what is epic planning to do about aimbot?
- Thread starter thewalkingman
- Start date
-
Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.
Y
Yellow5
Guest
Nope they don't cause lag.
I don't know how well the petition was recieved (or maybe it's still open?) but I suspect Epic aren't going to do anything (directly) about the aimbot. I suspect breaking the 432 compatibility is just too much of a big no-no. Casual players could be more annoyed by that than the aimbot, and those of us who care are expected to seek out third-party (but supported) mutators.
Just my speculative opinion though; anything is possible.
I think they'll continue to "leave it up to the community" (community = Mr.SiN) to fix the problem.
I don't think CSHP will be part of the next UT patch.
I don't think CSHP will be part of the next UT patch.
You'd think that ngstats would at least support it and not place games played with it under the "Mod" headings. :/ That would certainly help Mr SiN, who can not receive enough kudos for his work and effort on CHSP.
SimplyCosmic
ERGO. VIS A VIS. CONCORDANTLY.
Client side modifications have long been a problem with client-server based multiplayers games. Id's been working on the problem for a very long time and still hasn't come up with a "magic bullet" to prevent the cheats along the lines of "aimbots".
See, the problem is that this is something of an "arms race" between the cheaters and the anti-cheats.
When Quake client-side bots began to appear in ernest, there was a proposal to add the ability for a server to check for modified clients (the idea at the heart of "pure servers"), much like CSHP does currently. The problem is that the code monkeys went and created a client which returned false results fooling the server into thinking it was a clean client. So, better checksums were added, based on PGP encrpyption and whatnot. Again, the code monkeys responded with better exploits, inlcuding proxy bots which allow a clean client use aiming help. There was even talk about wild concepts like encrypting the connection to help prevent the proxy's, but this would come at a cost of bandwidth.
It's an extremely complicated battle, and very much similiar to the give and take war between (h)ackers and security professionals.
Unreal has been very lucky so far, in that the aimbot problem came about very late in the game (almost a year after release). The community is also very lucky that the bot is very unsophisticated and very easy to detect.
However, CSHP is already starting to crack as more sophisticated cheatbots are beginning to surface as the real war between the cheaters and anticheaters heats up.
Relying solely on one type of defense (CSHP) isn't going to rid the community of the problem, and even Epic jumping into the picture isn't going to help. It's going to take better software, as well as human alertness, to keep the problem controllable.
It will never completely go away.
See, the problem is that this is something of an "arms race" between the cheaters and the anti-cheats.
When Quake client-side bots began to appear in ernest, there was a proposal to add the ability for a server to check for modified clients (the idea at the heart of "pure servers"), much like CSHP does currently. The problem is that the code monkeys went and created a client which returned false results fooling the server into thinking it was a clean client. So, better checksums were added, based on PGP encrpyption and whatnot. Again, the code monkeys responded with better exploits, inlcuding proxy bots which allow a clean client use aiming help. There was even talk about wild concepts like encrypting the connection to help prevent the proxy's, but this would come at a cost of bandwidth.
It's an extremely complicated battle, and very much similiar to the give and take war between (h)ackers and security professionals.
Unreal has been very lucky so far, in that the aimbot problem came about very late in the game (almost a year after release). The community is also very lucky that the bot is very unsophisticated and very easy to detect.
However, CSHP is already starting to crack as more sophisticated cheatbots are beginning to surface as the real war between the cheaters and anticheaters heats up.
Relying solely on one type of defense (CSHP) isn't going to rid the community of the problem, and even Epic jumping into the picture isn't going to help. It's going to take better software, as well as human alertness, to keep the problem controllable.
It will never completely go away.
nothing
they are going to do nothing. I've seen the e-mail. but ezteams v4 will come out soon with ultimate bot protection (only way to bypass will be some direct .u function hack or a c++ proxy).
even p0s will be stopped.
they are going to do nothing. I've seen the e-mail. but ezteams v4 will come out soon with ultimate bot protection (only way to bypass will be some direct .u function hack or a c++ proxy).
even p0s will be stopped.
I wish Epic WOULD do something. But honestly is it really up to THEM? It's not their fault the bot is out. It's the community and the idiot cheaters in it that spawned the aimbot. I don't think it's Epic's responsibility to fix it in UT. They SHOULD try to prevent it in Unreal 2, but as it was said it's a war that will NEVER end. Somone will always come up with a cheat no matter how secure you make it.
Re: nothing
they are going to do nothing. I've seen the e-mail. but ezteams v4 will come out soon with ultimate bot protection (only way to bypass will be some direct .u function hack or a c++ proxy).
even p0s will be stopped.
