PDA

View Full Version : Prefetch hook bans under a different category


Azura
12th February, 2005, 09:22 AM
The following thread has raised a question or two :
http://www.unrealadmin.org/forums/showthread.php?goto=newpost&t=9742

I realize that this will require messing with the system but I for one would like to see the hook prefetch bans listed under their own category instead of being listed along with classic uscript aimbots. As for the wallhack category, I was wondering if the radar executable actually works with UT2004. Is that the case ?

Limited
12th February, 2005, 09:53 AM
The following thread has raised a question or two :
http://www.unrealadmin.org/forums/showthread.php?goto=newpost&t=9742

I realize that this will require messing with the system but I for one would like to see the hook prefetch bans listed under their own category instead of being listed along with classic uscript aimbots. As for the wallhack category, I was wondering if the radar executable actually works with UT2004. Is that the case ?The newer versions of the radar do work with UT2004 along with a host of other games, however due to the nature of the prefetch, we cannot tell the version of the hack was used.

Your request for the "Prefetch" category has been approved, it will appear in UTAN 2.0.

Brando67
12th February, 2005, 01:39 PM
Cool.

LeeBe
12th February, 2005, 04:34 PM
Your request for the "Prefetch" category has been approved, it will appear in UTAN 2.0.

now that is a good compromise - nice one.

nixxy
12th February, 2005, 06:21 PM
rgr

Sardukar
12th February, 2005, 08:09 PM
Anything new on the scalable "punishment" for those identified with a prefetch file?

I still do not think it is right to globally ban someone just because they happened to be on a UTAN administrator's server when they had the prefetch file, and to only locally ban someone when it is a server belonging to a regular UTAN member.

I am also wondering what type of bans, exactly, will Epic's UTAN integration in their latest UT2004 patch cover? If Epic's banning system duplicated the bans for the prefetch files (for example), then I think the "global ban if you have that on a UTAN administrator's server" definitely need revising.

I've brought this up before but I'm not sure it reached the right people or received the attention I think it needs.

What does everyone else think?

5625Maniac
27th February, 2005, 08:10 PM
The pre-fetch scanning does have it's flaws and should be fixed up.

The obvious one is the false positives because it's just looking for the name, and not acutally scanning or detecting any signatures to actually detect or veryify is the real thing (like a virus scanner would do to scan virus reguardless of the file name).

It's not just the pre-fetch, there was already a case of a false positive because of a vehicle called Helios and user was innocently banned as a result which was eventually reversed. This wouldn't of happen if the proper detection scheme is implemented.

I can most likely make a blank text file called "FalsePostiveHeliosTest" something and that can most likely get detected as a cheat which is isn't.

Shambler
27th February, 2005, 09:44 PM
The prefetch bans generally go under filenames such as "Helios-Hook" or "Helios-Radar" etc., they are confirmed cheats and the chances of other legitimate programs going under the same name is practically none.

If it's simply a file name with the word "Helios" in it but that isn't already known as a cheat then it's most likely going to be thought of as suspicious but not bannable.
That's my understanding of how this works.

BLTicklemonster
27th February, 2005, 10:01 PM
IF one were to insist on testing hooks, it has been my experie- er, my brother told me, yeah that's it... that if you just rename the executable to fartwad.exe or whatever, it still works, but it prefetches under that name, and will not show up.

Just right click on the file, and rename.

OF COURSE, if you were stupid enough to use the renamed hook online in an uncontrolled environment, then of course it would be caught right off, and you'd be busted no matter what you called it. So be warned, if you insist on testing it, do it offline on your own machine with protection that is on your machine, or set up a lan server, or use a server that has not had the "tell mommy what is going on" changes made to the ut.ini file.

I got some ideas I intend to test, so I thought I'd share this with any like minded individuals. Nothing like having a prefetch catch to ruin your day, especially when you don't even mess with 2k4 protection in the first place. lol.


Or is that too much info in a public place? If so, by all means delete this reply, kind admin type.

ShiningSquirrel
27th February, 2005, 10:06 PM
The prefetch bans generally go under filenames such as "Helios-Hook" or "Helios-Radar" etc., they are confirmed cheats and the chances of other legitimate programs going under the same name is practically none.

If it's simply a file name with the word "Helios" in it but that isn't already known as a cheat then it's most likely going to be thought of as suspicious but not bannable.
That's my understanding of how this works.

And to go a step further, if a player is "stupid" enough, and I chose that word carefully, to purposly name a harmelss file with the exect same name as a known cheat, they deserve to be banned for being an a**H***.

Limited
28th February, 2005, 12:33 AM
The pre-fetch scanning does have it's flaws and should be fixed up.

The obvious one is the false positives because it's just looking for the name, and not acutally scanning or detecting any signatures to actually detect or veryify is the real thing (like a virus scanner would do to scan virus reguardless of the file name).

It's not just the pre-fetch, there was already a case of a false positive because of a vehicle called Helios and user was innocently banned as a result which was eventually reversed. This wouldn't of happen if the proper detection scheme is implemented.

I can most likely make a blank text file called "FalsePostiveHeliosTest" something and that can most likely get detected as a cheat which is isn't.Youve got UnrealED, start coding. :P

5625Maniac
28th February, 2005, 02:55 AM
Youve got UnrealED, start coding. :P

Who's providing the $$$?
-------------------------------------------------------------------
Honestly, name file test is an easy example of breaking the code because it isn't verifying anything. I do believe there is a better way for this.

Think about the truth table. Create an equation about what the detection is currently doing. A false positive will be in the result and it wouldn't be correct in the programmer's perspective.

ShiningSquirrel
28th February, 2005, 04:28 AM
Who's providing the $$$?

You would get paid the same way all the rest of the coders get paid.
Heck if you can do a good job on it, you may even get paid twice as much!

But just so you know, 2 X 0 still = 0, so don't spend it all in one place. ;)

5625Maniac
28th February, 2005, 05:44 AM
True, but even thou it is free, it's not beyond a reasonable doubt that it can be made correctly.

If not, why not put the skill to make a living in a high paid programming job then?

BLTicklemonster
1st March, 2005, 06:35 PM
Hmm, good place to put in a plug for all the killer coders on both sides of the spectrum. You hear all the time about how the big software companies say you get what you pay for, in reference to freeware. Well, I dare say that the stuff the ut community is doing is just as good, and no where as buggy as what the big dogs do, so (hijack thread hijack thread hijack thread) HERE'S A "WAY TO GO" TO ALL THE USCRIPTERS (and others) OUT THERE!!1 WAY TO GO!!1

Techslacker
1st March, 2005, 08:26 PM
True, but even thou it is free, it's not beyond a reasonable doubt that it can be made correctly.

If not, why not put the skill to make a living in a high paid programming job then?

One, to be made "correctly", one must have the tools or features for that to happen and still do it without a performance penalty. Do you know for a fact that this can be done? If so, how about seeing to it that it gets done?

Two, everyone puts their skill into various things for various reasons. Some people actually do free work like this in hopes to one day get that highly paid programming job you speak of. This essentially becomes their resume. Of course I'm not defending things here knowing what the motivation is for these developers but merely pointing out that one might be careful about blanket statements when criticizing.

Limited
2nd March, 2005, 03:52 AM
I do believe there is a better way for thisWell go on then, UnrealEd is awaiting you.

5625Maniac
2nd March, 2005, 05:47 AM
Well go on then, UnrealEd is awaiting you.

Isn't that Wombo's job since he created them in the first place?
-------------
Techslacker:

I'm basising it on theory aspect of programming. Also when I mentioned about the truth table, it gives idea which I was talking about.

I never used UnrealEd so not sure what's all behind it. I've programmed in C#, C++, VB, VB.NET, SQL for applications. Now at the U, I'm programming algorithm/data structures at the U in Java (ie. Linked List, Merge Sort, AVL Trees, Hashing, etc...) which is on the theory side.

Wormbo
2nd March, 2005, 09:29 AM
Isn't that Wombo's job since he created them in the first place?
Huh?

Limited
2nd March, 2005, 12:24 PM
If you want to say you can do it better, go DO it better before commenting on how you think it should be done. It's all good saying that it should be done with file GUID's and checks, but did you stop to think about the capabilities of the engine?

Techslacker
2nd March, 2005, 01:33 PM
Isn't that Wombo's job since he created them in the first place?

Created them? What are you talking about?

I'm basising it on theory aspect of programming. Also when I mentioned about the truth table, it gives idea which I was talking about.

I never used UnrealEd so not sure what's all behind it.

Basing off theory is fine and good if you know the features/capabilities of the environment and potential impact but it sounds as if you don't. You would be better served to ask why it's not done a certain way and learn the reasons why before criticizing.

One good example for some of this is someone I know began to develop his own anticheat protection for UT2k4 after being frustrated with the lag of earlier antitcc's and safegame. This was also a project for him to learn more about uscript. He was very sure of why there were performance penalties in those apps and attacked the perceived problem with his design. Once he got into it he found it was *much* harder than he thought and the performance issues didn't even reside where he thought they did. In our own community forums he had criticized the development of those apps but has since gotten a better understanding of the engine and why wormbo and cruicky are actually very limited in what they can do without creating a huge performance issue that can turn players away from the game.

5625Maniac
2nd March, 2005, 06:46 PM
Nm Wormbo, I thought you created some cheat detections when I read some UTAN ban logs which happen to have your name in it.

Ahh I see now Techslacker.