASCII should be allowed [(a-z),(A-Z),(0-9), and some other chars ]

In normal Quake 3, and its derivative games, Punkbuster has this facility for this purpose.  Not too hard to implement in the code I believe.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Falkland on November 17, 2009, 01:12:58 pm
I've made for fun a small research once upon a time on Rainbow Forums to try knowing when ( in which period of the year ) and who was/is searching for game cheats in general :

- http://www.google.com/trends?q=aimbot
- http://www.google.com/trends?q=wallhack
- http://www.google.com/trends?q=game+cheat
- http://www.google.com/trends?q=autoaim
- http://www.google.com/trends?q=game+hook
- http://www.google.com/trends?q=wallhack%2Caimbot

Those data doesn't give exact infos about cheaters of course , but as you can see the latest quarter ( Sep-Dec ) of the year is the period in which the search volume increases , it maintains constant till the first months of the year ( Jan-Feb ) and then decreases again but never goes too down .

You can also select 2 other criteria to restrict the research per year and per zone and make an idea of where and who is searching for game cheats in general and when the cheaters presence impact could be higher in general.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: menganito on November 17, 2009, 02:57:25 pm
Actually multiple spaces are treated as a single space ( or ignored ? I didn't remeber exactly :/ ) ... I think he used one or more TAB char indeed .

I called a vote using spaces (i counted them in /serverstatus, thank God for monospace fonts), and it worked. The spaces seem to be ignored in the console output (there wasn't an extra space after his name in the "was fragegd by" messages), but apparently not when used as the argument.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Falkland on November 24, 2009, 05:14:20 pm
I want to mean exactly this ... and I'd like to know if the guid generation could be different for the same server if the same config is used in different machines , with the actual system described in the ioquake3 README.

Maybe I've found the answer :

- If cl_guidServerUniq is 0 , then the generation of cl_guid depends only of the qkey file ( random generated by ioquake3 ) and it should be the same for every server

- if cl_guidServerUniq is 1 , then the generation of cl_guid depends of the qkey file and the serverstring and it will be different for every server but the same for a single server.

Code:

/*
================
CL_Connect_f

================
*/
void CL_Connect_f( void ) {

...

if( cl_guidServerUniq->integer )
CL_UpdateGUID( serverString, strlen( serverString ) );
else
CL_UpdateGUID( NULL, 0 );

...

}

....

static void CL_UpdateGUID( const char *prefix, int prefix_len )
{
fileHandle_t f;
int len;

len = FS_SV_FOpenFileRead( QKEY_FILE, &f );
FS_FCloseFile( f );

if( len != QKEY_SIZE )
Cvar_Set( "cl_guid", "" );
else
Cvar_Set( "cl_guid", Com_MD5File( QKEY_FILE, QKEY_SIZE,
prefix, prefix_len ) );
}
...

So exchanging configs between users does not mean the same GUID , unless also the qkey is exchanged .

On the other side , to ensure that a user has the same GUID in each case ( cl_guidServerUniq 0 and cl_guidServerUniq 1 ) when switching to another machine , the qkey should be ported on the new/other machine.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: tuppe666 on November 25, 2009, 04:16:03 am
I hate topics like these. I think its my fundamental misunderstanding of why anyone would cheat is just lost on me. I play badly and am pleased when I get to the top place, and I know when I'm on form. I do understand cheating in adventure games/ infinite life's etc on single player games, simply because the balance is not always reasonable or the ai strong enough. I feel guilty when playing with top players simply because I am not giving the enough of a game.

I would rather effort be put into some league structure so I can see how I am improving. I will never be top, and would give teeth to banning if people really desire such things


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: WaspKiller on November 25, 2009, 10:31:56 pm
...guid is written in the q3config file and can be copied if the file is copied. In the future a better system might be introduced. Some people are talking about global stats... in that case the guid needs to be part of a certificate.

Without a Punkbuster like solution, we will have to have admins constantly on the look out and policing servers.

Cheating is a never ending source of problems.  It must be a disease because I have even seen ppl develop hacks to cheat on co-op games (Serious Sam and L4D) to increase their scores (lol).

Besides knowledgeable vigilance, Admins can also use a stats program like VSP (http://vsp.goquake.com/)  to "help" assist them in monitoring their server.  While I would not rely on a Stats program to prove someone is cheating, it could show which players might merit investigation, indicate the time period they tend to visit the server and also list their GUID and IP.

