Circumventing the Anti-Cheat-Protection

BugRoger · #1 August 15th, 2004, 06:27 AM

I looked into the cheat game. I think this is possible using the trick I found. I also found out that it's possible to build castles for free.

Also I have another game which was hosted on my server where Calmon suspected that Norfleet might be cheating. Norfleet wanted me to delete the game files... Well, I think I'm going to look into this as well.

I haven't informed the devs yet. Just got up and wanted to try spell casting and empowerment as well... Actually, I think the devs know by now how it's possible to do this. The anti-cheat protection tries to protect exactly against this kind of cheat but it's just not sophisticated enough.

I can imagine that it might be quite hard to fix all the holes but maybe there's a technique to protect against it programatically.

Stormbinder · #2 August 15th, 2004, 07:56 AM

Quote:

BugRoger said:
I looked into the cheat game. I think this is possible using the trick I found. I also found out that it's possible to build castles for free.

Also I have another game which was hosted on my server where Calmon suspected that Norfleet might be cheating. Norfleet wanted me to delete the game files... Well, I think I'm going to look into this as well.

I haven't informed the devs yet. Just got up and wanted to try spell casting and empowerment as well... Actually, I think the devs know by now how it's possible to do this. The anti-cheat protection tries to protect exactly against this kind of cheat but it's just not sophisticated enough.

I can imagine that it might be quite hard to fix all the holes but maybe there's a technique to protect against it programatically.

Well whatever it is you are doing, the sending just list of commands to server and nothing else, to be performed and calculated by the server based upon your "begining of the turn state" should be enough to prevent it, correct? (and please don't say anymore details about it

)

It may reqire quite a bit of recoding on the part of Illwinter though, depending on how exactly did they structured their sourse code. But it sounds to me like a good way to aproach the problem, based upon what we know about recent developments.

Huzurdaddi · #3 August 15th, 2004, 04:26 PM

The fixes in order of "correctness" are:

1. Only send the server the commands and let it validate each command. This could be expensive in terms of coding depending upon how Illwinter coded the game.

2. check all costs on the server side add them together and see if this is possible. This could be of moderate cost. Who know if Illwinter has time for this.

3. Put some XOR's in the accessors for these ( perhaps even all ) member variables. Move the structure in question away from where it currently is, perhaps break it up into multiple parts. Put the values into a linked list instead of right after one another. This is cheap to do and makes it so people have to break out IDA instead of just spamming ReadProcessMemory and looking at the output for 10 min.

Stormbinder · #4 August 15th, 2004, 05:59 PM

Post deleted by Zen

Sheap · #5 August 15th, 2004, 06:01 PM

I disagree. All he's done is described what the cheat does, and some slight information about how he went about finding it. Anyone who would be able to figure out how to cheat based just on this information, would be able to figure it out on their own anyway. But, this description of how the cheat operates might help honest players notice if it is happening in their game.

In any case, I expect that there are very few players here who would cheat anyway, and those who would know how to do it already.

I suppose I also should add that this particular flaw, while serious, would still not account for what was found in Norfleet's turn. So there must be something else afoot.

Gandalf Parker · #6 August 15th, 2004, 06:48 PM

As a standard rule, and hopefully enforced as equally as possible, information on how to bypass purchasing, copy protections, and cheat detections will disappear quickly.
After all, this IS a computer owned/run by an upstanding games publishing company. Discussion as to how effective, fair, or desireable such things are will have no effect on whether or not Shrapnel should be willing to leave them in plain site on their Boards.

Now if you want to join me in the alt.hacker newsgroup, or my www.alt-hacker.org site, I will be glad to discuss the subject further. (but be forwarned that in those forums I dont have to be so careful about what I might call someone)

Stormbinder · #7 August 15th, 2004, 07:05 PM

Quote:

Gandalf Parker said:

As a standard rule, and hopefully enforced as equally as possible, information on how to bypass purchasing, copy protections, and cheat detections will disappear quickly.
After all, this IS a computer owned/run by an upstanding games publishing company. Discussion as to how effective, fair, or desireable such things are will have no effect on whether or not Shrapnel should be willing to leave them in plain site on their Boards.

Well said Gandalf.

BugRoger · #8 August 15th, 2004, 06:59 PM

I just wanted to add that I contacted the devs with the details about the cheat. Hope you guys are still going to play with me...

Huzurdaddi:
Though I used a similar approach to what you described (deleted now) the actual procedure was different. Maybe you also let the devs know how your cheat works...

Huzurdaddi · #9 August 15th, 2004, 10:12 PM

Quote:

I suppose I also should add that this particular flaw, while serious, would still not account for what was found in Norfleet's turn. So there must be something else afoot.

No it totally explains what people think that they saw in Norfleet's turn. There may be additional exploits but this one does the trick.

Sheap · #10 August 15th, 2004, 11:00 PM

How does it explain the large stockpile of bloodslaves that he had?