OpenArena Message Boards

Hey,

Well I've seen my first real aimbot user tonight on the digichalk DM server.

His name was Aragone or something like that, he was a red lizard model.

He was very open about using one, and showed us how well it worked. He used gauntlet only for a while and them started using guns. Lots of people spectated him and were not impressed including myself.

My question is, can we expect to see something similar to Punkbuster that is built to keep cheaters out of the servers? Open Arena needs something like this, as cheaters like this will certainly cause problems and empty servers out.

I am happy to say I kept pace with him most of the time, to the point where he starts saying I'm cheating but I don't want to have to deal with people like that and shouldn't have too.

I don't know if this has been suggested before but It's really time to consider it. Cheaters in FPS are a real downer.

There are no plans of a PunkBuster like application. By PunkBuster I mean an application that scans the memory of the client machines for known hacks.

Possible anti cheat measures could be a reputation system and/or an analysis of input.

Please tell me more?

I have at times thought about a serverside way of fixing cheats - technically the correct way of fixing it.

The reputation system
During the last half year I have looked into this while working on my Master's Thesis. My work was about using it in wikis but I have a feeling that it could be used in games too. My idea is to assign a weight to all players. The weight should be based on different parameters: Time played, number and weight of players trying to kick you, number and weight of players you have tried to kick.

A super high weight can give semi-administrator rights or heavier weight to votes making it easier to remove cheaters.
Resetting guid will reset reputation back to nothing so bans based on guid makes more sense. Currently there is no punishment for resetting it.

Analysis of input
I want to use a neural network to identify if it is a human that is aiming. The neural network must support auto learning and different servers might have a different network making it almost impossible to create a reliable aimbot that will trick all servers. This will require a lot of learning data including a lot of really good players playing to help the neural network during the learning process. 

Is this anything like quake live and its ability to place you among similar skill players?

I think the Quake Live system uses a chess-like ranking based on kill/death and points. I have thought about such a system too but not as an anti cheat measure.

I want to take all the mouse movement information recieved during the last 30 seconds and run them through a neural network. As output the neural network will give one of two possible results: 0=not using aimbot, 1=using aimbot. The reason I need a lot of differently skilled players is to learn the network that good players are not necessarily bots.

This sounds really interesting :-)

BTW about the GUID change : actually there's a cvar in ioquake3 that should guarantee unique GUIDs ( cl_guidServerUniq "1" ... if set to 0 the GUID is always different ) for every server.

But what could happen if I will use the same config on another machine ? Will the GUID change or will it remain the same ?

The thing is relevant at least in 2 cases :
1. a player is using the same config of another player
2. a player changes its hardware equipment or the whole machine and it plans to use the same config on it.

cl_guidServerUniq does not give any guarenties. It just sends a different guid to every different server on a different IP address. That way servers cannot steal a guid because the guid is only valid for the current server.

guid is written in the q3config file and can be copied if the file is copied. In the future a better system might be introduced. Some people are talking about global stats... in that case the guid needs to be part of a certificate.

My fault ... I want to mean exactly this ... and I'd like to know if the guid generation could be different for the same server if the same config is used in different machines , with the actual system described in the ioquake3 README.


Anyway I will try to test it on my local test server :-)


Uhm ... not so in the system now : cl_guid is not declared as CVAR_ARCHIVE but as CVAR_ROM ( there's no trace of it on my config :/ )



Yes of course , I perfectly agree here :-)

EDIT : anyway it's important to not use MD4/MD5 algorythms anymore because it's proved that both can be breakable and can generate collisions.

Interesting stuff. Hopefully something will come of this, besides discussion.
Down with cheaters!

OAX has a non-rcon based server admin system...I'm working on implementing the !ban command to ban IP's simultaneously with the GUID.  Right now if you want to ban both the IP and the GUID, you have to execute the !ban command and using rcon, /addip.

We have options to fight and remove cheaters, please inform the server owners of them.

Without a Punkbuster like solution, we will have to have admins constantly on the look out and policing servers.

I encountered a cheater with an aim-bot the other day (or just a bot, can't really say if there was a person behind it). I think there was more to it, but can't really be sure. The dude just stood still and fragged people with unbelievable precision (instant targeting). I've been spectating a bit. The bot also changed it's name to that of other people (mine specifically) so it would be harder to kick it.

My point is, I think a good anti-cheat measure would be to disallow people to change their name into a name already used by someone on the same server. This would make them easier to kick. Unfortunately, this still does not prevent them from coming back.

