[hellraiser]

H0i, on 26 April 2013 - 02:42 PM, said:

/cg_drawcrosshair 0 will disable the crosshair.

OK thanks but havin an option in the ingame menù, something like:

[...]
Show crosshair: on/off
Crosshair shape: ecc.
[...]

woulb be much much much much much more easier

[Pilou42]

@n1n: Yep, seriously.
To be honest, I hope there will be a hack soon. It would mean 4.2 is popular. I don't think there's one actually.

Of course there will be servers without auth, ready to welcome newbies.
But for advanced users, they will play in auth servers only.

Fighting hack tool is useless, a good coder will eventually achieve it. You can always encrypt datas sent by server to computer, but it will be the same as Blu-ray or whatever. A good motivated coder will always find the way to decrypt it. :-)

But the auth system is the way to go. A cheater caught was not really easy to track before. Now, you can only use one account (despite using aliases, you will have one account). A cheater caught will have to create a new account (easy to spot) or use an old account, which for me, is also easy to spot.
With a centralized accounts server, it will be easy to keep a maintained list of cheaters. They will have to change location or Internet Provider (most cheaters are young and it won't be easy for them).

The harder task will be to fix security holes in Auth system (keep a backup of the list in case a hacker manages to edit it).


For now, I don't think there are cheat tools since 4.2 is still unpopular.

This post has been edited by Pilou42: 26 April 2013 - 10:10 PM

[FS Markinho]

n1n, on 26 April 2013 - 08:50 PM, said:

@Pilou42 seriously? do you really believe it's harder to create a new auth account than get a cheat that would work after each new update? because that sounds pretty naive, sorry.
and also you can't force all admins to set their servers to auth only, it will just scare off newcomers who didn't register and couldn't join any server, because basically UrT is a free to play game for everyone without the need to register

i think there should be something to motivate incomers to register, not scare them off by making this mandatory.

And that's where notoriety becomes useful, after you ban a cheater (or keep it always on) set the minimum notoriety higher and he won't be able to connect for some time, it sure takes longer than a re-registration

If you suspect of a new player and you recently banned someone, you jump on the site and see when he registered, and perhaps the last known location to see if it coincides

And I agree with Pilou there, it doesn't work with BF and COD, why should it with urt, auth is way more annoying for common cheaters to bypass

[[SEG]garcassgrinder]

@All:

Im not sure if its possible but: imagine there will be in next future an account fake tool,
use randomly valid accounts.

All a hacker need is time and to know one or two account key to analyse.
- step one: generate randomly a countless list of fake account keys
- step two: put the keys into a text file named like accounts.cfg and put a simple procedure to register all step by step
- step three: run through the whole list via q3ut4 cmd line till he catch a valid account
- step four: continue and collect the valid keys he found

note the hacker don't need to hack a single account. For him it is enought to catch any account. And he has time...

...that scenario should only describes an account attack not a cheat!!!


The hacker is now able to mess up with some user accounts.

Please troll me if I talk nonsense

[Pilou42]

Indeed. With just an auth key, it looks possible.
Maybe it should be a good idea to enter a login too (then one auth key valid instead of auth key * accounts created).

[Mod [dswp]JRandomNoob]

If the guys who coded the auth are worth anything, these keys are generated as randomly as technically possible, meaning that brute-forcing them would indeed be the only way to find valid ones. Since we’re not breaking encryption here, walking through every single key would take a fair bit less than forever, but you would need a dedicated botnet since (I do hope that) $UNREASONABLY_LARGE number of failed tries from a single IP would get it blocked, and even the number of any kind of devices with Internet connection is orders of magnitude smaller than the number of possible keys.

Basically, yes, you could do that, but it would be completely unfeasible unless you’re developing a paid cheat that would have just a few users anyway.

BTW, when did you last change your auth key?

[[SEG]garcassgrinder]

JRandomNoob, on 27 April 2013 - 03:45 PM, said:

If the guys who coded the auth are worth anything, these keys are generated as randomly as technically possible, meaning that brute-forcing them would indeed be the only way to find valid ones. Since we’re not breaking encryption here, walking through every single key would take a fair bit less than forever, but you would need a dedicated botnet since (I do hope that) $UNREASONABLY_LARGE number of failed tries from a single IP would get it blocked, and even the number of any kind of devices with Internet connection is orders of magnitude smaller than the number of possible keys.

Basically, yes, you could do that, but it would be completely unfeasible unless you’re developing a paid cheat that would have just a few users anyway.

BTW, when did you last change your auth key?

IP can change if you get a dynamic one form your provider and ID key can also change by a New UrT Installation

[24/7.x3r]

garcassgrinder, on 27 April 2013 - 06:49 AM, said:

@All:

Im not sure if its possible but: imagine there will be in next future an account fake tool,
use randomly valid accounts.

All a hacker need is time and to know one or two account key to analyse.
- step one: generate randomly a countless list of fake account keys
- step two: put the keys into a text file named like accounts.cfg and put a simple procedure to register all step by step
- step three: run through the whole list via q3ut4 cmd line till he catch a valid account
- step four: continue and collect the valid keys he found

note the hacker don't need to hack a single account. For him it is enought to catch any account. And he has time...

...that scenario should only describes an account attack not a cheat!!!


The hacker is now able to mess up with some user accounts.

Please troll me if I talk nonsense

There are 36 possible different characters (A-Z / 0-9) in 32 different slots in the string.

That is 36^32, or: 6.3340286662973277706162286946812*10^49 different possible keys.

IF my math is correct, I highly doubt hackers have the means to brute force this way.
And FS would not have servers that could handle this, if it was to be done in a reasonable amount of time, it would just overload the server.

I also doubt FS would allow so many auth-key changes from the same IP, before that IP is blacklisted or similar. Even if you had access to 100000 IPs, you would barely make a dent.

I am sure hackers have better things to do if they had these sort of means.

*hopes the math is correct XD, but even if it isn't the number of keys is extremely high*

This post has been edited by x3r: 28 April 2013 - 08:34 AM

[thelionroars]

x3r, on 28 April 2013 - 08:30 AM, said:

There are 36 possible different characters (A-Z / 0-9) in 32 different slots in the string.

That is 36^32, or: 6.3340286662973277706162286946812*10^49 different possible keys.

...

*hopes the math is correct XD, but even if it isn't the number of keys is extritemely high*

its actually in hexadecimal (0-9 and A-F).

= 16^32 ~= 3.403 * 10^38

which is decent.

[24/7.x3r]

thelionroars, on 28 April 2013 - 10:53 AM, said:

its actually in hexadecimal (0-9 and A-F).

= 16^32 ~= 3.403 * 10^38

which is decent.

Thanks for the correction.

Number of possible keys:
~3,403,000,000,000,000,000,000,000,000,000,000,000,00

lol, anyone know the name of this number?

This post has been edited by x3r: 29 April 2013 - 03:20 AM