Hello,
I haven't noticed any obvious cheating (maybe I'm too n00b to see it), but I keep reading about it!
Sorry if this has been posted before, but one solution is to have a list of user accounts on the central game list server. When you hop onto a server with "accounts" enabled, you send your log on info (and a hardware-specific tag) to the central server, which then sends a random but matching key to you and the game server. If this matches, you're in, if not, BOOT.
Since this traffic only occurs when a client joins, it requires very little extra bandwidth. If the account is linked to your hardware (mac-address is an easy one) and a confirmed email address, this might be enough of a barrier to eliminate the casual cheater. If you want to be uberhardcore about it, signup could involve a several-day waiting period to simply *bore* cheaters out of their habit.
All of this (plus battleye) would cause one-time mild discomfort (very little if implemented properly) to most users and also make them value their account status and not want to deal with the headache of cheating. As a bonus, all usernames would be unique. (Players could have several usernames associated with one email address, though, with no affect on the effectiveness of the system.)
Just a thought. Someone was mentioning a similar tactic at tremulous (also awesome) and I thought it was interesting.
This game is amazing.
-Jack
Advertisement
possible anti-cheat solution
Rate Topic:
MultiQuote
#2
Woekele 
former FS member
Posted 02 October 2007 - 01:17 AM
hardware-id'ing is something I personally don't believe in, there has been many talk about it already in these forums too. I believe more in a system that would require a $5 cd-key. Anyway, someone has to code a working auth-server for this and a working back-end to create the accounts etc.
BattlEye is dead by the way.
BattlEye is dead by the way.
#3
rudcrustage (old)
- Joined: 10-May 07
- Posts: 39
Posted 02 October 2007 - 02:10 AM
im starting to like the numerous hackers... makes this the hardcore version, pushing the game up to a new level others must rise to meet.
#4
gurkesaft (old)
- Joined: 29-September 07
- Posts: 60
Posted 02 October 2007 - 03:08 AM
I wonder how tremulous is able to still use punkbuster. I read that it does today, on the forum... They may be distributing the open-source version of quake3 as their executable. As far as I can figure out, id is perfectly fine with this, so long as all the material/artwork is original.
WRT coding, I am a coder and have worked with TCP connections and server-side cgi scripts. Is it worth my time to try and get balls deep in this? It would not be hard actually, to simply write a few lines of C++ into the ioquake executable that pokes the list server when connecting. Then the list server could even simply poke the game server a moment later, saying "soandso has a valid account" eliminating the need for keys altogether.
Alternatively, this forum itself could be easily programmed to receive a special login from the client, including the username, password, gameserver IP, and a random number. When the client sends this, it also sends the random number to the server, which then waits for confirmation or denial from the forum.
I understand your distaste for hardware ID's since windows XP did it and it was ridiculously annoying. I don't even think using a hardware key would make it any more secure as you can just spoof this information on signup anyway. I still think accounts would be useful to impede cheaters a bit. It might also work to have a super top-secret random key generator with some kind of earmark to prove that it was generated properly, and that no one can figure out. When you sign up with a confirmed email address (perhaps in this forum) you get this key. Then only the list server is allowed to verify it, because it's top secret and cannot be reverse-engineered.
In general, though, I think having one of the centralized servers involved in the joining process would increase the worth of your username(s) and make banning easier and more effective.
WRT coding, I am a coder and have worked with TCP connections and server-side cgi scripts. Is it worth my time to try and get balls deep in this? It would not be hard actually, to simply write a few lines of C++ into the ioquake executable that pokes the list server when connecting. Then the list server could even simply poke the game server a moment later, saying "soandso has a valid account" eliminating the need for keys altogether.
Alternatively, this forum itself could be easily programmed to receive a special login from the client, including the username, password, gameserver IP, and a random number. When the client sends this, it also sends the random number to the server, which then waits for confirmation or denial from the forum.
I understand your distaste for hardware ID's since windows XP did it and it was ridiculously annoying. I don't even think using a hardware key would make it any more secure as you can just spoof this information on signup anyway. I still think accounts would be useful to impede cheaters a bit. It might also work to have a super top-secret random key generator with some kind of earmark to prove that it was generated properly, and that no one can figure out. When you sign up with a confirmed email address (perhaps in this forum) you get this key. Then only the list server is allowed to verify it, because it's top secret and cannot be reverse-engineered.
In general, though, I think having one of the centralized servers involved in the joining process would increase the worth of your username(s) and make banning easier and more effective.
#5
gurkesaft (old)
- Joined: 29-September 07
- Posts: 60
Posted 02 October 2007 - 03:17 AM
Another source says "no punkbuster" in Tremulous. Probably more accurate.
Advertisement
#6
Woekele
Posted 02 October 2007 - 03:32 AM
There's already a auth-server mechanism in q3, for the cd-keys. Afaik, just before you connect to a gameserver, the client first contacts auth-server, sends cd-key to it. The auth-server checks key and sends back an error if cd-key is invalid ('invalid/mistyped cd-key'). The authserver keeps a temp (like 5 minutes) database of IP + cdkey of everyone who authed succesfuly. On connect, the gameserver querys the auth-server and asks if the IP of the client is succesfuly authed or not. If so, it lets you in, if not, you get 'client unknown to auth'.
You could slighty adapt/extend this to use accounts and everyone account would have its own secret unique key. To get it do hardware-id-reading and base the key on that is a lot harder and since it's open source, very easy to spoof. You'd need a closed source library which gets loaded and does it, which again makes it much harder to do and which again can be hacked.
That's why I believe more in selling these keys. The community could very well start such a system. 5 dollar per key. All you need is a 'master' server that handles accountcreation/payments/key-database/authing. It would be nice though if the auth-server would also send a public unique number of clients to the server, so that with a /playerlist, this number would be shown and you would be able to look up who someone is, without getting to know their secret key. (same as PB does with guid)
You could slighty adapt/extend this to use accounts and everyone account would have its own secret unique key. To get it do hardware-id-reading and base the key on that is a lot harder and since it's open source, very easy to spoof. You'd need a closed source library which gets loaded and does it, which again makes it much harder to do and which again can be hacked.
That's why I believe more in selling these keys. The community could very well start such a system. 5 dollar per key. All you need is a 'master' server that handles accountcreation/payments/key-database/authing. It would be nice though if the auth-server would also send a public unique number of clients to the server, so that with a /playerlist, this number would be shown and you would be able to look up who someone is, without getting to know their secret key. (same as PB does with guid)
#7
Littlefoot (old)
- Joined: 31-July 06
- Posts: 6
Posted 02 October 2007 - 03:51 AM
I think the community likes the game enough that a $5 "anti-cheat" registration key wouldn't be a problem. I for one would buy one for each of my computers...when does it get on the market? 
#8
Agent#6 (old)
- Joined: 07-August 07
- Posts: 127
Posted 02 October 2007 - 04:47 AM
Even hardware ident will not work, the cheaters will simply put a client between the OS and hardware to report false hardware codes. Not unlike MAC Address spoofing.
To stop cheating you need a true hardass to visit every players system in person, and if a cheat is found the player gets a free DE-50cal to the head.
To stop cheating you need a true hardass to visit every players system in person, and if a cheat is found the player gets a free DE-50cal to the head.
#9
AKKODIAK (old)
- Joined: 22-September 07
- Posts: 370
Posted 02 October 2007 - 04:51 AM
Quote
To stop cheating you need a true hardass to visit every players system in person, and if a cheat is found the player gets a free DE-50cal to the head.
I would prefer an SR-8. Less chance of blood backsplash on you clothes.
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement