Tremulous Forum
General => General Discussion => Topic started by: Fluxflashor on July 22, 2007, 03:32:42 am
-
Obviously this is a very big problem, before just set g_minleveltojointeam 1 and setlevel anyone with a GUID to level 1, and we were all good.
Now, GUID's can sue aimh4x too.
This is what I can think of as a solution to getting this mess fixed up.
We need a script that can run client side that connects to the server that will detect if the client is using any cvars associated with the aimbot. So if someone ran n_aim and set it to 1, the client would get auto banned for Aimhax. Also would work with n_esp, n_vecz, n_vecy,n_vecx, n_predict.
If someone could code such a thing, we run into a second problem. Devil and Secunder will simply recode it to make it have different cvars. Maybe d_aim etc.
Someone recodes the mod, then they recode the bot. There must be a piece of code that can be detected that they cannot change without rewriting most of the program.
This is just a thought, maybe someone could code something, im not 100% sure, would get rid of some aimbots hopefully.
[Awaits flames, comments, suggestions, questions, the usual. Probably flames]
-
devil and sec cant code :roll:
-
Client side detection is not possible, will be easy to spoof. You can make it harder, but not impossible. You can substitute that script with another one that simple says "nope, no aimbot setting". But since funlily seems to be a bit lazy, maybe providing more work isn't such a bad idea, though this would also imply more work for the devs here, which can only be decided by themself. In the end, given a comitted aimbot developer, it will just end up in a never ending race until funlily and friends grow up and do something meaningful with their live.
-
funlily [aka Secunder and Devil] {yes n00bpl0x they can code. I may have a TS recording, im not 100% sure though, have witnesses for sure},
needs to be slowed down. Its not hard to change cvars, even I can do it. But if there was some sort of advanced script, even changing cvars might screw stuff up.
The aimbot works by injecting a DLL file into your TJW backport, maybe you could make a modification to search for a script that appears in the DLL only and ban that way?
It would be a hard task, the dev's dont have much time, but must make the next trem version more secure for sure, maybe some of the community developers that make mods would be able to come together. Believe me, if I could code something this complicated I would have already begun.
Offtopic: Evlesoa TS soundboard in the making. :P Im using flash.
-
new aimbot? where?
-
Ahh now flux you searched my computer and made yourself feel good by opening a txt file and crashing my computer. But your right things can be changed.
Just like this screen shot here.
(http://i157.photobucket.com/albums/t43/QuakeMaster_01/aimbot.jpg)
-
devil and sec cant code :roll:
secunder can code
he is an bug abuser, he was also trying to hook gl to make a wall hack
(retard lol)
-
And how do you know this?
I have to say you dont know shit about what Secunder does ;p
-
And how do you know this?
I have to say you dont know shit about what Secunder does ;p
r u he?
me thinks mebbe so or somehow related/friend/lover/cohort...
:-?
-
I be Devil ;p
-
GoDz Devil?
be ye he?
-
Yes em.
-
Things can be changed, your right Devil.
!showbans -3
!unban 11
GoDz Devil has been unbanned by MW|Fluxflashor
-------
But what you and your brother have done with an aimbot, that cannot be undone. Too many already have downloaded it. Why should I remove your ban? Because you are causing my server grief because your stupid aimbot is in the hands of a bunch of people that are ruining the game for everyone?
How are you going to solve the aimbot problem Devil. Tell me how your going to solve it, and that !unban 11 just might happen. If things can be undone prove it.
-
ahhh well I cant stop anything, your the one who accused us of creating it which we did not, your right we can code, don't mean we created the aimbot.
Secunder has been accused in the pass but oh well thats the pass this is the present, we reformatted my other computer due to a Trojan. So I don't have shit cause you searched my computer, but my other you have not yet but its all new shit on there and I don't plan putting any kind of aimbot on there.