0.8.5 will both prevent them from taking a name in use and prevent them from coming back.

This brings a temporary joy into my life :D

The other day, we tried to kick a cheater from Super,CTF, the votes kept on passing but with no avail, until I checked the /serverstatus and the name was "nickname        ", instead of "nickname", it was only luck i discovered it, can spaces at the beginning and the end of a name be trimmed by the game? It would make getting rid of them slightly easier.

Actually multiple spaces are treated as a single space ( or ignored ? I didn't remeber exactly :/ ) ... I think he used one or more TAB char indeed .

That's why I've proposed to not allow special chars in the nickname , only regular ASCII should be allowed [(a-z),(A-Z),(0-9), and some other chars ]

In normal Quake 3, and its derivative games, Punkbuster has this facility for this purpose.  Not too hard to implement in the code I believe.

I've made for fun a small research once upon a time on Rainbow Forums to try knowing when ( in which period of the year ) and who was/is searching for game cheats in general :

- http://www.google.com/trends?q=aimbot
- http://www.google.com/trends?q=wallhack
- http://www.google.com/trends?q=game+cheat
- http://www.google.com/trends?q=autoaim
- http://www.google.com/trends?q=game+hook
- http://www.google.com/trends?q=wallhack%2Caimbot

Those data doesn't give exact infos about cheaters of course , but as you can see the latest quarter ( Sep-Dec ) of the year is the period in which the search volume increases , it maintains constant till the first months of the year ( Jan-Feb ) and then decreases again but never goes too down .

You can also select 2 other criteria to restrict the research per year and per zone and make an idea of where and who is searching for game cheats in general and when the cheaters presence impact could be higher in general.

I called a vote using spaces (i counted them in /serverstatus, thank God for monospace fonts), and it worked. The spaces seem to be ignored in the console output (there wasn't an extra space after his name in the "was fragegd by" messages), but apparently not when used as the argument.

Maybe I've found the answer :

- If cl_guidServerUniq is 0 , then the generation of cl_guid depends only of the qkey file ( random generated by ioquake3 ) and it should be the same for every server

- if cl_guidServerUniq is 1 , then the generation of cl_guid depends of the qkey file and the serverstring and it will be different for every server but the same for a single server.


So exchanging configs between users does not mean the same GUID , unless also the qkey is exchanged .

On the other side , to ensure that a user has the same GUID in each case ( cl_guidServerUniq 0 and cl_guidServerUniq 1 ) when switching to another machine , the qkey should be ported on the new/other machine.

I hate topics like these. I think its my fundamental misunderstanding of why anyone would cheat is just lost on me. I play badly and am pleased when I get to the top place, and I know when I'm on form. I do understand cheating in adventure games/ infinite life's etc on single player games, simply because the balance is not always reasonable or the ai strong enough. I feel guilty when playing with top players simply because I am not giving the enough of a game.

I would rather effort be put into some league structure so I can see how I am improving. I will never be top, and would give teeth to banning if people really desire such things

Cheating is a never ending source of problems.  It must be a disease because I have even seen ppl develop hacks to cheat on co-op games (Serious Sam and L4D) to increase their scores (lol).

Besides knowledgeable vigilance, Admins can also use a stats program like VSP (http://vsp.goquake.com/)  to "help" assist them in monitoring their server.  While I would not rely on a Stats program to prove someone is cheating, it could show which players might merit investigation, indicate the time period they tend to visit the server and also list their GUID and IP.

Example (http://www.goquake.com/80vsp/pub/themes/bismarck/index.php?config=cfg-default.php&sort=skill&order=DESC)

Uhm ..maybe a desease , but I figure this much more such as a politic movement ( in the sense , cheating is illegal -> more and more cheaters -> cheaters will become the majority -> players leagues will be transformed into aimbots leagues and cheating will become legal ) ... I think so also because a group of cheat makers has opened their own sites and there are already more than 1 hundred of thousands of members :/

Maybe it's interesting reading also a thought of an "old" Urban Terror developer : http://forums.urbanterror.net/topic/15530-urbanterror-passport-anti-cheat/page__st__195__p__244204&#entry244204






There are also other similar stats systems , but most of the times trying to make some analysis , expecially when seeing impossible Frag:Die Ratio - 14.xx:1 , 11.30:1 , 11.82:1 - quite always means the player in object is good while who says he/she could be a cheater - conclusion at which he's coming after a post analysys -  is a noob.  And the tendence is to defend the possible cheater while destroying the "noob" .

