|
As far as i know the main MapHack Problem is that the stuff is known by the client, which it "should not" know at all.
Hacking your own Computer isnt really difficult at all, and fighting against this is a uphill fight as its the "hackers" theretory.
However, especially the new Dota games switch to make as much Server sided as possible, as hacking a server is by far more "illegal" and gets you in a world of trouble thats not worth doing it (however might still depend on your country not sure).
But Blizzard just "couldnt" do it that way as that means a lot of traffic on the server, but the worst is they also don't provide some LAN or anything that might give an option for a work around by the community, the player is forced to play with Battlenet , while i know of some "illegal" self made battlenet servers, but currently super unstable.
Still i am sure the community has a lot of talented "white hats" (the good hackers) that help to improve and find problematic holes that "can" be fixed.
Blizzard is really not as superior as some might think, while the game is really awesome, the "support" beside the game is really not good at all.
|
|
|
I don't think some of you understand where Ashur is coming from.
Back in the old days, when we were writing PenguinPlug, we had support from Blizzard to do it, even up to help they provided with porting it to new patches. Then Blizz was consumed by Activision and some lawyers decided that having any third-party addons to the game is a bad idea. From that point on, the support was cut off (the key moment was, I think, one where Blizz said they'd do their own league frontend instead of endorsing BWLauncher and BWLauncher was removed from the Warden whitelist).
So, some of you saying "come join the good side, fight the hacks" don't understand that there's simply no way for any of us to do such a thing. The only thing we can do is tell Blizzard stuff and then be promptly ignored. Ashur's trying the proof-of-concept thing in order to actually convince Blizzard that cheating is a real issue and not one that is easily taken care of in the current game model.
As for what could work - certainly a server-side model with the game hosted on the server would help, but that would be probably too costly. The on-demand map data transfer would probably require a rewrite of large portions of the game code, but would be more viable - however, it would completely ruin replays as such.
I do believe, however, that the situation is not completely hopless. Currently, Warden already acts as a sort of trojan, scanning the OS for various processes, thus, it can scan for 'external hacks' as well. In fact, most antihack systems (such as PunkBuster) do that. Public banning sessions could simply put the risk of hacking so high that most players would not risk their $40 for the doubtful benefit.
|
Oh, and the view some of you here have of our channels of communication with Blizzard are pretty flawed. When Ashur says he "told Blizzard", he doesn't mean he wrote an e-mail to hacks@blizzard.com or a message on the public forums. It means he actually contacted a relevant Blizzard employee who gave him the information.
|
conceptually though even with warden you can make one undetectable. I don't think there really is any solution besides going server side, if just for "tournament" matches.
|
On October 05 2010 10:32 dacthehork wrote:
conceptually though even with warden you can make one undetectable. I don't think there really is any solution besides going server side, if just for "tournament" matches.
You can, but unless you run every single one of your BW sessions with a debugger on first, you cannot really know if you were detected until you're effectively banned.
It's really a question of cost vs. effect. A working Warden with widespread bannings can deter cheating to the point of non-existence.
It would really help if Blizzard actually made a team of people such as Ashur to proactively search for potential exploits (which I think Ashur is trying to provoke by making threads such as this).
|
I have an interesting question on topic.
If Blizzard were to make a gamegaurd that ran before the game launched could it stay active and sniff out the potential invisible hacks? I know they would have to change their ToS and everything allowing them to sniff your PC for 3rd party programs but would it even work and would there be work arounds?
What are Blizzards options?
|
Honestly, this is kind of depressing, but it's a truth people should have known in their guts.
I, for one, think they should hire the hackers, similar to how the US government plucks them (and antivirus companies). It'll help clean up their game.
|
On October 05 2010 10:51 ZerOsAndOnEs wrote:
I have an interesting question on topic.
If Blizzard were to make a gamegaurd that ran before the game launched could it stay active and sniff out the potential invisible hacks? I know they would have to change their ToS and everything allowing them to sniff your PC for 3rd party programs but would it even work and would there be work arounds?
Basically, that's what Warden already does.
They would only have to change their ToS if they didn't already contain such a section :>
Look over here: http://www.teamliquid.net/forum/viewmessage.php?topic_id=139149
Yes, there still would be workarounds. Basically, Warden can only detect hacks that work in a known way or that it knows about. You can still make a new hack that will not be detected - however, as I noted in the posts above, you would never be certain that at some point it would not get detected and you wouldn't get banned.
|
I don't really understand all that but I will say that I played wow for years with warden and it is the only computer game i've ever seen w/o hacks. I know there are bots and things of that nature but I never saw anyone rain down chaos like the do in fps. I just hope that carries over to sc2....
|
On October 05 2010 11:52 UnRyValD wrote:
I don't really understand all that but I will say that I played wow for years with warden and it is the only computer game i've ever seen w/o hacks. I know there are bots and things of that nature but I never saw anyone rain down chaos like the do in fps. I just hope that carries over to sc2....
Seems strange, as WoW has "tons" of hacks, just not the way to gain infinited money or something like that, as "bots" use tons of hacks allready, like reading the data of players not visible on the screen and all that kind of stuff.