Example (http://www.goquake.com/80vsp/pub/themes/bismarck/index.php?config=cfg-default.php&sort=skill&order=DESC)


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Falkland on November 26, 2009, 04:10:01 pm
Cheating is a never ending source of problems.  It must be a disease because I have even seen ppl develop hacks to cheat on co-op games (Serious Sam and L4D) to increase their scores (lol).

Uhm ..maybe a desease , but I figure this much more such as a politic movement ( in the sense , cheating is illegal -> more and more cheaters -> cheaters will become the majority -> players leagues will be transformed into aimbots leagues and cheating will become legal ) ... I think so also because a group of cheat makers has opened their own sites and there are already more than 1 hundred of thousands of members :/

Maybe it's interesting reading also a thought of an "old" Urban Terror developer : http://forums.urbanterror.net/topic/15530-urbanterror-passport-anti-cheat/page__st__195__p__244204&#entry244204

Quote
I see cheaters in the same view as i would do a sport. When you have a CW you want to know that the game is fair. Your skill against theirs. While people dont wish to believe it, i'm sure quite a large amount of people are hacking in leagues right now. Good luck trying to catch them. But lets be frank here, some people want to win at any cost. When a new clan starts up, with unknown people "supposidly" and whipes the floor with well know clans, you begin to wonder just how the hell that works.

You cant trust anyone. I know that sounds trite, but its true. It is a proven fact people have a set of "E-Morols" which are separate from how they act and what they are willing to do in real life. Ask someone if they have ever stolen something. Most people would say never. Ask that same person, you watched the latest *insert your fav TV show here* on megavideo or downloaded it. Oh yeah definitely.

So while someone wont cheat at poker with there friends, they will use game cheats to beat them online. The psychology of all this is fascinating.




Besides knowledgeable vigilance, Admins can also use a stats program like VSP (http://vsp.goquake.com/)  to "help" assist them in monitoring their server.  While I would not rely on a Stats program to prove someone is cheating, it could show which players might merit investigation, indicate the time period they tend to visit the server and also list their GUID and IP.

Example (http://www.goquake.com/80vsp/pub/themes/bismarck/index.php?config=cfg-default.php&sort=skill&order=DESC)

There are also other similar stats systems , but most of the times trying to make some analysis , expecially when seeing impossible Frag:Die Ratio - 14.xx:1 , 11.30:1 , 11.82:1 - quite always means the player in object is good while who says he/she could be a cheater - conclusion at which he's coming after a post analysys -  is a noob.  And the tendence is to defend the possible cheater while destroying the "noob" .

If we can have more detailed stats ( CPM/OSP like ) stored on the server at the end of every match in a format of which parsing is easy to automate ( like CPMA that stores detailed stats in xml format ) , we could pass from investigating possible cheaters to spotting cheaters.

But I'm quite sure this will be not enough and the problem will pass from " we miss detailed stats " to " you cannot say I was cheating because you cannot see what I have in my PC" ... if we will have a PB-like system or a better system ( mouse input/kills analyzer ) there will be still someone claiming the the system is buggy , but it will be also much more difficult to substain his/her position by the other players ( friends ) .

I proposed once as an absurd hypotesys - or not at this point - to have aimbots coded into the game and eventually having the possibility to plug external aimbots , so to have servers in which all players can use aimbots and servers in which aimbots are not allowed.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Cacatoes on November 27, 2009, 10:07:04 am
Quote
I proposed once as an absurd hypotesys - or not at this point - to have aimbots coded into the game and eventually having the possibility to plug external aimbots , so to have servers in which all players can use aimbots and servers in which aimbots are not allowed.

You could, however if you plan to make some cheatless islands inside it, I think it will fail. The goal of a cheater is to get an advantage over other people, so I think they would try to find some way to play on these islands.

Cheating is a paradoxal position, because you do something and expect others not to do the same. This is why when you universalize it it is no longer valid, it turns legal as you say, or rather it turns as being the norm and loses its prior interest.

A computer's purpose is to automatize things, purpose of playing is to use our own human skill to achieve things. If players are mature enough, they know they have stick to these rules and wouldn't want to automatize more stuff than what's already inside the game. The more the computer does for you, the less the playing experience is interesting, as you no longer rely on that undeterministic thing which is human body ;) This is why cheaters are often bad players who can't rely on themselves while playing.
Videogames are always a compromise between what they allow you to do (using some engine to move some character with a mouse) and what is left for you to do. If you check games like sauerbrauten, they simple pushed a bit the barrier of what we would traditionnally expect from a FPS, and allows things which would be considered cheating in other games.

This is why I think technical measures to prevent cheating are useless, because computers are designed to automatize things, so you can't prevent it from fullfiling its role ;)
That said, people who cheat are enough of a minority to allow you to find people who don't want to do that, and be able to play with them. Maybe the best you can do is to allow people to choose who they want to play with.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Airwolf on December 01, 2009, 06:51:16 am
This is why I think technical measures to prevent cheating are useless, because computers are designed to automatize things, so you can't prevent it from fullfiling its role ;)
That said, people who cheat are enough of a minority to allow you to find people who don't want to do that, and be able to play with them. Maybe the best you can do is to allow people to choose who they want to play with.

True, that is why a good voting and kicking system is a must, and also stats could be a really good aid for admins to study really suspicious individuals. Also the reputation system is a great idea, since you could also weight a vote based on reputation. For example a player known for long with a very good reputation in a server has a much "heavier" vote than someone who is on the server for the first time.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Styx on December 01, 2009, 10:04:19 am
on my server in tremulous, we have an admin system.  we have enough admins so that one is almost always on, and admins can kick/ban players.  we also have a modified wallhack which admins can use while spectating a player, to see if they have a wallhack on.  we also have our super-secret aimbot detection helper which i may or may not be able to share.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Logan on December 01, 2009, 10:06:56 am
on my server in tremulous, we have an admin system.  we have enough admins so that one is almost always on, and admins can kick/ban players.  we also have a modified wallhack which admins can use while spectating a player, to see if they have a wallhack on.  we also have our super-secret aimbot detection helper which i may or may not be able to share.

Sounds like you guys have it all figured out. I imagine that tremulous has a much bigger community of players than OA. The more dedicated players there are, the more secure a server can be.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Falkland on December 01, 2009, 10:35:33 am
This is why I think technical measures to prevent cheating are useless, because computers are designed to automatize things, so you can't prevent it from fullfiling its role ;)

Prevention has to deal mainly with the initial design rules of a project ; developers cannot do much after a prototype has become serial/standard and the main holes/limits of the project has revealed themselves. Most of the cheats make use of the software holes and almost of the original design holes.

For example , if you try to play on q3dm17 in both mode VQ3 and CPM against a CPMA bot at level 100 ( which action is really really close to an aimbot - autoshot on opponent spawn , opponent position predict , impossible aim ) you will see how easy the bot hit you/predict your position in VQ3 while if you know enough of air control in CPM , you will see less bot hits over target while you are in air.

A technical measure against cheating like a detect system will not stop cheat development. But it should prevent the use of known cheats.

Another example is about cl_yawspeed/cl_pitchspeed value : both cvars were declared cheat protected and locked to their default value in QL with an update they've made in september.

With this "technical measure" they've stopped the use of RJ , CJ , strafe scripts. You could find a bunch of threads on QL forum about this : many players have stopped their easy attitude of owning mostly in CTF matches with map-tuned RJs.

And a final tought about cheat makers/users : I've read many times here but also elsewhere call them "hackers".

They should be defined CRACKERS because they are not interested to make a software/something else better , but to corrupt/revert/destroying its functionality.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Styx on December 01, 2009, 06:47:43 pm
on my server in tremulous, we have an admin system.  we have enough admins so that one is almost always on, and admins can kick/ban players.  we also have a modified wallhack which admins can use while spectating a player, to see if they have a wallhack on.  we also have our super-secret aimbot detection helper which i may or may not be able to share.

Sounds like you guys have it all figured out. I imagine that tremulous has a much bigger community of players than OA. The more dedicated players there are, the more secure a server can be.

i am not sure about how big the openarena community is (since i'm still somewhat new here) but i think the tremulous community is about the same size.  we have lost a lot of players lately (but hopefully will get more with 1.2)


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Logan on December 01, 2009, 07:14:11 pm
I think the community was a lot bigger in the past than it is now. The servers I play on have the same people all the time, or the servers are dead.
The amount of people on this forum don't really reflect the players in game, I have never played the majority of the people who post here.
I would blame the slow progress on releases for the decrease in players. Most of the people who play including myself are getting really bored of the same maps and graphics all the time.


Title: Re: Punkbuster and programs like it for Open Arena?
Post by: Falkland on December 02, 2009, 09:13:03 am
...  we also have a modified wallhack which admins can use while spectating a player, to see if they have a wallhack on. 

I think this is also available for UrT.

Quote
... we also have our super-secret aimbot detection helper which i may or may not be able to share.

Which kind of detection helper ?
Passive detection or active detection ( movement and hits analysis ) or what else ?