Not for nothing, but this is how all the CS cheating began. With only a few simple cheats and now it seems everyone on the CS servers cheat. Of course, I don't see any fun in that, but is it possible UT may be heading in that direction?
Maybe I lost myself, but then again this is coming from someone spelling "yourself" "yuorself".See, you've lost yuorself. you have a version mismatch error until you conform the package. Then it doesn't matter anymore. GUID's are package based, not class based.
I can decompile your source and rebuild it. As long as I put any fire texture in there with the same name, the server will think it's right.
well, you first need to know how to confirm packages (isn't very well documented ). And know of a source ripper.Actually, this doesn't take much experiance to stop unfortunately.
last time I checked, he was using the hole that can't be closed, at least by yours...I was kind of refering to how long it took when you decided to do it. I know people are ticked at POS. If I had time I'd stop him. I know how he's getting past CSHP and I'll close that particualar hole in the next release.
So he's swapping to a new playerpawn. Interesting idea but still doesn't matter. If he's checking client-side it's 100% bypassable and if he's checking server side it's not accurate.
Thats an interesting measure of intelligence you've worked out there... Unfortunatly it doesn't seem to be very accurate or precise.Maybe I lost myself, but then again this is coming from someone spelling "yourself" "yuorself".
I wont even bother explaining how you can get around this, its so simple. Plus I dont want to give people ideas on how to compromise any system.you got an idea of how to import a fire texture via exec commands? You can only import it in via a utx file. and then the pallette class will get changed. The only way to confirm the package as far as I know is via ucc. so you're still screwed. I know they are package based, so the one in object is just that? but like I said, the palette would get screwed up if you reimported the texture. Besides there are plenty of privates in there too....
a)well, you first need to know how to confirm packages (isn't very well documented ). And know of a source ripper.
=======================================
ucc.exe: UnrealOS execution environment
Copyright 1999 Epic Games Inc
=======================================
Usage:
ucc conform existing_file.ext old_file.ext
Parameters:
existingfile.ext Existing binary file to load, conform, and save
oldfile.ext Old file to make source file binary compatible with
And yet you beleive you are impervious to this as well?last time I checked, he was using the hole that can't be closed (package hacking).
Splendid. That way you won't be able to replicate any of the calculations!Maybe, but remember that the package needs to be recompiled to bypass it. and maybe the calculations can all go on via a object (not actor).
From my point of view, it doesn't matter if your vars are private, since all hacks will be done in the class itself.As far as I no, there are no way to get private vars (well, if you know then e-mail me at usaar33@yahoo.com).
Its no stronger than CSHP. Its vulnerable to EXACTLY the same hack. NO System is unhackable - its mathematically impossible. I doubt yours will last very long, from what I've read about it in this thread.either way its stronger security than cshp. Besides the real things its got is the admin interface and the skin/model code.
I was simply being sarcastic, nothing more. I'm not saying anyone is smarter than anyone.Thats an interesting measure of intelligence you've worked out there... Unfortunatly it doesn't seem to be very accurate or precise.
I'm a moron! that's nice. I've always wanted to be one (and I was referring that the hacker (not Dr. Sin, I suppose a chose the wrong pronoun would need to know how to do that. I only knew of putting the old file in system conform. They just keep adding on commandlets don't they? (and then I suppose this has been around since 400). I never relized how many have been added since unreal I).a)
confirm packages? Hmm, following the intelligence rating system you used above to judge DrSiN - that error would make you a moron.
b)
code:--------------------------------------------------------------------------------=======================================
ucc.exe: UnrealOS execution environment
Copyright 1999 Epic Games Inc
=======================================
Usage:
ucc conform existing_file.ext old_file.ext
Parameters:
existingfile.ext Existing binary file to load, conform, and save
oldfile.ext Old file to make source file binary compatible with
--------------------------------------------------------------------------------
to plugging in the bot in an epic package, yes. But once the code is changed around in ezteams, any aimbot is will work. Yet, the same is true for cshp. If Epic wouldn't give out the amount of information that they have on their package format, perhaps source decompilers wouldn't exist. Yet they do, which means total security is impossible...And yet you beleive you are impervious to this as well?
