Open-source ET = heaven for cheaters?


(Undead_fly) #1

Now that the ET engine is open-source, I’m a bit (very) concerned about cheaters exploiting this. As a simple example, what will stop them from faking the pure check and play with unpure packets? They could just replace the pure-check code, that I assume looks something like this:

if (sv_pure == 1)
- Check that the client files' names and hash codes match those on the server.
- If they match, tell the server that the client files are pure.
- If they don't, disconnect. 

with:

if (sv_pure == 1)
- Check that the client files' names and hash codes match those on the server.
- If they match, tell the server that the client files are pure.
- If they don't, tell the server that the files are pure anyway. 

Once that is done, they can, for example, make all the textures semi-transparent to create a simple and hard-to-detect wallhack. Or manipulate the code for interacting with pb, or mess with the stuff in the configstrings, or start changing the mod-code to disable cvar checking and other anticheats, etc… People who know more about the ET code could probably come up with even worse things. What exactly is stopping them from doing all this?


(kamikazee) #2

Ehr, won’t PunkBuster complain?

I don’t know the protocol by heart, but if it’s designed half-decently, it should still be able to detect that a client is bypassing or suppressing PB, or is using a tampered ET.


(murka) #3

Well, the server runs that code if im rite, so that stops them. And surely mismatched game versions don’t run well.


(Undead_fly) #4

[QUOTE=kamikazee;236035]Ehr, won’t PunkBuster complain?

I don’t know the protocol by heart, but if it’s designed half-decently, it should still be able to detect that a client is bypassing or suppressing PB, or is using a tampered ET.[/QUOTE]
Not all servers run pb, not many at all after those horrible lags started coming. And I don’t know much about how pb and the ET engine interact, but even with pb enabled, you could probably modify that code to tell pb (and the server) exactly what they want to hear, even if that isn’t true. Much like in my above example, where the client tells the server that the files are clean, even if they aren’t.

Like I said, there’s always a way to tell the server what it wants to hear. If the server compares the hash codes, just send it fake hash codes. About mismatched game versions: the cracked client still tells the server the exact same things as the normal client would, because it has total control of what it tells the server. It can just tell the server that it’s the correct version. So how can the server tell the difference? That’s the key point of this thread.


(shagileo) #5

Well, even in the worst case scenario, there are still admins who can control servers.
If they see strange behavior, they can act and ban the cheater

(there are numerous aimbots out there who still pass the PB security. It’s a real pain in the butt to play against those cheaters… the only thing you can do then is wait for / inform the admin)


(Undead_fly) #6

[QUOTE=shagileo;236048]Well, even in the worst case scenario, there are still admins who can control servers.
If they see strange behavior, they can act and ban the cheater

(there are numerous aimbots out there who still pass the PB security. It’s a real pain in the butt to play against those cheaters… the only thing you can do then is wait for / inform the admin)[/QUOTE]
Well, you still have admins as a last resort, but an “anticheat” that relies solely on active admins with good judgement doesn’t really suffice in a game like ET. One thing I’ve just thought of, is that people could probably break the standard cheat-protection of cheat cvars in the ET engine as well, obviously excluding things that require server interaction, like /noclip and /god. But there are probably still more than a hundred cvars left that provide advantages that are unfair, but too subtle to notice. Yet another challange for the serveradmins.

Yes, you can force them through built-in forecvar features in mods or with punkbuster, but with sv_pure out of the way, mods can be cracked, and punkbuster can probably be fooled as well. Besides, forcing all those cvars is also hard to do, practically, and would consume a lot of space in the configstrings.


(SCDS_reyalP) #7

You can look at the results of prior open sourcing of id games (e.g. Q3) to see the impact. Short answer, yes, it makes some kinds of cheats easier, but cheating wasn’t exactly hard to begin with.


(darthmob) #8

It’s not like there have been no cheats before. Honestly, that’s such a ridiculous worry!


(Burneddi) #9

The behaviour described in the OP has actually existed for ages - most multihacks have such options, some of which are free. We had this same discussion back in 2004 or whenever the game logic was made open source, and it (publishing the source) changed nothing.

There are tens of FREE cheats out there that are PunkBuster proof at the moment - not to mention the paid cheats. PunkBuster is extremely bad, they don’t care about ET, it lags, it doesn’t detect anything. Most public multihacks and aimbots are detected but there are quite a bunch that are not, which means that you can use them on a PB server. Mostly all private cheats (ones you have to pay for) are undetected.

This is especially a problem in the proscene (Clanbase, ESL etc) where people with “humanized aimbots” (that aim like a human, don’t “snap aim” etc) go around cheating in clanwars and are not caught because PunkBuster does not and has never detected the cheats they use. This is why we are getting a new anti cheat, specifically tailored for competitive gameplay, that will detect all these cheats and stop cheating in matches, at least for a moment, for no anticheat is impossible to bypass.


