Donations
|
If you wish to make a donation you can by clicking the image below.
|
|
|
|
|
10th August, 2008, 02:39 AM
|
|
Holy Shit!!
|
|
Join Date: Apr 2003
Posts: 4,029
|
|
__________________
How to feck up a perfectly good game:
UT (1999) = UnbelievableGameSoCoolIMustHelpBringNewPlayers Tournament
UT (2008) = Unreal ThrustMyPrivatePartsInYourFaceBish
And that's probably why UTIII was a relative flop. New game, same sh*thead players ^^.
|
10th August, 2008, 02:56 AM
|
Killing Spree
|
|
Join Date: Jun 2008
Posts: 20
|
|
hmm
As far as i know it cant be read and im using cshp to check bytehacking
If you wanna try som things get on your msn and lets talk
This version is alot diffrent than the 1 i gave you
you might have some ideas
|
10th August, 2008, 03:56 PM
|
Forum Newcomer
|
|
Join Date: Aug 2008
Location: South Africa
Posts: 5
|
|
Quote:
Originally Posted by Azura
|
Hook detection is crucial for anti-cheat systems. That particular program however only scans for ring0 (kernel mode) hooks. Thats a much older version, I carried it on and implemented both detection for detour and table hooks.
here is the newer version.
Quote:
Originally Posted by Azura
Is the dll protected in any way ? Anything clientside can be messed with so it's best to make things as unreadable/decompilable as possible.
I've no idea how to detect processes that have been hidden but I'm willing to do some searching. Also I read an old document about cheats explaining something about accessing ring 0 (an OS' innermost circle). I don't know if that's a problem or of it's been successful but it would mean that code executed in this ring is all powerful.
One idea that's crossed my mind is to block the use of Microsoft's .NET framework seeing as it's used to accelerate the development of cheats. I don't know if it's practical but I haven't seen many essential applications that use it as of yet. Another is to somehow secure the minimum essential files (unrealtournament.exe, dlls, standard u files, anticheat packages) in a custom executable that will decompress everything that's necessary at each launch. This should avoid bytehacking as it would be virtually impossible to modify a file while it's being accessed by a program.
Apart from that I have a few ideas that are serverside only with the equivalent of the Turing test. Since they can never be 100% positives a level system should be implemented so a series of positives can be used to flag a player. This should keep the casual lamers out.
|
Disabling .NET would not only be near impossible but pretty much useless too. In all my time of writing game-hacks I've never used the .NET framework for it.
Decompression algorithms can and have been broken before.
What you WANT to do is prevent access to all the crucial files and processes. Achieve this by a combination of hooks and other techniques such as DKOM (there is source in my
blog too). I can go into much more intimate detail later on when I'm not so goofed.
Last edited by The_Undead : 10th August, 2008 at 05:51 PM.
|
10th August, 2008, 06:03 PM
|
|
Holy Shit!!
|
|
Join Date: Apr 2003
Posts: 4,029
|
|
Hi The_Undead,
Thanks for stopping by. What references (books or sites) did you use to write your detection program ? It might be helpful to understand the theory behind it. Also, I have very limited experience in C++ and will probably ask someone else to get involved.
Also you say you've written some game hacks. Most of the native, as opposed to unrealscript, hacks for the original UT are based on the "H" hook. It was almost certainly developped without a framework to begin with but, more recently, it's author switched to .NET for the paid versions, probably to gain time. The executable itself seems to have been run through several compressors/encrypters.
As for securing the game executable and base packages (exe + dlls + unreal packages), the idea is to avoid tampering and bytehacking of anything that is clientside. For example, a change in the bytecode of a U package can turn a == into a !=. In terms of public protection, Anthchecker is capable of doing a checksum on small files and UTDC can verify run an md5 but both of these have been bypassed. I'll add that UT doesn't normally support the direct downloads of DLLs. However a few new anticheat mods actually require you to download and install manually.
Anyway, if you want to discuss this in detail I suggest we do this via PM.
__________________
How to feck up a perfectly good game:
UT (1999) = UnbelievableGameSoCoolIMustHelpBringNewPlayers Tournament
UT (2008) = Unreal ThrustMyPrivatePartsInYourFaceBish
And that's probably why UTIII was a relative flop. New game, same sh*thead players ^^.
Last edited by Azura : 10th August, 2008 at 06:24 PM.
|
10th August, 2008, 11:29 PM
|
Forum Newcomer
|
|
Join Date: Aug 2008
Location: South Africa
Posts: 5
|
|
Other than MSDN for the API references, I didnt. Its really not that complex.
To detect detour hooks you just need to scan the first 3 or 5 (5 on post XP SP2 systems) bytes of functions and make sure they are:
Code:
mov edi, edi
push ebp
mov ebp, esp
I didnt bother supporting pre-sp2 systems.
The table hook detection is can be done several ways such as either making sure the addresses are within the appropriate bounds, or even importing them from ntdll.
Process detection yet again can be done in several ways. I've got a peice of code I've been meaning to post on my blog for a while once I've cleaned it up that enumerates the processes from the pspcidtable. You can also do it with the use of csrss.exe.
I'll PM you momentarily.
|
13th August, 2008, 09:53 AM
|
Godlike
|
|
Join Date: Jul 2007
Posts: 261
|
|
Quote:
Originally Posted by The_Undead
Other than MSDN for the API references, I didnt. Its really not that complex.
