|
On October 05 2010 02:23 erulabs wrote:
The "memory walk" issue has been a known security problem with basically all high-profile applications ever written. There are even entire languages (specifically the financially-focused language "R") that have been designed around obfusification of memory addresses. Windows itself keeps things like password field buffers split into hundreds of different addresses, and even this is not fool proof. I assume even basic obfusication would massivly hurt the performance of SC2... But there has to be a clever way of at least -partially- obscuring the registers for any particular bit of allocated memory that SC2 takes... I'd guess something as simple as using a hardware address, and IRQ or (I'm not a Windows buff so I don't know the reality of this) entropy.
Again though... adding a single operation to every memory lookup would probably cripple the performance of SC2.
Just to help with those who do not understand: what he is saying is that there are programs being developed that "scan" the current "state" of SC2 and can report what they find. There is literally no way for SC2 itsself to know this is happening, short of looking for other processes that might be checking on its registeres (which is computationally problematic, not to mention bad programming practice, as well as cpu intense). The only logical solution is to have SC2 "hide" its allocations or to encrypt its memory. The former is more realistic than the latter due to it being simplier and therefore easier to do 5 million times a second.
All I can say as a positive note is that these players will never win tournaments... Otherwise, the only realistic solution from _our_ perspective is a "blacklist" application that simply checks for running applications with a memory footprint that looks like a known "scanner" cheat. Simply put, we really need to start making an index of every single "scanner". It would at very least keep 99% of the script-kiddies from cheating, although it wouldn't stop anyone smart enough to flip a few bits in their "scanner".
Food for thought I guess. Good thing there is more to SC than responding to a build or unit placement. It also requires micro and macro, which no cheat can help you with.
Great post here, though I have no ability to verify the correctness with my limited understanding of what goes into one of these programs.
You could draw a comparison to anti-viruses, though. A lot of viruses need to be specifically cataloged by the software to be dealt with, and sometimes, it's impossible to preemptively defend against a specific virus, a la security holes.
There's always going to be hackers (look at WoW! ahaha) so there's nothing we can really do about that. Hopefully as many as possible get banned.
|
Lets hope activision-blizzard doesn't handle this the same way activision-infinityward handled hacks in modern warfare 2 (they didn't to a thing).
After seeing how non-attentive and slow they are to react to players issues about balance, then after 2 months only banning 5000 players from the several million, it just worries me about the hacks. Hopefully they wont become rampant like they've been in other blizzard games before blizz does anything.
The one ray of hope i do have though is that with starcraft 2 tied to peoples battle.net accounts, theres a portion of players, myself included, who wouldn't risk doing anything "blizzard-illegal" because i'd risk loosing all my games tied to my bnet account, which would really suck.
|
On October 05 2010 01:50 Klumaster wrote:
The problem is that if only the server knows where all units are and what they're doing, it's also the server's job to handle damage... basically you end up running the whole game in Blizzard's data centre and the players' machines become clients. After that, I'm not sure if you'd have to do more work (the way you do in FPS games) to make the client side seem responsive enough, but what's more important is that Blizzard probably already has some fairly heavy machinery running just to pipe command streams from player to player for the millions of games that are going on. If they suddenly have to host each one? I doubt that's something they could handle, let alone something they could handle without having us pay them a big pile of money.
Not only that, but it would also require a massive reprogramming of the game. Even then there's no guarantee that someone wouldn't still be able to exploit the system. While I'm sure there would be some way to deal with this issue, remember that Blizzard is a business, I find it unlikely that they would spend potentially many thousands of dollars in development of a fix for an issue that most common players will likely remain oblivious to.
Unless they begin getting horribly bad press over the issue I find it highly unlikely that Blizzard will do anything about this, and even if they do likely it wouldn't be until HoTS.
The ultimate fix would be to allow third parties like iCCup to operate SC2 servers that could be meticulously modded, however we all know that is not going to happen in the foreseeable future.
On October 05 2010 01:37 Chill wrote:Okay. Well, Ashur used to make sick tools for BW. I can't list or even remember them all, but I think he programmed the original Replay With Audio system (way before VODs). Oh wait that was tec27, but I think he helped improve it. He also made Penguin Plug, which was before Chaos Launcher as a launcher that let you plugin useful tools. He also developed FPReplays, which let you watch replays in first person, kind of like an alpha version of the current SC2 system. All his stuff was so sick. http://www.teamliquid.net/forum/viewmessage.php?topic_id=35962Then somewhere down the road I guess he just switched over to developing and releasing maphacks. I never understood what happened to cause the change... http://www.teamliquid.net/forum/viewmessage.php?topic_id=51691
I think there is a Batman/Ra's al Ghul analogy somewhere in here...
