* May 25, 2013, 05:31:03 AM
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Come Chat with us live! Learn how HERE!
 
   Home   Help Search Login Register  
Pages: 1 [2] 3  All   Go Down
  Print  
Author Topic: My Thoughts on the new Aimbot  (Read 13168 times)
Flower


Turrets: +3/-0
Posts: 94
« Reply #30 on: July 23, 2007, 11:17:09 PM »
We could create a secure Tremulous, with a database holding user accounts, and each time you want to join a server, you need to enter your login and password. To get an account, you need to register when the registrations are open (at each 2 or 3 months). If any user see a cheater, he can just record him and get enough info to block his account till the next registration wave.

Some server shouldn't work this way too.
Logged
img]http://rm3d.free.fr/flower.jpg[/img]
I'm a Flower, wanna smell my pistil?
player1


Turrets: +527/-401
Posts: 3062

ohaider!


WWW
« Reply #31 on: July 23, 2007, 11:26:27 PM »
the whitelist has been proposed before...
Logged

The Fractal Zion Incident, OR How One Man Singlehandedly Saved the Brindus System

The Dreaded "Third Race" Suggestion: The Unvanquished!
TinMan


Turrets: +49/-70
Posts: 1020


WWW
« Reply #32 on: July 23, 2007, 11:41:36 PM »
A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.
Logged
Code:
Linux: ~/.tremulous/base/
Mac: ~/Library/Application\ Support/Tremulous/base/
Windows: C:\Documents and Settings\username\Local Settings\Application Data\Tremulous\base\
NeonPulse
http://neonpulse.net/media/games/tremulous/base/autoexec.cfg
tehOen
Guest
« Reply #33 on: July 23, 2007, 11:47:07 PM »
Quote from: "TinMan"
A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.

client is open source though
Logged
NiTRoX

*

Turrets: +41/-200
Posts: 1456
« Reply #34 on: July 24, 2007, 07:21:28 AM »
Quote from: "tehOen"
Quote from: "TinMan"
A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.

I don't know shit , i talk utter crap
Logged
tehOen
Guest
« Reply #35 on: July 24, 2007, 01:07:01 PM »
Quote from: "NiTRoX"
dont talk about me Sad
Logged
NiTRoX

*

Turrets: +41/-200
Posts: 1456
« Reply #36 on: July 24, 2007, 01:34:26 PM »
Quote from: "tehOen"
Quote from: "NiTRoX"
<3
Logged
beerbitch


Turrets: +11/-19
Posts: 195
« Reply #37 on: July 24, 2007, 04:20:53 PM »
Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.
Logged
Beerbitch - "Some days you're the pigeon, other days you're the statue"
tehOen
Guest
« Reply #38 on: July 24, 2007, 04:51:05 PM »
Quote from: "beerbitch"
Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.

... how would you get my OS if I dont want to give that info
or how would you be sure that I gave you the right info about my OS
Logged
beerbitch


Turrets: +11/-19
Posts: 195
« Reply #39 on: July 24, 2007, 04:55:55 PM »
Quote from: "tehOen"
Quote from: "beerbitch"
Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.

... how would you get my OS if I dont want to give that info
or how would you be sure that I gave you the right info about my OS


Because each operating system has a unique way of generating certain values in the headers of tcpip packets, and you can't easily work around that. You would have to replace your entire tcpip stack with something that spoofed a legit packet. By trying to connect to my server, I already have packets from you.
Logged
Beerbitch - "Some days you're the pigeon, other days you're the statue"
n00b pl0x


Turrets: +54/-168
Posts: 2415
« Reply #40 on: July 24, 2007, 11:48:05 PM »
f u
Logged
will sort out my sig, or I will get banned.

HOW DO I SORTED SIG?
Patriotpie


Turrets: +9/-15
Posts: 85
« Reply #41 on: July 25, 2007, 03:28:00 AM »
Quote from: "beerbitch"
Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.



Why inject a DLL? Trem and funlily are both released open-source. C = C, no matter the platform. Modify funlily a bit and recompile the client. :roll:
Logged
kevlarman

*

Turrets: +291/-295
Posts: 2737
« Reply #42 on: July 25, 2007, 04:07:28 AM »
Quote from: "Patriotpie"
Quote from: "beerbitch"
Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.



