Ok there, here is something i ecnountered yesterday night that gave me some unpleasant thoughts.
I was playing on the DCC beginners server (and no, I am no beginner, I am playing nexuiz since > 1 year on a regular basis), when a player nicknamed "test" connected. His movements were not bad, but also not excellent. but he did laser people permanently while they were in the air. i mean peaople were jumping and the hit in the air, hit again, hit again, fell off the map--- all without touching the ground. This was on the evil space map. This actions made me curious and I started to spectate this player on the next map. His mouse gestures seemed unnatural to me, the focus following the ennemy also during aprupt movements.
So yes, my conclusion is that that was possibly the test of an aimbot. I know that some of the developers will start flaming now that that would be impossible, but from a technical side it is _not_ impossible to code an aimbot on the client side.

well, I dont want to see the nexuiz gameplay go down the drain, so tell me what you think. maybe someone knows the server admins of DCC, so the IP of the "test" player can be found and maybe his origin.

just the best wishes and keep up the good work

usenix

if someone made an aimbot for nexuiz, it'd be the beginning of the end. While most players are honest, the not so honest ones will start to use the aimbots. This will generate a sense of "screw everybody you're all newbs I'm better then you". This will attract more and more assholes, especially since dave made that windows installer. Next thing you know nexuiz will become the next W:ET.

While I find it... rather peculiar that you would be on the beginners' server, the suspected aim bot user IS a beginner, judging from his choice of weapon...

Aim bots are possible using Darkplaces and any other engine without client-side anti cheating software; however the 'aimbotter' could possibly be a talented FPS player with decent ping & GFX card.

Aim bots in Nexuiz are currently quite weak due to the general lack of hit-scan weaponry, and the unique way which movement plays a role in aiming [semi-Newtonian physics].

Now there area few common solutions to get rid of aim botting, most official games use anti-cheating software of some sort; Nexuiz cannot do this because it is open-sourced, uses unofficial servers, and because of the niche it serves; another remedy is to create and add IPs to the server ban list; and then there is the most efficient method of targeting the source, the player base [Nexuiz is beginning to draw the, excuse me for stating this, the all too common American tough guy].

TVR wrote:Now there area few common solutions to get rid of aim botting, most official games use anti-cheating software of some sort; Nexuiz cannot do this because it is open-sourced, uses unofficial servers,

Note that anti-cheating software doesn't really work either. An aimbot can be hidden in a wrapper around the input and graphics driver. Using virtual machine technology, you can even do that without the game being able to detect it! See: http://theinvisiblethings.blogspot.com/ ... -pill.html

But actually, current anti-cheat software isn't that clever - it just detects a range of known cheats using patterns of what to look for, similar to how virus scanners work.

It will be only a matter of time until aimbots of that sort exist. These will be undetectable by any anti-cheat system, cause only a very slight slowdown, and will be quite generic (that is, work with virtually every game). When these aimbots come, we will be forced to remove EVERY hitscan weapon.

In other words - enjoy the Nex and the MG secondary while you still can. Eventually the MG secondary will get a spread too, and the Nex may get replaced by a slow moving homing instant death particle that your target can escape by running around a corner and letting it hit the wall.

In other words - enjoy the Nex and the MG secondary while you still can. Eventually the MG secondary will get a spread too, and the Nex may get replaced by a slow moving homing instant death particle that your target can escape by running around a corner and letting it hit the wall.

That'sa good one. If you would really do that you would lose all good players, or a community that doesn't use "default Nexuiz" settings anymore.

It's still better than having cheats around that everyone can use.

Once a VM-based cheat is out, it will be the death of most FPS gaming... but we aren't at that point yet. However, we are very close, people are just developing in exactly that area. Limiting damage can only be done by removing instant hit weapons, or making them inexact in some way.

TVR wrote:Now there area few common solutions to get rid of aim botting, most official games use anti-cheating software of some sort; Nexuiz cannot do this because it is open-sourced, uses unofficial servers,

Actually, Urban Terror (a Q3 mod) uses the BattlEye anti-cheat system, and it's tied to their specific build of the (now GPLed) engine. The QVM mod code remains closed as well. As far as I'm aware, Id approves of all of this, with the stipulation that the mod must remain compatible with vanilla Q3.

Note that I'm not advocating BattlEye; its author seems to be taking his sweet time (even on a simple GUID system), and UrT is suffering from an influx of cheaters all the while.

divVerent wrote:It will be only a matter of time until aimbots of that sort exist. These will be undetectable by any anti-cheat system, cause only a very slight slowdown, and will be quite generic (that is, work with virtually every game). When these aimbots come, we will be forced to remove EVERY hitscan weapon.

That's a rather rash and heavy-handed response... Please, please put more thought into this. You will drive players away if you do something like that. Don't punish everyone because of a few idiots.

usenix wrote:so the IP of the "test" player can be found and maybe his origin.

IP addresses are not logged on DCC's at the moment. You can use the "status" command to see the IP address of other players.

animus wrote:

divVerent wrote:It will be only a matter of time until aimbots of that sort exist. These will be undetectable by any anti-cheat system, cause only a very slight slowdown, and will be quite generic (that is, work with virtually every game). When these aimbots come, we will be forced to remove EVERY hitscan weapon.

That's a rather rash and heavy-handed response... Please, please put more thought into this. You will drive players away if you do something like that. Don't punish everyone because of a few idiots.

If it's just a few idiots, a change won't be needed. But assume that at one time, on every server there are two or three cheaters. Then this step may be needed to limit damage.

Of course, not just because of one or two cheaters.

divVerent wrote:If it's just a few idiots, a change won't be needed. But assume that at one time, on every server there are two or three cheaters. Then this step may be needed to limit damage.

The Nexuiz community is still rather small, and IME cheaters are always a minority anyways. So, no worries about that happening any time soon, I think.

Of course, not just because of one or two cheaters.

Good to hear. Still, there are other solutions. The most obvious alternative would be a GUID system. Id (and Even Balance) tied Q3's to a purchased CD key, but it could also be based on e.g. forum registration or even a dedicated GUID registration system.

Once you have that, then you could do all sorts of other things... Servers restricted to players with an "established" GUID only, temporarily closed registration with player invites, etc. I'm aware of the privacy implications (e.g. some people even set up Punkbuster GUID databases, streamed to by server admins), but it might be better than not having it at all.

Well... i know what i'll say won't help... but does anyone know why people cheat ?? it's just... unuseful. What's the point of winning if you don't play whith the same rules ?

I like delay weapons and hate hitscans ones... so do whatever you want i'll keep playing :p

animus wrote:Good to hear. Still, there are other solutions. The most obvious alternative would be a GUID system. Id (and Even Balance) tied Q3's to a purchased CD key, but it could also be based on e.g. forum registration or even a dedicated GUID registration system.

Once you have that, then you could do all sorts of other things... Servers restricted to players with an "established" GUID only, temporarily closed registration with player invites, etc. I'm aware of the privacy implications (e.g. some people even set up Punkbuster GUID databases, streamed to by server admins), but it might be better than not having it at all.

So a cheater would just register a new ID in the forum and be able to cheat again. A certain individual already registered about ten times in this forum after getting banned over and over again.

As for a closed community, that's a bad idea, however, I'd like the following features:

• nick name reservation: everyone can register his nick at alientrap.org and he will get a file that authenticates him; anyone who does NOT have such a file will get an icon in front of his nickname that tells that the name is unregistered. Then one can see who is the true esteel and who isn't
• registered player names can be used to restrict joining to a whitelist of players, or to blacklist players (the latter isn't THAT useful because our cheater can just re-register or play without a registered nickname)
  This whitelist will also be useful for tourney matches, in which case the server admin would use a script and rcon to only allow the two participants to join
• a player that joins a server peforms a zero knowledge proof that he owns a registration file that matches his nickname (it has to be zero knowledge, since otherwise a malicious server could steal identities)

So basically, we have a function:

f(playername, key)

with the following properties:

• f(playername, secret key of Alientrap) = playerhash
• given the public key of Alientrap (from which the secret key can't be derived), we have a zero knowledge proof of a correct playerhash

I know perfectly how to do this, but the methods for this I know are covered by patents in the USA and thus cannot be used. For example, when trying to use the (now free) RSA, we get

playerhash = f(playername, secret key) = H(playername)^(secret key)

which fulfills

playerhash^(public key) = H(playername)

and we need a zero knowledge proof that, given H(playername) and the public key, we know a valid value of playerhash. So basically, we prove, given a public values e and g, the knowledge of a x so that x^e = g. No such scheme is known to me.

Actually, there is a third approach to preventing cheating: making cheats useless.

For example, wallhacks are almost totally useless now because of sv_cullentities_trace. Even if they were still useful, they are absolutely useless in Key Hunt, because all key carriers are already shown by the waypoint marks!

To make aimbots useless, one could for example _add_ a homing instant-kill weapon, and make that weapon similarily accessible as the Nex. Then the Nex aimbotter won't be able to easily control the game.

Another idea would be introducing random short shot delays, of maybe up to 0.2 seconds. Aimbots won't know when the shot actually happens, so they would be required to center the crosshair over the enemy for quite a long time, which would be very easy to spot in a demo. Of course, this would make sense only for the Nex, not for the MG.

divVerent wrote:To make aimbots useless, one could for example _add_ a homing instant-kill weapon, and make that weapon similarily accessible as the Nex. Then the Nex aimbotter won't be able to easily control the game.