If we can have more detailed stats ( CPM/OSP like ) stored on the server at the end of every match in a format of which parsing is easy to automate ( like CPMA that stores detailed stats in xml format ) , we could pass from investigating possible cheaters to spotting cheaters.

But I'm quite sure this will be not enough and the problem will pass from " we miss detailed stats " to " you cannot say I was cheating because you cannot see what I have in my PC" ... if we will have a PB-like system or a better system ( mouse input/kills analyzer ) there will be still someone claiming the the system is buggy , but it will be also much more difficult to substain his/her position by the other players ( friends ) .

I proposed once as an absurd hypotesys - or not at this point - to have aimbots coded into the game and eventually having the possibility to plug external aimbots , so to have servers in which all players can use aimbots and servers in which aimbots are not allowed.

You could, however if you plan to make some cheatless islands inside it, I think it will fail. The goal of a cheater is to get an advantage over other people, so I think they would try to find some way to play on these islands.

Cheating is a paradoxal position, because you do something and expect others not to do the same. This is why when you universalize it it is no longer valid, it turns legal as you say, or rather it turns as being the norm and loses its prior interest.

A computer's purpose is to automatize things, purpose of playing is to use our own human skill to achieve things. If players are mature enough, they know they have stick to these rules and wouldn't want to automatize more stuff than what's already inside the game. The more the computer does for you, the less the playing experience is interesting, as you no longer rely on that undeterministic thing which is human body ;) This is why cheaters are often bad players who can't rely on themselves while playing.
Videogames are always a compromise between what they allow you to do (using some engine to move some character with a mouse) and what is left for you to do. If you check games like sauerbrauten, they simple pushed a bit the barrier of what we would traditionnally expect from a FPS, and allows things which would be considered cheating in other games.

This is why I think technical measures to prevent cheating are useless, because computers are designed to automatize things, so you can't prevent it from fullfiling its role ;)
That said, people who cheat are enough of a minority to allow you to find people who don't want to do that, and be able to play with them. Maybe the best you can do is to allow people to choose who they want to play with.

True, that is why a good voting and kicking system is a must, and also stats could be a really good aid for admins to study really suspicious individuals. Also the reputation system is a great idea, since you could also weight a vote based on reputation. For example a player known for long with a very good reputation in a server has a much "heavier" vote than someone who is on the server for the first time.

on my server in tremulous, we have an admin system.  we have enough admins so that one is almost always on, and admins can kick/ban players.  we also have a modified wallhack which admins can use while spectating a player, to see if they have a wallhack on.  we also have our super-secret aimbot detection helper which i may or may not be able to share.

Sounds like you guys have it all figured out. I imagine that tremulous has a much bigger community of players than OA. The more dedicated players there are, the more secure a server can be.

Prevention has to deal mainly with the initial design rules of a project ; developers cannot do much after a prototype has become serial/standard and the main holes/limits of the project has revealed themselves. Most of the cheats make use of the software holes and almost of the original design holes.

For example , if you try to play on q3dm17 in both mode VQ3 and CPM against a CPMA bot at level 100 ( which action is really really close to an aimbot - autoshot on opponent spawn , opponent position predict , impossible aim ) you will see how easy the bot hit you/predict your position in VQ3 while if you know enough of air control in CPM , you will see less bot hits over target while you are in air.

A technical measure against cheating like a detect system will not stop cheat development. But it should prevent the use of known cheats.

Another example is about cl_yawspeed/cl_pitchspeed value : both cvars were declared cheat protected and locked to their default value in QL with an update they've made in september.

With this "technical measure" they've stopped the use of RJ , CJ , strafe scripts. You could find a bunch of threads on QL forum about this : many players have stopped their easy attitude of owning mostly in CTF matches with map-tuned RJs.

And a final tought about cheat makers/users : I've read many times here but also elsewhere call them "hackers".

They should be defined CRACKERS because they are not interested to make a software/something else better , but to corrupt/revert/destroying its functionality.

i am not sure about how big the openarena community is (since i'm still somewhat new here) but i think the tremulous community is about the same size.  we have lost a lot of players lately (but hopefully will get more with 1.2)

I think the community was a lot bigger in the past than it is now. The servers I play on have the same people all the time, or the servers are dead.
The amount of people on this forum don't really reflect the players in game, I have never played the majority of the people who post here.
I would blame the slow progress on releases for the decrease in players. Most of the people who play including myself are getting really bored of the same maps and graphics all the time.

I think this is also available for UrT.


Which kind of detection helper ?
Passive detection or active detection ( movement and hits analysis ) or what else ?