I get why someone would want to make a hack, it's an interesting and complex challenge that some people simply cannot refuse. It's like asking why people climb Everest, because it's there. And in all fairness, one should acknowledge the complex nature of his achievement. Unfortunately its rather akin to the development of the atomic weapon. I also get the distinct feeling that he did not post this here for our benefit but rather to fuel his own ego. After all, what good is climbing Everest if you can't tell people that you climbed Everest...
|
On October 05 2010 02:23 erulabs wrote:
The "memory walk" issue has been a known security problem with basically all high-profile applications ever written. There are even entire languages (specifically the financially-focused language "R") that have been designed around obfusification of memory addresses. Windows itself keeps things like password field buffers split into hundreds of different addresses, and even this is not fool proof. I assume even basic obfusication would massivly hurt the performance of SC2... But there has to be a clever way of at least -partially- obscuring the registers for any particular bit of allocated memory that SC2 takes... I'd guess something as simple as using a hardware address, and IRQ or (I'm not a Windows buff so I don't know the reality of this) entropy.
Again though... adding a single operation to every memory lookup would probably cripple the performance of SC2.
Just to help with those who do not understand: what he is saying is that there are programs being developed that "scan" the current "state" of SC2 and can report what they find. There is literally no way for SC2 itsself to know this is happening, short of looking for other processes that might be checking on its registeres (which is computationally problematic, not to mention bad programming practice, as well as cpu intense). The only logical solution is to have SC2 "hide" its allocations or to encrypt its memory. The former is more realistic than the latter due to it being simplier and therefore easier to do 5 million times a second.
All I can say as a positive note is that these players will never win tournaments... Otherwise, the only realistic solution from _our_ perspective is a "blacklist" application that simply checks for running applications with a memory footprint that looks like a known "scanner" cheat. Simply put, we really need to start making an index of every single "scanner". It would at very least keep 99% of the script-kiddies from cheating, although it wouldn't stop anyone smart enough to flip a few bits in their "scanner".
Food for thought I guess. Good thing there is more to SC than responding to a build or unit placement. It also requires micro and macro, which no cheat can help you with.
Not sure why a simplified random address space layout couldn't be emulated directly by SC2.
That said given that Vista and OSX have native libraries that will do ASLR surely Blizzard has some of these options enabled in SC2...
Are we really saying that SC2 has a totally static memory layout? If so that is totally insane and a complete failure on Blizzards part.
|
There are those who were once good, now corrupted. Lured by the increased size of an e-peen, they have fallen to the dark side. They now have given up all hope and drink whiskey doubles while bragging about their mad hacker skills.
|
Maybe this is far fetched, but having a separate encryption algorithm for each SC2 account would make cheating very tricky... that way one hack won't work for everyone. And having a random generator like the Authenticator to generate a new encryption algorithm each time you log in/start a game would be very cool.
I'm not a hacker, in fact I don't know much of what I'm talking about, but it all makes since in my head, so hopefully someone else will understand.
|
Thats really unfortunate news
|
This makes me very sad. What you're saying is that SC2 is inherently and irrevocably vulnerable to hacks? 
|
Bear with me this may be a long first post, but Chill is right, I don't understand how this is a productive dialogue.
You are basically telling us the situation is helpless, you explain in detail for other programmers ways that they may be able to make use of your discoveries and take advantage of exploits you have discovered. You then offer to send people source code that might help in the creation of new hacks??
I wanted to ask you a question, for who's benefit was this thread posted? The community is aware of the hacking epidemic, and many people were aware that some of the hacks that exist would be difficult for blizzard to fix, so I don't understand who this helps, other then programmers seeking a better way to improve upon there inferior hacks, or even enticing new programmers who have not yet attempted to make hacks interested by pointing out that the method you mentioned may be undetectable for a period of time? Is this something we want in TL forums?