Why inject a DLL? Trem and funlily are both released open-source. C = C, no matter the platform. Modify funlily a bit and recompile the client. :roll:
funlily is just ogc modified for trem, it does in fact inject code into tremulous to do its dirty work.
Logged
Quote from: Asvarox link=topic=8622.msg169333#msg169333
Ok let's plan it out. Asva, you are nub, go sit on rets, I will build, you two go feed like hell, you go pwn their asses, and everyone else camp in the hallway, roger?
the dretch bites.
-----
|..d| #
|.@.-##
-----
Odin
Spam Killer
*
*

Turrets: +113/-204
Posts: 1764

omgwtfbbq


WWW
« Reply #43 on: July 25, 2007, 07:26:37 AM »
Or we can just give the original aimbot creator death threats and take over his site, just like how that one guy who made the proof of concept Mac worm.
Logged
Fluxflashor
Guest
« Reply #44 on: July 27, 2007, 07:09:12 PM »
Quote from: "Odin"
Or we can just give the original aimbot creator death threats and take over his site, just like how that one guy who made the proof of concept Mac worm.


We could slow down the aimbot distibution by sending a DoS attack to the website it is distributed at. Maybe eat up all the bandwidth.
Logged
Foobicam


Turrets: +0/-0
Posts: 72
« Reply #45 on: July 27, 2007, 07:43:15 PM »
Why would doing DoS attacks on one web site be any more successful than the RIAA's attempts to slow down illicit content distribution?  Once the bits are "out there", they can be made available from many sources.

Attacking distribution won't work.  Anything that requires client-side detection won't work.   Focus on server-side behavior monitoring/detection and client authentication and reputation-building, and you might have a chance.
Logged
url=http://img265.imageshack.us/img265/472/foobvn0.jpg]Image Sig[/url] removed.
FisherP


Turrets: +31/-32
Posts: 295

No, I'm not a Potatoe
« Reply #46 on: August 03, 2007, 02:51:32 AM »
As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.
Logged
kevlarman

*

Turrets: +291/-295
Posts: 2737
« Reply #47 on: August 03, 2007, 03:48:12 AM »
Quote from: "FisherP"
As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.
and if the aimbot writer has that code, it is extremely easy to make his aimbot go undetected by that code.
Logged
Quote from: Asvarox link=topic=8622.msg169333#msg169333
Ok let's plan it out. Asva, you are nub, go sit on rets, I will build, you two go feed like hell, you go pwn their asses, and everyone else camp in the hallway, roger?
the dretch bites.
-----
|..d| #
|.@.-##
-----
Vector_Matt


Turrets: +2/-1
Posts: 732
« Reply #48 on: August 04, 2007, 02:01:02 PM »
If the aimbots use the information in the drawmodel command that the server sends, would it pe posible to have the server send some superfluous drawmodel commands? Commands that would put the model where a normal player wouldn't see them. Such as in the reactor, in the armory, behind battlesuits, behind walls, etc (There would of course be lots of randomness to the placement to make it harder to code an aimbot against). If it worked it wouldn't prevent aimbots, but it would make it extremely difficult to target well.

What do you think?
Logged
n00b pl0x


Turrets: +54/-168
Posts: 2415
« Reply #49 on: August 04, 2007, 07:08:28 PM »
Quote from: "Fluxflashor"
DoS attack


your dos hacker couldnt hack his way out of a cardboard box
Logged
will sort out my sig, or I will get banned.

HOW DO I SORTED SIG?
kevlarman

*

Turrets: +291/-295
Posts: 2737
« Reply #50 on: August 05, 2007, 04:25:29 AM »
Quote from: "Vector_Matt"
If the aimbots use the information in the drawmodel command that the server sends, would it pe posible to have the server send some superfluous drawmodel commands? Commands that would put the model where a normal player wouldn't see them. Such as in the reactor, in the armory, behind battlesuits, behind walls, etc (There would of course be lots of randomness to the placement to make it harder to code an aimbot against). If it worked it wouldn't prevent aimbots, but it would make it extremely difficult to target well.

What do you think?
short answer: no (it's late so i won't type out the long answer, if you really want me to do it bug me in the morning)
Logged
Quote from: Asvarox link=topic=8622.msg169333#msg169333
Ok let's plan it out. Asva, you are nub, go sit on rets, I will build, you two go feed like hell, you go pwn their asses, and everyone else camp in the hallway, roger?
the dretch bites.
-----
|..d| #
|.@.-##
-----
Fluxflashor
Guest
« Reply #51 on: August 05, 2007, 06:29:27 AM »
Quote from: "n00b pl0x"
Quote from: "Fluxflashor"
DoS attack


your dos hacker couldnt hack his way out of a cardboard box


Yes he can
Logged
FisherP


Turrets: +31/-32
Posts: 295

No, I'm not a Potatoe
« Reply #52 on: August 17, 2007, 12:24:30 AM »
Quote from: "kevlarman"
Quote from: "FisherP"
As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.
and if the aimbot writer has that code, it is extremely easy to make his aimbot go undetected by that code.


Please be aware that I'm practically ignorant of the inner workings of the client-server relationship. Howver can these calculations be performed by the server? If so then if the aimbot adds enough randomness to it's calculations to avoid detection, would it not be random enough to be worthless?

Edit: I've also noticed dramatic changes in vector when locking onto targets, can't this be exploited? EG vector change rate to time ratio to first hit on enemy
Logged
tuple

*

Turrets: +97/-80
Posts: 834
« Reply #53 on: August 17, 2007, 12:35:56 AM »
Quote from: "Fluxflashor"


Yes he can


No he can't, or he'd be making $250 an hour working for a network security company instead of toying around with cracking a video game or threatening not for profits.
Logged
cephas


Turrets: +0/-0
Posts: 45
« Reply #54 on: August 17, 2007, 04:41:40 PM »
Personally, I think your best bet against aimbotters would be a server-provided list of tests that must be passed.  The server sends a small script file that checks the appropriate cvars and whatnot (check for odd *.dlls), and parses the reply.  This would be fairly hard to spoof because the correct reply could easily depend on the tests the server sent out, which could be changed regularly.
Logged
 CU|Cephas
Neckhole


Turrets: +0/-1
Posts: 33
« Reply #55 on: August 17, 2007, 04:44:03 PM »
Quote from: "cephas"
Personally, I think your best bet against aimbotters would be a server-provided list of tests that must be passed.  The server sends a small script file that checks the appropriate cvars and whatnot (check for odd *.dlls), and parses the reply.  This would be fairly hard to spoof because the correct reply could easily depend on the tests the server sent out, which could be changed regularly.


You can't trust anything a client reports to you EVER.

Any solution which relies on information sent by the client is foolish and a complete waste of time.
Logged
url=http://potatopatch.brianmoses.net/]The Potato Patch[/url]
ShadowNinjaDudeMan


Turrets: +86/-58
Posts: 1388

NOM!NOM!NOM!


WWW
« Reply #56 on: August 17, 2007, 05:01:26 PM »
Just make a script that monitors for any "Snap To" movements.

If it finds three suspicious movements or activities, then it reports/kicks you.
Logged
Quote from: Colynn' on August 13, 2009, 04:21:09 PM
My favorite player is Jesus, because everything is forgiven when he respawns.

NOM!NOM!NOM!
kevlarman

*

Turrets: +291/-295
Posts: 2737
« Reply #57 on: August 17, 2007, 06:16:59 PM »
Quote from: "ShadowNinjaDudeMan"
Just make a script that monitors for any "Snap To" movements.

If it finds three suspicious movements or activities, then it reports/kicks you.
and then the aimbot authors look at the code of your script, and make their aimbot go undetected.
Logged
Quote from: Asvarox link=topic=8622.msg169333#msg169333
Ok let's plan it out. Asva, you are nub, go sit on rets, I will build, you two go feed like hell, you go pwn their asses, and everyone else camp in the hallway, roger?
the dretch bites.
-----
|..d| #
|.@.-##
-----
Puma


Turrets: +26/-0
Posts: 192
« Reply #58 on: August 17, 2007, 06:58:01 PM »
and then we will write another script.
and they will not public the next cheat, cause they will get tired of rewriting.
i hope Cheesy
Logged
ou have no life?
http://www.uncommonforum.com/
Here you can find some help.
Nux


Turrets: +257/-69
Posts: 1733
« Reply #59 on: August 17, 2007, 07:02:41 PM »
Unless of course they like a challenge. If they do, you could end up simply entertaining them.
Logged
http://img826.imageshack.us/img826/4831/sigflamew00t5.png

'Nux sux'.. Man, that's catchy!
Pages: 1 [2] 3  All   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
TremPlus theme by Ingar, based on AF316 theme by Fedhog 		Valid XHTML 1.0! Valid CSS!