Pages: 1 ... 3 4 [5] 6
  Print  
Author Topic: Real Aimbot  (Read 178581 times)
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #100 on: May 15, 2010, 02:51:59 PM »

Machine learning.

Behaviour recognition, to be more specific Wink

So cool !!!! Im doing research in strong/pure AI. This is a life long work, so we can say that Im just at the beginning, even if Im attending this field since years now.

Anyway, from what I know is now possible with artificial intelligence, Im sure that what I propose is not a dead end.

Would you like to give it a try with me ?
Logged
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #101 on: May 15, 2010, 02:59:59 PM »

So we're first going to try to get only really obvious bots detected? I guess we can't do a lot more and it'd be the first step anyway.
I am newb at scripting/programming other things than basic programs not that interactive with others. No experience with C or whatever ioq3/oa is built in so I guess I can't help that much. Some other experts willing to help?

No.
First, we're going to focus on a particular type of cheat : aimbots. We can later see for wallhacks.
Secondly, we will focus on spotting consistent use of aimbots (meaning : you use it the majority of the time), the bot being subtle or not, it should be spotted. Later, we will try to spot too users that sporadically uses aimbot a particular moments of the game (these ones will be the hardest to spot with the behaviour recognition approach, but it's not impossible).

So this system should trim about 95% of aimbots users, the ones using them regularly (why use an aimbot if you can play as good without ?). For the others, we will try to modelize their profile in the algo as well, but it will be harder.
Logged
HelloKitty!
Lesser Nub


Cakes 12
Posts: 115



« Reply #102 on: May 15, 2010, 03:02:07 PM »

You're starting the wrong way around.

First you need a feasibility study. Extract loads of information from loads of games covering a wide range of player styles and player experience. Extract loads of information from loads of different aimbots.

The information should be relevant, i.e. rather there should be a correlation between the values (firing rate, weapon preferences, speed of mouse flick before railing, average damage, or anything else you might consider relevant) and whether the person is using a bot or not.

When you have such information, you can run all the collected data through any freely available state-of-the-art classifier and see how well you do on a testing set where you know the ground truth (whether the person is cheating or not).

Only if this actually works should anyone bother coding an in-game detection system.

My problem is that nobody has come up with a list of features which are a) relevant for aimbots, and b) easy to extract from within the game. It's all too vague and unclear. First somebody needs to give a list of things you want to measure, and then provide a way to measure them from within OpenArena. Many of the things people associate with aimbots (hitting a wall too often, for example) are, in fact, almost impossible to detect algorithmically.

Quote from: GrosBedo
Anyway, from what I know is now possible with artificial intelligence, Im sure that what I propose is not a dead end.
I'm not saying anything's impossible, but I am very skeptical by nature after seeing the most advanced algorithms struggle with the easiest imaginable tasks. We are very advanced in some areas, and very very poor in others. Detecting subtle patterns in human behaviour is one of the most difficult things out there.

An aimbot detector would be a fun Bachelor thesis, but I wouldn't hold my breath Wink
Logged
dbX
Member


Cakes 11
Posts: 199

Shazpaca!


WWW
« Reply #103 on: May 15, 2010, 03:47:43 PM »

I don't think there is any significant chance of any of this happening.
Logged

In defeat we learn.
Cacatoes
Banned for leasing own account
Posts a lot
*

Cakes 73
Posts: 1427


also banned for baiting another to violate rules


« Reply #104 on: May 15, 2010, 06:00:15 PM »

Quote
No seriously, now you have to decide guys : are we machine, or not ? Because, if we aren't machines, then there are features that distinguishes us ! Because if bots are undistinguishable, that means these machines are exactly like us !
Or rather: undistinguishable by a machine because of a not so perfect detection algorithms.
Now, to follow you, if you build some humanoid similar to the ones in Ghost in the shell, I'd agree to say machines and human is not a so relevant distinction anymore.

Quote
Mozart and other classical songs are integrated into the algorithm (at least the database that the algo processed).
From what I've seen, I consider Artificial Intelligence is at a rather laughable state: talk to some A.I speaking bot and it'll piss you off in minutes. It's not because they processed Mozart that these results will suddenly become more intelligent, the computer algorithm will only digest (make something useful from) a little part of it, finally it can be mozart or anything it wouldn't make a big difference, talking bots may have processed writers from Proust to Burroughs, it doesn't make them less dumb. But it's not only about masterpieces, it's about subjective appreciation, tastes. We talk about tastes when we refer to some stuff which is vague and hardly explainable, it's inherent to its definition, that means there is no precise criteria to determine the liking. So I'd say until that "tastes" notion is relevant, it'll be impossible to make something which is enjoyable for everyone.

 
Quote
I won't do you a full course about how predictable and manipulable you are, we'll simply do a simple test : go out naked for one full hour shouting "I LOVE BRITNEY SPEARS !!!!". Ok, too hard ? You fear that police arrest you ? Then forget the first bit, just go out and shout "I LOVE BRITNEY SPEARS !!!!" accross the town for an hour. You don't have any chance to get arrested just for that.

I wouldn't do because I have no reason to do it. Seems your ability to guess what I won't do makes you confident about your the possibility to guess what people will do. Of course, the more your example is absurd, the more you have chances for your guess to be right. On the other hand, what you will have guessed is no longer significant, what does it bring to you to know I won't go out and sing Britney Spears, does that mean I won't sing something else instead ? Does that mean I'll sing it for 5 minutes instead of 1 hour ?
To mass manipulation I prefer to defend individual freedom. Sociology or stats are tools which will work to find trends, but the fact there is always something which is outside that trend is a sufficient proof to say humans are not all so manipulable.

Now back to the subject, my fear was your efforts to be vain. I'd say now it's only half vain: you can make something which will detect the most obvious aimbots (moves which can safely be considered as not humanly possible), but I still fear it'll be just an additionnal obstacle and challenge for aimbot writers. I would have said the same if you planned to write some close source program (like punkbuster). If aimbot writers take back your work and write more complex aimbots which look more human than before, I doubt we'd come to that state but that was one of your point, I suppose they'd still be automatized, deadly and tough to kill (like some good player), so that would still be annoying.
Logged

Todo: Walk the cat.
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #105 on: May 16, 2010, 05:07:57 AM »

I don't think there is any significant chance of any of this happening.

FAKE !

Your comment is as useless as the ones complaining that a youtube video is fake.

----

My problem is that nobody has come up with a list of features which are a) relevant for aimbots, and b) easy to extract from within the game. It's all too vague and unclear. First somebody needs to give a list of things you want to measure, and then provide a way to measure them from within OpenArena. Many of the things people associate with aimbots (hitting a wall too often, for example) are, in fact, almost impossible to detect algorithmically.

Exactly, that's why I propose not only to use stats, but my own algorithm, based on my knowledge of the inner workings of the game and its gameplay. I think I have this opportunity, being both an experienced player of this game, and an experienced computer engineer.

I'm not saying anything's impossible, but I am very skeptical by nature after seeing the most advanced algorithms struggle with the easiest imaginable tasks. We are very advanced in some areas, and very very poor in others. Detecting subtle patterns in human behaviour is one of the most difficult things out there.

AI has its pitfalls, like the Go game, but some theoretically very complex things are now possible, like detecting the musical genre of a music and even the group that plays it.

The difficulty in detecting patterns in human behaviour does not arise from AI limitations but rather our limited knowledge about the very human nature. But last researchs are encouraging, since we now have many interesting findings sometimes (frequently ?) in opposition to what was believed before, even by scientists.

Human is very predictable, it's only that we need time to discover it all, but for now we already have enough technology to analyze one area by one.


----

Or rather: undistinguishable by a machine because of a not so perfect detection algorithms.

Exactly, that's why I propose an innovative algorithm based on how this game works, rather than how all games work.

From what I've seen, I consider Artificial Intelligence is at a rather laughable state: talk to some A.I speaking bot and it'll piss you off in minutes. [...] So I'd say until that "tastes" notion is relevant, it'll be impossible to make something which is enjoyable for everyone.

This is because you're not in the scene : if you're waiting for a humanoid robot that behaves, think and feels like a human, you'll still have to wait some time. But if you look to what AI can already achieve, it's pretty amazing, and highly useful.

And about your "taste" argument, the day a human makes something enjoyable for EVERYONE, I will dress like Patrick Swayze. You can make things that pleases the most audience, or something that pleases YOUR audience, but whatever it is, if you can do one then you can tweak your software to do both.

Anyway, there already exists some algo to detect the genre and even the group playing a music. What is the frontier with taste now ?

If aimbot writers take back your work and write more complex aimbots which look more human than before, I doubt we'd come to that state but that was one of your point, I suppose they'd still be automatized, deadly and tough to kill (like some good player), so that would still be annoying.

To not be detected by the system, this would imply not only making them much more human, but being at a human level too, so you wouldn't see anymore any "deadly" or "tough" to kill bots than an human could be. But only aiming. Why good players are so tough, is because of their strategy, dodging, movement and smart skills. A bot can't have those. Unless it has some special AI, but it's impossible if it doesn't have server-side access, and even so, look at BrainWorks project, it does a great job at simulating humans, but you can still detect they aren't. And BrainWorks has direct access to all the features and data of the game, a client injected bot wouldn't.

So in the end, lowering the aim skills of a bot (even if it's only to a good player level) would seriously diminish the value of using bots, since this is their only feature and they can't simulate any other human skill.
Logged
Falkland
Member


Cakes 6
Posts: 590


« Reply #106 on: May 16, 2010, 09:05:13 AM »

Quote from: GrosBedo
Um Im not sure what time randomness has anything to do here, but indeed bots can't be too much random, else it would lower drastically their skills (isn't this what we want ?).


I mean that every aimbot running on a machine that is not a supercomputer is detectable because it always produces serialized data on output as it cannot contemporaniously have an enough amount of randomness AND have an acceptable response to event. The more randomness or "anti-serialized" technique you try to add, the more increased response time you obtain ( which is unacceptable ).

Aimbots doesn't look like AI machines, they rather looks like state machines : they don't ( and can't ) have strategies , they only have to response in the most convenient way and as quick as possible ( by design ) to some events and every event is signed by a priority.

"Sophisticated" (adaptative) (client-side)-bots don't either have strategies : simply they try to operate with brute-force when they aren't able to escape a situation that is an obstacle to their way of operating ( like for example enforcing autoaim when they are stalling under campers fire or when they are challenging a skilled player. Never seen a bot aiming and going back - which should be the most logical reaction when enemies are 3 or 4 or more - , always seen it going forward while enforcing its artificial "skill" or like CPMA bots - which is indeed a mod having full access to server's data - that aim faster exiting teleports or before collecting main items like MH just few seconds before items spawn ).


Quote from: RMF
Another thing we should target is the exploit allowing cheaters to join servers where they are banned. I never saw it or heard of it here, but almost every time I talk with an aimbotter (or sometimes some die-hard campers too) they say that they will join anyway ban or not due that exploit there is.

The only exploit I know is the INFOSTRING corruption exploit which it was fixed in the latest ioq3 code ( fixed in oa085 , oa081 is still vulnerable )

And the netchannel is already crypted : you can only send few status commands ( getstatus , getchallenge ... ) as plain commands . After the server sent the challenge all the traffic between clients and server is crypted. It was fixed another BUG in the latest ioq3 revisions ( OA085 ) about the reuse of a valid challenge . OA081 is still vulnerable.

Quote from: GrosBedo
Take a look at cryptanalysis, yes the thing that let you crypt your confidential documents and even the ones of secret services : they ARE bypassable, but they would take so much calculation and efforts that it would take years to crack a good password with a good crytpalgorithm, thus protecting effectively (as far as possible in fact) the crypted documents.

Just a tought about this point ... in many cases you don't need cryptoanalysis , independently of the key-lenght or of the used algorithm .

RSA-768 was cracked with a distribuited brute-force attack in half a year - or so - ( http://arstechnica.com/security/news/2010/01/768-bit-rsa-cracked-1024-bit-safe-for-now.ars ) but the bad news is that another research team was able to crack RSA-1024 - which should have been secure to cryptoanalysis - with another kind of attack ( http://www.ns.umich.edu/htdocs/releases/story.php?id=7551 ) that requires almost 100 working hours !!!

Another bad news is that file or full disk cryptography can be attacked easily through memory dump attacks ( http://www.hermann-uwe.de/blog/lest-we-remember--cold-boot-attacks-on-encryption-keys ) because the VM data are mantained in plain text in the memory for most of the systems without adopting any scrubbing technique for sensitive data ( I know only Solaris OS scrubbing memory data by default, there were discussions and patches about introducing it in Linux too). Once you have a consistent dump of the memory ( or a copy of the hybernation image ) you can extract the key or the keys through a pattern analysis , since crypto-algorithms ( expecially AES ) have their own patterns.

This will imply that systems and their operative procedures ( like hybernation ) will change soon in the future.

Do you want security ? Try with systems that offers Plausible Deniability.

To get again in topic , pls don't call aimbot writers again as hackers ... just use the term of "experts in masturbation".
Logged
RMF
Member


Cakes 12
Posts: 694



« Reply #107 on: May 16, 2010, 11:36:00 AM »

The word hackers is just (too) common used for crackers - or as you call it 'experts in masturbation'. I think the real hackers should get another name.

If the infostring exploit is fixed I guess we can focus on the aimbot detection for now. Later we can see about improved security for other hacks.
Logged
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #108 on: May 16, 2010, 12:39:42 PM »

*executes trainer*

HAHA NOW i AM A REAL HACKER!!! JUST LiKE KEViN MiTNiCK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
HelloKitty!
Lesser Nub


Cakes 12
Posts: 115



« Reply #109 on: May 16, 2010, 02:17:42 PM »

Quote from: Falkland
Never seen a bot aiming and going back - which should be the most logical reaction when enemies are 3 or 4 or more - , always seen it going forward while enforcing its artificial "skill"
And yet another thing that I often do, cause it's more fun to play like that on public servers.

Seriously, you are starting to convince me that I am, in fact, a bot Tongue

A very terrible one.
Logged
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #110 on: May 16, 2010, 02:23:42 PM »

I mean that every aimbot running on a machine that is not a supercomputer is detectable because it always produces serialized data on output as it cannot contemporaniously have an enough amount of randomness AND have an acceptable response to event. The more randomness or "anti-serialized" technique you try to add, the more increased response time you obtain ( which is unacceptable ).

Aimbots doesn't look like AI machines, they rather looks like state machines : they don't ( and can't ) have strategies , they only have to response in the most convenient way and as quick as possible ( by design ) to some events and every event is signed by a priority.

That's the deal, due to their very own nature, they do have constraints we won't in making an intellingent anti-cheat system.



Just a tought about this point ... in many cases you don't need cryptoanalysis , independently of the key-lenght or of the used algorithm
[...]

Indeed, but I was pointing the primary goal of these cryptographic algorithm : it's not to make an unbreakable system, but hard enough to break that it becomes nearly impossible in the near future.

But as always, there are other ways to beat a system : by going over its protection rather than through it, that's how these attacks work.

There will always be exploit, probably in my system too, but they can always be fixed and don't negate the concept.

Do you want security ? Try with systems that offers Plausible Deniability.

+1000

TrueCrypt is an easy way to achieve that.

To get again in topic , pls don't call aimbot writers again as hackers ... just use the term of "experts in masturbation".

Bah, as long as you try to exploit the weaknesses of a system, you can call that a hacker, whatever may be his intentions. I agree that making aimbots for opensource games is really lame, but as long as they make them, they are required to put some knowledge and effort in the process, and so we can call them hackers.

@HelloKitty!

I agree on this one, the patterns need to be really well defined and sure. Maybe this one can be a good factor in algo after all, if we ponder it on the situation, repetitivity and other factors...
Logged
Falkland
Member


Cakes 6
Posts: 590


« Reply #111 on: May 16, 2010, 03:28:33 PM »

Quote from: Falkland
Never seen a bot aiming and going back - which should be the most logical reaction when enemies are 3 or 4 or more - , always seen it going forward while enforcing its artificial "skill"
And yet another thing that I often do, cause it's more fun to play like that on public servers.

Seriously, you are starting to convince me that I am, in fact, a bot Tongue

A very terrible one.

This confirms for sure that you have never been to an institutional school of war .

And from my point of view it elevates the probability that you could be a cheater. ( HK: "Who , me Huh NEVER!!!" )

And again from my point of view that you eventually are stealing your salary.
Logged
HelloKitty!
Lesser Nub


Cakes 12
Posts: 115



« Reply #112 on: May 16, 2010, 03:36:05 PM »

Falkland, you're a riot.

Everyone who breathes is a cheater according to you. One day, you'll ban everyone in the world, and then you'll be left alone to play OA with nobody else to ruin your pleasure.

No, I haven't been to an "institutional school of war". It's a FRKING GAME. It's supposed to be FUN!
« Last Edit: May 16, 2010, 04:03:17 PM by HelloKitty! » Logged
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #113 on: May 16, 2010, 04:28:21 PM »

lol

...

ok back to matter : who wants to give a hand ?

There are several ways to participate :

- Helping in adapting the algorithm in C
- Advising some idea of what should implement the algo (if you have any, Ive got plenty already)
- Giving behaviours that you've seen in known bots (like the correction of each MG bullets)
- Giving names and/or links and/or directly softwares related to aimbots working for OA (or known to work with some modifications) -> please do so by PM
« Last Edit: May 16, 2010, 05:44:11 PM by GrosBedo » Logged
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #114 on: May 16, 2010, 10:33:01 PM »

It's a FRKING GAME. It's supposed to be FUN!

Smiley
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
RMF
Member


Cakes 12
Posts: 694



« Reply #115 on: May 17, 2010, 01:31:29 AM »

- Advising some idea of what should implement the algo (if you have any, Ive got plenty already)
- Giving behaviours that you've seen in known bots (like the correction of each MG bullets)
- Giving names and/or links and/or directly softwares related to aimbots working for OA (or known to work with some modifications) -> please do so by PM
hm I got a bot I can send you if you want, guess I can trust you with it that you won't use it online. It also claims to have correction for the bullets, but mg and cg still are more missing than hitting on long range so it isn't working.
And about ideas what we should make actually it look for, well I got some ideas about which one we should make first. Guess there aren't much ideas we can use for a first version which haven't been named yet.
Logged
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #116 on: May 17, 2010, 05:15:45 AM »

It's a FRKING GAME. It's supposed to be FUN!

Smiley

My proposition has nothing to do with the funness of the game : for me the game is already good as is and aimbots aren't a threat. But this project seems to be a cool project Wink

Quote from: RMF
hm I got a bot I can send you if you want, guess I can trust you with it that you won't use it online. It also claims to have correction for the bullets, but mg and cg still are more missing than hitting on long range so it isn't working.
And about ideas what we should make actually it look for, well I got some ideas about which one we should make first. Guess there aren't much ideas we can use for a first version which haven't been named yet.

Bah, I already know the aimbots scene since I had to go in these to get the tools I needed to hack the QVMs.

However, Im ready to not play anymore at all if there are doubts on my honesty, anyway Im not really into playing since quite a time, being more into customizing XD
Logged
Falkland
Member


Cakes 6
Posts: 590


« Reply #117 on: May 17, 2010, 05:32:32 PM »

This discussion on Urban Terror forums can be helpful since they probably will introduce their own anti cheat with the 4.2 version , but they focused on a PB-like+authentication solution, not strictly useful for this project but anyway an interesting reading about cheats and cheats evolution.