well, its not my package anyway. It's darkbyte[s&d]'s. Yes no system is unhackable. The goal is simply to increase the difficulty. It is vulnerable to a user rebuilding itself, but not to an aimbot being put in a standart epic package.Its no stronger than CSHP. Its vulnerable to EXACTLY the same hack. NO System is unhackable - its mathematically impossible. I doubt yours will last very long, from what I've read about it in this thread.
uh, it can call a replicated function in an actor. And there are other ways to kick a client besides telling the server to do so. Just have a while(true) loop. It'll simply crash the client (or lock it up if the loop is so enough for UT never to catch it). this is A) more annoying to the would-be hacker and B) prevents messing around with variables and C) slows the hacking down (at least 2 minutes will be needed to catch the iterator or the would be hacker might just reboot (which on my comp requires ~ 3 minutes). Yet the real advantage of ezteamsv4 will be the lack of false positives. It can tell if a client-side mod is an aimbot or not. Thus people will be able to hapily use decalstay, nosmoke, oldskool, etc. while not worrying about bots. I do relize though that there are other cheats though aside of aimbots. Yet seeing that they are unreleased and probably bypass cshp anyway, I do not view it as a big deal. (the anti-bot code BTW was started before Sin's version of cshp that had a simple mode, so other mods wouldn't be targeted). I'm not saying ezteams is invulnerable. It has only one hole though, while cshp has two. And with its other features (stopping users from bruteforcing admin passwords and preventing the broadcast and broadcastlocalized message calls), it tends to be a better choice. (and security is only a tiny part. I might add admin bots, a different skin replication system (allow clients to recieve meshes and skins as strings so they can dynamically load it, allowing the server to not need the skin/model for a client to use it. It ought to help the skin community out a LOT. And of course the admin interface. So even if the security part fails, at least the mod will still be quite useful.Splendid. That way you won't be able to replicate any of the calculations!
I feel flames coming on
Actually, this commandlet was introduced at the same time as the rest of the conform stuff.They just keep adding on commandlets don't they? (and then I suppose this has been around since 400). I never relized how many have been added since unreal I).
I'm not sure just exactly how you're planning to acheive this.to plugging in the bot in an epic package, yes.
Again.Yet the real advantage of ezteamsv4 will be the lack of false positives. It can tell if a client-side mod is an aimbot or not.
Actually, it takes about 3-4 SECONDS for UT to figure out its in a runaway loop. Plus it tells you the function responsible for it.Just have a while(true) loop. It'll simply crash the client (or lock it up if the loop is so enough for UT never to catch it). this is A) more annoying to the would-be hacker and B) prevents messing around with variables and C) slows the hacking down (at least 2 minutes will be needed to catch the iterator
I highly doubt people will use it, if lots of people start bypassing it.So even if the security part fails, at least the mod will still be quite useful.
That would be when? And I know it wasn't in unreal 2.26 (it only has make, master, masterserver, and a couple other server related ones...). And what conform stuff? Are you referring to the systemconform directory or what?Actually, this commandlet was introduced at the same time as the rest of the conform stuff.
As I said before, Ezteams is searching for an unauthorized change (where an allowed one would be via keyboard/mouse inputs, a teleporter, respawing, or using a redeemer) to the viewrotation. CSHP searches for client-side actors not allowed by the server. And someone of your intelligence can easily figure out how it won't break harmless (that is non-aimbot) mods and also stop the err..um...method cshp has wholes in...I'm not sure just exactly how you're planning to acheive this.
Again
that is not entirely true. In a empty function, yes. You just add stuff in like traces. I've seen this bug before. It will pretty much never catch it (the railgun's loop (legacy) that had a bad trace call inside it was never detected in even an hour. and since the log is wiped...Actually, it takes about 3-4 SECONDS for UT to figure out its in a runaway loop. Plus it tells you the function responsible for it.
That's like saying that servers shouldn't be using cshp anymore! And we'll see how long it takes you. And if you bypass it the non-cheap way (decompiling the source with some function ripper), then you are truly the 1337 uscripterI highly doubt people will use it, if lots of people start bypassing it.
In any case, I accept the challenge you proposed a few posts eariler. I give it 1-2 hours, max.
That would be when? And I know it wasn't in unreal 2.26 (it only has make, master, masterserver, and a couple other server related ones...). And what conform stuff? Are you referring to the systemconform directory or what?
=======================================
ucc.exe: UnrealOS execution environment
Copyright 1999 Epic Games Inc
=======================================
Usage:
ucc <command> <parameters>
Commands for "ucc":
ucc conform Generate conforming binary files
ucc help <command> Get help on a command
ucc make Rebuild UnrealScript packages
ucc master Build master installer files
ucc masterserver Maintain master list of servers.
ucc server Network game server
ucc updateserver Service Unreal Engine auto update requests.
This needs to be done client side, and thus _TOTALLY_ vulnerable.As I said before, Ezteams is searching for an unauthorized change (where an allowed one would be via keyboard/mouse inputs, a teleporter, respawing, or using a redeemer) to the viewrotation.
I will use nothing but an install of UT, with whatever files Epic provides applied to it (Patches etc), my fingers, and a bit of logic and programming.And we'll see how long it takes you. And if you bypass it the non-cheap way (decompiling the source with some function ripper), then you are truly the 1337 uscripter
did I say it was invulnerable? no. It just stops false positives and closes one of cshp's holes. cshp has many though. And I'm sure ezteams will have some to.This needs to be done client side, and thus _TOTALLY_ vulnerable.
very well. I could probably get darkbyte to send it to you (source wiped of course) now and set up a serverI will use nothing but an install of UT, with whatever files Epic provides applied to it (Patches etc), my fingers, and a bit of logic and programming.
very well. I could probably get darkbyte to send it to you (source wiped of course) now and set up a server
I believe I said this as well earlier. I guess flaming tends to increase my arrogance expodentially.People should run both and any others that come along.
Actually I have thought of it. Darkbyte claims to have some security against this (assuming we are speaking about the same thing, I won't mention it however). I haven't seen it all myself, thus I'm only taking his word on it. And yes, as far as I know all aimbots would be rooted in viewrotation (just not need a direct change).I'll give you an example. Using viewrotation is hardly the only method of writing an aimbot. But you haven't thought of that have you? Using a console hack, I could quickly code something that would give your protection 100% authentic results that you could never detect or never stop.
function ServerMove
(
float TimeStamp,
vector InAccel,
vector ClientLoc,
bool NewbRun,
bool NewbDuck,
bool NewbJumpStatus,
bool bFired,
bool bAltFired,
bool bForceFire,
bool bForceAltFire,
eDodgeDir DodgeMove,
byte ClientRoll,
int View,
optional byte OldTimeDelta,
optional int OldAccel
)
yes, but the irony is that without funbot, cshp was never used. never forgot that your ways are exploitable too. how much more or less? That is quite hard to judge.Remember, I didn't write CSHP overnight. It was 6 months in development before the first release ever occured and it's now going on a year old. The avenues you are taking are not new. They're just are easilly exploitable.
hey, if I knew about cshp in advance, I would've had a nice option to disable the actor. Yet I didn't. Once I get things worth having a new release, then I'll release it. But it has caused many to uninstall oldskool. I only can fear what happens with legacy and onp, which depends on the mod . I congradulate you though with the new version which simply destroys rogue actors. Now if only admins would run it....Sorry to say OldSkool is one of them. It has nothing to do with the mod and I'm sorry you take it personally. But by allowing ANY unauthroized mod you allows for cheating.
What makes it undetectable? And cshp runs foreach allactor iterator loops client-side, so nothing is stopped there. I suppose nothing can ever stop client-side hacksFor example, what happens when I create a bot from a client-side level actor that uses the default UTConsole to bypass your protection. This bot would take 5 mins to write and would be completely undetectable by your code.
CSHP would see it right away and kill it. But if I allow the client to decide what mods are kosher, then nothing stops me from creating this bot in the package OldSkool (or whatever your package is) and spoofing right by it.