Radical Aimbot Solution

[KusaKari]

*real code*.

I know this is my concern lol.  I am new to c.  First time ever looking at it.  I do have about a years experience in both java and c++ though so I can still find my way around

Like I said, this is not a long term solution.  My ideas are short term based but they also aren't that complicated.  
funlily can modify to avoid this, but he would need the code to do it effectively.  Otherwise hes just guessing and checking.  Also if they randomize their hitpoint they aim to they can only randomize it so much.  There would have to still be a visible pattern.  To get outside of that would take so much coding and guess and checking that if hes willing and capable of going that far its pointless to try to stop him at all.  I doubt he will produce anything to get pass these checks in the near future.  He will eventually but he wont right off the bat.  It would just be way to much hassle.

Here is my question,  If I start coding this and do what I can will some of you with more experience step up and help me.  I know I have to have the base done before anyone will consider it.  No point waisting your time in something that doesn't seem effecient or plausable.  So I will start what I can and then ask for help and hopefully someone can help.

[player1]

hi im a lamer (a.k.a. mac user) so im going to post here on this thread because someone mentioned macs

someones jealous :roll:

[Patriotpie]

@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does.  Yes he made an aimbot, yes he made a tjw aimbot.  But look at the gap it took him forever to get the GUID acceptable version out.

funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.

[KusaKari]

@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does.  Yes he made an aimbot, yes he made a tjw aimbot.  But look at the gap it took him forever to get the GUID acceptable version out.

funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.

oh sorry didn't care to read to much into who or how they released it.  All I know is the GUID compatible source was not released.  I am thinking about getting a code extractor but its hard to find a good free one that doesn't come with viruses and spyware.

[kevlarman]

@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does.  Yes he made an aimbot, yes he made a tjw aimbot.  But look at the gap it took him forever to get the GUID acceptable version out.

funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.

and both versions are violations of the gpl as far as i can tell (the one without the code is a blatant one, but the one with the code has conditions added to the license, which he can't do without express permission from the copyright holder)

[KusaKari]

@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does.  Yes he made an aimbot, yes he made a tjw aimbot.  But look at the gap it took him forever to get the GUID acceptable version out.

funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.

and both versions are violations of the gpl as far as i can tell (the one without the code is a blatant one, but the one with the code has conditions added to the license, which he can't do without express permission from the copyright holder)

Lets sue them

[player1]

now that is a radical aimbot solution

[KusaKari]

:evil:   hhehehehe  Actually we could demand the source is released or we could get them in trouble for violation of copyright or w/e it is.  Then with his source I don't imagine a patch would be hard to make since we could just use his patterns.

[player1]

precedent?

litigation?

[Patriotpie]

@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does.  Yes he made an aimbot, yes he made a tjw aimbot.  But look at the gap it took him forever to get the GUID acceptable version out.

funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.

and both versions are violations of the gpl as far as i can tell (the one without the code is a blatant one, but the one with the code has conditions added to the license, which he can't do without express permission from the copyright holder)

I'm not entirely sure he cares

Lets sue them

Good luck with that xP

[/dev/humancontroller]

what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.

It's easy to make it so that the aimbot doesn't do 180deg turns, and turn at a limited speed.

What about if we just fill every map with randomly moving *ghost* players, that no one can see. I really don't know if it would work, it's just an idea that I think would make using aimbot a lot harder, atleast with long range weapons, if it would snap into those ghost players.

That's a stupid idea. Aimbots work internally parallel to the executable code so to say. What makes your executable draw a dretch somewhere on the map? Well, the server tells you, that there's a dretch there! Examples of information given: location(XYZ)+speed(XYZ), model(dretch), team(aliens). This would draw a transitioning dretch. If the server wanted to draw a ghost model, it would send a model of type "wtfUnknownModel?!". This would output an error on unpatched clients and nothing on patched ones. However aimbots are smart enough to do this: if team is target team, and model is alien type, and team is alien, aim at the location...
+If aimbots worked with image processing, then they would suck, but not notice the ghosts.