Logged
Falkland
Member


Cakes 6
Posts: 590


« Reply #118 on: May 21, 2010, 10:24:45 AM »

I found some interesting custom patches ( in particular : block1337.patch , forcecvar.patch, logcallvote.patch, logrconargs.patch, playerdb.patch, sendclientcommand.patch) while I was getting around the svn tree posted here

Here's a quote coming from their README.TXT file describing one of their own patches which is intopic here :

Quote
...
================
block1337.patch:
================

Introduces a new server cvar sv_block1337.  By default it is set to 0, which
makes the server behave exactly the same as without this patch.  When
sv_block1337 is set to a positive value such as 1, clients attempting to
connect that have a qport of 1337 will not be allowed to connect, and will
be given a message "This server is not for wussies.".  A known cheat sets
the client qport to 1337.
...
Logged
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #119 on: May 22, 2010, 05:21:00 AM »

lol @ block1337.patch XD

Anyway, this is indeed highly interesting, nice finding, but I think that we'd rather pursue our own way to spot cheats, and in the future it will still be possible to share and merge our work with some other communities work, so in the end we will get many solution to a complex problem, which is I think the best way to fix it.
Logged
Falkland
Member


Cakes 6
Posts: 590


« Reply #120 on: July 02, 2010, 06:28:26 PM »

Patch for recording server side demos ( which should be pertinent here ) : http://patches.mercenariesguild.net/index.php?do=details&task_id=196

It's for tremulous , but it should apply also to OA engine with some adjustments ( I didn't try yet )

Anyway there are a lot of interesting patches that could be applied also to OA : http://patches.mercenariesguild.net/

like for example this one which should increase robustness of clients identification using a RSA 1024 key for each client !!!
Logged
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #121 on: July 11, 2010, 01:12:04 AM »

Patch for recording server side demos ( which should be pertinent here ) : http://patches.mercenariesguild.net/index.php?do=details&task_id=196

It's for tremulous , but it should apply also to OA engine with some adjustments ( I didn't try yet )

Anyway there are a lot of interesting patches that could be applied also to OA : http://patches.mercenariesguild.net/

like for example this one which should increase robustness of clients identification using a RSA 1024 key for each client !!!

Great finding ! Thank you very much for posting that !
Logged
PWNAGE
Half-Nub


Cakes 0
Posts: 90


LEWL!


WWW
« Reply #122 on: July 11, 2010, 01:48:16 AM »

i thought there was an aimbot on a server i was playing once... turned out he was just really good and could strafe jump  Smiley
Logged

OPEN ARENA!!!!... it's cool

-PWNAGE- Anonymous Browsing
GrosBedo
Member


Cakes 20
Posts: 710


« Reply #123 on: July 21, 2010, 07:50:12 AM »

Quote
Anomaly detection, also referred to as outlier detection[1] refers to detecting patterns in a given data set that do not conform to an established normal behavior.

There are three fundamental approaches to the problem of outlier detection:

    * Type 1 - Determine the outliers with no prior knowledge of the data. This is essentially a learning approach analogous to unsupervised clustering. The approach processes the data as a static distribution, pinpoints the most remote points, and flags them as potential outliers.
    * Type 2 - Model both normality and abnormality. This approach is analogous to supervised classification and requires pre-labelled data, tagged as normal or abnormal.
    * Type 3 - Model only normality (or in a few cases model abnormality). This is analogous to a semi-supervised recognition or detection task. It may be considered semi-supervised as the normal class is taught but the algorithm learns to recognise abnormality.

http://en.wikipedia.org/wiki/Anomaly_detection
http://en.wikipedia.org/wiki/Outlier#Identifying_outliers

The solution I propose is of the 3rd type.

The project is still being discussed elsewhere, stay tuned.
Logged
^TheDoctor^
Nub


Cakes 2
Posts: 13



« Reply #124 on: August 13, 2010, 08:45:42 AM »

Patch for recording server side demos ( which should be pertinent here ) : http://patches.mercenariesguild.net/index.php?do=details&task_id=196
The Tremulous server-side demos work in principle, but they require a patched server to replay them and a patched cgame to be able to follow the recorded players.

For ScrewOA, I followed an alternative idea by taking the recording code from the client and porting it to the server. It is now used to automatically record the games of players who reach at least 0.9*fraglimit. To preserve privacy, neither VOIP, chat (say/tell) nor broadcasts (print) are recorded. Take a look at ScrewOA's demo page for more information and for demos, of course.
Logged
Pages: 1 ... 3 4 [5] 6
  Print  
 
Jump to: