|
Canada13407 Posts
On June 14 2012 12:52 leculver wrote:Show nested quote +Well now we have an after the fact blink hack detector. Would need to test it against known non hackers (ie. Local play) of a very very good player to make sure it won't false positive. There WILL be some false-positives. The false positives are in the form of "we saw a few blinks that match the pattern, but it was less than 40% of all blinks", for example. There's a dead giveaway if the hack does all the work in one tick. Here's an example from http://idleengineer.com/blink.txt:Show nested quote +BLINK HACK DETECTED.
Total: 25 suspect: 23.
92% suspect blinks.
Suspect blinks at these times:
[snip]
00:16:03.562
00:16:03.562 As you can see, the hack is dumb enough to do things faster than any human can: Deselect, blink, attack-move, select, (twice!). All within the same game tick. My program doesn't currently check for this, but it will tomorrow. Here's the blog post I detail what I'm doing to detect blink hacks: http://www.idleengineer.com/2012/06/13/to-catch-a-cheater-part-2-blink/OP, feel free to steal this technique if you weren't doing so already. I plan on releasing full source soon-ish, though it's a very simple state-machine to detect the blink hack. I also plan on working to detect a LOT more than just blink hacks. This is just the first thing we put together as a proof of concept.
Ah I see, didn't realise it was that specific, in which case yeah no human can provide 4 or 5 commands in one millisecond 
|
I don't think a 3rd party should be responsible with overseeing starcraft bans. While I agree with the anti-cheating attempt, I would not want to risk my career on the word of some unknown claiming hacks. This seems like it will always lag behind the latest new hack (false negative) as well as risking unjustly ending some players chances for life (false positives).
|
On June 14 2012 13:16 Darkstar_X wrote:
I don't think a 3rd party should be responsible with overseeing starcraft bans. While I agree with the anti-cheating attempt, I would not want to risk my career on the word of some unknown claiming hacks. This seems like it will always lag behind the latest new hack (false negative) as well as risking unjustly ending some players chances for life (false positives).
Ending some players' chances for life? It's not that hard to buy another copy of the game. And I don't think any amount of 3rd party hack detection will make Blizzard any more likely to start banning players. Blizzard is probably going to keep being as lazy as they have been as far as banhammer goes.
|
I'm skeptical of this. If your application detects the location of the other player's camera, how is it any different from what a maphack looks like to Blizzard's detection software? Considering Blizzard's relative incompetence in dealing with hacks, it seems like a lot of people would be banned for using anti-hack software right now.
|
Sceptical of this, however I'm glad to see people working on it. Thank you for your efforts and it's only through things like this can we start deterring hackers, although we'll never eliminate them.
|
On June 14 2012 12:44 leculver wrote:Show nested quote +On June 14 2012 12:38 Johnnysc2 wrote:Some guy on reddit says he's making anti-hack software and actually provided some alpha-level blink detection stuff. Link Yo, some guy here. =P I can't make a thread since I just created a TL account (long time lurker). I'll be releasing full source as well (though if you are impatient you can just use reflector, it's really basic stuff). This is all pretty bleeding edge right now though.
I sent you a message on reddit about this. I think releasing the source is a very bad idea, which is the reason mine is a web service. Providing the method you're using to detect to the public is a fast track way to ensure it no longer works.
|
If they are smart enough to reverse engineer Starcraft 2, they are smart enough to figure out what you are doing and work around it. I know because I do this for a living... (Pick apart software, that is.)
Even if your service is a black box, they'll just submit replays they've modified until they've figured out what you are doing to detect them. I've decided it's not worth trying to "hide" how to detect anything. They'll make changes to how their software works, I'll update mine to detect it. The only way they can completely get around this is to make their hack play as slow and crummily as a human, at which point we've won.
Keep in mind, you are working against some of the smartest programmers out there. Say what you will about people who use these hacks, but the people making them are very sharp. Might as well give them the benefit of the doubt and adapt accordingly.
|
On June 10 2012 17:44 DeadBabySeal wrote:
Ideas like this always have one massive flaw. Creating a client-side anti-cheat program for a game like Starcraft 2 is, quite literally, impossible. As long as I maintain administrative access to my machine, there's nothing your anti-hack application can do to stop me from cheating.
Go ahead and make your program. Get its use required by all online tournaments. Guess what? Hackers will hook your system calls and return whatever your program expects to see. If your application is written in a managed language like Java or C#, the job will be even easier. Further, if your application is Open Source all bets are completely off (and to be frank, I'm not running a community developed anti-hack program on my computer if I can't see the source. Nope nope nope.).
At the end of the day, there are extremely few 100% reliable ways to detect hacks. Limited replay analysis happens to be one of those - if a player is performing actions that are physically impossible (e.g., blinking individual stalkers while his camera is somewhere else) then you can be certain something is wrong. Beyond that, there will never be a 100% foolproof method of hack detection, ever. As long as people retain physical access to the computers running the game, the only thing stopping someone from hacking is lack of expertise and time.
If anything, I am actually worried that this will make the maphacker's lives easier. They will be able to continue using hacks, but when questioned they can point to your application and say "See look, I'm not hacking, you can be sure because I'm running the community's anti-hack too1!"
That doesn't mean there's isn't anything to be done about it.
One 'client side' anti cheat system big online tournaments could use is to have a camera pointed at the player's display setup recording locally, and then sent to the admins after for verification.
The other thing that should be done right now is to archive all major online tournaments replays from this point forward. If there is a flaw in the maphack discovered at any point in the future people can still busted even if they fix the maphack right away. This happened during broodwar -- people were busted from old archives by teamliquid admins and then banned from future tournaments. This makes cheating a LOT more risky. You could be busted a year after you played that match.
Even warden type programs could be mildly effective as long as they were updated immediately before large online tournaments start. Make players play their matches BEFORE they have had time to test whether it can detect their current maphack software.
|
On June 06 2012 01:19 ZeromuS wrote:
I posted this in the other thread but here it goes.
In MOHAA there was an anti hack that would screen cap randomly. If you were suspected of hacking you would be given 24 hours to email an admin the screenshot collection and if hacks were found you would be banned, if none no ban and if no Emil you would get banned as well. Worked pretty well and it can work for tournaments run online only for sc2 idf there was a similar application.
you are talking about punkbuster, its still out there too...... BF2 used it, i assume bf3 uses it. It randomly takes screenshots from server side which means they aren't cleaned up by the client side hack, instead the hack often sends through "snow" instead as it blocks punkbuster taking screenies.... you see a ss that is just static? Ban.
|
The other thing that should be done right now is to archive all major online tournaments replays from this point forward. If there is a flaw in the maphack discovered at any point in the future people can still busted even if they fix the maphack right away. This happened during broodwar -- people were busted from old archives by teamliquid admins and then banned from future tournaments. This makes cheating a LOT more risky. You could be busted a year after you played that match.
That's exactly what I'm going after. For ladder games too, though those matter less. If I figure out how to detect cheats people are using now, three months in the future, you could still have your account banned.
To be honest, it's the risk vs. reward dynamic that I'm actually trying to change here. Do you want to risk that we detect your hack at any point in the future and have your account banned? I want there to be risk of future discovery for anyone who cheats.
|
I'd love to see a rating system of 'how suspicious'.
1. Nothing out of the ordinary.
2. Something is fishy.
3. Likely cheater.
4. NESTEA!
|
On June 15 2012 04:01 leculver wrote:
If they are smart enough to reverse engineer Starcraft 2, they are smart enough to figure out what you are doing and work around it. I know because I do this for a living... (Pick apart software, that is.)
Even if your service is a black box, they'll just submit replays they've modified until they've figured out what you are doing to detect them. I've decided it's not worth trying to "hide" how to detect anything. They'll make changes to how their software works, I'll update mine to detect it. The only way they can completely get around this is to make their hack play as slow and crummily as a human, at which point we've won.
Keep in mind, you are working against some of the smartest programmers out there. Say what you will about people who use these hacks, but the people making them are very sharp. Might as well give them the benefit of the doubt and adapt accordingly.
No doubt. But there's no point in making life easier for them.
Obviously we have different goals in mind. If you want to help out with client-side hack detection then I'd welcome the help. Likewise, if you want help with replay analysis patterns holla at me.
|
I'm a worthless piece of low life scum
User was banned for being a hacker.
|
As long as you provide hacks to idiots who go around making it blatant, you will be detected. It's that simple.
|
On June 15 2012 08:44 Veritas wrote:
As long as you provide hacks to idiots who go around making it blatant, you will be detected. It's that simple.
Don't feed the troll.
|
On June 15 2012 04:52 leculver wrote:Show nested quote +The other thing that should be done right now is to archive all major online tournaments replays from this point forward. If there is a flaw in the maphack discovered at any point in the future people can still busted even if they fix the maphack right away. This happened during broodwar -- people were busted from old archives by teamliquid admins and then banned from future tournaments. This makes cheating a LOT more risky. You could be busted a year after you played that match. That's exactly what I'm going after. For ladder games too, though those matter less. If I figure out how to detect cheats people are using now, three months in the future, you could still have your account banned. To be honest, it's the risk vs. reward dynamic that I'm actually trying to change here. Do you want to risk that we detect your hack at any point in the future and have your account banned? I want there to be risk of future discovery for anyone who cheats.
Sounds good. I wonder if TL would be willing to host the archive of tournament and qualifier replays. I think you are right that even if nobody works hard on cheat detection in the near future, the mere existence of such an archive changes the risk/reward significantly.
|
This sounds good and im up to help anyone who starts a anti-cheat project for sc2.(if its being made in c#/c++)
Also the best way to detect the cheats is to actually use them and check the memory stream for patterns but you might have to spend alot of money doing this and also having the risk of getting your account banned.
Thats atleast how I made my anti cheats for other games.
|
|
|
The thing i would want to see is some kind of "hack detection" implimented into sc2gears. If a widely used piece of software gets the hack detection it would probabaly end up with more people reporting hackers. I've had a few games where i've thought "i wonder if this guys hacking" and then just moved on.
If i could run my ladder replays through sc2 gears and see "HackyMcHackerson used hacks in that game" or "94% chance of hacks in this game" preferably with time data as evidence to check the replay. I'd go and report him.
Detection is the first issue followed by the community reporting people to blizzard when they have proof. Im sure if HackyMcHackerson gets enough reports next to his name he will be banned.
|
I'm pretty sure that the good hackers will only use the production tab and minimap hack, which would be almost undetectable save for a program that the user had to use that took screenshots randomly. But I'm pretty sure that Blizzard has said they will not allow 3rd party programs like that.
|
|
|
|
|
|
EPT
