The Spread Of Aimbots.

[St. Anger]

Recently, maybe 3-4 days ago on Fragify# (Boom Boom). There was a guy using an aimbot, he even admitted it. He also spammed the site where he got it from every other 5 minutes. Which I remember, incase any programmer thinks he/she knows how to make an anti-patch.
He also said it was a beta, which is similar to other peoples claims about the recent aimbot activity.

We can expect more and more aimbotters coming around so we need to come up with some kind of solution!!

[Odin]

The solution's already been around since March 31 2006.

[Lava Croft]

There is no solution for hackers and there never will be.

[gareth]

the solution is admins.

[TRaK]

Yeah, I just ran into an aimbotter earlier today as well.

Demo here :
http://uploaded.to/?id=khtfnj


edit: I should say that I have absolutely no way of proving that this aimbotter is the real [afix]Jay, and not just some imitator.

edit2 : Jay's reply on this : http://dretchstorm.com/node/1299#comment-5464

[Lava Croft]

the solution is admins.

Admins are only a temporary solution that isn't even always available. You would need admins that spectate the server 24/7. Not even V-Caveman is crazy enough to do that.

[DASPRiD]

We should make the GUIDs hardware based, so re-installing Tremulous would not change it. This way, we would have a greater chance of banning cheaters. We should also implement an online database, which tracks all banned GUIDs. If a GUID is banned from several servers (with different IPs), the GUID gets globally banned.

[Nux]

There is no solution for hackers and there never will be.

Maybe no solution (meaning something that will stop hacking for good) but if anything that's a reason to keep trying to invent new ways of finding and pacifying such hacks. If ever you stop they will corrupt all that we hold dear and everything precious to us. We should never stop fighting! NEVER!

[PFB]

link to my own aimbot:
http://www.aim.com/get_aim/win/other_win.adp

[David]

lol

[[A]]

We should make the GUIDs hardware based, so re-installing Tremulous would not change it. This way, we would have a greater chance of banning cheaters. We should also implement an online database, which tracks all banned GUIDs. If a GUID is banned from several servers (with different IPs), the GUID gets globally banned.

It sounds very interesting, is it really possible ?

[Azrael07]

I think it could be good against "kervins" who know only tremulous official binary release, but if someone can make a wallhack or aimbot patch, He could be easly generate fake guid keys and give fake hardware specification

[d0t]

We should make the GUIDs hardware based, so re-installing Tremulous would not change it. This way, we would have a greater chance of banning cheaters. We should also implement an online database, which tracks all banned GUIDs. If a GUID is banned from several servers (with different IPs), the GUID gets globally banned.

Maybe its too simple for our aimbotters,but my brother ( a.k.a. Critical ), told me witch "hardware component" u could use. It is MAC Address of netwrok card.

Btw. In last week i've hunted 2 Aimbotters, at ATCS Battleground Server, and Swiss Lowping. You can find demos here:

http://www.savefile.com/projects/808497861
Files are in bottom of site...

1st replay
In first 5 minutes of replay I was playing as human. But after i started following UnnamedPlay, bcuz something was wrogn with this guy.
Please pay atention in 12:20 minute of it, u can see how it works.

2nd Replay
Have fun.

3rd Replay
Wait 1 minute, bcuz i was playing at start as alien.

Have fun guys,
d0t.

[Nux]

Yeah, I just ran into an aimbotter earlier today as well.

Demo here :
http://uploaded.to/?id=khtfnj

It seems like everytime I see these aimbotters it's the same story. They become so reliant on the aimbot that you see them shooting/chomping forward (no matter whether there's a teammate there or not) waiting for their bot to direct the attack toward the enemy. How much fun can a person have doing something like that?!?

[d0t]

Another an idea of my brother is to add feature of creating user accounts by Master Server(MS). User who doesnt have or have incorrect qfile(QFILE-Next Generation ) will be registred by MS and given qfile (GENERATED BY MS). When Player joins game, game server gets his qfile-NG and checks in MS qfile-NG database. If it's incorrect Game Server prohibites joining game.

Effects:
- MS has couple information about user (IP, QFile-NG, date of start playing, etc. )
- Users are unique in all Tremulous "wild wild word"
- MS Have little more work to do.  

how do you feel this ?

[DASPRiD]

Hm, something like that sounds nice, indeed. Or we build our own master server, and registration follows an activation with a key, which you receive via postal service... Ok, they would cost us something, but thats really unique then

[Lakitu7]

Maybe its too simple for our aimbotters,but my brother ( a.k.a. Critical ), told me witch "hardware component" u could use. It is MAC Address of netwrok card.