-
well heck it's in the turret code, eh?
something in the game can automatically track aliens and shoot at them
not too hard to figure that much out
hey devil you and secunder should start a clan
t3h R3h4b clan 4 former haxx0rz
flux could prolly join
I'm sure most server owners/ops have at least tried the bot
purely for research of course
-
well heck it's in the turret code, eh?
something in the game can automatically track aliens and shoot at them
not too hard to figure that much out
hey devil you and secunder should start a clan
t3h R3h4b clan 4 former haxx0rz
flux could prolly join
I'm sure most server owners/ops have at least tried the bot
purely for research of course
Meh SST had a flaw in their FTP, when admin.dat was deleted, it spawned the .dat for the SST server. Anyone could do it, just go get a server hosted at SST.
Even if I could join, I wouldn't. I harmed A server. They harmed them all. I will proove you guys are funlily just wait.
As mentioned in another thread, anyone who can access forum IP's check the IP of funlily please and compare it with that of Devil, Secunder, and Oblivion.
-
Flux, check what PB did to get the boters and while you are at it, check how successful they have been.
lol
If you come up with something they haven't tried yet, you stand good chances to make some serious money.
Face it, there is no way to automagically detect boters.
-
well heck it's in the turret code, eh?
something in the game can automatically track aliens and shoot at them
not too hard to figure that much out
hey devil you and secunder should start a clan
t3h R3h4b clan 4 former haxx0rz
flux could prolly join
I'm sure most server owners/ops have at least tried the bot
purely for research of course
Meh SST had a flaw in their FTP, when admin.dat was deleted, it spawned the .dat for the SST server. Anyone could do it, just go get a server hosted at SST.
Even if I could join, I wouldn't. I harmed A server. They harmed them all. I will proove you guys are funlily just wait.
As mentioned in another thread, anyone who can access forum IP's check the IP of funlily please and compare it with that of Devil, Secunder, and Oblivion.
I have proof, its in my pants.
-
Flux, check what PB did to get the boters and while you are at it, check how successful they have been.
lol
If you come up with something they haven't tried yet, you stand good chances to make some serious money.
Face it, there is no way to automagically detect boters.
There must be a way. There is always a way, nothing is impossible to set your mind to it. I might just as well try this myself, phail horribly then go cry in my little Emocorner and cut myself.
Trem should have Punkbuster >.<
-
I wish you the best of luck and success (no sarcasm here)
I'd be happy to implement any code you can come up with that will not be circumvented 2hrs after it is released.
-
Flux, check what PB did to get the boters and while you are at it, check how successful they have been.
lol
If you come up with something they haven't tried yet, you stand good chances to make some serious money.
Face it, there is no way to automagically detect boters.
There must be a way. There is always a way, nothing is impossible to set your mind to it. I might just as well try this myself, phail horribly then go cry in my little Emocorner and cut myself.
Trem should have Punkbuster >.<
There is no way you are going to succeed with PB. Do you know how it works? It checks for every currently known cheat. It does so by hashing (or sending to the PB server) the the executable and other fundamental files to check wether you have anything implemented other than the original. Anyone who has unrecognized versions is kicked off. This means no private patches will be available, only mods that have been registered at the server. What else, ah yes, PB does memory scans for known hooks, and Anti-Virus modules may be detected as cheats (unless known). It may also check the drivers for known hacks, currently there are thousands of drivers, for sound cards and video cards, if someone can handle all of them, then please. What allows PB to scan? It's the Windows' unsecure-by-default shit, which allows any program to read and write any parts of the memory. Such a program cannot scan like this on secure-by-default Unix-like operating systems. Anyone without such read privilliges on his system (may be accomplished Windows too with tools or AVs) gets kicked off. So such operating systems cannot use PB style programs. Or if you allow non-Windows users to play, you will just attract cheaters away from Windows. If TremPB will be open source to allow people to compile it into the kernels (LOLZOMGWTF?!), then there will be no security against cheats, oh and n00bzors don't know how to recompile the kernel. Otherwise you may try to force users to load a dynamic kernel module. But on these systems, it is exceptionally possible to produce a layer in which the PB is scanning unreal resources (especially screenshots). Not to mention that it is encouraged to compile from source, which never produces the same output on any system so to say. You will not force anyone to use default-kernel-with-PB, and known only modules and drivers. That's worse than DRM! So in the end, we will at most have a few servers which allow only buggy, Windows stock versions of Tremulous to use, but counteract a bit of cheating. If you somehow succeed with PB, then you are a real professional. Keep dreaming...
-
Im saying it would have been beneficial if we had it, but I do not think we could is insert such a thing at this time into Tremulous.
A script needs to be built to basically ban anyone who has a cvar like n_aim set to 1[or 2] or n_esp set to 1. If they were set to 0 then the client wouldn't be banned. These are the two important Cvars. Now yea theres a problem with it becomming outdated quickly Caveman as you say. So if the script would connect to a http webserver that held a list of Cvars that are "illegal". Sortof the way PB works. It checks from a database of known hacks, instead this "aimbot buster" would connect to a database and look for new Cvars.
It would easily be updated once a new Cvar was discovered.
Very very complicated it seems though, needing to connect through multiple connections. In the end it would be worth it, might see an end to this aimbot bullshit.
I started working out a rough design with pen and paper, still don't have any code yet, no idea where to start.
-
About Cvar checking, Cvar's are just names. You can recode your tremclient to use an existing but non vital Cvar like cg_noTaunt to trigger or control the aimbot.
Since every single information that a client computer sends can be theoretically controlled by the client there is no foolproof solution. Opensource games makes that even easier. There was an interesting thread about using encryption on this forum that would get close to a solution, I am to lazy to search for it now but I am sure if you search you will find it :D
But even that wouldn't fill the last loophole. So even if you make it harder to cheat, you will always be in doubt and not sure if a person may have hacked the cheat detector. So the uncertainty will stay what ever is done.
The only solution I can think off is for the server to collect statistical information about each player, how they move, how they shoot, what is their killquota, how many shots do they miss. For example the instant aim (noncontinuous moves) can be detected (since the aimbot sets the aim on the alien, and doesn't move it there), how well does a shooter track an object etc etc. Only if after a certain observed time it shows that these values are somewhat off of normal (what ever normal mean needs to be defined) automatically a demo is recorded by the server or players with a certain lvl on the server are send a message that there is a suspicious player on to deal with the matter. From an automated kick/ban system i would discourage, a human would have to examine the data before any action is taken. And then what? Since GUID are spoofable, without a global authentication system and with dynamic IP's a lot of work for meager results.
Instead of banning I would propose that once a player is marked as being an aimbotter, that he is rendered using an alternative texture: clowns hat, clowns nose. In short, a redicule mode :D
Another solution may be to for trem developers to create their own binary of a cheat and make it such that
- it is detectable cause it sends a notification to lvl'd players
- contains a trojan :D
and distribute it through the usual cheat channels. In that way players will be unsure about each unreliable download. But that is evil, and don't quote me on that :D
Btw hi fluxflashor, we met yesterday:D
-
The best solution to stopping aimbots is a real white list for servers. Tremulous is free and there is no way to distribute the game and provide a reliable white list of legit players. The issue is bigger than Tremulous or aimbotting in general.
-
Hi Eeeew Spiders, yes we did meet yesterday :P
Unfortunetly without sleep for 32 hours, I couldn't stay for a round.
See its true you can recode it to use a Tremulous Enabled cvar, but for something like Vec_Z you cant use an existing cvar unless you want you aimbot to suck, and you can risk putting the cvar to 33 or -2 without side effects. [Suggested settings for Aliens and Humans]
A sort of white list, probably not. What I thought of was a patch that would set n_aim , and the rest of them to a value on the server that controls nothing, and they are setable by the client. So when an unsuspecting client types in n_[cmd] plus a value, he is booted.
There is also another way, but you would have to recode something that has already been realeased, forgot what Green said it was. There is a command you can use if you have rcon called "dumpuser" It shows stuff that is client side! So find a way to make it detect the aimbot cvars, and we are good to go.
If you have a server try it on yourself.
1. do !listplayers to find client number
2. open console
3. type /rcon [password] dumpuser [client#]
Will give you a bunch of cvars they have set, some being client side.
Well, im gonna be doing a bit more research throughout the day, I like the idea of embedding a trojan in an aimbot... I've got a bunch of trojans in zip files at the moment waiting to be used.
Oh and the thing is if you get banned from a server for aimbotting through a system that catches cheaters, they usually wont come back because they can be caught.
-
See its true you can recode it to use a Tremulous Enabled cvar, but for something like Vec_Z you cant use an existing cvar unless you want you aimbot to suck, and you can risk putting the cvar to 33 or -2 without side effects. [Suggested settings for Aliens and Humans]
ZOMG. Just with a simple search, I've selected a bunch of cvars that can be used as aimbot, there is no risk of anything:
cg_fov, cg_brassTime, cg_noVoiceChats, cg_noVoiceText, cg_oldRail, cg_oldRocket, cg_oldPlasma (also r_inGameVideo, cl_aviFrameRate, cl_aviMotionJpeg, sv_lanForceRate, r_stencilbits, r_drawSun).
A sort of white list, probably not. What I thought of was a patch that would set n_aim , and the rest of them to a value on the server that controls nothing, and they are setable by the client. So when an unsuspecting client types in n_[cmd] plus a value, he is booted.
How are you (the server) going to detect that? Because I (my tremulous executable) will not tell that to the server. If you ask wether I'm aimbotting, I'll answer the obvious: NO.
There is also another way, but you would have to recode something that has already been realeased, forgot what Green said it was. There is a command you can use if you have rcon called "dumpuser" It shows stuff that is client side! So find a way to make it detect the aimbot cvars, and we are good to go.
If you have a server try it on yourself.
1. do !listplayers to find client number
2. open console
3. type /rcon [password] dumpuser [client#]
Will give you a bunch of cvars they have set, some being client side.
Will not give you a bunch of cvars they have set, period. The dumpuser command shows the client's userinfo. The userinfo is some info that the client wants to send. Here's the current list of userinfo marked cvars:]/dumpuser /dev/humancontroller
userinfo
--------
ip localhost
name /dev/humancontroller
cg_wwtoggle 1
rate 4000
snaps 20
model dretchzer
headmodel dretchzer
team_model dretchzer
team_headmodel dretchzer
color1 1337
color2 1337
handicap 1337
teamtask operation teamkillalot
sex bioderm
cl_anonymous sqrt(-1)
cg_predictItems 1
teamoverlay hax
cg_wwFollow 1
cg_scorePlums 1
cg_smoothClients 0As you can see, there are loads of cvars not used, they can also be aimbot-cvars. You can also define your own userinfo cvars./setu MyPMforAdmins "^1 FUCK YOU MOTHERFUCKER ASSHOLE BITCH BAG OF SHIT"
Even with a script that n00bz should download, which tells the server all your cvars, you still won't get anything. Using that is very lame. Use commands like enableAimbot, or hardcoded bindings which don't issue console commands. OR just add a few lines of code, not to send the aimbot cvars...
Well, im gonna be doing a bit more research throughout the day, I like the idea of embedding a trojan in an aimbot... I've got a bunch of trojans in zip files at the moment waiting to be used.
You mean like http://pwned.nl?
Yeah a lot of noobs can be o'vvN3D like that. PROs build from source though.
Oh and the thing is if you get banned from a server for aimbotting through a system that catches cheaters, they usually wont come back because they can be caught.
-
Yeah a lot of noobs can be o'vvN3D like that. PROs build from source though.
Pros use aimbots?
Please kill yourself now.
-
Yeah a lot of noobs can be o'vvN3D like that. PROs build from source though.
Pros use aimbots?
Please kill yourself now.
PROs not as in skilled gamers. You should have known that.
-
sorry about this off topic, but what the hell does cl_anonymous do?
-
sorry about this off topic, but what the hell does cl_anonymous do?
Insofar as I can tell, absolutely nothing at all.
-
We could create a secure Tremulous, with a database holding user accounts, and each time you want to join a server, you need to enter your login and password. To get an account, you need to register when the registrations are open (at each 2 or 3 months). If any user see a cheater, he can just record him and get enough info to block his account till the next registration wave.
Some server shouldn't work this way too.
-
the whitelist has been proposed before...
-
A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.
-
A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.
client is open source though
-
A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.
I don't know shit , i talk utter crap
-
dont talk about me :(
-
<3
-
Here is my radical solution. Ban windows clients. No DLL injection for you.
So we would have a lot fewer people able to connect to the servers and play, oh well.
If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.
-
Here is my radical solution. Ban windows clients. No DLL injection for you.
So we would have a lot fewer people able to connect to the servers and play, oh well.
If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.
... how would you get my OS if I dont want to give that info
or how would you be sure that I gave you the right info about my OS
-
Here is my radical solution. Ban windows clients. No DLL injection for you.
So we would have a lot fewer people able to connect to the servers and play, oh well.
If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.
... how would you get my OS if I dont want to give that info
or how would you be sure that I gave you the right info about my OS
Because each operating system has a unique way of generating certain values in the headers of tcpip packets, and you can't easily work around that. You would have to replace your entire tcpip stack with something that spoofed a legit packet. By trying to connect to my server, I already have packets from you.
-
f u
-
Here is my radical solution. Ban windows clients. No DLL injection for you.
So we would have a lot fewer people able to connect to the servers and play, oh well.
If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.
Why inject a DLL? Trem and funlily are both released open-source. C = C, no matter the platform. Modify funlily a bit and recompile the client. :roll:
-
Here is my radical solution. Ban windows clients. No DLL injection for you.
So we would have a lot fewer people able to connect to the servers and play, oh well.
If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.
Why inject a DLL? Trem and funlily are both released open-source. C = C, no matter the platform. Modify funlily a bit and recompile the client. :roll:
funlily is just ogc modified for trem, it does in fact inject code into tremulous to do its dirty work.
-
Or we can just give the original aimbot creator death threats and take over his site, just like how that one guy who made the proof of concept Mac worm.
-
Or we can just give the original aimbot creator death threats and take over his site, just like how that one guy who made the proof of concept Mac worm.
We could slow down the aimbot distibution by sending a DoS attack to the website it is distributed at. Maybe eat up all the bandwidth.
-
Why would doing DoS attacks on one web site be any more successful than the RIAA's attempts to slow down illicit content distribution? Once the bits are "out there", they can be made available from many sources.
Attacking distribution won't work. Anything that requires client-side detection won't work. Focus on server-side behavior monitoring/detection and client authentication and reputation-building, and you might have a chance.
-
As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.
-
As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.
and if the aimbot writer has that code, it is extremely easy to make his aimbot go undetected by that code.
-
If the aimbots use the information in the drawmodel command that the server sends, would it pe posible to have the server send some superfluous drawmodel commands? Commands that would put the model where a normal player wouldn't see them. Such as in the reactor, in the armory, behind battlesuits, behind walls, etc (There would of course be lots of randomness to the placement to make it harder to code an aimbot against). If it worked it wouldn't prevent aimbots, but it would make it extremely difficult to target well.
What do you think?
-
DoS attack
your dos hacker couldnt hack his way out of a cardboard box
-
If the aimbots use the information in the drawmodel command that the server sends, would it pe posible to have the server send some superfluous drawmodel commands? Commands that would put the model where a normal player wouldn't see them. Such as in the reactor, in the armory, behind battlesuits, behind walls, etc (There would of course be lots of randomness to the placement to make it harder to code an aimbot against). If it worked it wouldn't prevent aimbots, but it would make it extremely difficult to target well.
What do you think?
short answer: no (it's late so i won't type out the long answer, if you really want me to do it bug me in the morning)
-
DoS attack
your dos hacker couldnt hack his way out of a cardboard box
Yes he can
-
As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.
and if the aimbot writer has that code, it is extremely easy to make his aimbot go undetected by that code.
Please be aware that I'm practically ignorant of the inner workings of the client-server relationship. Howver can these calculations be performed by the server? If so then if the aimbot adds enough randomness to it's calculations to avoid detection, would it not be random enough to be worthless?
Edit: I've also noticed dramatic changes in vector when locking onto targets, can't this be exploited? EG vector change rate to time ratio to first hit on enemy
-
Yes he can
No he can't, or he'd be making $250 an hour working for a network security company instead of toying around with cracking a video game or threatening not for profits.
-
Personally, I think your best bet against aimbotters would be a server-provided list of tests that must be passed. The server sends a small script file that checks the appropriate cvars and whatnot (check for odd *.dlls), and parses the reply. This would be fairly hard to spoof because the correct reply could easily depend on the tests the server sent out, which could be changed regularly.
-
Personally, I think your best bet against aimbotters would be a server-provided list of tests that must be passed. The server sends a small script file that checks the appropriate cvars and whatnot (check for odd *.dlls), and parses the reply. This would be fairly hard to spoof because the correct reply could easily depend on the tests the server sent out, which could be changed regularly.
You can't trust anything a client reports to you EVER.
Any solution which relies on information sent by the client is foolish and a complete waste of time.
-
Just make a script that monitors for any "Snap To" movements.
If it finds three suspicious movements or activities, then it reports/kicks you.
-
Just make a script that monitors for any "Snap To" movements.
If it finds three suspicious movements or activities, then it reports/kicks you.
and then the aimbot authors look at the code of your script, and make their aimbot go undetected.
-
and then we will write another script.
and they will not public the next cheat, cause they will get tired of rewriting.
i hope :D
-
Unless of course they like a challenge. If they do, you could end up simply entertaining them.
-
Maybe upon opening this script in their k0der haX creator, they detonatre their hard drive, CPU and RAM.
Thatll teach em.
-
If you know anything about computer security then you know that aimbots are an unsolvable problem. There's no way to verify what software is running on the client's machine. A malicious program can always spoof network packets sent by the real program. You can buy time by obfuscating network traffic, but in the case of an open source game like Tremulous even that method won't stand up for long. And, as already noted elsewhere, a clever hacker can use injection (at least on Windows) to get around that issue entirely.
Punkbuster is not a magic bullet. It's essentially just obfuscated network traffic - if the client doesn't send the right packets then they get booted. Punkbuster can be hacked and defeated just like any other anti-cheating measure, but it has one thing going for it that makes hacking more difficult: full-time staff pumping out constant updates. Tremulous can't ever provide that.
Theoretically, the closest you can get to a cheat-proof system would be client-side certificates. They wouldn't automatically detect cheats, but they could ensure that bans are permanent. Unfortunately, though, client-side certificates would require a setting up a certificate authority and performing background checks, which is way overboard for a video game. :)
-
If you know anything about computer security then you know that aimbots are an unsolvable problem. There's no way to verify what software is running on the client's machine. A malicious program can always spoof network packets sent by the real program. You can buy time by obfuscating network traffic, but in the case of an open source game like Tremulous even that method won't stand up for long. And, as already noted elsewhere, a clever hacker can use injection (at least on Windows) to get around that issue entirely.
Punkbuster is not a magic bullet. It's essentially just obfuscated network traffic - if the client doesn't send the right packets then they get booted. Punkbuster can be hacked and defeated just like any other anti-cheating measure, but it has one thing going for it that makes hacking more difficult: full-time staff pumping out constant updates. Tremulous can't ever provide that.
Theoretically, the closest you can get to a cheat-proof system would be client-side certificates. They wouldn't automatically detect cheats, but they could ensure that bans are permanent. Unfortunately, though, client-side certificates would require a setting up a certificate authority and performing background checks, which is way overboard for a video game. :)
This is my view exactly. Deal with 'em as they come. If you can't administer your own server, don't have one.
-
Maybe i have another idea to the problem with the aimbot.
It seems the aimbot does evrytime a perfect shot into the center of the model, so it should be possible to determe an aimbot by the precision, more than 3 perfect shots and you would know that someone is using an aimbot.
-
Maybe i have another idea to the problem with the aimbot.
It seems the aimbot does evrytime a perfect shot into the center of the model, so it should be possible to determe an aimbot by the precision, more than 3 perfect shots and you would know that someone is using an aimbot.
aimbots only hit perfect shots (actually they don't even do that) because it's convenient to do so, as soon as there is reason not to, they will stop.
-
I think aimbot users should wear funny hats so we can recognize them!
The following solutions have been proposed that would help, but not provide 100% security (with the lower number giving best results):
1. good admining
2. whitelist
3. collecting statistical data
4. global voluntary ban list
every other solutions are only posted because threads haven't been read. And even these solutions have plenty of counter arguments.
-
Man you shoudl have heard it awhile ago...
Someone on a server I was on was convinced another guy was aimbotting. he kept saying how you could program a bot to randomly miss...and walk around as well.
Talk about imagination.
-
current aimbots let the person walk wherever they please...
wft are you saying
-
My point is that this is just getting to the insanity level.
An aimbot that would randomly miss? How about kicking someone for 'triggerbotting' with a dretch? (It has happenned.)
It seems to me, and it is quite clear, that if you go back throughout history, groups, communities, towns, cities, even civilizations always seem to revert to the lowest common denominator.
The aim botters ruin in for everyone yes...I'm not disputing that. But the point is that the hysterical preemptive attacks against the problem will only remove the good players, and not the botters, hence the lowest common denominator will be left. All that will be left is awful players and botters until there is no more 'community' left in this game.
The simple answer is that there is NO way to preemptively fight off hackers even with adding such a thing as punk buster. Administrators just need to police their servers more effectively and vigilantly. If they can't manage their own server, what gives them the right to complain about other servers right?
-
How about kicking someone for 'triggerbotting' with a dretch? (It has happenned.)
Were they actually kicked, or did someone just try to kick them? If they were kicked, please tell me the name of the server so I may avoid it at all costs.
-
SST I believe.
[AC]Eragon Hijoldr (or however you spell it) called the vote. Fuck it was dumb, the guys couldn't even spell anything entirely.
-
when someone is refering to an aimbot missing, it's probably because they have a toggled aimbot. they turn it on and off to avoid suspicion.
-
No, this person actually said that the "aimbot" persay was programmed to miss randomly, but was always on. :roll:
-
Something to note about the GPL.
One of the reasons why aimbots for Trem are so easy to make is the availability of the source code. If the dev's find some code which might help with detecting aimbots there's no reason why they don't have to charge for access to the source code. Please read Selling Free Software (http://www.gnu.org/philosophy/selling.html).
In this way the devs can limit the number of people who have access to the code, whenever a new aimbot is released, they change the source, post the updated binary. The aimbotters potentially need to then buy access to the source to update their bot. I know this will also limit the number of people developing game components, but what do people think. Source access for $1,000 ??
-
the gpl explicitly forbids charging more for the code than you do for the binary.
-
the gpl explicitly forbids charging more for the code than you do for the binary.
U're right, DOH, it was an idea, but my grey cells are still working on the issue. Maybe there's some sort of work around or loophole somewhere.
-
lol Original Poster(fluxflashor) got someone(titan) to spam the forum with a link to his aimbot.
and then titan joined irc just after him flux joined irc.
titan also spammed irc with that link and flux said some crap
(I dont know anything about the spam blabla)
titan disconnected just after him flux disconnected
Aug 16 12:07:59 * osiris2014 (n=chatzill@CPE-139-168-213-230.sa.bigpond.net.au) has joined #tremulous
Aug 16 12:08:20 * osiris2014 is now known as Titan
Aug 16 12:08:40 * Fluxflashor (n=fluxflas@bas12-toronto12-1177554341.dsl.bell.ca) has joined #tremulous
...
Aug 16 13:01:02 * Titan1 is now known as AlphAOmegA
Aug 16 13:03:51 * AlphAOmegA has quit ("ChatZilla 0.9.78.1 [Firefox 2.0.0.6/2007072518]")
Aug 16 13:04:34 * Fluxflashor has quit ("( www.nnscript.de :: NoNameScript 4.02 :: www.XLhost.de )")
Fluxflashor must STFU
( not to mention he calls himself hacker and he DoS tremulous servers with chat spam ( so leet isnt it ) then pretend he did it to show security issues with the server )
-
when someone is refering to an aimbot missing, it's probably because they have a toggled aimbot. they turn it on and off to avoid suspicion.
They try to set the sens very high, so u will not spot , the aimbot aims or the playa, and they move the mouse where the aimbot aims, so after releasing the aim key, the xhair go in the same way, like nothing happened, but in the demo with timescale 0.5 u can see very easly that the xhair stopped perfectly on the human then continued(or on its vertical line), if the player is noob, then the xhair stops on the human, and moves backwards.
Best example is this, cause he makes lot of mistakes at the start, u dont need to w8 10 min for a missed aimpressing:
http://www.flame-clan.eu/members/Puma/Demos_Movies/BigGamer95.dm_69
Just record the noobz when they are tired thats all, they will make a lot of mistakes. The different thing here is that an admin cheats, other ppl will start cheating too, "admin cheats then i cheat too" biggest problem here.
-
In that, you'll also notice him stand still for a little bit occasionally, yet no message is sent. This isn't hard proof that he's aimbotting, but this is a characteristic of aimbotters as they like to stop and change their 'vecs'.
For those who have little idea of what aimbots are like, you can set them to aim ahead of targets, to aim at particular areas of the targets hitboxes and to toggle on/off if need be. If BigGamer95 is using one, he appears to have set it up for headshots and possibly with some prediction (aiming ahead of a dodging target would make the view shake due to predicting the targets complex movements).
It is worrying that an aimbot user could be so subtle such as to go undetected. It is also worrying that people may confuse an aimbot with fast reactions or warped timescale.
-
Fast reactions doesnt stop the crosshair on the human, w8 chomp, then continue it, fast reactions continues, its hard to confuse this little thingy,
maybe if funlily writes a better bot.
As u can see in my last video, when the bs jumps the crosshair "jumps" with, and stay in the middle of the body, aimkey release, then aimkey get pressed again, and the xhair is again perfectly, or near on the middle, depends on vectors, this kill 100 percent proves everything.
Nux u got confused, that ppl dont ask me, they ask my clan to "ask me to stop".
EDIT: and he changed from head to body vector after my first video, this only proves that he is a kid, and thinks, me and u have no brain.
I will edit this and post some demos again, old demos but fun demos.
corrupt shit, dont give anything for this forum.
-
hello I like trem but i cannot compete with so many people using aimbots. I get shot right away no matter how slick I move. My question is: Which is the best aimbot out there and if there is a god mode hack also. Please post the link
-
please dont get rid of the aimbots. This will remove most of the old players, and will consequently kill the game. Just make it easy for everyone else to get hacks. Make it a game where you have to code and use the best hacks
its the only way
-
Are you really saying the best solution is to popularize hacks?
-
@se7ensnakes:
I'm obligated to point out the following to you.
- You necroed: You've posted in a very old thread and this is bad. In future start a new thread unless there's a recent thread with a recent comment in it that you are replying to.
- You then double-posted: You posted a reply when you were already the last person to post and this is doubly bad. Next time edit or delete your recent post before adding any further information you neglected to add on the first try.
Now that we've got that nastiness out of the way we can now fruitfully discuss your idea to promote the use of game-breaking software to fix a game which you say is broken by the very same game-breaking software you wish to promote, essentially turning a game that some people enjoy some of the time into to a game which nobody would enjoy any of the time. Also you should learn how to use Google, your grammar is poor and you smell bad.
That ought to teach you for making me feel old. It's almost been 7 years since I posted in this thread! :'(
-
Anyone else have a practical comment?