Circumventing the Anti-Cheat-Protection

[BugRoger]

Hey Folks,

I just wanted to let you know that I probably found out how Norfleet managed to trick the Anti-Cheat-Protection. I wasn't able to produce unlimited gems but I found out how it's possible to forge for free. Could it be that Norfleet used the same hole and forged for free or was he actually able to produce gems?

Of course I'm going to inform the Devs about how I did it... It might be easy to include a fix in the anti-cheat protection for this particular cheat.


Rock on,

Michael

[Stormbinder]

Quote:

BugRoger said:
Hey Folks,

I just wanted to let you know that I probably found out how Norfleet managed to trick the Anti-Cheat-Protection. I wasn't able to produce unlimited gems but I found out how it's possible to forge for free. Could it be that Norfleet used the same hole and forged for free or was he actually able to produce gems?

Of course I'm going to inform the Devs about how I did it... It might be easy to include a fix in the anti-cheat protection for this particular cheat.


Rock on,

Michael

Interesting. I've spend a lot of time analizing Norf's file, and there is no way he could have even his 850+ (out of total 4800 gems) none-death and mostly none-astral gems that he had in his Gem Treasury without cheating(not to mention bloodslaves), since his total none-death income for the duration of the game was about 130 gems, not counting any summons/forging. Not to mention 2000+ gems worth of summons and empowering, that also had nothing to do with forging.


Therefore you must have found another hole in Dom2 security BugRoger. I am sure devs will be very interested to know the details. Well done.

Regards,
Stormbinder

[BugRoger]

Actually I can use the same method for casting and empowerment too. Once you have Alteration 9 it's possible to cast Wish for free and that will give you almost everything. Maybe it's even possible to manipulate the research but that is definetly harder to do...

I'm going to look into the cheat game. Maybe I can find something for myself. You only happen to have one turn file?

[Stormbinder]

Quote:

BugRoger said:
Actually I can use the same method for casting and empowerment too. Once you have Alteration 9 it's possible to cast Wish for free and that will give you almost everything. Maybe it's even possible to manipulate the research but that is definetly harder to do...

I'm going to look into the cheat game. Maybe I can find something for myself. You only happen to have one turn file?

Yeap. And it is turn 23, max reseach lvl 7, so no wishes. You can download it from Mose's server, he provided a link to it in some of the related threads recently.

BTW have devs confirmed your findings? (meaning were they able to duplicate it)

[BugRoger]

I looked into the cheat game. I think this is possible using the trick I found. I also found out that it's possible to build castles for free.

Also I have another game which was hosted on my server where Calmon suspected that Norfleet might be cheating. Norfleet wanted me to delete the game files... Well, I think I'm going to look into this as well.

I haven't informed the devs yet. Just got up and wanted to try spell casting and empowerment as well... Actually, I think the devs know by now how it's possible to do this. The anti-cheat protection tries to protect exactly against this kind of cheat but it's just not sophisticated enough.

I can imagine that it might be quite hard to fix all the holes but maybe there's a technique to protect against it programatically.

[Stormbinder]

Quote:

BugRoger said:
I looked into the cheat game. I think this is possible using the trick I found. I also found out that it's possible to build castles for free.

Also I have another game which was hosted on my server where Calmon suspected that Norfleet might be cheating. Norfleet wanted me to delete the game files... Well, I think I'm going to look into this as well.

I haven't informed the devs yet. Just got up and wanted to try spell casting and empowerment as well... Actually, I think the devs know by now how it's possible to do this. The anti-cheat protection tries to protect exactly against this kind of cheat but it's just not sophisticated enough.

I can imagine that it might be quite hard to fix all the holes but maybe there's a technique to protect against it programatically.

Well whatever it is you are doing, the sending just list of commands to server and nothing else, to be performed and calculated by the server based upon your "begining of the turn state" should be enough to prevent it, correct? (and please don't say anymore details about it )

It may reqire quite a bit of recoding on the part of Illwinter though, depending on how exactly did they structured their sourse code. But it sounds to me like a good way to aproach the problem, based upon what we know about recent developments.

[Huzurdaddi]

The fixes in order of "correctness" are:

1. Only send the server the commands and let it validate each command. This could be expensive in terms of coding depending upon how Illwinter coded the game.

2. check all costs on the server side add them together and see if this is possible. This could be of moderate cost. Who know if Illwinter has time for this.

3. Put some XOR's in the accessors for these ( perhaps even all ) member variables. Move the structure in question away from where it currently is, perhaps break it up into multiple parts. Put the values into a linked list instead of right after one another. This is cheap to do and makes it so people have to break out IDA instead of just spamming ReadProcessMemory and looking at the output for 10 min.

[tinkthank]

Hey, BR, you are great!!! Three cheers for you!!
I didnt know you are a Berliner, too -- hihi, schön.

[Stormbinder]

Post deleted by Zen

[Sheap]

I disagree. All he's done is described what the cheat does, and some slight information about how he went about finding it. Anyone who would be able to figure out how to cheat based just on this information, would be able to figure it out on their own anyway. But, this description of how the cheat operates might help honest players notice if it is happening in their game.

In any case, I expect that there are very few players here who would cheat anyway, and those who would know how to do it already.

I suppose I also should add that this particular flaw, while serious, would still not account for what was found in Norfleet's turn. So there must be something else afoot.