Need your opinion on proposed anti-cheat proxy program

[speaker]

Hi,

I am seeking the opinion of the Q3A community about a proposed project.

I have been approached by a server admin who asked me if it were possible to develop an anti-cheat program for his servers running Noghost 1.16 (it seems that Punkbuster is not a viable option for him). I have a couple of ideas about how it could be done, but I am not sure if what I plan to implement would be acceptable to the admins and players.

After considering the problem I have come to the conclusion that the only reliable way of implementing anti-cheat measures is the use of a closed source proxy sitting between the server and the client. The client side proxy would have complete control of starting the game program and establishing connection to the server side proxy. That is, the player would not start the game directly but would start the proxy with the path to the game and the address of the server as arguments. In order to be tamper resistant the proxy by default must be closed source, i.e. only binary versions would be distributed.

I believe that by using this approach all cheats based on game hacking could be eliminated, and the proxy could even provide reliable info to the admins for the detection of GL wall hacks as well. In addition, the proxy would not be specific to Noghost: with proper configuration it could be used by any game using the Q3A engine.

However, I realize that this approach may not be acceptable to admins and players for several reasons:

1. the restrictions imposed may not be acceptable to the players

2. players may be too lazy to download and install the proxy: they will simply use other servers

3. admins and players may be afraid to run the closed source proxy because of the possibility of virus or trojan infection (after all, they cannot know what the proxy is really doing and there is always the possibility of hackers distributing fake versions)

There is not much I could do about (1) and (2), but these problems could be overcome if server admins adopted the proxy and forced their players to use them. IMHO the benefits would be considerable.

Problem (3) is more serious and there is no simple solution: you either trust the developer or not. A possible solution based on control by the community could be the following:

1. There would be a few reputable WEB sites (e.g. quake3world, Lvl) for downloading authentic proxy binaries.

2. The binaries would be created by independent and trusted persons (e.g. prominent Q3A programmers active on different forums) from source code provided by the developer(s).

I would greatly appreciate getting your opinion on this subject.

Thanks!

[ Note: posted to the quake3world, ioquake3 and Rainbow Network forums. ]

[^misantropia^]

Problem (4): anyone with a debugger and a disassembler can take apart your proxy in a couple of hours.

I wouldn't bother if I were you, just ban cheaters.

[speaker]

Hi,

<I wouldn't bother if I were you, just ban cheaters.>

Wish it were as simple as that. But it is _not_ as simple, that's why hundreds of servers use Punkbuster to (try to) eliminate cheaters. How do you identify cheaters reliably? How can you be sure that you _can_ identify them (next to impossible if they are subtle)? How can you ban them reliably? By their IP? He/she just resets the router and comes back using a different name and IP. What about GL wallhacks that are quite impossible to detect? IMO this is a serious enough problem to deserve some attention.

<Problem (4): anyone with a debugger and a disassembler can take apart your proxy in a couple of hours.>

Believe me, I have done my homework There are ways to make software resistant to that kind of tampering, see for example:

http://grampus.jaist.ac.jp:8080/miyaji- ... sa2002.pdf
http://www.cs.virginia.edu/~jck/publica ... c.2000.pdf
http://www.fit.vutbr.cz/~hanacek/papers/ISM00.pdf
http://www.cs.arizona.edu/~collberg/Tea ... mohan2.pdf

If these techniques are used properly, then reversing the program -- while not entirely impossible -- may take a very long time (months or even years) and considerable computing resources. I would say that few cheaters would/could undertake such a job. Anyway, if after a few months it turns out that somebody broke the code, you can issue a new version using a different randomly selected protection technique and the cheaters must start again from zero. BTW, your argument also applies to Punkbuster, yet it is used widely.

But this is a mere technical detail, and I have some ideas how to solve it. Let's assume that the proxy program is protected from reversing and can be produced in a trusted way. The question then is if it would have a chance to be adopted by server admins and players. The reason why I want to know this is that it would be a big project and I will not start it unless I can be fairly sure that it is going to be useful not only to a few persons but to the whole community.

[Eraser]

So what brings you to Quake3World then? Seriously, Quake 3 players are a dying breed. Even if you're going to create something that is useful to the community, that community is really small.

I'd even go as far as to say that because Q3A is so old, cheaters are probably not that interested in it anymore. Maybe I'm wrong, but I'd be surprised if there still are a lot of cheaters bothering with Quake 3.

Oh, and why is Punkbuster a problem?

[speaker]

Hi,

So what brings you to Quake3World then? Seriously, Quake 3 players are a dying breed. Even if you're going to create something that is useful to the community, that community is really small.

I have been interested in Q3A programming for a long time (I am a member of the team that made Q3MIN). Maybe Q3 is dying (I am not so sure about this, BTW) but still there are hundreds of active servers around.

I'd even go as far as to say that because Q3A is so old, cheaters are probably not that interested in it anymore. Maybe I'm wrong, but I'd be surprised if there still are a lot of cheaters bothering with Quake 3.

Since somebody asked me to make an anti-cheat program, it seems to me it is still a problem. Anyway, the proxy I want to make would be a generic one, almost completely independent of the type of game used (as long as it is a server based networked multiplayer type). So it could be used just as well with Q4, Doom3, UT, whatever.

Oh, and why is Punkbuster a problem?

The guy who asked me uses Noghost 1.16 and he could not get a usable version of Punkbuster for that. Also I have come across posts in different forums offering cheat bots undetectable by Punkbuster. Punkbuster is quite good, but cannot be 100 % efficient because it does not have complete control over the game executable run by the player.

[Mark_101]

Hey, are you still into this project?

[speaker]

Hi,

Hey, are you still into this project?

Yes, I am working on an anti-cheat module for Quake3 (and other games based on the Q3 engine). However, after some consideration (and hearing the opinion of others) I have adopted a different approach. Instead of making a separate proxy, I am adding code to the server. This code (hopefully) will prevent wallhacks and detect aimbots (the two most obnoxious cheats).

[Eraser]

You're using server code to detect client side hacks? Interesting.

[speaker]

Hi,

You're using server code to detect client side hacks? Interesting.

It appears to be possible. Wallhacks can be prevented by not sending info about other clients/bots not directly visible to the player (not my invention, it has been discussed before). Aimbots can be detected by analyzing the behavior (aiming movements and accuracy) using Dynamic Bayesian Networks. These are pre-trained by using data collected on the playing behavior of non-cheaters and perform a kind of probabilistic prediction. If you are interested I can send you links to several documents describing this approach.

[Eraser]

Hi,

You're using server code to detect client side hacks? Interesting.

It appears to be possible. Wallhacks can be prevented by not sending info about other clients/bots not directly visible to the player (not my invention, it has been discussed before).

Sounds like a challenge. And there's a pun in that sentence as hearing other player's footsteps or item pickups is something that is important in dueling. Have you considered this? Might have to review the way sounds caused by players are handled as well.

[speaker]

Sounds like a challenge. And there's a pun in that sentence as hearing other player's footsteps or item pickups is something that is important in dueling. Have you considered this? Might have to review the way sounds caused by players are handled as well.

I have already considered this, but thanks anyway for pointing out a possible problem. The solution may be that the server sends only the type, intensity and direction of player generated sounds, not including their exact location as it is done now. I am not sure yet whether is is possible (I mean w/o changes in the client code as well).

[nexus024]

It appears to be possible. Wallhacks can be prevented by not sending info about other clients/bots not directly visible to the player (not my invention, it has been discussed before).

I would be very interested in adding this "wallhack prevention" code to the mod I am currently working on. Can you explain where in the code you detect if a player should receive other players info ect?