Author Topic: My Thoughts on the new Aimbot (Read 59318 times)

Fluxflashor · « **on:** July 22, 2007, 03:32:42 am »

Obviously this is a very big problem, before just set g_minleveltojointeam 1 and setlevel anyone with a GUID to level 1, and we were all good.

Now, GUID's can sue aimh4x too.

This is what I can think of as a solution to getting this mess fixed up.

We need a script that can run client side that connects to the server that will detect if the client is using any cvars associated with the aimbot. So if someone ran n_aim and set it to 1, the client would get auto banned for Aimhax. Also would work with n_esp, n_vecz, n_vecy,n_vecx, n_predict.

If someone could code such a thing, we run into a second problem. Devil and Secunder will simply recode it to make it have different cvars. Maybe d_aim etc.

Someone recodes the mod, then they recode the bot. There must be a piece of code that can be detected that they cannot change without rewriting most of the program.

This is just a thought, maybe someone could code something, im not 100% sure, would get rid of some aimbots hopefully.

[Awaits flames, comments, suggestions, questions, the usual. Probably flames]

n00b pl0x · « **Reply #1 on:** July 22, 2007, 03:47:32 am »

devil and sec cant code :roll:

Eeeew Spiders · « **Reply #2 on:** July 22, 2007, 04:00:06 am »

Client side detection is not possible, will be easy to spoof. You can make it harder, but not impossible. You can substitute that script with another one that simple says "nope, no aimbot setting". But since funlily seems to be a bit lazy, maybe providing more work isn't such a bad idea, though this would also imply more work for the devs here, which can only be decided by themself. In the end, given a comitted aimbot developer, it will just end up in a never ending race until funlily and friends grow up and do something meaningful with their live.

Fluxflashor · « **Reply #3 on:** July 22, 2007, 04:41:11 am »

funlily [aka Secunder and Devil] {yes n00bpl0x they can code. I may have a TS recording, im not 100% sure though, have witnesses for sure},
needs to be slowed down. Its not hard to change cvars, even I can do it. But if there was some sort of advanced script, even changing cvars might screw stuff up.

The aimbot works by injecting a DLL file into your TJW backport, maybe you could make a modification to search for a script that appears in the DLL only and ban that way?

It would be a hard task, the dev's dont have much time, but must make the next trem version more secure for sure, maybe some of the community developers that make mods would be able to come together. Believe me, if I could code something this complicated I would have already begun.

Offtopic: Evlesoa TS soundboard in the making.

Im using flash.

Repentance · « **Reply #4 on:** July 22, 2007, 05:09:20 am »

new aimbot? where?

Oblivion · « **Reply #5 on:** July 22, 2007, 05:37:23 am »

Ahh now flux you searched my computer and made yourself feel good by opening a txt file and crashing my computer. But your right things can be changed.

Just like this screen shot here.

tehOen · « **Reply #6 on:** July 22, 2007, 07:10:50 am »

Quote from: "n00b pl0x"

devil and sec cant code :roll:

secunder can code
he is an bug abuser, he was also trying to hook gl to make a wall hack
(retard lol)

Oblivion · « **Reply #7 on:** July 22, 2007, 07:26:41 am »

And how do you know this?
I have to say you dont know shit about what Secunder does ;p

player1 · « **Reply #8 on:** July 22, 2007, 07:46:21 am »

Quote from: "Oblivion"

And how do you know this?
I have to say you dont know shit about what Secunder does ;p

r u he?
me thinks mebbe so or somehow related/friend/lover/cohort...
:-?

Oblivion · « **Reply #9 on:** July 22, 2007, 07:58:07 am »

I be Devil ;p

player1 · « **Reply #10 on:** July 22, 2007, 08:22:44 am »

GoDz Devil?
be ye he?

Oblivion · « **Reply #11 on:** July 22, 2007, 08:23:56 am »

Yes em.

Fluxflashor · « **Reply #12 on:** July 22, 2007, 08:32:53 am »

Things can be changed, your right Devil.

!showbans -3

!unban 11

GoDz Devil has been unbanned by MW|Fluxflashor

-------

But what you and your brother have done with an aimbot, that cannot be undone. Too many already have downloaded it. Why should I remove your ban? Because you are causing my server grief because your stupid aimbot is in the hands of a bunch of people that are ruining the game for everyone?

How are you going to solve the aimbot problem Devil. Tell me how your going to solve it, and that !unban 11 just might happen. If things can be undone prove it.

Oblivion · « **Reply #13 on:** July 22, 2007, 08:40:18 am »

ahhh well I cant stop anything, your the one who accused us of creating it which we did not, your right we can code, don't mean we created the aimbot.
Secunder has been accused in the pass but oh well thats the pass this is the present, we reformatted my other computer due to a Trojan. So I don't have shit cause you searched my computer, but my other you have not yet but its all new shit on there and I don't plan putting any kind of aimbot on there.

player1 · « **Reply #14 on:** July 22, 2007, 08:47:25 am »

well heck it's in the turret code, eh?
something in the game can automatically track aliens and shoot at them
not too hard to figure that much out
hey devil you and secunder should start a clan
t3h R3h4b clan 4 former haxx0rz
flux could prolly join
I'm sure most server owners/ops have at least tried the bot
purely for research of course

Fluxflashor · « **Reply #15 on:** July 22, 2007, 09:32:09 am »

Quote from: "player1"

well heck it's in the turret code, eh?
something in the game can automatically track aliens and shoot at them
not too hard to figure that much out
hey devil you and secunder should start a clan
t3h R3h4b clan 4 former haxx0rz
flux could prolly join
I'm sure most server owners/ops have at least tried the bot
purely for research of course

Meh SST had a flaw in their FTP, when admin.dat was deleted, it spawned the .dat for the SST server. Anyone could do it, just go get a server hosted at SST.

Even if I could join, I wouldn't. I harmed A server. They harmed them all. I will proove you guys are funlily just wait.

As mentioned in another thread, anyone who can access forum IP's check the IP of funlily please and compare it with that of Devil, Secunder, and Oblivion.

Caveman · « **Reply #16 on:** July 22, 2007, 05:20:42 pm »

Flux, check what PB did to get the boters and while you are at it, check how successful they have been.
lol

If you come up with something they haven't tried yet, you stand good chances to make some serious money.

Face it, there is no way to automagically detect boters.

NiTRoX · « **Reply #17 on:** July 22, 2007, 05:21:14 pm »

Quote from: "Fluxflashor"

Quote from: "player1"
well heck it's in the turret code, eh?
something in the game can automatically track aliens and shoot at them
not too hard to figure that much out
hey devil you and secunder should start a clan
t3h R3h4b clan 4 former haxx0rz
flux could prolly join
I'm sure most server owners/ops have at least tried the bot
purely for research of course

Meh SST had a flaw in their FTP, when admin.dat was deleted, it spawned the .dat for the SST server. Anyone could do it, just go get a server hosted at SST.

Even if I could join, I wouldn't. I harmed A server. They harmed them all. I will proove you guys are funlily just wait.

As mentioned in another thread, anyone who can access forum IP's check the IP of funlily please and compare it with that of Devil, Secunder, and Oblivion.

I have proof, its in my pants.

Fluxflashor · « **Reply #18 on:** July 22, 2007, 09:53:31 pm »

Quote from: "Caveman"

Flux, check what PB did to get the boters and while you are at it, check how successful they have been.
lol

If you come up with something they haven't tried yet, you stand good chances to make some serious money.

Face it, there is no way to automagically detect boters.

There must be a way. There is always a way, nothing is impossible to set your mind to it. I might just as well try this myself, phail horribly then go cry in my little Emocorner and cut myself.

Trem should have Punkbuster >.<

Caveman · « **Reply #19 on:** July 22, 2007, 11:51:24 pm »

I wish you the best of luck and success (no sarcasm here)

I'd be happy to implement any code you can come up with that will not be circumvented 2hrs after it is released.

/dev/humancontroller · « **Reply #20 on:** July 22, 2007, 11:55:23 pm »

Quote from: "Fluxflashor"

Quote from: "Caveman"
Flux, check what PB did to get the boters and while you are at it, check how successful they have been.
lol

If you come up with something they haven't tried yet, you stand good chances to make some serious money.

Face it, there is no way to automagically detect boters.

There must be a way. There is always a way, nothing is impossible to set your mind to it. I might just as well try this myself, phail horribly then go cry in my little Emocorner and cut myself.

Trem should have Punkbuster >.<

There is no way you are going to succeed with PB. Do you know how it works? It checks for every currently known cheat. It does so by hashing (or sending to the PB server) the the executable and other fundamental files to check wether you have anything implemented other than the original. Anyone who has unrecognized versions is kicked off. This means no private patches will be available, only mods that have been registered at the server. What else, ah yes, PB does memory scans for known hooks, and Anti-Virus modules may be detected as cheats (unless known). It may also check the drivers for known hacks, currently there are thousands of drivers, for sound cards and video cards, if someone can handle all of them, then please. What allows PB to scan? It's the Windows' unsecure-by-default shit, which allows any program to read and write any parts of the memory. Such a program cannot scan like this on secure-by-default Unix-like operating systems. Anyone without such read privilliges on his system (may be accomplished Windows too with tools or AVs) gets kicked off. So such operating systems cannot use PB style programs. Or if you allow non-Windows users to play, you will just attract cheaters away from Windows. If TremPB will be open source to allow people to compile it into the kernels (LOLZOMGWTF?!), then there will be no security against cheats, oh and n00bzors don't know how to recompile the kernel. Otherwise you may try to force users to load a dynamic kernel module. But on these systems, it is exceptionally possible to produce a layer in which the PB is scanning unreal resources (especially screenshots). Not to mention that it is encouraged to compile from source, which never produces the same output on any system so to say. You will not force anyone to use default-kernel-with-PB, and known only modules and drivers. That's worse than DRM! So in the end, we will at most have a few servers which allow only buggy, Windows stock versions of Tremulous to use, but counteract a bit of cheating. If you somehow succeed with PB, then you are a real professional. Keep dreaming...

Fluxflashor · « **Reply #21 on:** July 23, 2007, 12:05:16 am »

Im saying it would have been beneficial if we had it, but I do not think we could is insert such a thing at this time into Tremulous.

A script needs to be built to basically ban anyone who has a cvar like n_aim set to 1[or 2] or n_esp set to 1. If they were set to 0 then the client wouldn't be banned. These are the two important Cvars. Now yea theres a problem with it becomming outdated quickly Caveman as you say. So if the script would connect to a http webserver that held a list of Cvars that are "illegal". Sortof the way PB works. It checks from a database of known hacks, instead this "aimbot buster" would connect to a database and look for new Cvars.

It would easily be updated once a new Cvar was discovered.

Very very complicated it seems though, needing to connect through multiple connections. In the end it would be worth it, might see an end to this aimbot bullshit.

I started working out a rough design with pen and paper, still don't have any code yet, no idea where to start.

Eeeew Spiders · « **Reply #22 on:** July 23, 2007, 11:14:08 am »

About Cvar checking, Cvar's are just names. You can recode your tremclient to use an existing but non vital Cvar like cg_noTaunt to trigger or control the aimbot.

Since every single information that a client computer sends can be theoretically controlled by the client there is no foolproof solution. Opensource games makes that even easier. There was an interesting thread about using encryption on this forum that would get close to a solution, I am to lazy to search for it now but I am sure if you search you will find it

But even that wouldn't fill the last loophole. So even if you make it harder to cheat, you will always be in doubt and not sure if a person may have hacked the cheat detector. So the uncertainty will stay what ever is done.

The only solution I can think off is for the server to collect statistical information about each player, how they move, how they shoot, what is their killquota, how many shots do they miss. For example the instant aim (noncontinuous moves) can be detected (since the aimbot sets the aim on the alien, and doesn't move it there), how well does a shooter track an object etc etc. Only if after a certain observed time it shows that these values are somewhat off of normal (what ever normal mean needs to be defined) automatically a demo is recorded by the server or players with a certain lvl on the server are send a message that there is a suspicious player on to deal with the matter. From an automated kick/ban system i would discourage, a human would have to examine the data before any action is taken. And then what? Since GUID are spoofable, without a global authentication system and with dynamic IP's a lot of work for meager results.
Instead of banning I would propose that once a player is marked as being an aimbotter, that he is rendered using an alternative texture: clowns hat, clowns nose. In short, a redicule mode

Another solution may be to for trem developers to create their own binary of a cheat and make it such that
- it is detectable cause it sends a notification to lvl'd players
- contains a trojan

and distribute it through the usual cheat channels. In that way players will be unsure about each unreliable download. But that is evil, and don't quote me on that

Btw hi fluxflashor, we met yesterday:D

temple · « **Reply #23 on:** July 23, 2007, 11:32:36 am »

The best solution to stopping aimbots is a real white list for servers. Tremulous is free and there is no way to distribute the game and provide a reliable white list of legit players. The issue is bigger than Tremulous or aimbotting in general.

Fluxflashor · « **Reply #24 on:** July 23, 2007, 12:22:16 pm »

Hi Eeeew Spiders, yes we did meet yesterday

Unfortunetly without sleep for 32 hours, I couldn't stay for a round.

See its true you can recode it to use a Tremulous Enabled cvar, but for something like Vec_Z you cant use an existing cvar unless you want you aimbot to suck, and you can risk putting the cvar to 33 or -2 without side effects. [Suggested settings for Aliens and Humans]

A sort of white list, probably not. What I thought of was a patch that would set n_aim , and the rest of them to a value on the server that controls nothing, and they are setable by the client. So when an unsuspecting client types in n_[cmd] plus a value, he is booted.

There is also another way, but you would have to recode something that has already been realeased, forgot what Green said it was. There is a command you can use if you have rcon called "dumpuser" It shows stuff that is client side! So find a way to make it detect the aimbot cvars, and we are good to go.

If you have a server try it on yourself.

1. do !listplayers to find client number
2. open console
3. type /rcon [password] dumpuser [client#]

Will give you a bunch of cvars they have set, some being client side.

Well, im gonna be doing a bit more research throughout the day, I like the idea of embedding a trojan in an aimbot... I've got a bunch of trojans in zip files at the moment waiting to be used.

Oh and the thing is if you get banned from a server for aimbotting through a system that catches cheaters, they usually wont come back because they can be caught.

/dev/humancontroller · « **Reply #25 on:** July 23, 2007, 07:28:52 pm »

Quote from: "Fluxflashor"

See its true you can recode it to use a Tremulous Enabled cvar, but for something like Vec_Z you cant use an existing cvar unless you want you aimbot to suck, and you can risk putting the cvar to 33 or -2 without side effects. [Suggested settings for Aliens and Humans]

ZOMG. Just with a simple search, I've selected a bunch of cvars that can be used as aimbot, there is no risk of anything:
cg_fov, cg_brassTime, cg_noVoiceChats, cg_noVoiceText, cg_oldRail, cg_oldRocket, cg_oldPlasma (also r_inGameVideo, cl_aviFrameRate, cl_aviMotionJpeg, sv_lanForceRate, r_stencilbits, r_drawSun).

Quote from: "Fluxflashor"

A sort of white list, probably not. What I thought of was a patch that would set n_aim , and the rest of them to a value on the server that controls nothing, and they are setable by the client. So when an unsuspecting client types in n_[cmd] plus a value, he is booted.

How are you (the server) going to detect that? Because I (my tremulous executable) will not tell that to the server. If you ask wether I'm aimbotting, I'll answer the obvious: NO.

Quote from: "Fluxflashor"

There is also another way, but you would have to recode something that has already been realeased, forgot what Green said it was. There is a command you can use if you have rcon called "dumpuser" It shows stuff that is client side! So find a way to make it detect the aimbot cvars, and we are good to go.

If you have a server try it on yourself.

1. do !listplayers to find client number
2. open console
3. type /rcon [password] dumpuser [client#]

Will give you a bunch of cvars they have set, some being client side.

Will not give you a bunch of cvars they have set, period. The dumpuser command shows the client's userinfo. The userinfo is some info that the client wants to send. Here's the current list of userinfo marked cvars:

Code: [Select]

]/dumpuser /dev/humancontroller
userinfo
--------
ip                  localhost
name                /dev/humancontroller
cg_wwtoggle         1
rate                4000
snaps               20
model               dretchzer
headmodel           dretchzer
team_model          dretchzer
team_headmodel      dretchzer
color1              1337
color2              1337
handicap            1337
teamtask            operation teamkillalot
sex                 bioderm
cl_anonymous        sqrt(-1)
cg_predictItems     1
teamoverlay         hax
cg_wwFollow         1
cg_scorePlums       1
cg_smoothClients    0

As you can see, there are loads of cvars not used, they can also be aimbot-cvars. You can also define your own userinfo cvars.

Code: [Select]

/setu MyPMforAdmins "^1 FUCK YOU MOTHERFUCKER ASSHOLE BITCH BAG OF SHIT"
Even with a script that n00bz should download, which tells the server all your cvars, you still won't get anything. Using that is very lame. Use commands like enableAimbot, or hardcoded bindings which don't issue console commands. OR just add a few lines of code, not to send the aimbot cvars...

Quote from: "Fluxflashor"

Well, im gonna be doing a bit more research throughout the day, I like the idea of embedding a trojan in an aimbot... I've got a bunch of trojans in zip files at the moment waiting to be used.

You mean like http://pwned.nl?
Yeah a lot of noobs can be o'vvN3D like that. PROs build from source though.

Quote from: "Fluxflashor"

Oh and the thing is if you get banned from a server for aimbotting through a system that catches cheaters, they usually wont come back because they can be caught.

Odin · « **Reply #26 on:** July 23, 2007, 07:50:25 pm »

Quote from: "/dev/humancontroller"

Yeah a lot of noobs can be o'vvN3D like that. PROs build from source though.

Pros use aimbots?
Please kill yourself now.

/dev/humancontroller · « **Reply #27 on:** July 23, 2007, 08:03:40 pm »

Quote from: "Odin"

Quote from: "/dev/humancontroller"
Yeah a lot of noobs can be o'vvN3D like that. PROs build from source though.
Pros use aimbots?
Please kill yourself now.

PROs not as in skilled gamers. You should have known that.

Paradox · « **Reply #28 on:** July 23, 2007, 10:26:49 pm »

sorry about this off topic, but what the hell does cl_anonymous do?

benmachine · « **Reply #29 on:** July 23, 2007, 11:01:29 pm »

Quote from: "Paradox"

sorry about this off topic, but what the hell does cl_anonymous do?

Insofar as I can tell, absolutely nothing at all.

News:

Author Topic: My Thoughts on the new Aimbot (Read 59318 times)

Fluxflashor

Fluxflashor

tehOen

Fluxflashor

Fluxflashor

Caveman

Fluxflashor

Caveman

Fluxflashor

Fluxflashor