Actually, what we need is a global BAN list maintained by server admins who sign up for it. When we do catch a real hacker we can put them on this list. The server would read the file from a remote server and use it AND its own ban list to ban these players. We could have it use a combination of subnet/ip guid and nickname.

Not a Very Good solution.
Maybe a global website for registering you GUID with your name etc..
Once 1 is spotted we can report to moderators of the site  and they can check they ban the GUID. Yes aimbotter will get another GUID but thats life..

I'll put some of you on the list for fun. Someone joining my server would get server-controlled, and will be doing aimbot and decon stuff. Whoops, you're banned!

Something i posted a while ago.

The main idea was that this forums user database could be used as the master server. Authentification is easily done by adding some php scripts on this forums server and using simple http requests from either the tremulous client and tremulous servers.
Features:
- It proposes forum user group concepts to be used for player management on tremulous server
- Checking up on IP and management of players can be done at one place, on this site by this site's admins, or alternatively a special user group can be created here for that job
- The ideas go a bit further than just sharing ban lists, but it includes sharing ban lists.
- Names as registered on this forum are globally protected on servers that use this forum as their master server
- How the servers make use of the authentication system and banning system is highly flexible and can be easily customized

One more time I tell you: this game is open source. If you (the server) ask me (my client executable) about my serials, I will just tell you a random value.

Punkbuster (god forbid) takes a regular SS of exactly what the player is seeing on their screen, but punkbuster is a clientside mod as well as serverside... it also lags server like crazy. I'm not by any means saying we should use PB, but if there was a way that this particular feature could be implemented, it could be an rcon command to take a screenie of a client's screen.

As for adding a regular n_command check to the standard repertoire of sv_pure command checks... shouldn't be that hard.
Current funlily leechers won't be expecting this (if it's implemented) so of course while it won't be as effective in the long-term, we can at least slow cheating down for now.

With a hacked GL driver, it's possible to render a WH-screenshot to the screen, and return a normal screenshot to the PB. Same thing with the executable. I have a pure server hack. I execute my own DLL.

For those of you who probably haven't played on our server (The Potato Patch), you're not aware that we have a "bot' that sits and watches the console and does a number of commands.  Wonko, who coded this bot, says it'd be relatively simple to add this query (and other functionality of a master ban list) to the bot.    If it helped, we could work to help distribute a copy of the bot designed to interact with the master ban list.

What does it DO?

I am currently attempting to make this n_command check but I have no experience in c or in trem source itself so I am having difficulties.  If trem was made in c++ this would be a lot easier for me.  While c is similar the syntax difference and the overall complexitiy of trem is hard for me.

The server can obviously see movements every client makes, or clients wouldn't be able to play with each other.  funlily's aimbot aims at the same spot in the hitbox for each model.  At first I thought anyone who hits that exact point 3 time in 1 second is obviosly using it.  But you can use his cvars to change the predictions and xy locations of where it points.  This would make it to much to check and deffinately lag the server.  Now what if instead we checked if someone hit the same x,y point relative to a hitbox 3 times or more in 1 second.  After moving of course.  No human player no matter how good their mouse is can follow a point on a hitbox exactly.  Does this make sense yet?  Lets imagine a square.  thats the hit box.  If someone aims at 10 x and 14 y inside the hitbox.  the hitbox moves the person follows and lands back exactly on 10x 14y again.  These points will have to be relative to the hitbox of course because otherwise the points would read different as the hitbox moved.  There is no way a human player could follow a hitbox further than 10 pixels and land back in the same x,y position.  So if the server saw someone hit the same point relative to a hitbox 3 times in a row in a small period of time.  When the hitbox has shifted 20+ x,y locations.  Its obvious its code doing the aiming not a human hand.  Checking for the hitbox shift also would prevent false positives of a person leaving their mouse unmoving.  Also the short timing would prevent that someone accidently falls in place of the same relative hitbox point 3 times in a match.  It would have to be in a small period of time.

