Announcement

Collapse
No announcement yet.

Implementing Anti-Cheat

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Implementing Anti-Cheat

    Haven't seen anything on this, how would you go about doing it?

    #2
    Anti-Cheat is like a Anti-Virus software it is very hard for a single person to code it and if you do manage to do it is an ongoing process of updating because of the rapid updates that cheaters are pushing out.
    Most cheats involve injecting a DLL into the game processes (suspend process, alloc memory, copy LoadLibrary code, save registers and move the instruction pointer, resume process... | CreateRemoteThread()) and either modifying the function table to hook events or hooking direct 3D calls. So to make an anti-cheat you would have to detect these actions.

    Comment


      #3
      You could implement things on the server to detect player velocity and other unnatural values for fields, and perhaps allow users to send cheat reports, that would trigger the server to record the target player's movement and actions. Detecting remote thread attachments and memory alters is gonna be a nightmare.

      Comment


        #4
        How does Valve's cheat system work? Can you integrate that? I've seem some indie games use that (Rust maybe?).
        Join us on IRC! We are on #unrealengine @ freenode.org

        Comment


          #5
          Good anticheats (not from scratch and in no special order)

          Punkbuster
          Battleye
          Gameblocks (fairfight)

          Comment


            #6
            No anti-cheat if fool proof just FYI.
            To get back in subject you should worry about that after you reach a working copy state like Alpha release. Implement something that is already there like Vapor33 said and then you can also create your own to back it up.
            VFX Artist
            Portfolio: Here

            Comment


              #7
              Originally posted by DieByZer0 View Post
              No anti-cheat if fool proof just FYI.
              To get back in subject you should worry about that after you reach a working copy state like Alpha release. Implement something that is already there like Vapor33 said and then you can also create your own to back it up.
              No Cheat-System works unless you handle all important values and verify anything on server like a MMO.

              I did learn C/C++ and Assembla through Cheating...

              Comment


                #8
                Hello , try to create a separate library - cheat . Which will have plenty of flow , which will be responsible for ralichnye safety aspects ; just try not to use the standard data types , for example, if possible, use a 1- 2- byte variables , if possible, instead of 4 bytes. Also, you can try to use salt in the data : for example, we have 100 edenits health, and keep in mind - a temporary variable its salt - 200. For kordinat player can use three vectors : kordinaty past , current , and the current acceleration kordinay ...

                P.s Sorry for my bad English .
                P.P.S. Try to implement a library that each time itself will be generated - for example to create a litter to offset the memory addresses .
                P.P.S. Cheat maintenance used as a client-server application on the client side, as multiplayer in STALKER.
                Sorry for my bad english, I'm from Russia. Thnx =)

                Comment


                  #9
                  Originally posted by SUCKERPUNCH View Post
                  No Cheat-System works unless you handle all important values and verify anything on server like a MMO.

                  I did learn C/C++ and Assembla through Cheating...
                  I second this, 3 years of making game hacks as well as anti-cheats taught me that.

                  Comment


                    #10
                    Yes i do agree that the Server side control eliminates any cheats, I was talking about non-server controlled files that can potentially be injected.
                    VFX Artist
                    Portfolio: Here

                    Comment


                      #11
                      I can recommend Fairfight and Punkbuster. Battlefield 4 is using it and I've seen no cheater since release date, although you can buy professional hacks.

                      Comment


                        #12
                        Should it not all be straight forward though, and automated, for example your cheat algorithms are searching for unusual behavior, DLL injection and the like, but once you have you scanner in place you then send the cheaters GUID back to the server which auto updates a db and hence bans the user then you auto update the client software, if needed, and that's it. So all automatic.

                        For example in Wolf:ET, punkbuster stopped supporting it a few years ago and a group of people started TZAC(I think it was called) but they stopped working on it after a couple of years and hence most people stopped playing ET. But why shouldn't it all be automatic, why do you need people constantly working on it?

                        Comment


                          #13
                          Originally posted by ram76 View Post
                          Should it not all be straight forward though, and automated, for example your cheat algorithms are searching for unusual behavior, DLL injection and the like, but once you have you scanner in place you then send the cheaters GUID back to the server which auto updates a db and hence bans the user then you auto update the client software, if needed, and that's it. So all automatic.

                          For example in Wolf:ET, punkbuster stopped supporting it a few years ago and a group of people started TZAC(I think it was called) but they stopped working on it after a couple of years and hence most people stopped playing ET. But why shouldn't it all be automatic, why do you need people constantly working on it?
                          The logic would be sound if cheating was static.

                          It's not the detection part that’s the problem or coming up with code solution to solve for a particular cheat but as someone mentioned it's an on going problem similar to dealing with virus on an ongoing bases when some hacker figures out a way around the anti-cheat measures.

                          So your not really dealing with a single issue of the cheat but three problems.

                          Detecting the cheat
                          Preventing the cheater from figuring out the detection.
                          Updating the anti-cheat once they figure out the detection that once again makes their cheat undetectable by the software solution.

                          And the cycle continues.

                          Cheating is a virus that once you discover the cure it mutates into something that the cure no longer can identify.

                          Overall it's best to leave it up to a service unless you have the time and resources to handle the hackers on an on going bases (it's the hacker that's the problem not the cheat being used)
                          Last edited by FrankieV; 05-03-2014, 09:33 AM. Reason: add info
                          Clarke's third law: Any sufficiently advanced technology is indistinguishable from magic.
                          Custom Map Maker Discord
                          https://discord.gg/t48GHkA
                          Urban Terror https://www.urbanterror.info/home/

                          Comment


                            #14
                            Don't forget that should you ever dare to ban the cheater he will launch ddos attacks to your website.

                            Comment


                              #15
                              Originally posted by DieByZer0 View Post
                              Yes i do agree that the Server side control eliminates any cheats, I was talking about non-server controlled files that can potentially be injected.
                              More accurate to say is severely mitigates a large category of cheats.

                              If at any...any...point, you need to trust the client for ANY piece of information(and for the most part...you do), that's an opportunity for cheating, granted, some cheating is pretty pointless(modifying names of players only on your local client, for example)...some isn't(aimbotting, as long as you trust the client that the mouse has been moved...aimbots will exist).

                              The best you can do against client-side cheating where you have to trust the client for a particular piece of information, is some kind of behavioral model combined with good bounding of values(player can never move faster than X, given speed X, it's highly unlikely they're at position Y over time Z)

                              Comment

                              Working...
                              X