To detect detour hooks you just need to scan the first 3 or 5 (5 on post XP SP2 systems) bytes of functions and make sure they are:
Code:
mov edi, edi
push ebp
mov ebp, esp
I didnt bother supporting pre-sp2 systems.
The table hook detection is can be done several ways such as either making sure the addresses are within the appropriate bounds, or even importing them from ntdll.
Process detection yet again can be done in several ways. I've got a peice of code I've been meaning to post on my blog for a while once I've cleaned it up that enumerates the processes from the pspcidtable. You can also do it with the use of csrss.exe.
I'll PM you momentarily.
|
The detour detection will be easy to bypass then, could easily detour a function on some random location and your detection would be rendered useless.
|
13th August, 2008, 07:59 PM
|
Forum Newcomer
|
|
Join Date: Aug 2008
Location: South Africa
Posts: 5
|
|
Quote:
Originally Posted by dodgethis
The detour detection will be easy to bypass then, could easily detour a function on some random location and your detection would be rendered useless.
|
As is the case with most detection programs.
There is no easy way (short of perhaps preforming a CRC check on each function) to do so otherwise.
|
14th August, 2008, 07:54 PM
|
Godlike
|
|
Join Date: Jul 2007
Posts: 261
|
|
Quote:
Originally Posted by The_Undead
As is the case with most detection programs.
There is no easy way (short of perhaps preforming a CRC check on each function) to do so otherwise.
|
Yep, and unfortunatly that can be spoofed by cheaters as well.
|
14th August, 2008, 08:25 PM
|
Forum Newcomer
|
|
Join Date: Aug 2008
Location: South Africa
Posts: 5
|
|
Yes but the aim of cheat protection is surely to keep the masses from cheating. We will always be able to bypass these systems given sufficient knowledge.
|
28th August, 2008, 09:15 PM
|
|
Holy Shit!!
|
|
Join Date: Apr 2003
Posts: 4,029
|
|
Quote:
Originally Posted by The_Undead
Yes but the aim of cheat protection is surely to keep the masses from cheating.
|
It is.
__________________
How to feck up a perfectly good game:
UT (1999) = UnbelievableGameSoCoolIMustHelpBringNewPlayers Tournament
UT (2008) = Unreal ThrustMyPrivatePartsInYourFaceBish
And that's probably why UTIII was a relative flop. New game, same sh*thead players ^^.
|
29th August, 2008, 04:38 AM
|
Killing Spree
|
|
Join Date: Jun 2008
Posts: 20
|
|
hey
Would it work for demo by any chance?
|
30th August, 2008, 07:08 AM
|
Forum Newcomer
|
|
Join Date: Aug 2008
Location: South Africa
Posts: 5
|
|
Demo?
|
31st August, 2008, 05:01 AM
|
|
Holy Shit!!
|
|
Join Date: Apr 2003
Posts: 4,029
|
|
Unreal Tournament demo version 3.48. Yes, some people are still playing it since it's release in '98-'99. I won't explain why and will just say it's a village versus town thing.
The anticheat being discussed here is actually designed for the stripped down version of the game.
Quote:
Originally Posted by dcsnypa
Would it work for demo by any chance?
|
Probably. It's all native and the OS is being targetted, not the game.
__________________
How to feck up a perfectly good game:
UT (1999) = UnbelievableGameSoCoolIMustHelpBringNewPlayers Tournament
UT (2008) = Unreal ThrustMyPrivatePartsInYourFaceBish
And that's probably why UTIII was a relative flop. New game, same sh*thead players ^^.
Last edited by Azura : 31st August, 2008 at 06:10 AM.
|
5th April, 2009, 01:22 PM
|
Banned
|
|
Join Date: Mar 2009
Posts: 30
|
|
Quote:
Originally Posted by Azura
Is the dll protected in any way ? Anything clientside can be messed with so it's best to make things as unreadable/decompilable as possible.
I've no idea how to detect processes that have been hidden but I'm willing to do some searching. Also I read an old document about cheats explaining something about accessing ring 0 (an OS' innermost circle). I don't know if that's a problem or of it's been successful but it would mean that code executed in this ring is all powerful.
One idea that's crossed my mind is to block the use of Microsoft's .NET framework seeing as it's used to accelerate the development of cheats. I don't know if it's practical but I haven't seen many essential applications that use it as of yet. Another is to somehow secure the minimum essential files (unrealtournament.exe, dlls, standard u files, anticheat packages) in a custom executable that will decompress everything that's necessary at each launch. This should avoid bytehacking as it would be virtually impossible to modify a file while it's being accessed by a program.
Apart from that I have a few ideas that are serverside only with the equivalent of the Turing test. Since they can never be 100% positives a level system should be implemented so a series of positives can be used to flag a player. This should keep the casual lamers out.
|
Thats true what azura says, u can spend a longtime makign anticheat but if the source isnt encrypted u are doing alot of work for nothing, i know this cause i tested the cscc for nUTcase[bees] i know he has an special encryption program from EPIC to make the files unbrakable for hacking the source,i think the normal encryption is easily cracked by an truthwintered hacker, but with special program from epic it will be more difficult.i dunno the exactly alfha rithm of it but to keep it simple in talk u need at least 2048 bits AES encryption ,by the way am testing alot of stuff for the new HGuard i hope alot of other will to and maby it will run on UT3 also
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|