Cheat-catching parameters

[Traak]

Some cheat-catching ideas

Kills per second. A person with weapon "A" can not likely be expected to make more than a certain number of kills per second. An OS will have the highest, I suspect, and a knife the lowest. By automatically flagging for observation any player getting a too-high kills per second with any given weapon, they could help catch some cheaters.

Similarly, TTK: A person with a knife shouldn't be consistently making kills with a 0.01 second TTK, for example.

ROF: Simple to monitor ROF and automatically flag ROF cheaters.

Physical speed: a REXo should not be capable of more than a certain level of speed, for example. Automatic flagging of players who are showing more speed than possible would narrow down the field of who to look at also.

Kill/death ratio. A player who scores above a certain number of kills in any given life, or who tried to thwart this by suiciding after a certain number of kills, can be automatically flagged for observation.

Enabling the devs to see the game as if at your screen, live. This will enable them to observer first-hand if you are cheating. An alternative is to take timed screenshots that can be looked at to ascertain if someone is reloading, getting too much health or armor, or what have you.

Ping, lag, and packetloss: Code can be included that can automatically or manually tests a player's connection to see if their telecom metrics are in line with reality. A player who doesn't seem to "lose" packets unless they are "damage" packets can be automatically flagged for observation.

Letting the player know they are being monitored: If a player's K/D ratio goes from 100/1 to 1/200 when they know they are being monitored, they could have cheats suddenly disabled. No one gets THAT much worse when they know they are being watched.

Litigation: Sue the pants off of sites that hook you up with cheats.

Devs ACTUALLY PLAYING THE GAME! Directly playing against the suspected cheater: If a dev, who has zero ping and zero lag is soundly defeated over and over by someone, this will be suspicious, and worthy of examination.

Enabling software to examine game files, on the fly, to check for tampering. If you somehow disable that, like refusing a breathalyzer, you're presumed guilty.

Encrypting the files would be one way to mitigate game file tampering. Releasing a newly patched batch of encrypted game files each week or month could DRASTICALLY decrease the amount of cheating. Not many hack sellers will spend the money on the supercomputers necessary to decrypt the game files on a weekly basis. This makes the selling of cheats unprofitable, because they will only work for a week before the seller has to gear up the supercomputer to brute-force decrypt the latest batch of game files. Each batch of game files would also be coded to one computer only, so that person's computer could only use that person's computer. Unique identifiers would not be hard to do, and would make hacking that much more difficult.

And, the best weapon of all: Devs who despise cheating to the depths of their souls, and who are assigned to eliminate it from the game.

[duck]

I would like to see the ability for players to flag others for cheating/hacking. It could be just an interface-feature. Like you right click on someone's avatar, and where it says "Whisper, invite..,etc" also has "Flag for Abuse"

If there are enough of those on an individual at a given time then devs can look into that player

[kamikava]

I really think that having to use a credit/debit card to create an account would get rid of cheaters. If you get caught hacking, your CREDIT DETAILS get banned, you cant create another account ever. Period. And people are guna have a finite number of people willing to share their credit card details with them

I have found that in F2P games such as America's Army, a cheater would get banned and be back in 5 mins with a new account. It just got silly.

I dont know how viable this is with an FPS but . . . . . . . . having everything serverside, firerate, spread, recoil, speed etc. makes cheating pretty much impossible. The only "hack" you can get with WoW is a speedhack, why? Your speed is adjusted clientside, the rest is serverside. As i said though is this possible on an FPS?

[NapalmEnima]

Originally Posted by IDukeNukeml

someone with a simple knowledge of packet editing can cheat at the game... someone with a great knowledge of packet editing can be another rick rolled....

False.

I'll bet you a Large Stack of Money that the packets will be encrypted. Looking at them won't tell you anything. Changing them will break them.

Now, anything your computer knows how to ENcrypt, your computer also knows how to DEcrypt. Hackers will eventually manage to figure out how to decrypt packets if they work at it long enough. SOE can make this Very Hard, but they can't make it impossible.

So a simple knowledge of packets just isn't going to cut it.

