alientrap-forum-archives

[obi_wan]

Well... i know what i'll say won't help... but does anyone know why people cheat ?? it's just... unuseful. What's the point of winning if you don't play whith the same rules ?

I like delay weapons and hate hitscans ones... so do whatever you want i'll keep playing :p

[divVerent]

Good to hear. Still, there are other solutions. The most obvious alternative would be a GUID system. Id (and Even Balance) tied Q3's to a purchased CD key, but it could also be based on e.g. forum registration or even a dedicated GUID registration system.

Once you have that, then you could do all sorts of other things... Servers restricted to players with an "established" GUID only, temporarily closed registration with player invites, etc. I'm aware of the privacy implications (e.g. some people even set up Punkbuster GUID databases, streamed to by server admins), but it might be better than not having it at all.

So a cheater would just register a new ID in the forum and be able to cheat again. A certain individual already registered about ten times in this forum after getting banned over and over again.

As for a closed community, that's a bad idea, however, I'd like the following features:

• nick name reservation: everyone can register his nick at alientrap.org and he will get a file that authenticates him; anyone who does NOT have such a file will get an icon in front of his nickname that tells that the name is unregistered. Then one can see who is the true esteel and who isn't
• registered player names can be used to restrict joining to a whitelist of players, or to blacklist players (the latter isn't THAT useful because our cheater can just re-register or play without a registered nickname)
  This whitelist will also be useful for tourney matches, in which case the server admin would use a script and rcon to only allow the two participants to join
• a player that joins a server peforms a zero knowledge proof that he owns a registration file that matches his nickname (it has to be zero knowledge, since otherwise a malicious server could steal identities)

So basically, we have a function:

f(playername, key)

with the following properties:

• f(playername, secret key of Alientrap) = playerhash
• given the public key of Alientrap (from which the secret key can't be derived), we have a zero knowledge proof of a correct playerhash

I know perfectly how to do this, but the methods for this I know are covered by patents in the USA and thus cannot be used. For example, when trying to use the (now free) RSA, we get

playerhash = f(playername, secret key) = H(playername)^(secret key)

which fulfills

playerhash^(public key) = H(playername)

and we need a zero knowledge proof that, given H(playername) and the public key, we know a valid value of playerhash. So basically, we prove, given a public values e and g, the knowledge of a x so that x^e = g. No such scheme is known to me.

[divVerent]

Actually, there is a third approach to preventing cheating: making cheats useless.

For example, wallhacks are almost totally useless now because of sv_cullentities_trace. Even if they were still useful, they are absolutely useless in Key Hunt, because all key carriers are already shown by the waypoint marks!

To make aimbots useless, one could for example _add_ a homing instant-kill weapon, and make that weapon similarily accessible as the Nex. Then the Nex aimbotter won't be able to easily control the game.

Another idea would be introducing random short shot delays, of maybe up to 0.2 seconds. Aimbots won't know when the shot actually happens, so they would be required to center the crosshair over the enemy for quite a long time, which would be very easy to spot in a demo. Of course, this would make sense only for the Nex, not for the MG.

[s3cc0]

To make aimbots useless, one could for example _add_ a homing instant-kill weapon, and make that weapon similarily accessible as the Nex. Then the Nex aimbotter won't be able to easily control the game.

Another idea would be introducing random short shot delays, of maybe up to 0.2 seconds. Aimbots won't know when the shot actually happens, so they would be required to center the crosshair over the enemy for quite a long time, which would be very easy to spot in a demo. Of course, this would make sense only for the Nex, not for the MG.

I don't think introducing counter-aimbots or random lag (!!!) would make it any better, really
If fps games will ever get to that point, they will just not be worth playing anymore

[divVerent]

Actually, sorry, I didn't mean instant kill as in hitscan...

just a stronger homing rocket launcher. So you'd lock on your target and shoot, and the target then will die when the rocket hits him (so one hit is always lethal). Maybe slowly (think: poison). And the only way to escape would be turning around a corner so the rocket will slam into a wall and detonate.

Actually, that would not be much different from UT's rocket launcher when you use it to shoot five rockets at a locked target.

[kozak6]

Usenix, can you record a demo if you see it again?

[animus]

So a cheater would just register a new ID in the forum and be able to cheat again. A certain individual already registered about ten times in this forum after getting banned over and over again.

Well, that's sort of the point of my "temporarily closed registration" idea. I can understand not wanting to close the community in that way, though.

And yes, I've heard about that individual. Torus wouldn't allow me to remain ignorant about him when I began playing Nexuiz (using a different alias).

I know perfectly how to do this, but the methods for this I know are covered by patents in the USA and thus cannot be used.

IANAP (yet). Even so, if I understand what you're getting at, couldn't it be accomplished with a third party, such as an auth server? Both the client and the game server would communicate with it (or only the client), and neither would have to rely on any information from the untrusted client/gameserver. That's similar to what Q3 does, I believe, at least for hashed CD key authorization:

Q3 client -> auth server: Here's my key.
Q3 client -> game server: I want to connect.
Q3 server -> auth server: Is this client legit?
Auth server -> Q3 server: Yes.
Q3 server -> client: Okay, you may connect.

So, just modify that to have clients contact the auth server for your GUID / authenticity. You could also make it entirely optional on the client-side, and even remove the game server from the equation entirely (opt-in authentication only for the client).

[KadaverJack]

Q3 client -> auth server: Here's my key.

That's wrong, in 2 ways:
1) The point about zero-knowledge proofs is, that the client will never give it's secret key to anyone. (see http://en.wikipedia.org/wiki/Zero-knowledge_proof )
2) divVerent's method doesn't require an auth server. It only requires some kind of registration server, that will give you a personal keyfile. Neither the gameserver nor the client need to connect to an auth server. The gameserver just need the registration server's public key (which would be included in the main download, so registered nicknames can also be checked in LAN games, when the server has no internet connection).

[animus]

Q3 client -> auth server: Here's my key.

That's wrong, in 2 ways:
1) The point about zero-knowledge proofs is, that the client will never give it's secret key to anyone. (see http://en.wikipedia.org/wiki/Zero-knowledge_proof )
2) divVerent's method doesn't require an auth server. It only requires some kind of registration server, that will give you a personal keyfile. Neither the gameserver nor the client need to connect to an auth server. The gameserver just need the registration server's public key (which would be included in the main download, so registered nicknames can also be checked in LAN games, when the server has no internet connection).

Yeah, but apparently there are patents involved somewhere. Thus the alternative using an auth server. If the secret is e.g. your forum password, then you could send your login in plaintext and send a hash of the password. Encryption could even be introduced.

[RoKenn]

Well... i know what i'll say won't help... but does anyone know why people cheat ??

Well that one is easy to answer.... it helps them to handle their inferiority complex .

DivVerent: just explain it to a stupid RoKenn please :

What I would suggest / Is THAT REALLY patented:

Each registered player has a GnuPG key, the server sends a challenge (random string), I encrypt it with my secret key and send it back, server decrypts it with his public key... <confirmed, that guy IS RoKenn>

That is just the basic GnuPG functionality, is that patented??

As for players just re-registering: it could be useful to add a "trustness-level", so that people have to earn being trusted over time. That still doesn't resolve the conflict of "having trustworthy players" and "ease of playing for newbies".