Its just that a bunch of important values is actual server sided, while for starcraft, nearly "nothing" is server sided at all.
I mean this "GameGuard" stuff is fine, but it will just stop the most basic ways hacking, as anything else will bypass GameGuard anyway and simply ignore it from that on (lots of Proxy Servers etc.).
So what ever you do, anything is at least "something" , if a developer simply ignores hackers, the game is flooded with bots and will just die out, but at the same time, if you "as a player" just ignore hackers, the developer feels less "need" to actual fix problems at all.
As long as you find problems and report them, they can be fixed, some are even "good" for the game as they give you some cool features that even find their way in the next generation of the game, like tons of the replay functions were "hacked" into SC1 allready, and even the "hotkey change" is something everyone is waiting to get from Blizzard, but only the Community was able to really provide it, even the ingame "time" was hacked before, and now everyone has it.
Not everything is evil, theirs a good amount of white hats around that do good for the community, but also black hats that have a bad influence on the community ...
|
A really depressing, yet interesting read.
As a "new" starcraft 2 player but long time WoW player, im saddened to read that potential hacking is so hard to fight. Though, I do have hope that a system like Warden would at least discourage the majority of "could-be-hackers" cause of the fear of banning.
Years back, I used a fishing bot for WoW, which got my account banned a few weeks after (along with thousand of other accounts) duo to Warden. This discouraged me from fooling around on my new account (fear of detection), hence I learned my lesson the hard way.
|
On October 05 2010 16:02 awha wrote:
A really depressing, yet interesting read.
As a "new" starcraft 2 player but long time WoW player, im saddened to read that potential hacking is so hard to fight. Though, I do have hope that a system like Warden would at least discourage the majority of "could-be-hackers" cause of the fear of banning.
Years back, I used a fishing bot for WoW, which got my account banned a few weeks after (along with thousand of other accounts) duo to Warden. This discouraged me from fooling around on my new account (fear of detection), hence I learned my lesson the hard way.
I wrote an fishbot, There are sources for gathering bot that could even fight aggroed monsters, and guess.. both of those reads memory only and presses your keyboard buttons for you. In case of fishbot, it doesn't read memory, it just reads the screen output. Warden detection? None..
Think, first of you can rename the process to firefox.exe, change its size by modifying resources. Change the resources themselves. So the question is for Warden is, is this a browser or a cheat? And what if the cheat is actually a plugin for firefox.exe, it does not need to be a process at all. If you want to hide such a thing, you simply hide it.
On October 05 2010 11:52 UnRyValD wrote:
I don't really understand all that but I will say that I played wow for years with warden and it is the only computer game i've ever seen w/o hacks. I know there are bots and things of that nature but I never saw anyone rain down chaos like the do in fps. I just hope that carries over to sc2....
I hope the same.
On October 05 2010 09:46 ddrt wrote:
I really don't mean to be a jerk but...
I woudn't use a "jerk" in british english :D Nobody is perfect and sorry if my english is not with absolutely correct grammar, I still hope that you get the point and that it was at least "readable".
On October 05 2010 10:23 Ilintar wrote:
I do believe, however, that the situation is not completely hopless. Currently, Warden already acts as a sort of trojan, scanning the OS for various processes, thus, it can scan for 'external hacks' as well. In fact, most antihack systems (such as PunkBuster) do that. Public banning sessions could simply put the risk of hacking so high that most players would not risk their $40 for the doubtful benefit.
For various processes. Come on.. Look at WoW. WoW is sort of gather-botted. The server doesn't care about x-y-z coords, so you can just change map and walk anywhere (= you can walk underground, noone can kill you). There are so many computers, and so many processes. What way you want to search for them? Process name? That's definitly not enough. Imagine you are Blizzard employee, you cannot ban the person if you are not sure that he/she cheats. And in all those bots readmes is a suggestion to rename the process to blahblahblah.exe. And I know you can still code, so you probably know you can search for the (openprocess) handle in every process (like processexplorer can), but thats also not 100% solution. There are so many programs that simply injects their code/threads into every process. For example Antiviruses open StarCraft in certian cases, some other process might be parent process and so on.
So yeah, you put your game account to a risk. I had 2 WoW accounts, so I tried a little experiment on one what does warden detect on that alt account. Almost 3 months of automatical herb gathering/ fishing (and finished school lesson for computer vision at school) and i still have 2 accounts with plenty of gold. Note the bot for the herbgatherwing wasn't mine, it was public on the net and it _CHANGED_ the WoW memory at one location. So yea, the theory of fear works.. but.. till people find out, that nothing really happens in case you cross the line.
You know, for sure they will scan for the upcomming process "new_external_mh.exe" that will be most popular. But, did you read that thread? Did you see that there is gonna be like four to five of those? That you will have a module/thread somewhere on your pc and that will send the UDP/json files somewhere and that you will see minimap on the iPhone? :D
|
Sheesh some people need to relax a bit. OP is not evil... >_>
FYI Anti-virus companies reverse engineer viruses to see how they work so that they detect and remove them.
If the OP was planning on using an undetectable maphack for his own benefit why on earth would he announce it here?
Its because of ppl like him that Blizzard finds vulnerabilities.
|
Intesting read... Though, I cant agree with the comparison with WoW other than the structure of the hack. The games are so different in their basic psycology and social psycology, where WoW is basicly driven by ego and greed. Get item x, y and set z, and you are good, that gives you admire from your peer. With the mix of ego and greed grinding WoW is turned out to a grind-marathon for some.
Sure, its not all bad... It have a really good way of implementing team work and rewarding team effort, but thats another story.
I argue that this is not the case for SCII, since the joy of cheating is only found by a minorty. SCII cant be grinded in the same manner, since the reward is (for most) not worth the effort. A cool portrait is cool, but it wont get you to GSL. In the SCII we admire good strategy, where pros/gamers do some really skillfull stuff. That admire cant get cheated too. Therefore I would say that the impact of cheats for SCII would be far less than WoW.
Other than that, as you said, if a cheat need to be compiled 98% of cheaters will not try it out.
Sure it feels like #€(# to get beaten by a cheater, but I find the risk of that happening pretty small. And with the really, really good community of players, a cheater gets picked up pretty fast. (Saw a thread about a maphacker that got banned within days of reveal).
|
On October 05 2010 17:30 Grimmy wrote:
FYI Anti-virus companies reverse engineer viruses to see how they work so that they detect and remove them.
I am employee in a one, and... uhm.. we receive like 300 000 new viruses every single day. There is NO WAY how to reverse all of them. But we have the tools that does that for us and 99% of them does the same thing (sending emails, cheking key strokes, ...) and of them have nice comments in the code, like "If you are reading this, I lost the game" :D
On October 05 2010 17:41 Eka wrote:
...basic psycology and social psycology...
You are right. There is no real ladder or tourneys where you can cheat on other players directly. In a case of numbers of various cheats, WoW has soooo many more and Warden is unable to protect the game in a way all of you wish so much.
|
Reading this made me think of this
"I bring tidings of doom. I have pierced the veil of the future and beheld only... oblivion."
Good read but a depressing one at that. Thanks for taking the time to write this though.
|
On October 05 2010 17:43 Ashur wrote:Show nested quote +On October 05 2010 17:30 Grimmy wrote:
FYI Anti-virus companies reverse engineer viruses to see how they work so that they detect and remove them.
I am employee in a one, and... uhm.. we receive like 300 000 new viruses every single day. There is NO WAY how to reverse all of them. But we have the tools that does that for us and 99% of them does the same thing (sending emails, cheking key strokes, ...) and of them have nice comments in the code, like "If you are reading this, I lost the game" :D
Most viruses are just variants of existing ones. I talking about ones that actually does something new.
You say you guys never reverse engineer any polymorphic engines / rootkits by hand? O.o Surely they can't be automated
|
On October 05 2010 18:40 Grimmy wrote:
Most viruses are just variants of existing ones. I talking about ones that actually does something new.
You say you guys never reverse engineer any polymorphic engines / rootkits by hand? O.o Surely they can't be automated
That something new doesn't occur that often, but yeah, when something shows up.. it definitly takes the attention of our virus analysts.
|
On October 05 2010 01:29 FiveOh wrote:Show nested quote +On October 04 2010 21:21 Ashur wrote:
You might think, that it actually advertise cheats, but truth is that it just describes how the current problematics works and how it worked in SC1...
...So, when SC2 beta came out, I was evil enough to fight for the shadowwalker's glory and research code like mad to finish the maphack as first in the world.
The sources (not just mine) are already published...
Yes, there might be technical argues that you can find the handle in other processes, but... if you think twice.. Blizzard cannot do that because of thousand reasons.
Just in case you are interested in the source codes, feel free to PM me I will guide you. I'm baffled by the positive response this is getting on TL. This thread is absolutely "I've made an undetectable hack look at my e-peen." He openly invites anyone to PM him for a look at his awesome code, and provides no real reason as to why this won't turn out to be the same tug-of-war it has always been (updated hack, updated warden, updated hack and so on). His entire argument is 'trust me guys, this one can't be beat.' I would understand if this were a report on new hacking methods ( made by someone other than the OP) and what could potentially by done about them. As it stands, what does this add to the community other than inflating the OP's ego? I think its particularly appalling that he can openly state that he has published his maphack code. This is attention whoring at its worst. 
Completely agree. I see shit posts like this all the time on various FPS forums. Some self-righteous asshat will come and post a topic, admitting he makes hacks, making the topic just to get a reaction and an ego boost. It's simply a veiled attention grab, nothing more.
What's even more familiar is the "I messaged the developer with information and they didn't care, so I decided to make/release a hack. I sure showed them. God, I'm so smart."
I wouldn't mind this topic, if you didn't openly advertise that you have attempted making the first maphack for SC2 (I bet your parents are proud *applaud*) and then freely give out the source code. What are you accomplishing by releasing the source code?
|
|
|
|
|
|
EPT