Wanna bet? If ezt4 is Uscript based it can be bypassed, just as CSHP can be bypassed. The problem is we are trying to fix the hole in the Titanic. For each thing going for us, 10 things are going against us.
As for Epic and the "problem". The problem is it's not a real problem to them. Bots and hacks in reality affect maybe at best 5-10% of the people who own UT? It's more important to Epic to make sure the remaining 90-95% of the owners be able to go online and play anywhere without having to hunt down patches. I think this is a smart decision. This is why they have embraced CSHP. It's a small simple solution that takes only a few seconds to automatically replicate to a client.
Yes, I know. HL/CS and Q3 all force you to do the patch hunt and frankly, it sucks.
Morety
Actually NGStats is more than happy to support CSHP. It's a supported mod and new versions will be added when I need them too be.
they are going to do nothing. I've seen the e-mail. but ezteams v4 will come out soon with ultimate bot protection (only way to bypass will be some direct .u function hack or a c++ proxy).
even p0s will be stopped.
Wanna bet? If ezt4 is Uscript based it can be bypassed, just as CSHP can be bypassed. The problem is we are trying to fix the hole in the Titanic. For each thing going for us, 10 things are going against us.
As for Epic and the "problem". The problem is it's not a real problem to them. Bots and hacks in reality affect maybe at best 5-10% of the people who own UT? It's more important to Epic to make sure the remaining 90-95% of the owners be able to go online and play anywhere without having to hunt down patches. I think this is a smart decision. This is why they have embraced CSHP. It's a small simple solution that takes only a few seconds to automatically replicate to a client.
Yes, I know. HL/CS and Q3 all force you to do the patch hunt and frankly, it sucks.
Morety
Actually NGStats is more than happy to support CSHP. It's a supported mod and new versions will be added when I need them too be.
ok...
an aimbot is a piece of code that sets the players viewrotation to face enemies. thus resulting in the player always aiming at the enemy and never missing.
DrSin, yes it can by bypassed, but only with a c++ program. why can't uscript hack it?
1. It actually looks for an unauthorized change of the viewrotation, not doing a foreach allactors scan on the client.
2. All tracking the data are defined as private (which makes it pretty damn hard to change). though set commands might bypass it, it is disabled client side on 432+, so just force clients to have 432+
3. To prevent source rips a fire texture will go in. It will be sent to the server as well as other stuff. Personally I don't think you can import firetextures directly (much less export them), thus it is immune. A hacked client would be missing the texture or have its properties screwed.
I challenge you, when it comes out, to break it. Really.
Oh it also stops message system hacking (i.e. use of broadcast and broadcastlocalized message client-side).
an aimbot is a piece of code that sets the players viewrotation to face enemies. thus resulting in the player always aiming at the enemy and never missing.
DrSin, yes it can by bypassed, but only with a c++ program. why can't uscript hack it?
1. It actually looks for an unauthorized change of the viewrotation, not doing a foreach allactors scan on the client.
2. All tracking the data are defined as private (which makes it pretty damn hard to change
). though set commands might bypass it, it is disabled client side on 432+, so just force clients to have 432+ 3. To prevent source rips a fire texture will go in. It will be sent to the server as well as other stuff. Personally I don't think you can import firetextures directly (much less export them), thus it is immune. A hacked client would be missing the texture or have its properties screwed.
I challenge you, when it comes out, to break it. Really.
Oh it also stops message system hacking (i.e. use of broadcast and broadcastlocalized message client-side).
1 more thing.
I'd actually recommend that cshp is still used on servers. That way other cheats are mostly stopped (player lighting for one). This will just stop epic file hacking.
I'd actually recommend that cshp is still used on servers. That way other cheats are mostly stopped (player lighting for one). This will just stop epic file hacking.
Re: ok...
First let me say I wasn't trying to start a pissing match. I really hope DarkByte comes up with a magic Uscript solution. However don't expect me to even consider holding my breath.
And since you're not DarkByte and I love a good pissing match.. here..
an aimbot is a piece of code that sets the players viewrotation to face enemies. thus resulting in the player always aiming at the enemy and never missing.
1. It actually looks for an unauthorized change of the viewrotation, not doing a foreach allactors scan on the client.
That would all well and good, but A) Aimbots are the least trouble-some UScript hacks. I think the Flag Tracker is the worst, followed by enhanced huds and timers. You can physically SEE an aimbot. B) mathmatical solutions are easy to spoof. I assume you're talking about tracking the view rotation independant of the actual client and looking to see if changes fall within a tolerance. Of course.. nothing stops me from creating a bot that adds random jitter to keep it outside that tolerance. I looked in to this early on and this idea is the reason I built my aimbot. I decided not to go this route because it's too easy to bypass.