And there's more SOE can do. They can change encryption protocols with point releases. They can change the order fields are defined in the packets, perhaps even with the preprocessor. So they can break hacks with every release... and if they're clever they can break the hacks in a way that they can detect, hunt down, and KILL. Say they just change the checksum generation. Now the old hacks think they work, but they're actually getting themselves flagged as dirty cheating whores.

So the devs wait a couple weeks, build a nice long list of accounts to ban, and boot all those fuckers. They can look at IP addresses. If no one but cheaters is coming from a particular IP, ban it. When someone comes along and asks for that IP to be reopened, you do so, and stick all players from it on a "high risk" list for extra scrutiny from the server.

[NapalmEnima]

Originally Posted by IDukeNukeml

Encrypted pack X that is sent doing Y action = packet.
Packet analysis (takes about 3 minutes) can show you what encryption they are using if it's a commonly known protocol OR. take 8 hours with a good machine, and run through decryption software... damncheaters have teams they PAY to do this... simply encrypting the packet will do nothing but slow them down a day.... they could do alternating encryption but it will cause lag.

So don't rely on network encryption. Have the software itself jumbling the bits around prior to giving them to the network to handle.

And I have trouble believing that standard modern packet encryption techniques can be so trivially broken.

Hmmm... actually I can think of a way that wouldn't even require cracking the game, "just" the OS.

[NapalmEnima]

Originally Posted by IDukeNukeml

I think im on the same page as you, I also realize they are ways to modify the OS to do certain things..... but that is why most game developer's dont go linux.... well not BECAUSE of it.. but unix based systems are very easily manipulated.

If you set the encryption locally, you are giving the bad guys ammo like no other... I'd say burst the encryption, remove it, add it back... this saves on netcoding and keeps the lag to a minimal.

You really want it all encrypted from day 1. Makes it harder to figure out your packet structures, even if all you're doing is reducing the number of people capable of taking a look.

You can skip it for some stuff... text/voice chat between clients, but for client<->server communication you really want crypto from the start.

[Traak]

Originally Posted by IDukeNukeml

Here is a radical idea.... use encryption based on the client installed.. the same way they use cd keys.... it causes nearly ZERO latency, and it will send out one byte of information differently for each user.... this will stop all packet whoring and no cheat engine program could work ever.... each person would have to cheat on their own...... now add your incremental encryption.. we have a win.

Elaborate, please.

[NapalmEnima]

Originally Posted by IDukeNukeml

Here is a radical idea.... use encryption based on the client installed.. the same way they use cd keys.... it causes nearly ZERO latency, and it will send out one byte of information differently for each user.... this will stop all packet whoring and no cheat engine program could work ever.... each person would have to cheat on their own...... now add your incremental encryption.. we have a win.

A: There's always a way to cheat. If you control the computer doing the encryption, you can (given enough time and effort) make it decrypt whatever it encrypted. You simply CANNOT trust the client in a client server game.

Which is why client side hit detection is so flawed. OTOH, I understand why they did it... detecting a hit requires a fair bit of math. No big deal for each machine to handle their own processor-speed wise, but trying to do it all on the server would require some major computing horsepower.

B: even if someone can't change packets, being able to see them often opens up various cheat possibilities. Knowing things you shouldn't... the positions of all the enemies within 50 meters of you, that sort of thing.

[Crator]

Yes, it is possible. PS1 used client side hit detection. I think the devs said PS2 will be a hybrid. And they are using an anti-cheat program as well as "other means", Smed said.

And you are right, limiting account creation to credit card would stop someone from being able to make a bazillion accounts and keep hackin' away. That's why PS1 reserves (trial F2P) was stopped. Because people could just create accounts without needing a credit card.

And you know what? They probably will make a credit card be required for an account so when you want to buy something in the cash shop, or buy credit for the cash shop, it will just charge your card.

[Talek Krell]

My current credit card has a lovely feature that allows me to generate a random credit card number good for only one purchase. I'm not sure how common that is but it seems like it could poke a hole in the credit card ban idea.

[Traak]

Originally Posted by Talek Krell

My current credit card has a lovely feature that allows me to generate a random credit card number good for only one purchase. I'm not sure how common that is but it seems like it could poke a hole in the credit card ban idea.

Send me a PM with the details of that. I travel a LOT and would prefer to use that for my dealings on the 'net on the five continents I've been on lately. Nothing untoward has happened yet, but that is an awesome anti-phishing idea.

More to your point: yeah, I can see that being a workaround.

However, the idea is to place as many obstacles as possible in the way of cheating. This will make smaller and smaller subsets of people who can
A) Cheat so obviously
B) Cheat so long
C) Cheat so successfully

Even if we can't eliminate cheating, we can apply pressure against it.

[FIREk]

I generally like what you wrote up, and I'm pretty sure SOE has considered most of this stuff, but I have some comments.

Originally Posted by Traak

Kills per second.

Similarly, TTK: A person with a knife shouldn't be consistently making kills with a 0.01 second TTK, for example.

Kill/death ratio. A player who scores above a certain number of kills in any given life, or who tried to thwart this by suiciding after a certain number of kills, can be automatically flagged for observation.

Not exactly fair, but if it's only for the purpose of observation, I suppose it's OK.

Originally Posted by Traak

Enabling the devs to see the game as if at your screen, live. This will enable them to observer first-hand if you are cheating. An alternative is to take timed screenshots that can be looked at to ascertain if someone is reloading, getting too much health or armor, or what have you.

A few problems here:
1) The processing power wasted on recording video and/or making screenshots,
2) The lag resulting from uploading that video and/or images,
3) At least with Punkbuster, modern cheats (the ones I know of, sold for monthly subscriptions, at least), are reportedly able to determine when a cheat-protection snapshot is about to be made, and turn off all visible overlays like wallhacks etc.

If you just meant observing from a camera perspective, like an observer mode in typical multiplayer games, that would be fine, of course.

Originally Posted by Traak

Litigation: Sue the pants off of sites that hook you up with cheats.

Somehow I think these types of "businesses" don't give much of a damn about primitive notions of "law", "property" and "consequences".

Originally Posted by Traak

Devs ACTUALLY PLAYING THE GAME! Directly playing against the suspected cheater: If a dev, who has zero ping and zero lag is soundly defeated over and over by someone, this will be suspicious, and worthy of examination.

I suspect this would be extremely time-consuming an ineffective, let alone tough to orchestrate in a massive game with a lot of enemies and friendlies about. Not to mention there will likely be a lot more potential cheaters online than moderators/observers/support reps available at that moment.

Originally Posted by Traak

And, the best weapon of all: Devs who despise cheating to the depths of their souls, and who are assigned to eliminate it from the game.

I believe in what Smed said on many occasions, and think we're covered here.

[FIREk]

PunkBuster (which will most likely be the "third party solution" mentioned by Smed) can ban users' hardware IDs (most likely the IDs of all hard drives installed on the cheater's PC). Now, I'm not 100% sure whether or not HDD hardcoded "real IDs" can be spoofed, but hopefully PunkBuster can somehow get around this.

Hardware bans are pretty extreme, and are only used by PB when it detects that a user was running software that interferes with PB itself. IF spoofing can't be used to circumvent this security measure, then the only way to get back into the game is to disconnect all hard drives and put in a new one, with a new system.

This would be a good solution, especially since the hassle of needing a credit card (or online "virtual credit card", or a cheap gift card) would detract some people who woul rather just create and account and play the game.

Of course, if I were a cheater, I would prepare a ghost partition with a fresh OS, all updates, drivers and PS2 installed, so I could get back to the game in an hour or so... But would it be worth it? Also, I would need a new HDD, anyway.

[2coolforu]

Problem is PunkBuster sucks ass, it also constantly runs in the background and invades privacy.

[FIREk]

Well, Punkbuster, as a mainstream, rarely-updated piece of software, is likely about a million steps behind cheaters. Since it doesn't detect new cheats, I'm sure this would be SOE's job, but if it can at least be used for effectively perma-banning people for using known cheats, then it serves a vital purpose.

As far as I'm concerned, it invades my "privacy" in a completely irrelevant way. It's not like they would be storing information on what processes people are running, let alone combined with my actual private information. And I don't see if it's a real issue that it runs in the background - so does a dozen SVCHOSTs whose exact function you most likely don't know. It's software, it' got to work somehow...