Another idea would be introducing random short shot delays, of maybe up to 0.2 seconds. Aimbots won't know when the shot actually happens, so they would be required to center the crosshair over the enemy for quite a long time, which would be very easy to spot in a demo. Of course, this would make sense only for the Nex, not for the MG.

I don't think introducing counter-aimbots or random lag (!!!) would make it any better, really
If fps games will ever get to that point, they will just not be worth playing anymore

Actually, sorry, I didn't mean instant kill as in hitscan...

just a stronger homing rocket launcher. So you'd lock on your target and shoot, and the target then will die when the rocket hits him (so one hit is always lethal). Maybe slowly (think: poison). And the only way to escape would be turning around a corner so the rocket will slam into a wall and detonate.

Actually, that would not be much different from UT's rocket launcher when you use it to shoot five rockets at a locked target.

Usenix, can you record a demo if you see it again?

divVerent wrote:So a cheater would just register a new ID in the forum and be able to cheat again. A certain individual already registered about ten times in this forum after getting banned over and over again.

Well, that's sort of the point of my "temporarily closed registration" idea. I can understand not wanting to close the community in that way, though.

And yes, I've heard about that individual. Torus wouldn't allow me to remain ignorant about him when I began playing Nexuiz (using a different alias).

I know perfectly how to do this, but the methods for this I know are covered by patents in the USA and thus cannot be used.

IANAP (yet). Even so, if I understand what you're getting at, couldn't it be accomplished with a third party, such as an auth server? Both the client and the game server would communicate with it (or only the client), and neither would have to rely on any information from the untrusted client/gameserver. That's similar to what Q3 does, I believe, at least for hashed CD key authorization:

Q3 client -> auth server: Here's my key.
Q3 client -> game server: I want to connect.
Q3 server -> auth server: Is this client legit?
Auth server -> Q3 server: Yes.
Q3 server -> client: Okay, you may connect.

So, just modify that to have clients contact the auth server for your GUID / authenticity. You could also make it entirely optional on the client-side, and even remove the game server from the equation entirely (opt-in authentication only for the client).

animus wrote:Q3 client -> auth server: Here's my key.

That's wrong, in 2 ways:
1) The point about zero-knowledge proofs is, that the client will never give it's secret key to anyone. (see http://en.wikipedia.org/wiki/Zero-knowledge_proof )
2) divVerent's method doesn't require an auth server. It only requires some kind of registration server, that will give you a personal keyfile. Neither the gameserver nor the client need to connect to an auth server. The gameserver just need the registration server's public key (which would be included in the main download, so registered nicknames can also be checked in LAN games, when the server has no internet connection).

KadaverJack wrote:

animus wrote:Q3 client -> auth server: Here's my key.

That's wrong, in 2 ways:
1) The point about zero-knowledge proofs is, that the client will never give it's secret key to anyone. (see http://en.wikipedia.org/wiki/Zero-knowledge_proof )
2) divVerent's method doesn't require an auth server. It only requires some kind of registration server, that will give you a personal keyfile. Neither the gameserver nor the client need to connect to an auth server. The gameserver just need the registration server's public key (which would be included in the main download, so registered nicknames can also be checked in LAN games, when the server has no internet connection).

Yeah, but apparently there are patents involved somewhere. Thus the alternative using an auth server. If the secret is e.g. your forum password, then you could send your login in plaintext and send a hash of the password. Encryption could even be introduced.

obi_wan wrote:Well... i know what i'll say won't help... but does anyone know why people cheat ??

Well that one is easy to answer.... it helps them to handle their inferiority complex .

DivVerent: just explain it to a stupid RoKenn please :

What I would suggest / Is THAT REALLY patented:

Each registered player has a GnuPG key, the server sends a challenge (random string), I encrypt it with my secret key and send it back, server decrypts it with his public key... <confirmed, that guy IS RoKenn>

That is just the basic GnuPG functionality, is that patented??

As for players just re-registering: it could be useful to add a "trustness-level", so that people have to earn being trusted over time. That still doesn't resolve the conflict of "having trustworthy players" and "ease of playing for newbies".

Well, there must be other open source projects which are using similar authentification procedures, how are they dealing with us patents?
imho: screw us patents, almost anything seems to be patented: http://www.theregister.co.uk/2004/11/03 ... d_lawsuit/

divVerent wrote:Actually, sorry, I didn't mean instant kill as in hitscan...

just a stronger homing rocket launcher. So you'd lock on your target and shoot, and the target then will die when the rocket hits him (so one hit is always lethal). Maybe slowly (think: poison). And the only way to escape would be turning around a corner so the rocket will slam into a wall and detonate.