2. All tracking the data are defined as private (which makes it pretty damn hard to change). though set commands might bypass it, it is disabled client side on 432+, so just force clients to have 432+
I won't answer this as it gives too much information, but you can just throw this whole notion out the window.
3. To prevent source rips a fire texture will go in. It will be sent to the server as well as other stuff. Personally I don't think you can import firetextures directly (much less export them), thus it is immune. A hacked client would be missing the texture or have its properties screwed.
Man thanks for the chuckle, it's been a hard day here at work. There are so many things wrong with this idea. Let's just say I don't think you really understand how things are replicated/references in UT. This won't stop anything.
Actual textures are never replicated, only references to them so nothing stops me from creating a new texture called EZTeamsFireTexutre (or whatever you call it) and let it replicate the reference to you.
I challenge you, when it comes out, to break it. Really.
I won't need to. It took exactly 3 hours after CSHP became big before someone beat it (granted he was someone I trusted). You did it in how many hours? I don't need to break Darkbytes code. I'm fairly certain that CSHP cloaked cheats exist. Someone else will break EzTeams4.
I've said this 100x. CSHP isn't designed to stop cheating. That is impossible. CSHP is designed to stop WIDE SPREAD cheating. Frankly I don't really care of some elite uscript coder in some clan is cheating. I only care if he makes that cheat available to everyone.
Luckily for UT at least.. until WarDog (or some other moron in CaF) released the funbot to the net, the cheaters were keeping things close to the vest.
Oh it also stops message system hacking (i.e. use of broadcast and broadcastlocalized message client-side).
Groovy.. lot of people taking about this one. Haven't really gotten a chance to look at it yet.
I'd actually recommend that cshp is still used on servers. That way other cheats are mostly stopped (player lighting for one). This will just stop epic file hacking.
Unless you're doing a DLL solution, this will do nothing to stop file hacking. And if you do do a DLL solution, kiss off Linux and Mac players. At best this would help detect aimbots.
First let me say I wasn't trying to start a pissing match. I really hope DarkByte comes up with a magic Uscript solution. However don't expect me to even consider holding my breath.
And since you're not DarkByte and I love a good pissing match.. here..
an aimbot is a piece of code that sets the players viewrotation to face enemies. thus resulting in the player always aiming at the enemy and never missing.
1. It actually looks for an unauthorized change of the viewrotation, not doing a foreach allactors scan on the client.
That would all well and good, but A) Aimbots are the least trouble-some UScript hacks. I think the Flag Tracker is the worst, followed by enhanced huds and timers. You can physically SEE an aimbot. B) mathmatical solutions are easy to spoof. I assume you're talking about tracking the view rotation independant of the actual client and looking to see if changes fall within a tolerance. Of course.. nothing stops me from creating a bot that adds random jitter to keep it outside that tolerance. I looked in to this early on and this idea is the reason I built my aimbot. I decided not to go this route because it's too easy to bypass.
2. All tracking the data are defined as private (which makes it pretty damn hard to change
). though set commands might bypass it, it is disabled client side on 432+, so just force clients to have 432+ I won't answer this as it gives too much information, but you can just throw this whole notion out the window.
3. To prevent source rips a fire texture will go in. It will be sent to the server as well as other stuff. Personally I don't think you can import firetextures directly (much less export them), thus it is immune. A hacked client would be missing the texture or have its properties screwed.
Man thanks for the chuckle, it's been a hard day here at work. There are so many things wrong with this idea. Let's just say I don't think you really understand how things are replicated/references in UT. This won't stop anything.
Actual textures are never replicated, only references to them so nothing stops me from creating a new texture called EZTeamsFireTexutre (or whatever you call it) and let it replicate the reference to you.
I challenge you, when it comes out, to break it. Really.
I won't need to. It took exactly 3 hours after CSHP became big before someone beat it (granted he was someone I trusted). You did it in how many hours? I don't need to break Darkbytes code. I'm fairly certain that CSHP cloaked cheats exist. Someone else will break EzTeams4.
I've said this 100x. CSHP isn't designed to stop cheating. That is impossible. CSHP is designed to stop WIDE SPREAD cheating. Frankly I don't really care of some elite uscript coder in some clan is cheating. I only care if he makes that cheat available to everyone.
Luckily for UT at least.. until WarDog (or some other moron in CaF) released the funbot to the net, the cheaters were keeping things close to the vest.
Oh it also stops message system hacking (i.e. use of broadcast and broadcastlocalized message client-side).
Groovy.. lot of people taking about this one. Haven't really gotten a chance to look at it yet.
I'd actually recommend that cshp is still used on servers. That way other cheats are mostly stopped (player lighting for one). This will just stop epic file hacking.
Unless you're doing a DLL solution, this will do nothing to stop file hacking. And if you do do a DLL solution, kiss off Linux and Mac players. At best this would help detect aimbots.
catch my drift
Could you make cshp(or variant) a new download everytime you log in and make it a different version from the last time played?
Could you make cshp(or variant) a new download everytime you log in and make it a different version from the last time played?
hehehe. sorry man you didn't beat me, partially not fully
first of all ezteams v4 isn't just about security. It also will support stuff like client-side skin setting (where the server won't need the skin/model for clients to use it).
and darkbyte's cool admin interface.
now I'll take the liberty of rebuting some of your statements:
flag tracker? what the hell? that some drawportal or just a vector readout? Either way it'll be pretty damn hard to know exactly where it is. Hmm, I play more RA than CTF though, so I don't care. enhanced huds? like aimtrainer shoved in a console? uh, ok. and timers? ok. that's cool. how can you read destruction of inv items though???? oh well. play RA, like me Personally I like player lighting. The average person will get a 1% increase in FPH. and no, it has no tolerance stuff. What DB is doing is checking validy of the mouse inputs. simple state and location checks fix problems accociated with redeemer, teleporters, and respawing. I suppose you could fake the mouse axes, but that would be damn hard to do.
Uh, duh! I've read Sweeny's docs. It's obvious as well (or you'd have connection data in the 5 meg + range). Nothing stops you? Hmm... lets add a fire texture in Ued. let's save. Oh no, now I get version mismatches! doesn't that suck? lets see, there is also no way to DIRECTLY import firetextures. You could do a package import, but then (assuming those guid's for classes actually work. I REALLY hope they do) the guid is changed for the class. Besides I'm sending the pallette too. (that's the reference, k!) I suppose you could crack it, but all I could say is that it would take forever and demonstrate that someone (the person who bypasses it) really doesn't have much of a life....
I'm sure they will. but everyone is getting po'ed at p0s. here's some nice defense against him. Oh and seeing that I never even heard of cshp for at least 12 days after it was released, I don't think the time factor has to do with anything (and I had no motive until I was kicked and banned due to oldskool).
first of all ezteams v4 isn't just about security. It also will support stuff like client-side skin setting (where the server won't need the skin/model for clients to use it).
and darkbyte's cool admin interface.
now I'll take the liberty of rebuting some of your statements:
flag tracker? what the hell? that some drawportal or just a vector readout? Either way it'll be pretty damn hard to know exactly where it is. Hmm, I play more RA than CTF though, so I don't care
. enhanced huds? like aimtrainer shoved in a console? uh, ok. and timers? ok. that's cool. how can you read destruction of inv items though???? oh well. play RA, like me Personally I like player lighting. The average person will get a 1% increase in FPH. and no, it has no tolerance stuff. What DB is doing is checking validy of the mouse inputs. simple state and location checks fix problems accociated with redeemer, teleporters, and respawing. I suppose you could fake the mouse axes, but that would be damn hard to do.I said it was vulnerable right? It just will stop all but the most experienced uscript hackers.
Uh, duh! I've read Sweeny's docs. It's obvious as well (or you'd have connection data in the 5 meg + range). Nothing stops you? Hmm... lets add a fire texture in Ued. let's save. Oh no, now I get version mismatches! doesn't that suck? lets see, there is also no way to DIRECTLY import firetextures. You could do a package import, but then (assuming those guid's for classes actually work. I REALLY hope they do) the guid is changed for the class. Besides I'm sending the pallette too. (that's the reference, k!) I suppose you could crack it, but all I could say is that it would take forever and demonstrate that someone (the person who bypasses it) really doesn't have much of a life....
I'm sure they will. but everyone is getting po'ed at p0s. here's some nice defense against him. Oh and seeing that I never even heard of cshp for at least 12 days after it was released, I don't think the time factor has to do with anything (and I had no motive until I was kicked and banned due to oldskool).
can dll's even be sent, like ut packages? no I'm not. that's why it would really be nice if epic added the checksum. It will do nothing? It will contain it for a couple of hours
Re: no actually I did..