Yes I see you don't have much Quake 3 or Tremulous source code experience. The server keeps sending the snapshots (data about wtf is going down on the server). Those arrive after some time (ping/2) at the client. Then the aimbot analyzes the snapshot and aims at a target. The movement is sent to the server. That arrives at the server after time (ping/2). During that total time of ping, the other client might have changed direction. The client only send movement, not that "hey i've hit him in this point!". This means that the more the ping, the less efective and less accurate the aimbot is. Even if a targes is moving with the same speed in one direction, the aimbot tends to hit locations around the exact target point, because of data truncation (i aim at 294.512/360.0 & 5.49546/360.0, uhm thats approx  53614/65536 & 1000/65536)

--------------------------------------

Administartion works just fine. For aimbots, It will take a short time to spectate and do !kick. For deconndes, !layout reverse 30sec (and !kick).

As for the DLL injection stuff, I was thinking of releasing my aimbot, so even GNU/Linux users can use it (even noobmac)! Tremulous would be SO FUCKED UP.

Ban Windows by UDP header style? What operating systems send the WHOLE packet to executables (so that they may analyze the style)?

Phew!

[temple]

what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.

It's easy to make it so that the aimbot doesn't do 180deg turns, and turn at a limited speed.

You know, that would be pretty good.  It would make aimbot not as effective, thus well not a as big as an advantage.

Like I always say, if people aren't using an aimbot to its potential, it defeats the purpose of the aimbot.

[Patriotpie]

what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.

It's easy to make it so that the aimbot doesn't do 180deg turns, and turn at a limited speed.

You know, that would be pretty good.  It would make aimbot not as effective, thus well not a as big as an advantage.

Like I always say, if people aren't using an aimbot to its potential, it defeats the purpose of the aimbot.

+1

[Eeeew Spiders]

Something i posted a while ago.

The main idea was that this forums user database could be used as the master server. Authentification is easily done by adding some php scripts on this forums server and using simple http requests from either the tremulous client and tremulous servers.
Features:
- It proposes forum user group concepts to be used for player management on tremulous server
- Checking up on IP and management of players can be done at one place, on this site by this site's admins, or alternatively a special user group can be created here for that job
- The ideas go a bit further than just sharing ban lists, but it includes sharing ban lists.
- Names as registered on this forum are globally protected on servers that use this forum as their master server
- How the servers make use of the authentication system and banning system is highly flexible and can be easily customized

One more time I tell you: this game is open source. If you (the server) ask me (my client executable) about my serials, I will just tell you a random value.

You didn't understand. The idea is that your clients needs to authenticate GUID/UserName/IP or a combination of these to be able to play. So your client shouldn't send random values, cause it wouldn't allow it to connect to the server. It should send the correct values so the authorization server (forums user database) allows it to connect. It is more like a global whitelist, random values won't help you there, you need to be recognized.
The drawbacks of the idea have been discussed and acknowledged. Still, its easy to setup, maintain and it does give access control. It doesn't prevent multiple account registration, but checking GUID, email and especially IP's with account registration at one location (this forums database) it becomes a lot harder to stay anonymous.

[imperiumZero]

First of all, being the owner of AAA Proving Grounds, I take most calls of cheating with a large grain of salt, entirely because the general Tremulous community tends to jump to conclusions about cheating. Most are fine, but some prefer to bitch and complain.

Those of us that have been playing Quake for a much longer time than Tremulous realize that cheaters are an unfortunate but not unexpected phenomenon in these online games. Administrators are the ones tasked on non-punkbuster (and sometimes these even) to deal with cheaters timely and effectively.

So firstly, (RE: the idea of a transparent server-side catching of n_* cvars...)

There are major problems with this issue.
Firstly, as many have already said, THE CLIENT CAN LIE about it's information, aside from IP address (added to userinfo server-side after challenge response). Needless to say, this would not work.

Secondly, those cvars names and registers can be completely separate and distinctive. I know that a simple s/n_aim/blarg_bookabombs/ on Null's bot source would suffice. Anyone who knows C can figure that out.

Third, as shown in Quake III (and TeamArena), OGC (which is what Null's bot is based on) can defeat this very simply. When punkbuster began scanning cfg's in /baseq3/ noskill decided to implement a second console via F10 in which you could enable these cvars, completely separate from the host system. These cvars were stored in ~/.ogc/ (posix) or a special folder in windows. This was implemented by version OGC 1.92 and above for Q3 1.32c.

I have thoroughly investigated this idea. But it will not work aside from planting a keylogger inside the client. This wouldn't be a good idea for Tremulous. (Who in their right mind would voluntarily download a keylogger just to play a game?)

Now, secondly. A 'rapid view-angle change' detector.

A mouse is an analog device, sending signals to represent movement on a 2D plane. (the mouse x/y coords). These are incremental and predictable (generally). Most aimbots directly copy their angle information onto the entities view angle registers. In first thought this is a great way to catch aimbotters. Unfortunately, this also has flaws. In Q3 Bot AI, the bots run with weighted drifts, in order to make this a little easier for players. Developing an aimbot that would for instance, sqrt() the angle-to-point at the player and add a little extra, here and there, would prove quite lethal with an improved triggerbot (which decides shots based on lerpOrigins and unlagged predications), and would be very hard to catch.
Remove the triggerbot and let a human player fire, you couldn't catch them. Simple. But what you don't know can't hurt you. (At least in an online game. =) )  

And finally, a global white list, although very effective, I could bypass quite easily, via a couple transmission-reflecting zombie machines. Or even Tor perhaps. My methods however will remain known to me only.
The biggest call-say I could make up over this is a legitimate false positives. How can you prove who someone is, via IP? You cant. GUID you say? Well it is very easy to spoof GUIDs. Google can show numerous ways of doing so. It gets quite bad in Q3 with some servers.

$cat ~/.q3a/baseq3/boomboxer.txt
ClientNum: 7
Name: "^1Boom^3boxer"
IP: xx.xxx.x.x
GUID: "ABCDEFGHIJKLMNOPQRSTUVWXYZ001337"

Hence my point. And more so, what happened to just dealing with them on your own servers as the come? Honestly, one botter does not CIH your server, so just accept the facts and ban the fucker. These "preemptive strikes" only dismay players, and make botters more successful in destroying the game.

*********************

In closing remarks, a global white list is great, but I will not support it. I firmly believe that banning as each problem surfaces is simple and effective for all concerned administrators. If you cannot police your own server, don't have one.

^^^

And on a side note, certain administrators DO ban the griefers, and the proceed to LEAVE THEIR OWN SERVER to kick/ban the player from the next server that player joins, even before the culprit has joined a team.
A note to you specific admins that follow that view. (You know who you are.) You keep you own anger in the confines of your own server. I don't want you righteous bullshit polluting what I attempt to have sanitized to the best of my ability. You do it...it's also what I include in the griefing definition. You would be disrupting my server for your own pseudo-elitist satisfaction, and only partaking in a witch hunt. You are the ones spreading the hysteria.

The difference between the aimbotters and you problematic Nasi administrators in effect is this.

Botters only get a temporary ban.

[Patriotpie]

I laugh at how much thought you put into that post. Instead of telling us exactly how to bypass all proposed systems, maybe you could think about how to make them better.

[kevlarman]

@imperiumZero:
first of all, creating new accounts just to post in a thread after you got flamed out of an almost identical thread is usually frowned upon. second of all, you're right on almost every single point, but a whitelist is extremely effective at getting rid of people who should be banned, along with a huge portion of everyone else, i think you meant a blacklist.

[temple]

A white list with a token, such as $10 registration fee, is hard to defeat.  Unless you consider buying multiple tokens as 'beating' it.

[KusaKari]

See his comments on my idea are what I want though.  I agree.  My simple solution wouldn't be to hard to bypass but you would have to do one of two things to do so.  Either make the aimbot less effective which defeats the purpose of having it or make the aimbot much much more advanced.  Which would take so much time and effort that funlily would probably just move on.  Even if he went on to make a better one, it would be rarer and less of a threat in my opinion.

[n00b pl0x]

$10 registration fee

whore

[DHRUVINATOR]

$10 registration fee

whore

+1

[E-Mxp]

guys, I don't get this...
To defeat the aimbot you want to ban all windows clients?
But.... If somebody makes a mac or linux compatible aimbot, youll have the same problem all over again, so what's the point?

[DHRUVINATOR]

WTF no don't ban all window clients. You have issues people. That will kill off the community plus make it a mission for people to make bots on other operators.

[David]

Man people need to learn what a joke is.

[DHRUVINATOR]

Well some people didnt have time to go through the whole topic so i read the last post so i assumed it wasnt a joke.
People need get lives. (Not to u David )

[tuple]

I'll put some of you on the list for fun. Someone joining my server would get server-controlled, and will be doing aimbot and decon stuff. Whoops, you're banned!

See David's discussion here concerning a web of trust to find that there are ways around such abuse where a shared ban list idea is concerned.  Also understand that with Davids idea, any particular server operator would not have to trust your servers ban list.

[/dev/humancontroller]

// nice o'vvN4G3 by imperiumZero

what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.

It's easy to make it so that the aimbot doesn't do 180deg turns, and turn at a limited speed.

You know, that would be pretty good.  It would make aimbot not as effective, thus well not a as big as an advantage.

Like I always say, if people aren't using an aimbot to its potential, it defeats the purpose of the aimbot.

I mean tweaking the aimbot down to 99.99% JUST to avoid auto-kicks is more than acceptable. Basically you just disable the instant 180deg turn. 111deg botfov and 1-2 deg/msec turn speed is ok, and delivers near-excellent performance.
+As imperiumZero wrote, sqrt() movement could even fool spectators.

Something i posted a while ago.

The main idea was that this forums user database could be used as the master server. Authentification is easily done by adding some php scripts on this forums server and using simple http requests from either the tremulous client and tremulous servers.
Features:
- It proposes forum user group concepts to be used for player management on tremulous server
- Checking up on IP and management of players can be done at one place, on this site by this site's admins, or alternatively a special user group can be created here for that job
- The ideas go a bit further than just sharing ban lists, but it includes sharing ban lists.
- Names as registered on this forum are globally protected on servers that use this forum as their master server
- How the servers make use of the authentication system and banning system is highly flexible and can be easily customized

One more time I tell you: this game is open source. If you (the server) ask me (my client executable) about my serials, I will just tell you a random value.

You didn't understand. The idea is that your clients needs to authenticate GUID/UserName/IP or a combination of these to be able to play. So your client shouldn't send random values, cause it wouldn't allow it to connect to the server. It should send the correct values so the authorization server (forums user database) allows it to connect. It is more like a global whitelist, random values won't help you there, you need to be recognized.
The drawbacks of the idea have been discussed and acknowledged. Still, its easy to setup, maintain and it does give access control. It doesn't prevent multiple account registration, but checking GUID, email and especially IP's with account registration at one location (this forums database) it becomes a lot harder to stay anonymous.

Uhm I must have quoted wrong. My reply doesn't even relate to your post. Sry!
Someone posted something about hard coded values like hd/moboserial...

[temple]

I mean tweaking the aimbot down to 99.99% JUST to avoid auto-kicks is more than acceptable. Basically you just disable the instant 180deg turn. 111deg botfov and 1-2 deg/msec turn speed is ok, and delivers near-excellent performance.
+As imperiumZero wrote, sqrt() movement could even fool spectators.

All that needs to be done is make aimbotting slightly less than effective or less automatic.  If you are doing a lot of work with the aimbot, it doesn't become as attractive and allows for more human error.  

In tremulous, slowing down an aimbot is good.  Tremulous is fast paced and an aliens don't have head hitboxes.  So, only the tracking aspect of an aimbot really benefits a person.  And if they are tracking slower, an alien can still dodge and take them out.

[tehOen]

whitelist is the only solution
if you think you can detect aimbot, client OS, or anything that the client have on his/her computer ... you are stupid. sorry

[player1]

good enuff 4 me
when do we start?