Actually, that would not be much different from UT's rocket launcher when you use it to shoot five rockets at a locked target.

Sounds preddy similar to the hagarmod i did for the MoN server. I borrowed the idea from Battlezone2 tho It fiers a tracer round, it that hit the weapon releases # guided missiles with some basic avoid crashing into the world ai. Bets way to counter em is to shoot em down with primary hagar fire; that mode is like a AA Gun.

No, the usual auth server method is flawed, because a malicious server can set the cvar containing the auth server address to send the key there.

Also, when the auth server is down, the game should still work.

Still, there must be a zero knowledge protocol one can use... maybe there IS a RSA based ZK protocol that proves x^e = g mod N. Fiat Shamir actually is free (IIRC) and quite close to that for e = 2, maybe there are no bad security implications when fixing e=2. That is:

Registration:
- User sends nickname to auth server.
- Auth server checks if nick is unique, and if yes, it sends back x = sqrt(H(nick)) mod N (where d is the inverse exponent of 2). As the auth server works as an oracle that would actually "break" the protocol, it has to make sure that it never gives a key for the same nickname. A password may be used to allow requesting the same nick multiple times.

Authentication:
Iterate M times (or parallel with a low iteration count):
- User generates a random number r.
- User sends nickname and R := r^2
- Server sends a random bit b
- User sends y := r x^b
- Server checks if y^2 = R H(nick)^b

Now assume that H() is a safe hash function. Then our attacker can't generate x = sqrt(H(nick)) combinations easily; note that he can generate x = sqrt(h) combinations by setting x = t, h = t^2. But as long as he can't invert the hash function, this won't help him, and even if it did, he could only generate gibberish nicknames.

If the user sends the same random number twice, the server can respond with different values of b, and then knows r x and r, from which it can derive x and steal the identity.

The product r x^b is without any information about x, as r isn't known, and only r^2 is (assuming that finding square roots mod N is hard). If the attacker can always guess b right, he can easily break the protocol: he generates y at random, and sets R = y^2 / H(nick)^b. This is no problem, but actually it proves zero knowledge, because one can get the very same data exchange using this "cheating prover" by just discarding the iterations where the prover lost the test (actually, as an additional detail, we may need that H(nick) may only generate square residuums mod N, which is kind of a problem as this can't be achieved by squaring the result, but the auth server could for example modify the nickname a bit by attaching an (invisible) number until H(nick) is a square).

However, this protocol IS vulnerable to a simple man-in-the-middle attack: you could run a server that waits till someone connects, and he will do the identification for you to connect to another server. But that's not THAT serious IMHO.

So... is Fiat Shamir still safe when using the protocol for many players? And is it patent free?

If there ever was a hack released couldn't the nexuiz team get a hold of it and then release a patch that would make it useless?

shaconbacon wrote:If there ever was a hack released couldn't the nexuiz team get a hold of it and then release a patch that would make it useless?

Then the hack authors would just modify their hack, Alientrap would have to modify Nexuiz again and it would be like writing anti-virus software for Windows...

I would much rather see the game made so that there was less advantage to be gained from aimbotting. Slow the laser down, add some spread to the MG secondary fire and make the Nex harder to use. Would this make the game less fun? I don't think so, it would also get rid of various other nuisances like people who think it's fun lasering CTF teammates into space and would mean that facing worlds could actually be used for serious games of 'Capture The Flag', not 'Camp on top of the enemies base stopping the game from going anywhere'.

I haven't seen much in the way of cheating on my servers, but there are definitely troublemakers out there. I can't wait for the next version with kickban support... Right now, it's quite tedious to kick, enter the address manually to net_banlist, lather, rinse, and repeat.

There's also the paranoia problem... people aren't sure how to tell the difference between a skilled player and an aimbotter.

I like my MG and my Nex, but if it comes to that, and there's no other way of preventing cheaters I'm quite willing to deal with a nexless world; I would ask that the rocket be tuned down in that case, since the Nex counterbalances it right now.

Ares wrote:... and there's no other way of preventing cheaters I'm quite willing to deal with a nexless world; I would ask that the rocket be tuned down in that case, since the Nex counterbalances it right now.

Aargh! No way! As far as i am concerned.

I have not seen anyone yet, who might be a cheater. But i dont play that often.

On the other hand, the amount of people who call someone else a cheater seems to increase. Most of the times i can ignore it, but sometimes it is quite annoying. In their opinion everyone must be a cheater, who is a lot better than they are. Weird!

That is definitely true... I can think of several times when n00bs have logged onto the server I was on and accused someone of aimbotting within... usually within several minutes. It's extremely annoying

Oh c'mon guys, don't start the whole cheat paranoia when there isn't the slightest evidence of someone ACTUALLY cheating... (or is there???)

As the old saying goes: demos or stfu!