Hey all, I want to create some maps for Nexuiz, but I am hesitant to commit the time and effort if there is going to be a lot of cheating going on. Nexuiz is a great game.
If there is cheating going on, theres no real point to spend time mapping, much less playing the game. I am certain its technically possible to cheat, but what are the developers doing to respond to hacks/cheating?
Regards,
Tysech.
Wanting to make maps
Moderators: Nexuiz Moderators, Moderators
10 posts
• Page 1 of 1
Wanting to make maps
by Tysech » Sat Jan 05, 2008 6:04 pm
- Tysech
- Newbie
- Posts: 6
- Joined: Sat Jan 05, 2008 5:59 pm
by divVerent » Sat Jan 05, 2008 6:15 pm
Basically, wallhacks are useless thanks to the server-side anti-wallhack (you simply wouldn't see the enemy until he is actually legitimately on your screen). Aimbotters are no issue at the moment, but this could change - the game is open source, and anyone can modify the engine.
Speedhacks abuse bugs in the engine, and speedhackers are caught using network dumpers and the engine gets fixed then.
Speedhacks abuse bugs in the engine, and speedhackers are caught using network dumpers and the engine gets fixed then.
1. Open Notepad
2. Paste: ÿþMSMSMS
3. Save
4. Open the file in Notepad again
You can vary the number of "MS", so you can clearly see it's MS which is causing it.
2. Paste: ÿþMSMSMS
3. Save
4. Open the file in Notepad again
You can vary the number of "MS", so you can clearly see it's MS which is causing it.
- divVerent
- Site admin and keyboard killer
- Posts: 3809
- Joined: Thu Mar 02, 2006 4:46 pm
- Location: BRLOGENSHFEGLE
Current observations?
by Tysech » Sat Jan 05, 2008 6:20 pm
Are there current observations regarding hacks/cheats? I mean you mentioned briefly your thoughts, but what is the wider consensus amongst the developers and players? Is cheating rampant? increasing? How much attention does the dev. team place on eliminating such issues (i see from your post at least SOME attention is payed, but can the dev. team themselves give an indication?
Cheers,
Tysech
Cheers,
Tysech
- Tysech
- Newbie
- Posts: 6
- Joined: Sat Jan 05, 2008 5:59 pm
Re: Current observations?
by torus » Sat Jan 05, 2008 6:43 pm
Tysech wrote:Are there current observations regarding hacks/cheats? I mean you mentioned briefly your thoughts, but what is the wider consensus amongst the developers and players? Is cheating rampant? increasing? How much attention does the dev. team place on eliminating such issues (i see from your post at least SOME attention is payed, but can the dev. team themselves give an indication?
Cheers,
Tysech
He is one of the developers.
- torus
- Forum addon
- Posts: 1341
- Joined: Sun Dec 24, 2006 6:59 am
- Location: USA
Re: Current observations?
by KadaverJack » Sat Jan 05, 2008 7:13 pm
torus wrote:He is one of the developers.
And as far as engine development goes, he is pretty much half the dev-team...
@Tysech: starting two identical threads doesn't make any sense, i moved this one instead.
- KadaverJack
- Site admin and forum addon
- Posts: 1102
- Joined: Tue Feb 28, 2006 9:42 pm
Thanks mate
by Tysech » Sat Jan 05, 2008 7:18 pm
Yeah, I didnt see this forum category until too late!
I didnt know he was so involved in the project, but thanks for the heads-up.
Tysech
I didnt know he was so involved in the project, but thanks for the heads-up.
Tysech
- Tysech
- Newbie
- Posts: 6
- Joined: Sat Jan 05, 2008 5:59 pm
by divVerent » Sat Jan 05, 2008 8:28 pm
Well, to elaborate more on this topic...
There are different categories of cheats.
Wallhacks - making walls transparent so you can see players behind it. Easy to do, can be done easily as OpenGL driver hack too. There is no way to detect these kinds of cheats at all. Actually, Vista's built in NVidia driver with a Quadro FX 540 is a wallhack in CS:S (walls and doors randomly flicker away when walking, giving away people behind). What we do against it: the server thoroughly checks visibility of objects, and only sends those objects the player REALLY can see (with some sort of prediction using the ping and your current velocity, so things usually don't suddenly pop out of nothing because of client-side movement prediction - but it still happens, seldomly). Try playing Nexuiz with a wallhack, and you'll see how it works.
Speedhacks - abusing protocol/engine flaws to move faster than you are supposed to. When a speedhack gets reported, we tell server admins to record network activity of the speedhacker using tools like wireshark or tcpdump. We can use that information to analyze how the speedhack works, and fix the engine flaw it uses. This has happened once, and we got a fix fast that's installed on many servers (BTW, in the process, I discovered two or three more flaws that could be used for speedhacks too, and fixed them).
Aimbots - software that improves your aim by analyzing what's on the screen, and adjusting your aim so that it actually hits someone. We can't do anything against this kind of hacks. Actually, nobody can. An aimbot can be written as a hacked graphics and input driver, and would that way only be detectable by verifying that the graphics driver comes from a trusted source - which is not possible for a game that runs with normal user privileges. The only ways to do that involve a self-updating "anti-cheat" program that runs with administrative rights, and checks the drivers... but these programs are, by design, rootkits (hidden software that can be used by their author to take over full control over your PC). Nexuiz won't ever use such software, as it would be a huge security threat to the players' data on their PCs; even if you can fully trust Alientrap, what if someone takes over the update server of the anti-cheat app? He could then install trojans on the computer of each player. Additionally, the cheating scene is already quite good at tricking such software into thinking the installed drivers are valid.
However, aimbots for Nexuiz haven't been sighted yet. Even if they exist - as Nexuiz can't use any of these "advanced" (system compromising) methods to detect them, there won't be any pressure on the aimbot authors to improve their bots to act more "human" to evade detection algorithms. However, in competitive matches both parties have to send in a demo of their view of the game. On a demo, aimbots are easy to spot (and even easier as there won't be any reason for the aimbot author to make it evade some automatic checks), and the player would be disqualified. Evading the human eye is MUCH harder... in the current development version, the server is able to record the demos of each connected client's view, which means the players can't manipulate their demo files to make an aimbot non-apparent.
But think in the future - what if someone makes an aimbot using virtualization techniques like current CPUs provide? The bot could run below the operating system, and manipulate input based on what the game sends to the graphics card. There won't be ANY way to detect these by the design of the virtualization features - no matter how much you compromise the player's system. I believe that such an aimbot will appear at the end of 2008, and be customizable to work for any game. Then, the only solution would be to remove sniper-style weapons from the game. However, given that Nexuiz isn't an attractive platform for aimbotters (these prefer games where they can own millions of other players with it, like CS:S), even if this aimbot comes out, the number of aimbotters in Nexuiz will be small (maybe one or two cheaters who'll get known and kickbanned soon).
By then, Nexuiz will have a working user authentication system that allows you to reserve nicknames, which are secured using digital certificates (this feature is already planned, but held back by bugs in OpenSSL's brand new DTLS protocol). There may be multiple registration authorities, including ones that require an unique email address, or even ones where you pay a small one-time fee (like, 1$) to register an account. Competitions could require a paid account to be used, and if someone gets disqualified once, his account would get some very bad reputation - he'd basically get banned from most servers for it and would have to buy a new certificate to enter competitions again. I doubt any cheater would pay money for being able to cheat, even if it's just one buck.
There are different categories of cheats.
Wallhacks - making walls transparent so you can see players behind it. Easy to do, can be done easily as OpenGL driver hack too. There is no way to detect these kinds of cheats at all. Actually, Vista's built in NVidia driver with a Quadro FX 540 is a wallhack in CS:S (walls and doors randomly flicker away when walking, giving away people behind). What we do against it: the server thoroughly checks visibility of objects, and only sends those objects the player REALLY can see (with some sort of prediction using the ping and your current velocity, so things usually don't suddenly pop out of nothing because of client-side movement prediction - but it still happens, seldomly). Try playing Nexuiz with a wallhack, and you'll see how it works.
Speedhacks - abusing protocol/engine flaws to move faster than you are supposed to. When a speedhack gets reported, we tell server admins to record network activity of the speedhacker using tools like wireshark or tcpdump. We can use that information to analyze how the speedhack works, and fix the engine flaw it uses. This has happened once, and we got a fix fast that's installed on many servers (BTW, in the process, I discovered two or three more flaws that could be used for speedhacks too, and fixed them).
Aimbots - software that improves your aim by analyzing what's on the screen, and adjusting your aim so that it actually hits someone. We can't do anything against this kind of hacks. Actually, nobody can. An aimbot can be written as a hacked graphics and input driver, and would that way only be detectable by verifying that the graphics driver comes from a trusted source - which is not possible for a game that runs with normal user privileges. The only ways to do that involve a self-updating "anti-cheat" program that runs with administrative rights, and checks the drivers... but these programs are, by design, rootkits (hidden software that can be used by their author to take over full control over your PC). Nexuiz won't ever use such software, as it would be a huge security threat to the players' data on their PCs; even if you can fully trust Alientrap, what if someone takes over the update server of the anti-cheat app? He could then install trojans on the computer of each player. Additionally, the cheating scene is already quite good at tricking such software into thinking the installed drivers are valid.
However, aimbots for Nexuiz haven't been sighted yet. Even if they exist - as Nexuiz can't use any of these "advanced" (system compromising) methods to detect them, there won't be any pressure on the aimbot authors to improve their bots to act more "human" to evade detection algorithms. However, in competitive matches both parties have to send in a demo of their view of the game. On a demo, aimbots are easy to spot (and even easier as there won't be any reason for the aimbot author to make it evade some automatic checks), and the player would be disqualified. Evading the human eye is MUCH harder... in the current development version, the server is able to record the demos of each connected client's view, which means the players can't manipulate their demo files to make an aimbot non-apparent.
But think in the future - what if someone makes an aimbot using virtualization techniques like current CPUs provide? The bot could run below the operating system, and manipulate input based on what the game sends to the graphics card. There won't be ANY way to detect these by the design of the virtualization features - no matter how much you compromise the player's system. I believe that such an aimbot will appear at the end of 2008, and be customizable to work for any game. Then, the only solution would be to remove sniper-style weapons from the game. However, given that Nexuiz isn't an attractive platform for aimbotters (these prefer games where they can own millions of other players with it, like CS:S), even if this aimbot comes out, the number of aimbotters in Nexuiz will be small (maybe one or two cheaters who'll get known and kickbanned soon).
By then, Nexuiz will have a working user authentication system that allows you to reserve nicknames, which are secured using digital certificates (this feature is already planned, but held back by bugs in OpenSSL's brand new DTLS protocol). There may be multiple registration authorities, including ones that require an unique email address, or even ones where you pay a small one-time fee (like, 1$) to register an account. Competitions could require a paid account to be used, and if someone gets disqualified once, his account would get some very bad reputation - he'd basically get banned from most servers for it and would have to buy a new certificate to enter competitions again. I doubt any cheater would pay money for being able to cheat, even if it's just one buck.
Last edited by divVerent on Sat Jan 05, 2008 8:37 pm, edited 1 time in total.
1. Open Notepad
2. Paste: ÿþMSMSMS
3. Save
4. Open the file in Notepad again
You can vary the number of "MS", so you can clearly see it's MS which is causing it.
2. Paste: ÿþMSMSMS
3. Save
4. Open the file in Notepad again
You can vary the number of "MS", so you can clearly see it's MS which is causing it.
- divVerent
- Site admin and keyboard killer
- Posts: 3809
- Joined: Thu Mar 02, 2006 4:46 pm
- Location: BRLOGENSHFEGLE
Thank you
by Tysech » Sat Jan 05, 2008 8:37 pm
Thank you for taking the time to enlighten me on all that. I have now a better understanding of the technical aspects of implementing such hacks, and an idea how the dev. team is reacting (within its reasonable limits) to said hacks.
You and the dev. team are doing a great job, and I am appreciative to be able to play this game, its 'hella fun', as they say.
/me fires up GTKRadiant...
Again, great post, mate.
Regards,
Tysech.
You and the dev. team are doing a great job, and I am appreciative to be able to play this game, its 'hella fun', as they say.
/me fires up GTKRadiant...
Again, great post, mate.
Regards,
Tysech.
- Tysech
- Newbie
- Posts: 6
- Joined: Sat Jan 05, 2008 5:59 pm
by divVerent » Sat Jan 05, 2008 8:48 pm
Oh, one thing I forgot: often, people think someone is using a speedhack. This is because in Nexuiz, players can move very fast. Jumping all the time makes you go faster - and laser and rocket jumps help you even more to gain speed. I got a speed of 1500km/h (about 16000 units/sec in radiant) using five in-air rocket detonations with strength - but of course you need to pay for this with lots of health (namely, somewhere between 750 and 1950 units, I suppose about 1500).
Why you need to know this? Especially if you make a CTF map, don't make it too open. By using in-air rocket detonations, you can easily go large distances in two or three seconds. In indoor areas, these tricks won't help players much...
Why you need to know this? Especially if you make a CTF map, don't make it too open. By using in-air rocket detonations, you can easily go large distances in two or three seconds. In indoor areas, these tricks won't help players much...
1. Open Notepad
2. Paste: ÿþMSMSMS
3. Save
4. Open the file in Notepad again
You can vary the number of "MS", so you can clearly see it's MS which is causing it.
2. Paste: ÿþMSMSMS
3. Save
4. Open the file in Notepad again
You can vary the number of "MS", so you can clearly see it's MS which is causing it.
- divVerent
- Site admin and keyboard killer
- Posts: 3809
- Joined: Thu Mar 02, 2006 4:46 pm
- Location: BRLOGENSHFEGLE
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest