Pages: [1] 2 3 4
  Print  
Author Topic: Open Arena Aimbot  (Read 102145 times)
h4x0r_007
CHEATER
THIS ONE POST HERE SHOULD DO IT.


Cakes -3
Posts: 1



« on: January 04, 2012, 05:27:56 PM »

DISCLAIMER:
For educational use only.
DO NOT USE ON MULTIPLAYER.
I am not responsible for botters. By using this bot, you agree not hold me responsible for anything that goes wrong, even if you are banned or your PC blows up Grin .
This aimbot is excellent for playing with Nightmare bots.
-
Download Link (Remember, for educational purposes ONLY!)
-
« Last Edit: January 04, 2012, 07:21:14 PM by fromhell » Logged
WingedPanther
Member


Cakes 4
Posts: 190



« Reply #1 on: January 04, 2012, 05:53:04 PM »

While the source code might be educational, an executable that only runs on the system I do NOT use for playing OpenArena is far from it.
Logged

Programming is a branch of mathematics.
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #2 on: January 04, 2012, 07:22:28 PM »

"educational" is not a justifiable excuse for multiplayer cheats
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
SooKee
Nub


Cakes 5
Posts: 37



« Reply #3 on: January 04, 2012, 08:13:56 PM »

Here kids have some candy... for educational purposes only... DO NOT EAT!
Logged

- SooKee QuakeNet: #openarenahelp
Neon_Knight
In the year 3000
***

Cakes 49
Posts: 3775


Trickster God.


« Reply #4 on: January 04, 2012, 08:20:59 PM »

Here's a PC, it only contains educational programs. DON'T USE IT!

(?)
Logged


"Detailed" is nice, but if it gets in the way of clarity, it ceases being a nice addition and becomes a problem. - TVT
Want to contribute? Read this.
WaspKiller
Bigger member


Cakes 8
Posts: 159



WWW
« Reply #5 on: January 04, 2012, 09:12:01 PM »

...This aimbot is excellent for playing with Nightmare bots...


So you get to beat Nightmare bots (only... never humans... lol) by using a cheat and this will make you... happy? superior? confident? talented? admired? brimming with self-esteem?


All I can do is laugh.  The words; loser, sad, pathetic, don't even do justice to such a piece of sh*t.


Maybe I can be self-righteous because I have always been good at Quake games and gaming in general.  But even games where I did not do quite as well, it never occurred to me to cheat.  Instead, I moved on.  There is at least one game/mod out there, of the tens of thousands that exist, that you have to be good at.

Here you have someone who could be creating or contributing to something useful, assuming he is the author of the deleted code, but instead turns his coding skills to the dark side.
Logged



Calm is for LOSERS!  ANGER fuels my game and btw you're NEXT!
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #6 on: January 04, 2012, 09:35:48 PM »

i've never investigated the link, but i'm betting it's the same stuff allcoholic wrote. perhaps this is even allcoholic
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
Gig
In the year 3000
***

Cakes 45
Posts: 4394


WWW
« Reply #7 on: January 05, 2012, 02:58:46 AM »

I did not download the file, but I've seen the youtube video (that links the file in the description Sad ) during map loading screen, it mentions a certain "King-Orgy". I don't know if it is the previous hack you knew or another one.

Of course, in a game like OpenArena cheating is pointless. You don't need to beat bots at nightmare level in order to unlock all tiers. And, seeing the video, that aimbot seems to me to make the game not enjoyable: you are running in a direction, then someone spawns next to you, and in the next frame you get yourself facing in the opposite direction from where you wanted to go, forced to look at him. Confusing.
« Last Edit: January 05, 2012, 07:52:08 AM by Gig » Logged

I never want to be aggressive, offensive or ironic with my posts. If you find something offending in my posts, read them again searching for a different mood there. If you still see something bad with them, please ask me infos. I can be wrong at times, but I never want to upset anyone.
RMF
Member


Cakes 12
Posts: 694



« Reply #8 on: January 05, 2012, 07:16:13 AM »

Fromhell, server admins might be interested in his IP to ban him Tongue. Maybe post it publicly? Cheaters don't deserve privacy nor a server to cheat on, imo.


I'm sending Edit: I've sent an e-mail to abuse@mediafire, I hope they'll remove it.
Logged
7
Member


Cakes 7
Posts: 278


Is 7 up?


« Reply #9 on: January 05, 2012, 08:41:06 AM »

Was it a real bot or a hacked client? If it was a real bot then there is nothing to learn here except that the author is a script kiddie who doesn't know what he's doing and probably copy&pasted code from the various Q3 bots out there.
Logged

I'm on the ten most wanted list, I've got it dead in the groove.
My face is on every wanted poster in town, for the way I move.
Neon_Knight
In the year 3000
***

Cakes 49
Posts: 3775


Trickster God.


« Reply #10 on: January 05, 2012, 09:19:20 AM »

You have to be quite pathetic to use wallhacks, aimbots and the like.

Cheats are bad, mmmkay?

Logged


"Detailed" is nice, but if it gets in the way of clarity, it ceases being a nice addition and becomes a problem. - TVT
Want to contribute? Read this.
RMF
Member


Cakes 12
Posts: 694



« Reply #11 on: January 05, 2012, 09:24:45 AM »

Was it a real bot or a hacked client? If it was a real bot then there is nothing to learn here except that the author is a script kiddie who doesn't know what he's doing and probably copy&pasted code from the various Q3 bots out there.
By hacked client, do you mean a modded version of openarena which included an aimbot?
The download was around 80KB in size and was named something like "OpenArenaClientHook.zip", which included an exe and dll with the same name. Looking at the video, it seems it is the same aimbot as the one ported from another ioQ3 game to OA a few years ago.
Logged
WaspKiller
Bigger member


Cakes 8
Posts: 159



WWW
« Reply #12 on: January 05, 2012, 09:30:10 AM »

Fromhell, server admins might be interested in his IP to ban him Tongue. Maybe post it publicly? Cheaters don't deserve privacy nor a server to cheat on, imo.

I'm sending Edit: I've sent an e-mail to abuse@mediafire, I hope they'll remove it.


F1.


Since OA does not have any Anti-Cheat software, Admins should have a central clearing house (in a sticky thread here) where they can share and download a Community PermaBan list (something akin to what they do in Urban Terror).  Note, I am talking about bans for cheating not for actions that are only deserve a TempBan.

E+ on OA does not have access to PunkBuster like its Q3 relative but it does have a 5 level Anti-Cheat system which has caught several players on the WASP Servers.  I would be happy to share these IPs with other Admins.
Logged



Calm is for LOSERS!  ANGER fuels my game and btw you're NEXT!
7
Member


Cakes 7
Posts: 278


Is 7 up?


« Reply #13 on: January 05, 2012, 10:22:36 AM »

By hacked client, do you mean a modded version of openarena which included an aimbot?
Exactly

Quote
The download was around 80KB in size and was named something like "OpenArenaClientHook.zip", which included an exe and dll with the same name. Looking at the video, it seems it is the same aimbot as the one ported from another ioQ3 game to OA a few years ago.

Yep, that's what I suspected, this proxy-approach makes no sense when you're writing an aimbot from scratch and you can just hack the client itself. I bet he put some nasty malware in there and the bot was just bait.
Logged

I'm on the ten most wanted list, I've got it dead in the groove.
My face is on every wanted poster in town, for the way I move.
grey matter
Member


Cakes 8
Posts: 381

>9k


« Reply #14 on: January 05, 2012, 01:17:56 PM »

KingOrgy has copypasted various aimbots for Quake 3 forks before, most likely adjusting the good old OGC clienthook. A proxy aimbot would be way to 1337 for those kiddies, but indeed educational to look at code-wise.

I don't think posting IPs public is a good idea. At least here in Europe most ISPs hand out dynamic ones. This means you'd just be banning however has the bad luck to get the IP on next reconnect. Besides those ban lists tend to last forever, even if somebody else is now on the other end of the line.

Besides I don't see why I should let my PC play against it self, i.e. aimbot vs. game bots. If I want to burn some cpu time there's still things such as SETI@home or bitcoin mining Smiley
Logged

This space is for rent.
7
Member


Cakes 7
Posts: 278


Is 7 up?


« Reply #15 on: January 05, 2012, 01:59:14 PM »

KingOrgy has copypasted various aimbots for Quake 3 forks before, most likely adjusting the good old OGC clienthook. A proxy aimbot would be way to 1337 for those kiddies, but indeed educational to look at code-wise.

I didn't mean a real network proxy (like in the quakeworld days) but a stub exe to hook a proxy dll. There is no need to do that if the validity of the client itself isn't checked.
Logged

I'm on the ten most wanted list, I've got it dead in the groove.
My face is on every wanted poster in town, for the way I move.
Peter Silie
Member


Cakes 2008
Posts: 610



« Reply #16 on: January 05, 2012, 03:12:01 PM »

iirc this bot is very old and there was a time he was used in oa (0.81?).
i was never interested in examining this bots (and there are many q3 bots out there which also work on oa).
But this aimbot is that kind of "made by a kid" so everyone can see that it is an aimbot (immediately change orientation, maybe even the "look @ ceiling" Cheesy).

I realy hope, that a good coder will make a bot, which isnĀ“t detectable @ a 1st look.
The shown one (it is an autoaimbot if i understood right) is not for educational purpose: it is just a provocation to the oa community.

so the hardest embargo we have, would be the best solution to answer this post!
Which options we have: give away his ip? promote his email? send an abuse to his provider? include a ban list with his ip in the upcoming release? post it on facebook. make a twitter post?

or just ignore this kid and go on with 0.88? Wink

@fromhell: thx 4 deleting the link that fast! many kids around here... Sad
Logged
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #17 on: January 05, 2012, 05:22:53 PM »

Banning the user from the forum and removing the file link is not a long-term solution, but at the very best a short-term fix.

I support the idea of making a global public banlist over the servers, and the ExcessivePlus anti-cheat system should be more promoted as it is generally reliable.
Logged
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #18 on: January 05, 2012, 05:38:47 PM »

Banning the user from the forum and removing the file link is not a long-term solution, but at the very best a short-term fix.

I'm aware of that. The instant ban is all due to the intent of cheater indundation, which is obvious because this is his first and only post. And i'm aware of the streisand effect, the little guy's probably posting the same on clans' forums now.
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
Gig
In the year 3000
***

Cakes 45
Posts: 4394


WWW
« Reply #19 on: January 05, 2012, 06:43:40 PM »

Wasp, could you please tell us something more about E+ anticheat system? Is it something that may be integrated directly inside OA in the future?
Logged

I never want to be aggressive, offensive or ironic with my posts. If you find something offending in my posts, read them again searching for a different mood there. If you still see something bad with them, please ask me infos. I can be wrong at times, but I never want to upset anyone.
WaspKiller
Bigger member


Cakes 8
Posts: 159



WWW
« Reply #20 on: January 05, 2012, 09:16:34 PM »

...I don't think posting IPs public is a good idea. At least here in Europe most ISPs hand out dynamic ones. This means you'd just be banning however has the bad luck to get the IP on next reconnect. Besides those ban lists tend to last forever, even if somebody else is now on the other end of the line...


You have a point but that can be circumvented by having expiration dates on the banned IPs or banning by GUID.

E+ (and some other mods) permit banning by player name, IP, and by GUID.  I don't play baseOA so I don't know if you can ban by GUID, but if not, it needs to.



Wasp...


Pedantic but... WASP is the Clan and Killer is my gaming name. :-)



...could you please tell us something more about E+ anticheat system?...


Excessive Plus 2.2b (developed by Panda; a Q3 E+ Dev) is the first version of E+ to have this Anti-Cheat System (which is separate and independent of PunkBuster).

The E+ AntiCheat (AC) System was designed to catch most of the annoying aim bots and auto-shoot hacks.  That is, it's meant primarily to get rid of the easy cheaters who run their cheat the whole time.  This way, Admins don't have to watch endless demos with and without the wallhack identifier* to determine if a player is indeed cheating.

This is by no means a perfect system, in fact, setting it to level 4 or 5 will result in a few clean players getting kicked because they have buggy hardware (particularly a failing mouse that moves weird) or an Internet connection that makes constant and dramatic changes in ping.

The system only kicks.  Banning is still left up to the Admin.  It's his responsibilty to monitor his server and/or run a search on his logs for anti-cheat kicks.



..Is it something that may be integrated directly inside OA in the future?

I don't see why not.  E+ isn't OpenSource but the same system (hopefully better and with a different backdoor mechanism) could be coded into OA.  In fact, the best person to talk to is certainly not me or even an E+ Dev from Q3 but OA's very own GrosBedo (supeR,Grism).

He was a Dev Consultant and the only member in OA to have priviledged access to the Anti-Cheat Code, to the beta testing process, to the raw data that was in the encrypted server logs used in the trial period, to the enumeration system used:

Example, not actual legend:

a = WallHack
A = possible WallHack
b = AutoShoot
B = possible AutoShoot
c = AimBot
C = possible AimBot
d = Aim Correction
D = possible Aim Correction

and to other intimate details like the password needed to check the debug information (yes, the debug logs are coded).


