|
On October 05 2010 03:54 Chriamon wrote:Show nested quote +On October 05 2010 03:52 seaofsaturn wrote:
The thing is, I don't really care if people cheat. If I am in a game, and my build gets perfectly countered and I get wiped out, I am gonna get annoyed, punch my keyboard, then watch the replay. Then I am gonna get suspicious, watch his view, realize he is a hacker and feel a lot better. I didn't really lose that game. I am going to move onto the next game knowing that I will get better during it. I know that anyone who uses hacks won't get any better and has to create the facade of a win in order to supplement his lack of self-esteem. yea but what if it gets to the point where every other game you play a hacker. Then even legit loses you assume that they hacked, and you never improve, and you just get angry.
I'd agree with this. There are also some players who have such good game sense that they know exactly what kind of build their opponents are going for without seeing what they're doing. Look at fruitdealer vs ITR in the GSL - in one of the matches fruitdealer went infestor baneling against itr's mass marine without ever scouting the mass marine, just because he took a chance and said "people always go muta on this because it's so good, and I use mutas a ton, so he's going to prep a strat vs muta. Thus, he'll go mass marine and I'll infestor baneling." If you played a game on ladder against him and that happened, you'd watch the replay and say "man, this guy is hacking, how did he know what I was doing" when in reality he's just amazingly good.
|
I read that old thread and this one follows the same suit...
|
Another way to look at it is: It is just too expensive to either provide the manpower or the servers to make it hacker proof. If the game was server sided than you need strong servers and more and more the more people buy the game. This is a matter of money. Since maintaining a server farm like this is more and more costy and can not be covered by just the game price. And the game does not have a monthly fee like WoW.
For the guys who suggested encrypting the data = same rules apply. Blizzard would need way more manpower than there are actually working on the game right now. Just to always encrypt it. This would be very costy. So we kinda have a trade off here. You tried a hacker from time to time vs a game with monthly fees.
The problem is not what Blizzard can not do. The problem is what Blizzard can afford.
Just my 2 cents...
Edit: Sorry for bad English, too lazy to correct it...
|
Is it not possible for the server to send its data in an encrypted state which be decrypted, read, used and re-encrypted and sent back? I would guess that any real implementation of this would be extremely difficult to do though, especially on system requirements and network speeds.
It's just an unfortunate fact I guess. The only other method would be a separate program violating privacy.
|
On October 05 2010 05:11 HaSDe wrote:
Another way to look at it is: It is just too expensive to either provide the manpower or the servers to make it hacker proof. If the game was server sided than you need strong servers and more and more the more people buy the game. This is a matter of money. Since maintaining a server farm like this is more and more costy and can not be covered by just the game price. And the game does not have a monthly fee like WoW.
For the guys who suggested encrypting the data = same rules apply. Blizzard would need way more manpower than there are actually working on the game right now. Just to always encrypt it. This would be very costy. So we kinda have a trade off here. You tried a hacker from time to time vs a game with monthly fees.
The problem is not what Blizzard can not do. The problem is what Blizzard can afford.
Just my 2 cents...
Edit: Sorry for bad English, too lazy to correct it...
Manpower isn't the reason for not encrypting data, performance is. If encrypting game data was going to stop hackers, and it didn't negatively impact performance, blizzard would have done it.
|
On October 05 2010 05:24 sikyon wrote:
Is it not possible for the server to send its data in an encrypted state which be decrypted, read, used and re-encrypted and sent back? I would guess that any real implementation of this would be extremely difficult to do though, especially on system requirements and network speeds.
It's just an unfortunate fact I guess. The only other method would be a separate program violating privacy.
The problem here is that the hackers aren't intercepting the network stream. They're simply looking at the memory of the active starcraft 2 process and finding the locations where the game stores unit position information, etc.
|
imagine you could run dual protection driver in ring0/ring3 hooking about anything relating memory access and mutually protecting their integrity... oh, right 
|
On October 05 2010 04:00 FiveOh wrote:
...he would privately send this information to blizzard..
I did it, twice.. And guess what happened...
On October 05 2010 04:33 tec27 & Jakalo wrote:
this is like the 3rd or 4th iteration of this thread that he's posted....
Thanks for the correction (RWA, ...), and yeah - its right that its 3rd of 4th iteration, but so far it still graduates. Noone was thinking of this stuff in SC1, and noone was taking a care when SC2 was out... and now you got serious development out there and instead of displaying the map in the game, it will be your iPhone//notebook telling you what enemy is doing and if they spent hours on development, its gonna tell you what you should do to counter it with and where.. (html5+canvas, sounds, basic sc mechanics)
The new point is that this is gonna harm the online-tournaments and low division ladder, nothing more nothing less. As I said countless times, If you think I am cheater, fine. If you think I am attention whore, fine (i really spend hours daily of making attention on myself at these forums...), but the real truth it I am just a hacker. And I felt important to write, that the undetectable maphack is being forged, this time for real and all of you who asked got link to the sources that are on the internet.