Finally, I want to set you a challenge / make a request, to you and the rest of the talented and skilled programmers that are part of the SC2 community. Like chill mentioned, in the past you have been a crusader for positive community software, to me it seems like right now, that is not the path you are pursuing. Blizzard is a company, and as such, it has certain limitations, like many have mentioned, a lot of the best ways to combat hacking raise legal or ethical problems for the company. My question is this, if Blizzard put YOU in charge of finding ways to combat hacks, what would you do? Do you see any solutions, or just more problems? If you feel that Blizzard cannot combat this, do you think it would be possible to develop a launcher that could? I fail to believe there is no viable solution to this problem.
There are far to many competent programmers seeking to create hacks, and in some cases even profit from them, and far to few who are on the other side of the equation. In a perfect world Blizzard would handle this for us, but it is very obvious that they cant. So it seems to me like what we need most is for some of the MANY talented individuals such as yourself to rally on the side of the SC2 community. To rally on the side eSports and the competitive community to help foster and protect this thing we all love before the hackers can pollute and damage it irreversibly.
Ready to get on our side?
|
On October 05 2010 03:12 SilverPotato wrote:
Maybe this is far fetched, but having a separate encryption algorithm for each SC2 account would make cheating very tricky... that way one hack won't work for everyone. And having a random generator like the Authenticator to generate a new encryption algorithm each time you log in/start a game would be very cool.
What do you mean a seperate encryption algorithm? Really a new algorithm?
Or just the same algorithm with different values?
When it's only different values they hackers "only" need to look up said value (which must be stored locally so SC2 can decrypt the stuff). Having a new algorithm seems not possible.
Can you "win" vs hackers? No.
Can you make it hard for hackers? Yeah, sure.
There exists a nice article about the cracking of games (not hacking) - but I think some rules can be applied as well.
One important part is:
Thus we wanted to make the job of cracking YOTD time-consuming and tedious. If we could just keep the crackers busy at finding the protection, that's time taken away from them working out how to remove it. Again, we were trying to reduce the pool of people available who could crack the game. Not every cracker would have enough time available to make the crack; it probably isn't anyone's day job. On this note, it's worth pointing out that for most crackers this is a hobby. If they get bored, they may well give up. We tried to make the crackers have to wade through plenty of chaff before finding the protection.
Will some hackers be encouraged to hack the difficult system? Yes - but what if you change everything on a monthly basis?
Will most hackers really be "Ok here I go again" or not just "I have proven in an earlier build that I can hack it - no need to invest so much time again"?
Make hacking boring & tedious.
I honestly dont know though if obfuscating would help against the measure Ashur mentioned. Probably yes, because he mentioned memory lookups?
Edit:
Before I forget it: Thanks for your post Ashur. I always like reading about that kind of stuff 
|
Well if he lets us pick his brain about how to make hacks, maybe we can suggest some new ways to stop them, or maybe make it so painful to unravel they find some other game to pick on.
|
It's the same with wallhacks in games like Counterstrike. I think that this issue is pretty easily fixed (if you look at the scale of programmers Blizzard has available) by only sending the information to the correct client, that the client would be able to recieve. I can not at all imagine this to be impossible or even hard. The only problem it would pose is that the replay is not clientsidedly recorded and the solution to that would be to have the server send out the full replay at the end (which is no f-ing problem since replays are only <200KB..) It would probably increase the serverside load but I can't imagine it being worse than having a game that sends all the info of the current state of the game (which just seems immensely naive to me).
Can someone enlighten me as to why Blizzard decided to make it so easy?
I have such faith in this being so "easy" to fix because even in an old game like counterstrike, the data as to where opponents are and what they are doing is limited to a certain distance (or something like that) which is not even necessary to program in an RTS.
|
On October 05 2010 03:24 BigBen wrote:
You then offer to send people source code that might help in the creation of new hacks??
I think you're a bit harsh on him.
Said source code needs to be available so people might figure out ways to prevent said stuff.
Maybe one smart/talented person reads this - gets the sourcecode from Ashur and then finds a way to detect / prevent people using those kind of hacks.
Would you rather have that person try to find out _how_ those hacks work (aka make write his own hack first) and then modify it that it cannot be used again?
|
United States12235 Posts
On October 05 2010 01:37 Chill wrote:Show nested quote +On October 05 2010 00:24 RebirthOfLeGenD wrote:On October 04 2010 23:36 Chill wrote:
Wait, why are you allowed to post here still?
I've always thought it was a sad story that you went from coding tools the entire SC community used to coding SC hacks. Can you post more on this? From the sounds of it he accidentally make a program for BW that could be interpreted as a hack so he didn't release it, and for SC2 he tried making an undetectable hack (possibly to prove a point to blizzard?) Okay. Well, Ashur used to make sick tools for BW. I can't list or even remember them all, but I think he programmed the original Replay With Audio system (way before VODs). Oh wait that was tec27, but I think he helped improve it. He also made Penguin Plug, which was before Chaos Launcher as a launcher that let you plugin useful tools. He also developed FPReplays, which let you watch replays in first person, kind of like an alpha version of the current SC2 system. All his stuff was so sick. http://www.teamliquid.net/forum/viewmessage.php?topic_id=35962Then somewhere down the road I guess he just switched over to developing and releasing maphacks. I never understood what happened to cause the change... http://www.teamliquid.net/forum/viewmessage.php?topic_id=51691Show nested quote +On April 07 2007 16:33 Ashur wrote:On April 07 2007 16:31 Cloud wrote:On April 07 2007 16:26 Ashur wrote:On April 07 2007 16:23 Cloud wrote:
Then you made this hack for what, precisely? To make an antihack you need to know//make a hack first. I made many cheats in my life, only few was released to the private groups. ??? Then whats the point of this thread? Threaten people with releasing a hack that wont do shit (only to your reputation) unless they spew out their feelings for this game to you? What the hell is the point of that other than crying for attention? If you dont want to talk, leave. I dont make any threats. I just want to discuss the passion. And my passion is making hacks.
Hacking and anti-hacking are two sides of the same coin, so I don't fault Ashur for the maphacks he's made (and as far as I know he's never distributed a working, unpatched one). Technically speaking, and he's not a native English speaker so his words may be misinterpreted, everything he's made is a hack. BWTV/OP3 was a hack, PenguinPlug which he helped on was a hack, every single project.
To know how to beat a hack you have to study how the hack works, which is what Ashur's entire project is based on. Sometimes that involves creating your own hacks that emulate the same effect. It would be one thing if there were malicious intent behind developing the hacks, but I don't think there are, given his history. If he says that emulating the game client is a way to make a hack undetectable by Warden's current methods, I'm inclined to believe him, and it's something we should be aware of. Any shortcomings in Blizzard's system need to be compensated for by watchful end-users, so it's better that we know about them than continue to live in blissful ignorance.
|
The thing is, I don't really care if people cheat. If I am in a game, and my build gets perfectly countered and I get wiped out, I am gonna get annoyed, punch my keyboard, then watch the replay. Then I am gonna get suspicious, watch his view, realize he is a hacker and feel a lot better. I didn't really lose that game. I am going to move onto the next game knowing that I will get better during it. I know that anyone who uses hacks won't get any better and has to create the facade of a win in order to supplement his lack of self-esteem.
|
On October 05 2010 03:52 seaofsaturn wrote:
The thing is, I don't really care if people cheat. If I am in a game, and my build gets perfectly countered and I get wiped out, I am gonna get annoyed, punch my keyboard, then watch the replay. Then I am gonna get suspicious, watch his view, realize he is a hacker and feel a lot better. I didn't really lose that game. I am going to move onto the next game knowing that I will get better during it. I know that anyone who uses hacks won't get any better and has to create the facade of a win in order to supplement his lack of self-esteem.
yea but what if it gets to the point where every other game you play a hacker. Then even legit loses you assume that they hacked, and you never improve, and you just get angry.
|
Hacking and anti-hacking are two sides of the same coin, so I don't fault Ashur for the maphacks he's made (and as far as I know he's never distributed a working, unpatched one). Technically speaking, and he's not a native English speaker so his words may be misinterpreted, everything he's made is a hack. BWTV/OP3 was a hack, PenguinPlug which he helped on was a hack, every single project.
To know how to beat a hack you have to study how the hack works, which is what Ashur's entire project is based on. Sometimes that involves creating your own hacks that emulate the same effect. It would be one thing if there were malicious intent behind developing the hacks, but I don't think there are, given his history. If he says that emulating the game client is a way to make a hack undetectable by Warden's current methods, I'm inclined to believe him, and it's something we should be aware of. Any shortcomings in Blizzard's system need to be compensated for by watchful end-users, so it's better that we know about them than continue to live in blissful ignorance.
The thing is, he gives absolutely no indication that this is actually his aim. In fact in later posts he basically says "give up, you can't beat my haxx." If he wanted to be helpful in anti-hacking, he would privately send this information to blizzard, who are the only people in a position to do anything about it until private servers become allowed (many, many years from now...)
The entire gist of his post is that anti-hack efforts are pointless, with a strong undertone of "look how l33t I am." (want to see my epic e-peen? PM for pics!)
(and as far as I know he's never distributed a working, unpatched one)
He actually says in the OP that he's already released the source for a working maphack. That's roughly 2 minutes away from actually being a working maphack.
|
this really cuts the competitive spirit off right at the knees and is going to put a huge damper on tournaments where players are not in a controlled environment (ie virtually all of them). there will be cheaters with tremendous advantage, and an infinite number of false accusations. if blizzard was going to try and fight this technically with an obfuscation arms race they most certainly would have done it already.
|
The funny thing is many of the people we watch on the streams playing tournies are probably using maphack by now. The mh's of today have camera spoofing which allows them to hover their camera over your base without you ever finding out through a replay. The minimap in itself is also a huge, huge advantage. Maybe it would be possible to invent a replay analyzer similar to bwhf or bwchart if there are any "anomalies" in spoofed replays.
Looking back at bw history, players like Testie, Haypro, Trek, TT1, lastshadow, Ares, Tittybang and many, many other players percieved to be really good were in fact using maphack.
Happening right now imo.
|
On October 05 2010 01:37 Chill wrote:Show nested quote +On October 05 2010 00:24 RebirthOfLeGenD wrote:On October 04 2010 23:36 Chill wrote:
Wait, why are you allowed to post here still?
I've always thought it was a sad story that you went from coding tools the entire SC community used to coding SC hacks. Can you post more on this? From the sounds of it he accidentally make a program for BW that could be interpreted as a hack so he didn't release it, and for SC2 he tried making an undetectable hack (possibly to prove a point to blizzard?) Okay. Well, Ashur used to make sick tools for BW. I can't list or even remember them all, but I think he programmed the original Replay With Audio system (way before VODs). Oh wait that was tec27, but I think he helped improve it. He also made Penguin Plug, which was before Chaos Launcher as a launcher that let you plugin useful tools. He also developed FPReplays, which let you watch replays in first person, kind of like an alpha version of the current SC2 system. All his stuff was so sick. http://www.teamliquid.net/forum/viewmessage.php?topic_id=35962Then somewhere down the road I guess he just switched over to developing and releasing maphacks. I never understood what happened to cause the change... http://www.teamliquid.net/forum/viewmessage.php?topic_id=51691Show nested quote +On April 07 2007 16:33 Ashur wrote:On April 07 2007 16:31 Cloud wrote:On April 07 2007 16:26 Ashur wrote:On April 07 2007 16:23 Cloud wrote:
Then you made this hack for what, precisely? To make an antihack you need to know//make a hack first. I made many cheats in my life, only few was released to the private groups. ??? Then whats the point of this thread? Threaten people with releasing a hack that wont do shit (only to your reputation) unless they spew out their feelings for this game to you? What the hell is the point of that other than crying for attention? If you dont want to talk, leave. I dont make any threats. I just want to discuss the passion. And my passion is making hacks.
Slight correction, I didn't make the original Replays With Audio stuff, that was JCA. Ashur also didn't make the original PenguinPlug, that was superpenguin (although Ashur took it over and added a bunch of stuff to it when superpenguin stopped working on it).
Ashur has made some pretty impressive stuff, and I think his hacks are impressive as well. However, this is like the 3rd or 4th iteration of this thread that he's posted, and I simply don't understand why he feels the need to keep posting it. Anyone who has spent any substantial amount of time working on hacks/plugins for SC2 or BW understands that it is very possible and easy to make undetectable hacks. Unfortunately, RTS games that make scouting vitally important will always be vulnerable to such hacks (unless someone comes up with some solution that doesn't involve storing all info with all players all the time). FPS games are often not vulnerable in the same way, simply because A) it is easier to keep most information on the server and not with the client and B) knowing such info is often not very useful.
There is no software solution that will work to deter these hacks for any lengthy period of time as long as all the unit info is given to all players all the time. And it is highly unlikely that Blizzard will ever change that factor for SC2, it is simply not feasible with current server/bandwidth costs and the sheer amount of servers they would need. All we can really do is try to root out hackers for their telltale hacking signs, hope that no one hacks in the lower money tournaments, and enforce some sort of manual checks by a 3rd party both before and during the games in big money tournaments (or keep the big money tournaments relegated to live events).
|
|
|
|
|
|
EPT