I'm tired and it's late so I'll be quick.
flag tracker? what the hell? that some drawportal or just a vector readout? Either way it'll be pretty damn hard to know exactly where it is. Hmm, I play more RA than CTF though, so I don't care. enhanced huds? like aimtrainer shoved in a console? uh, ok. and timers? ok. that's cool. how can you read destruction of inv items
A flag tracker gives you the location of both FC's at all time. It makes it really easy to find them. Kinda like Radar. As for the huds.. yea.. like AimTrainer. Here's an example from a cheat I've seen. It places a target retucle (sp?) around each player, combo and redeemers. It also changes the retucle when a combo shot is in a kill range. Oh, and because of the way replication works, you get a 1-6 seconds of see through wall time as well.
What DB is doing is checking validy of the mouse inputs. simple state and location checks fix problems accociated with redeemer, teleporters, and respawing. I suppose you could fake the mouse axes, but that would be damn hard to do.
So he's swapping to a new playerpawn. Interesting idea but still doesn't matter. If he's checking client-side it's 100% bypassable and if he's checking server side it's not accurate.
I said it was vulnerable right? It just will stop all but the most experienced uscript hackers.
Actually, this doesn't take much experiance to stop unfortunately.
Nothing stops you? Hmm... lets add a fire texture in Ued. let's save. Oh no, now I get version mismatches!
doesn't that suck?
See, you've lost yuorself. you have a version mismatch error until you conform the package. Then it doesn't matter anymore. GUID's are package based, not class based.
I can decompile your source and rebuild it. As long as I put any fire texture in there with the same name, the server will think it's right.
I'm sure they will. but everyone is getting po'ed at p0s. here's some nice defense against him. Oh and seeing that I never even heard of cshp for at least 12 days after it was released, I don't think the time factor has to do with anything (and I had no motive until I was kicked and banned due to oldskool).
I was kind of refering to how long it took when you decided to do it. I know people are ticked at POS. If I had time I'd stop him. I know how he's getting past CSHP and I'll close that particualar hole in the next release.
can dll's even be sent, like ut packages? no I'm not. that's why it would really be nice if epic added the checksum. It will do nothing? It will contain it for a couple of hours
No, but a dll is a possible solution for Clans where they don't mind pre-installing something. But it rules out linux and mac servers and players.
I'm tired and it's late so I'll be quick.
flag tracker? what the hell? that some drawportal or just a vector readout? Either way it'll be pretty damn hard to know exactly where it is. Hmm, I play more RA than CTF though, so I don't care
. enhanced huds? like aimtrainer shoved in a console? uh, ok. and timers? ok. that's cool. how can you read destruction of inv items A flag tracker gives you the location of both FC's at all time. It makes it really easy to find them. Kinda like Radar. As for the huds.. yea.. like AimTrainer. Here's an example from a cheat I've seen. It places a target retucle (sp?) around each player, combo and redeemers. It also changes the retucle when a combo shot is in a kill range. Oh, and because of the way replication works, you get a 1-6 seconds of see through wall time as well.
What DB is doing is checking validy of the mouse inputs. simple state and location checks fix problems accociated with redeemer, teleporters, and respawing. I suppose you could fake the mouse axes, but that would be damn hard to do.
So he's swapping to a new playerpawn. Interesting idea but still doesn't matter. If he's checking client-side it's 100% bypassable and if he's checking server side it's not accurate.
I said it was vulnerable right? It just will stop all but the most experienced uscript hackers.
Actually, this doesn't take much experiance to stop unfortunately.
Nothing stops you? Hmm... lets add a fire texture in Ued. let's save. Oh no, now I get version mismatches!
doesn't that suck?
See, you've lost yuorself. you have a version mismatch error until you conform the package. Then it doesn't matter anymore. GUID's are package based, not class based.
I can decompile your source and rebuild it. As long as I put any fire texture in there with the same name, the server will think it's right.
I'm sure they will. but everyone is getting po'ed at p0s. here's some nice defense against him. Oh and seeing that I never even heard of cshp for at least 12 days after it was released, I don't think the time factor has to do with anything (and I had no motive until I was kicked and banned due to oldskool).
I was kind of refering to how long it took when you decided to do it. I know people are ticked at POS. If I had time I'd stop him. I know how he's getting past CSHP and I'll close that particualar hole in the next release.
can dll's even be sent, like ut packages? no I'm not. that's why it would really be nice if epic added the checksum. It will do nothing? It will contain it for a couple of hours
No, but a dll is a possible solution for Clans where they don't mind pre-installing something. But it rules out linux and mac servers and players.