To all coders (dimfish,...):
Obfuscation and randomization will delay the work for days, no matter what you try to do, if the game displays a number it must be deobfuscated somewhere... The only way is the "HoN" system, which is really hard (read it won't happen) to implement from this point for Blizzard.
Chill:+ Show Spoiler +On October 05 2010 01:37 Chill wrote:Show nested quote +On April 07 2007 16:33 Ashur wrote:
If you dont want to talk, leave. I dont make any threats. I just want to discuss the passion. And my passion is making hacks. I sign under this, again. Hacking is not cheating.
BigBen:+ Show Spoiler +On October 05 2010 03:24 BigBen wrote:
You are basically telling us the situation is helpless, you explain in detail for other programmers ways that they may be able to make use of your discoveries and take advantage of exploits you have discovered. You then offer to send people source code that might help in the creation of new hacks?? If you wont show the engine schema to a motor engineer, he won't be able to make a motorcycle. Ever. I shared all my sources, including the "good ones" that you could turn into "bad one" in just one hour (and oposite). PPlug knew your foe ipaddress for example, the unit numbers and counts and ids. It even knew if dropship is loaded with marines so it could display it in ObsMode properly... But it was only available if you were "observer".. I wanted to ask you a question, for who's benefit was this thread posted? The community is aware of the hacking epidemic, and many people were aware that some of the hacks that exist would be difficult for blizzard to fix, so I don't understand who this helps, other then programmers seeking a better way to improve upon there inferior hacks, or even enticing new programmers who have not yet attempted to make hacks interested by pointing out that the method you mentioned may be undetectable for a period of time? Is this something we want in TL forums? You can delete the thread. No matter what, you can't change the fact, that its on other places. If you wont say to your kids that Heroin exist in the world, if they want they find out anyways. Ignorance is not an option, but I don't want to convince you if you dont really beleive it is. Finally, I want to set you a challenge / make a request, to you and the rest of the talented and skilled programmers that are part of the SC2 community. Like chill mentioned, in the past you have been a crusader for positive community software, to me it seems like right now, that is not the path you are pursuing. Blizzard is a company, and as such, it has certain limitations, like many have mentioned, a lot of the best ways to combat hacking raise legal or ethical problems for the company. My question is this, if Blizzard put YOU in charge of finding ways to combat hacks, what would you do? Do you see any solutions, or just more problems? If you feel that Blizzard cannot combat this, do you think it would be possible to develop a launcher that could? I fail to believe there is no viable solution to this problem. Chill seems to not to know what's different between hacks and cheats. I try to help people to educate, to fight on "your" side some time in the future. I remember Master of Chaos, that didn't know a thing. I remember toc27, Taiche and all those ukraine ICC upcomming contributors. And yeah, I also remember some that turned to be evil and they started to produce cheats. That's life and I am happy that once a year there are so many new people willing to contribute in SC2 comunity development. And you fail to beleive there is no solution... better you do, coz its the way it really is. And I am not arogant, or smth like that. Take a beer and think of it. Ready to get on our side? I was on that side once, and lawyers in Blizzard were not convinced its good idea. At least other employees had different point of view, but well, you guess it right... Its easier to do on your own, its research, do this do that and tell the people how it is. You.. hate it, love it, think of it, do something about it. Thats what I really want from and for the community.
FiveOh:+ Show Spoiler +On October 05 2010 04:00 FiveOh wrote:
He actually says in the OP that he's already released the source for a working maphack. That's roughly 2 minutes away from actually being a working maphack. I did. And if you think its that easy, try it yourself. Yeah, its that easy for the badguys, that didn't really get it, they did it themselves and that source is available.
x7i:+ Show Spoiler +On October 05 2010 05:56 x7i wrote:imagine you could run dual protection driver in ring0/ring3 hooking about anything relating memory access and mutually protecting their integrity... oh, right Like starforce guys tried?  We might see the cheater driver, which.. would be pretty amazing.
|
On October 05 2010 06:23 Ashur wrote:
To all coders (dimfish,...):
Obfuscation and randomization will delay the work for days, no matter what you try to do, if the game displays a number it must be deobfuscated somewhere... The only way is the "HoN" system, which is really hard (read it won't happen) to implement from this point for Blizzard.
I'm assuming the system I talk about is the HoN system. I don't see why that would be so "hard" when you are a 999gazilion company able to afford the best programmers around.
|
Ahh another cheating thread.
1) You guys are not going to solve the Full Disclosure argument in this thread. I'd personally prefer that he didn't release any specific code and stick to talking in general about problems like he discusses here. But it is his right of free speech to post whatever code he wants to.
2) It is impossible to generate a perfect Warden. This is the Halting Problem applied to computer security. IE
BreakWarden(Warden,Starcraft,Environment) =
if Warden(Starcraft,Enviornment + BreakWarden) == 'hacked' then exit
else add_hack(Starcraft , 'hack_code')
So if Warden says that BreakWarden is a hack, it simply exits (and thus does no hacking) and Warden is wrong, However if Warden says BreakWarden is not a hack, then it hacks the starcraft code and thus Warden is wrong again.
Note that I can construct a BreakWarden for any Warden that you give me and thus Warden is either only looks for specific hacks or it crushes loads of valid applications. No perfect Warden can ever exist.
3) There are some hardware cryptographic things that you could do like using Intel's Trusted Execution Technology to protect the sensitive memory locations. But that would require that all the players have the same processor brands and a capable motherboard to support this. That's not really feasible for general internet use.
4) There is no cryptographic system that can perfectly protect the memory while the game is running. As some point, you have to take the unit_loc.x and unit_loc.y and translate that into screen coordinates for rendering or adding velocity, etc. Even if you make that window of non-protection super short, someone will come along and figure out a way to capture that memory location or register while your game is running.
I remember in EQ1 they had several map hacks out there. EQ finally decided that they needed to bite the bullet and simply do the fog of war calculation themselves and only send the relevant values to the players. Blizzard will be forced into this position for the same reasons.
So there isn't really much for them to do. They will continue to update Warden to catch the most popular cheating programs. Any hand crafted cheating will likely get around Warden. And eventually they will have to do fog of war themselves and deliver only relevant values to the clients.
Honestly that's the end of the discussion.
|
On October 05 2010 06:23 Ashur wrote:x7i: Show nested quote +On October 05 2010 05:56 x7i wrote:imagine you could run dual protection driver in ring0/ring3 hooking about anything relating memory access and mutually protecting their integrity... oh, right Like starforce guys tried? We might see the cheater driver, which.. would be pretty amazing.
you forgot that we already need to be connected, so more like vac + starforce, pretty much unbreakable with frequent updates and some polymorphic patcher - would take days to debug each iteration from scratch, and minutes to update from servers 
its a utter hack tho... vt-x messes the picture too
|
|
|
thanks for the interesting discussion Ashur, i have 2 questions.
1. what is this HoN system you refer to? you appear to say that it is an obfuscation scheme which could work in theory, but i don't see how any such scheme can work, period.
2. do you know of a paper discussing the "tell the client only what they should know" approach? does it have a standardizd name in the literature? for as far as i can see this is the only way out to safety for competitive multiplayer games (which i adore...)
thanks eh
|
Sadly Blizzard has a history of programming very hacker friendly. e.g in WoW the player coords are handled clientside. and because of this you see flying characters advertising for goldfarmers in citys, also teleporting and all that jazz.
thanks for the interessting read
|
On October 05 2010 07:29 kflynn wrote:+ Show Spoiler +thanks for the interesting discussion Ashur, i have 2 questions.
1. what is this HoN system you refer to? you appear to say that it is an obfuscation scheme which could work in theory, but i don't see how any such scheme can work, period.
2. do you know of a paper discussing the "tell the client only what they should know" approach? does it have a standardizd name in the literature? for as far as i can see this is the only way out to safety for competitive multiplayer games (which i adore...)
thanks eh
#2 answers #1 :p In HoN the client does not have information about the units under the FoW
|
Thanks for the read, sucks Blizz really can't do anything about the hacks at this point.
|
On October 05 2010 01:21 dimfish wrote:I never worked anti-hack or security but just starting to think about it makes me want to take up this (futile, according to Ashur) mantle. + Show Spoiler +I think you're on to something here, but randomly spreading the data around, by maybe randomizing the order of allocating structs or something, would only be half the battle. Ashur is saying they want to knwo the number of workers, so there is still a word somewhere in RAM that says "0x00000010" and hackers will find it by knowing what the data should be and hunting for it. They'll train one probe at a time and monitoring memory to see what word increments, or something like this. So you can't just hide the data by moving it around.
How about spreading the data around and obfuscating it in RAM? Ashur, I'd like to know whether this sounds hard to crack to you. So you've got some obs data like mineral income, let's say the true word is 0xaabbccdd. How many of these critical words are there? Maybe a few hundred (units/buildings/positions/upgrades all secret player state)? Let's store them inefficiently to hide them, and only reconstruct them in registers. No outside process can peek at register values or even if they could, know what they're looking at, could they? I never looked at a hack in my life but I believe this has to be true. That's just how computers work, you context switch everything out when a new program, like a hack, gets the CPU.
So we take 0xaabbccdd and split it up somehow, say into 4 four words with bit shift--I know we can come up with something sneakier, but its a example:
0x000aa0
0x000bb0
0x000cc0
0x000dd0
Now do what Klumaster said and put those 4 words somewhere different in memory every time game loads, just so they are hard to correlate as one value. Then, NEVER store the true value 0xaabbccdd in RAM, never in a packet, nothing.
Load the split values into registers, bit shift, then OR together, BAM hackers never see the mineral income.
Another problem: hackers will load game and probe it like black box to undo what you did: fine, generate pseudo random "effects" from every game action that make dummy values tick and tack all over. Make it so painful to find that they won't. I mean, would you mind wasting a megabyte of memory if it made good noise for hiding important values?
What do you think, Ashur, or have you already busted through something 10x beefier?
If you're going to pick up the mantle, you should go and research the topic.
Two main things as a response to many of the posts in this thread:
1) I think many of you underestimate the a) talent, and b) wherewithal of the people who dedicate themselves to this activity. Sure, the vast preponderance of them are wanna-bes, just like anything, but there are quite a few very talented and dedicated people who are just as smart and motivated as the people who are trying to make it impossible for them to do this. Assume that you are smarter than they at your own peril.
2) Anything you can encode into the program itself, is worthless. All these algorithms and reconstructions are pointless, because the hacker has access to it. Don't assume because they don't have the original source that they can't/won't figure it out, it's really not that hard to do if you are dedicated and have some experience.
The only reliable way we know to protect data sent between a secure source (Blizzard's servers) and a non-secure one (your pc), is via some sort of public/private key algorithm. There's a reason your bank doesn't use any of these "xor the 5th bit of the 3rd word of my name with your account number to get some impossible to guess password!!" -- it's because it will be cracked in less than a week no matter how clever for reason (2) above. I actually have no idea how much bnet is involved after the game is started (maybe goes p2p after setup?), so this might not even be a possibility since neither side is secure. In any event, it would almost certainly impact performance in a non-negligible way which is obviously not desirable.
If you want an interesting story of a company who tried to go up against the hackers, implemented a fairly secure key-exchange mechanism, and pretty much finally just gave up - go read about "showeq" (everquest hack to do a very similar thing), Verant/Sony's continued responses, and just how fast after each iteration it was cracked. It will give you a good insight as to exactly how much of the two qualities I outlined in (1) above these people really do have.
Blizzard has chosen a different approach (Warden - process snooping), and perhaps they are wise to do so - even though it pisses me off to end from a privacy point-of-view. Warden does have its weaknesses, as does anything, but it's probably good enough to get the majority, and rest just might be inevitable from a technical point-of-view because of both (1) and (2).+ Show Spoiler +
|
as has been said previously, encryption does not address the problem.
the cheats work by directly reading SC2s memory, and can not be caught by either warden (b/c they don't modify SC2 at all, and can hide themselves) or network analysis (no modifications, they just provide additional data to the cheater's eyeballs from outside SC2).
memory obfuscation turns the problem into an arms race. B catches a round of cheaters, the next round of cheats would adapt, B would adapt, repeat. pain in the ass for B but at least cheaters would feel some terror as they would never know when B will adapt.
not sending info to the client which they should not have is a seemingly perfect solution except it has been alleged to scale poorly. i hope some more info about this approach comes out in this thread.
|
It's pretty rifdiculous, I could set this up on my comp pretty fast and instantly start doing a lot better on ladder etc.
Maphack and general online play should be disallowed in any major tournament or has Qualifications for said tournaments. Especially because a lot of top players in SC1/sc2 have history of cheating.
I know 99% sure people did use stream information to cheat in Go4/etc tournaments. It's only a matter of time before they switch to maphacks off a second monitor.
It won't help in 40k tournaments but it will help you get invited. Blizzcon is entirely based off ladder position, and just being #1 will get you a lot of invites.
Honestly cheating will only get worse in SC2 and really serious ways to stop said cheating need to happen.
Even "Multi-lans" for larger online tournaments need to happen. AKA lan locations in 3-4 states that you have to show up to to play in the tournament. It's really the only solution, have players in a lan environment with other players watching.
Any online tournaments should not be considered "pure" or "true". Fuck being naive, people will cheat and have cheated, lan should be the only results counted in TLPD etc.
|
I really don't mean to be a jerk but part of the reason they might not take you seriously is if you're not messaging them with your native language. You should write out what you want to say and have someone else edit it so you know they have no reason to ignore what you're telling them. I only say this because it's clear that you are good at typing in english but not perfect for punctuation, grammar and spelling. If you need help with any of this just pm me or anyone else who wants to help you. Honestly I don't mean offense by this I just mean to help.
|
|
|
|
|
|
EPT