*Wallhack Identifier:
If you suspect a player of cheating with a wallhack, enter the following command at the console: /wallhack rconPassword.  You must be an Admin and spectating to use the command under this circumstance.  However if a demo is recorded, anyone viewing the demo can enter /wallhack at the console to try and ascertain whether the player is legitimate or a cheater.
Logged



Calm is for LOSERS!  ANGER fuels my game and btw you're NEXT!
Gig
In the year 3000
***

Cakes 45
Posts: 4394


WWW
« Reply #21 on: January 06, 2012, 03:35:07 AM »

Thank you for infos. Maybe Sago or Fromhell may want to contact GrosBedo, who knows.
Maybe that /wallhack when viewing a demo may be easy enough to be implemented in OA? The quickest thing could be linking it to r_showtris, even if not exactly the same thing.

Pedantic but... WASP is the Clan and Killer is my gaming name. :-)
Sorry, I thought your nick was talking about a bug buster! Smiley Probably I already heard of WASP clan, but was not connecting at the time of writing (that was time for bed!)...

By the way, using clan tags when registering on forums around the net may be useful, to be univocally identified across various platforms... but in the other side, it may become a problem when the clan will change its name (e.g. after a fusion) or will end its activity, or one may leave it (to join another clan or not).
Logged

I never want to be aggressive, offensive or ironic with my posts. If you find something offending in my posts, read them again searching for a different mood there. If you still see something bad with them, please ask me infos. I can be wrong at times, but I never want to upset anyone.
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #22 on: January 06, 2012, 08:28:02 AM »

Maybe that /wallhack when viewing a demo may be easy enough to be implemented in OA? The quickest thing could be linking it to r_showtris, even if not exactly the same thing.

About the E+ wallhack detector, it's a very simple yet very effective system: it simply draw a beacon (just like the team beacon) over the head of every player in a demo (even behind walls!). Of course, it only works in demos, so you can't use it in a real game. This could easily be implemented in OA, but it should be accompanied with an option to make the demos more precise too in the eye of the player (I think some steps were already done towards that direction) to avoid false alerts (when you see in a demo that the player killed another behind a wall while in fact it's because at the time there was a delagging or nudge processing for the player).

About the E+ anti-cheat system, the mechanism used is quite reliable and innovative, there is no other system implementing that to my knowledge. I won't explain more about the exact mechanism since the devs want to obscure it as an added security. This system can be implemented in OA, or just simply be an external tool. Of course it would need some modification of the OA engine, but they are superficial (in the sense that they don't change any game mechanism).
« Last Edit: January 06, 2012, 09:17:11 AM by GrosBedo » Logged
WaspKiller
Bigger member


Cakes 8
Posts: 159



WWW
« Reply #23 on: January 06, 2012, 10:07:20 AM »

...it only works in demos, so you can't use it in a real game.


Good explanations and I hope FromHell has the good sense to tap your knowledge and implement these ideas in a way that serves OA best.

However, you have one factual error.  You can use the /wallhack command during a real game IF you are an Admin.

btw, I should have made it clear, not to you GrosBedo, but to Gig and the others interested in this thread that the /wallhack command is NOT part of the Anti-Cheat System.  I have been using it as a Server Admin since 2005 under E+ 1.03 but it may well have been in earlier versions.
 


...By the way, using clan tags when registering on forums around the net may be useful, to be univocally identified across various platforms... but in the other side, it may become a problem when the clan will change its name (e.g. after a fusion) or will end its activity, or one may leave it (to join another clan or not).


In E+ on Q3, my Forum Name was simply Killer until I was selected by the WASP Clan Founder to join WASP (my 1st and last Clan... Clan Hoppers are evil ppl in my book and never to be trusted) and became its Clan leader.

"Killer" is such a common name in any game, that some differentiation was needed especially since there is a player in Q3 E+ from Europe known as K!ller who is a notorious cheater (banned forever) and Forum troll (constantly being banned under new accounts).
Logged



Calm is for LOSERS!  ANGER fuels my game and btw you're NEXT!
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #24 on: January 06, 2012, 10:17:13 AM »

...it only works in demos, so you can't use it in a real game.


Good explanations and I hope FromHell has the good sense to tap your knowledge and implement these ideas in a way that serves OA best.

However, you have one factual error.  You can use the /wallhack command during a real game IF you are an Admin.

Ah really? I tried to use in-game while being loggued as a ref and admin and it didn't work in v2.1b, I thought it was a security feature. In this case, I think that /wallhack should only work in demos, because I don't trust admins to always do the right thing. Power can be abused, and so it should be monitored, at all levels, not only at player's.
Logged
Pages: [1] 2 3 4
  Print  
 
Jump to: