Author Topic: My Thoughts on the new Aimbot (Read 59238 times)

Flower · « **Reply #30 on:** July 24, 2007, 12:17:09 am »

We could create a secure Tremulous, with a database holding user accounts, and each time you want to join a server, you need to enter your login and password. To get an account, you need to register when the registrations are open (at each 2 or 3 months). If any user see a cheater, he can just record him and get enough info to block his account till the next registration wave.

Some server shouldn't work this way too.

player1 · « **Reply #31 on:** July 24, 2007, 12:26:27 am »

the whitelist has been proposed before...

TinMan · « **Reply #32 on:** July 24, 2007, 12:41:36 am »

A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.

tehOen · « **Reply #33 on:** July 24, 2007, 12:47:07 am »

Quote from: "TinMan"

A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.

client is open source though

NiTRoX · « **Reply #34 on:** July 24, 2007, 08:21:28 am »

Quote from: "tehOen"

Quote from: "TinMan"
A community that did this with the Quake 2 engine is dpball http://digitalpaint.planetquake.gamespy.com/news.php
That game isn't fully open source though and is run by one person, not a great idea.

I don't know shit , i talk utter crap

tehOen · « **Reply #35 on:** July 24, 2007, 02:07:01 pm »

Quote from: "NiTRoX"

dont talk about me

NiTRoX · « **Reply #36 on:** July 24, 2007, 02:34:26 pm »

Quote from: "tehOen"

Quote from: "NiTRoX"
<3

beerbitch · « **Reply #37 on:** July 24, 2007, 05:20:53 pm »

Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.

tehOen · « **Reply #38 on:** July 24, 2007, 05:51:05 pm »

Quote from: "beerbitch"

Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.

... how would you get my OS if I dont want to give that info
or how would you be sure that I gave you the right info about my OS

beerbitch · « **Reply #39 on:** July 24, 2007, 05:55:55 pm »

Quote from: "tehOen"

Quote from: "beerbitch"
Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.

... how would you get my OS if I dont want to give that info
or how would you be sure that I gave you the right info about my OS

Because each operating system has a unique way of generating certain values in the headers of tcpip packets, and you can't easily work around that. You would have to replace your entire tcpip stack with something that spoofed a legit packet. By trying to connect to my server, I already have packets from you.

n00b pl0x · « **Reply #40 on:** July 25, 2007, 12:48:05 am »

Patriotpie · « **Reply #41 on:** July 25, 2007, 04:28:00 am »

Quote from: "beerbitch"

Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.

Why inject a DLL? Trem and funlily are both released open-source. C = C, no matter the platform. Modify funlily a bit and recompile the client. :roll:

kevlarman · « **Reply #42 on:** July 25, 2007, 05:07:28 am »

Quote from: "Patriotpie"

Quote from: "beerbitch"
Here is my radical solution. Ban windows clients. No DLL injection for you.

So we would have a lot fewer people able to connect to the servers and play, oh well.

If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its tcp timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.

Why inject a DLL? Trem and funlily are both released open-source. C = C, no matter the platform. Modify funlily a bit and recompile the client. :roll:

funlily is just ogc modified for trem, it does in fact inject code into tremulous to do its dirty work.

Odin · « **Reply #43 on:** July 25, 2007, 08:26:37 am »

Or we can just give the original aimbot creator death threats and take over his site, just like how that one guy who made the proof of concept Mac worm.

Fluxflashor · « **Reply #44 on:** July 27, 2007, 08:09:12 pm »

Quote from: "Odin"

Or we can just give the original aimbot creator death threats and take over his site, just like how that one guy who made the proof of concept Mac worm.

We could slow down the aimbot distibution by sending a DoS attack to the website it is distributed at. Maybe eat up all the bandwidth.

Foobicam · « **Reply #45 on:** July 27, 2007, 08:43:15 pm »

Why would doing DoS attacks on one web site be any more successful than the RIAA's attempts to slow down illicit content distribution? Once the bits are "out there", they can be made available from many sources.

Attacking distribution won't work. Anything that requires client-side detection won't work. Focus on server-side behavior monitoring/detection and client authentication and reputation-building, and you might have a chance.

FisherP · « **Reply #46 on:** August 03, 2007, 03:51:32 am »

As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.

kevlarman · « **Reply #47 on:** August 03, 2007, 04:48:12 am »

Quote from: "FisherP"

As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.

and if the aimbot writer has that code, it is extremely easy to make his aimbot go undetected by that code.

Vector_Matt · « **Reply #48 on:** August 04, 2007, 03:01:02 pm »

If the aimbots use the information in the drawmodel command that the server sends, would it pe posible to have the server send some superfluous drawmodel commands? Commands that would put the model where a normal player wouldn't see them. Such as in the reactor, in the armory, behind battlesuits, behind walls, etc (There would of course be lots of randomness to the placement to make it harder to code an aimbot against). If it worked it wouldn't prevent aimbots, but it would make it extremely difficult to target well.

What do you think?

n00b pl0x · « **Reply #49 on:** August 04, 2007, 08:08:28 pm »

Quote from: "Fluxflashor"

DoS attack

your dos hacker couldnt hack his way out of a cardboard box

kevlarman · « **Reply #50 on:** August 05, 2007, 05:25:29 am »

Quote from: "Vector_Matt"

If the aimbots use the information in the drawmodel command that the server sends, would it pe posible to have the server send some superfluous drawmodel commands? Commands that would put the model where a normal player wouldn't see them. Such as in the reactor, in the armory, behind battlesuits, behind walls, etc (There would of course be lots of randomness to the placement to make it harder to code an aimbot against). If it worked it wouldn't prevent aimbots, but it would make it extremely difficult to target well.

What do you think?

short answer: no (it's late so i won't type out the long answer, if you really want me to do it bug me in the morning)

Fluxflashor · « **Reply #51 on:** August 05, 2007, 07:29:27 am »

Quote from: "n00b pl0x"

Quote from: "Fluxflashor"
DoS attack

your dos hacker couldnt hack his way out of a cardboard box

Yes he can

FisherP · « **Reply #52 on:** August 17, 2007, 01:24:30 am »

Quote from: "kevlarman"

Quote from: "FisherP"
As has previously been mentioned in another thread I think the only way to really do aimbotters a justice is to perform a statistical analysis on the aim, and fire of the weapon. My understanding is that a person on a mouse will have a certain amount of 'jitter' in the aim. An aimbot will have much less. If there is a threshold on this that can be determined then maybe the analysis could be successful.
and if the aimbot writer has that code, it is extremely easy to make his aimbot go undetected by that code.

Please be aware that I'm practically ignorant of the inner workings of the client-server relationship. Howver can these calculations be performed by the server? If so then if the aimbot adds enough randomness to it's calculations to avoid detection, would it not be random enough to be worthless?

Edit: I've also noticed dramatic changes in vector when locking onto targets, can't this be exploited? EG vector change rate to time ratio to first hit on enemy

tuple · « **Reply #53 on:** August 17, 2007, 01:35:56 am »

Quote from: "Fluxflashor"

Yes he can

No he can't, or he'd be making $250 an hour working for a network security company instead of toying around with cracking a video game or threatening not for profits.

cephas · « **Reply #54 on:** August 17, 2007, 05:41:40 pm »

Personally, I think your best bet against aimbotters would be a server-provided list of tests that must be passed. The server sends a small script file that checks the appropriate cvars and whatnot (check for odd *.dlls), and parses the reply. This would be fairly hard to spoof because the correct reply could easily depend on the tests the server sent out, which could be changed regularly.

Neckhole · « **Reply #55 on:** August 17, 2007, 05:44:03 pm »

Quote from: "cephas"

Personally, I think your best bet against aimbotters would be a server-provided list of tests that must be passed. The server sends a small script file that checks the appropriate cvars and whatnot (check for odd *.dlls), and parses the reply. This would be fairly hard to spoof because the correct reply could easily depend on the tests the server sent out, which could be changed regularly.

You can't trust anything a client reports to you EVER.

Any solution which relies on information sent by the client is foolish and a complete waste of time.

ShadowNinjaDudeMan · « **Reply #56 on:** August 17, 2007, 06:01:26 pm »

Just make a script that monitors for any "Snap To" movements.

If it finds three suspicious movements or activities, then it reports/kicks you.

kevlarman · « **Reply #57 on:** August 17, 2007, 07:16:59 pm »

Quote from: "ShadowNinjaDudeMan"

Just make a script that monitors for any "Snap To" movements.

If it finds three suspicious movements or activities, then it reports/kicks you.

and then the aimbot authors look at the code of your script, and make their aimbot go undetected.

Puma · « **Reply #58 on:** August 17, 2007, 07:58:01 pm »

and then we will write another script.
and they will not public the next cheat, cause they will get tired of rewriting.
i hope

Nux · « **Reply #59 on:** August 17, 2007, 08:02:41 pm »

Unless of course they like a challenge. If they do, you could end up simply entertaining them.

News:

Author Topic: My Thoughts on the new Aimbot (Read 59238 times)

tehOen

tehOen

tehOen

Fluxflashor

Fluxflashor