Anyone can change their MAC address to anything they wish at any time: even in windows, and without installing any additional software.

[d0t]

thats why we ( me and my brother ) posted the 2nd idea...

[AKAnotu]

Hm, something like that sounds nice, indeed. Or we build our own master server, and registration follows an activation with a key, which you receive via postal service... Ok, they would cost us something, but thats really unique then

prepared to ship those globally dasprid? lol

[sleekslacker]

I think I gave this global registration idea earlier. It's too much of a hassle and avoidable unless you really tie the key to individual persons ( National ID number )

[kevlarman]

even if you manage to make keys based on hardware in a manner that you can't fake it (which is impossible btw), there's nothing stopping anyone from replacing your complex algorithm to calculate cl_guid with sprintf(newguid, "%x%x%x%x",rand(),rand(),rand(),rand());

[Flower]

The only way would be to make the people pay like 3 or 4$ to get a GUID, located in a database and verified each time you play on a server. If the hacker get ban from every servers, he would need to buy a new one, and after 3 times, I guess many people would understand.

For now, if you can get a new GUID like you want, it's impossible to prevent hackers.

[kevlarman]

The only way would be to make the people pay like 3 or 4$ to get a GUID, located in a database and verified each time you play on a server. If the hacker get ban from every servers, he would need to buy a new one, and after 3 times, I guess many people would understand.

For now, if you can get a new GUID like you want, it's impossible to prevent hackers.

actually you don't need a central database, just digital signatures are enough.

[[Kcorp]Noobius]

!kick / !ban works quite well. lava said that admins are not online 24/7...neither are most players, chances are that if there are good people playing there will be an admin too so let's drop the pay 3$ to play idea please.

[beerbitch]

We should make the GUIDs hardware based, so re-installing Tremulous would not change it. This way, we would have a greater chance of banning cheaters. We should also implement an online database, which tracks all banned GUIDs. If a GUID is banned from several servers (with different IPs), the GUID gets globally banned.

Maybe its too simple for our aimbotters,but my brother ( a.k.a. Critical ), told me witch "hardware component" u could use. It is MAC Address of netwrok card.

Btw. In last week i've hunted 2 Aimbotters, at ATCS Battleground Server, and Swiss Lowping. You can find demos here:

http://www.savefile.com/projects/808497861
Files are in bottom of site...

1st replay
In first 5 minutes of replay I was playing as human. But after i started following UnnamedPlay, bcuz something was wrogn with this guy.
Please pay atention in 12:20 minute of it, u can see how it works.

2nd Replay
Have fun.

3rd Replay
Wait 1 minute, bcuz i was playing at start as alien.

Have fun guys,
d0t.

Right, and mac addy is also spoofable.

[David]

hard-disk or motherboard ID is harder.
work it into a public key system, and were going good.
Of course, being OSS it will get avoided, but it will slow the shit bags down.

[kevlarman]

hard-disk or motherboard ID is harder.
work it into a public key system, and were going good.
Of course, being OSS it will get avoided, but it will slow the shit bags down.

it won't slow them down. the solution is to give out signed qkey's for a small donation ($5 or something), and allow servers the option to only accept guids signed by timbo. (timbo had a similar idea, except with a central server and accounts replacing the digital signatures)

[n00b.pl0x.]

It owns

just trying to figure it out, it sucks with aliens, I cant get it to pull off a headbite, for humans you have to either shoot when ur botting or bot, release, shoot, bot, which sucks.

all in all, its hard to use but it does give a good advantage.

something i want to point out, when i attempted to join SST(all 3 times) with it, i got an error message that tremulous had to shut down.
do they hold the solution?

perhaps their non virginity, i mean, unpurity (sv_pure, duh) is preventing the bot? i dunno, my kodez knowledge r slim.

Evlesoa could figure it out, though!
_________________
Resistance is futile.

Pledge allegiance to the pl0x.

[benmachine]

SST is unpure

[PFB]

hard-disk or motherboard ID is harder.
work it into a public key system, and were going good.
Of course, being OSS it will get avoided, but it will slow the shit bags down.

it won't slow them down. the solution is to give out signed qkey's for a small donation ($5 or something), and allow servers the option to only accept guids signed by timbo. (timbo had a similar idea, except with a central server and accounts replacing the digital signatures)

timbo is wise