(Undead_fly) #10

So… what you’re all basicly saying, is that an open-source engine does make life easier for cheaters, and even opens new ways of doing it, but it doesn’t matter because it’s already so easy to cheat anyway. Seeing that attitude, I guess cheaters have won the war. I just hope that someone will make a client/server patch with some innovative anticheats… maybe with built-in pb features as well, like PB_SV_GetSs, which is one of the best things about pb imo. That way more people can get rid of pb and its lag. :smiley:


(Burneddi) #11

I never said that. Cheat coders have had more than enough information with the game logic and Quake 3 engine being open source - the full ET source won’t change anything. The “pure hack” you mentioned in your opening post has existed since like 2007.

As for PunkBuster, there is not a single good thing about it anymore. It was good back in 2005 maybe, but nowadays it’s not. Punkbuster has always played cat and mouse games with cheat coders, and in the past when it was a vigorous young cat catching up with the mouse constantly it was fine. However, nowadays it’s a fat, lazy and useless feline that rather runs around (lags) in your (the player’s) feet (computer) instead of killing the mice (the cheaters).
The screenshot system in it, which you praised, is not that good anymore - it does not work properly with newer drivers or operating systems resulting in black screenshots - and as if that was not enough, just about every cheat nowadays includes a Punkbuster screenshot cleaner that renders it useless - yet again the only ones suffering from this are the legit players (and of course the 10-year old kids who use 10-year old cheats, who are unfortunately a vast minority among cheaters).


(darthmob) #12

[QUOTE=Burneddi;236152]As for PunkBuster, there is not a single good thing about it anymore.[/QUOTE]It’s good to force player settings on a server. :tongue:


(AnthonyDa) #13

Isn’t SLAC the futur of anticheat for ET ? Ho wait…


(Undead_fly) #14

[QUOTE=Burneddi;236152]As for PunkBuster, there is not a single good thing about it anymore. It was good back in 2005 maybe, but nowadays it’s not. Punkbuster has always played cat and mouse games with cheat coders, and in the past when it was a vigorous young cat catching up with the mouse constantly it was fine. However, nowadays it’s a fat, lazy and useless feline that rather runs around (lags) in your (the player’s) feet (computer) instead of killing the mice (the cheaters).
The screenshot system in it, which you praised, is not that good anymore - it does not work properly with newer drivers or operating systems resulting in black screenshots - and as if that was not enough, just about every cheat nowadays includes a Punkbuster screenshot cleaner that renders it useless - yet again the only ones suffering from this are the legit players (and of course the 10-year old kids who use 10-year old cheats, who are unfortunately a vast minority among cheaters).[/QUOTE]
Even more reasons to redo it in the engine code. :smiley:

Most mods already do that much better than pb. :wink:

Maybe, but it’s still unfinished and AFAIK it only works with etpro. Although I could be wrong, does anyone have updated information about it?


(gaoesa) #15

One of the things about SLAC, if it does work as it is supposed to, it still is about competitive gaming. This is it’s biggest fault. There is and never will be good competitive gaming without public servers that are cheat free and where players build their skills and confidence to play in competitive gaming.

If anticheats don’t take public servers into account, only the few that didn’t cheat before in the competitive scene will remain with the new anticheat. No one else has the courage to start learning again. Lets face it, using cheats will ruin your true skills.

People keep saying things like SLAC is some miraculous saviour of the game. It is not. Unless it can root out the cheating from public servers.

Admins have great responsibility in keeping the servers clean. But no (responsible) admin can be 100% sure noone cheats in his server. This is the real problem. Who cares to play a game when one can not be sure there aren’t cheaters. Who cares about competitive scene when noone new is interested about it and many that still play it have multiple busts in their accounts.

I’m all about new anticheat. I just wish it would concern the hole game and not some marginal group.


(Burneddi) #16

Nothing stops you from using it on ETPro publics - and it surely will be used on ~all ETPro publics after the server addon is released.

There are no plans for mods like Gaymod, NoQuarter or ETPub though.


(gaoesa) #17

It is of course good that it can be used on public etpro servers. However, most of the players play other mods (combined together) then etpro and what I was saying, the etpro will also have less players even with a working anticheat, with all the cheating and suspected cheating in other mods.

Not to mention how many times people will just get tired of trying to fix the pb to work without knowing how and eventually giving up with the old game.

There should be a working anticheat that can be utilised on every server to give any credibility to even etpro players. What you may have not noticed from my previous post, etpro or competitive players get no respect from large scale. Only ones you personally know may have it but noone else doesn’t. This can also be seen when some decent player goes to another server he hasn’t played before. Instantly he will raise suspicion in the minds of the players that don’t know the new guy.

SLAC is at least something, but what is needed is a solution that works for all of the game, gives the joy of egoboosting back to everyone and will root out the retards that have nothing better to do.


(valkyr) #18

here’s John Carmack Re:

Q1 source release and cheating

Q2 source release and cheating