Announcement

Collapse
No announcement yet.

How To Conclusively Detect/Prevent Bots?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How To Conclusively Detect/Prevent Bots?

    There isn't a way to absolutely prevent bots on the client side. Someone can use some form of cheater Quake or, in less common cases, have a cheat running that alters game data.

    There are ways that could be done on the client-side to make botting virtually impossible, in conjunction with the server ... but it would involve frequently updating the client/server ...

    ... to make cracking the cheat a waste of time by a would-be hackers by forcing them to continually have to do it again and for less popular game, would probably be a waste of time.

    Additionally, the process the client and server use could add some extra onerousness to it to increase the time for someone to mess with it.

    This is assuming that anyone is going to waste time writing cheats for Quake.
    Well, right now the existing hardcore cheats work fine so it is hard to tell if anyone would bother to make updated cheats.

    Hard to say, but you can't assume they won't . If you are going to make an effort to solve the problem, this has to be factored in.

    Any bot prevention that would really work would have to be strong enough that it could publicly be discussed.

    Bot Detection Not Possible With Prediction; Fortunately NetQuake uses None

    Most games have various anti-lag methods in them that lead to predictive aiming, which means those games give more trust to the client to be telling the truth.

    As a result, the following ideas wouldn't apply to those games.

    But fortunately for us, it would apply to NetQuake.

    What makes bot aim detectable (I think)

    With Quake, you shoot where the crosshair is pointing. This is where you are looking. Bots can lie to the server about where the player is looking, but in order to fire, the coordinate has to be right when firing.

    It is my understanding that there are 3 types of bot aim ...

    1) Tracking - the crosshair follows a target. Weakness: For a bot to do tracking, the crosshair will be constantly adjusted. A human can't perform that type of lock. I think this type of thing should be detectable.

    2) Lock Upon Fire - when someone fires, the crosshair instantly locks on the player. Weakness: the crosshair skips from position A to B instantly.

    3) Transition - When someone goes to fire, it transitions a little to where the crosshair should be. Weakness: It needs to transition quickly and precisely for it to be of any use.
    Looking at the problem ...

    1. Bots suck with the rocket launcher, generally. The lightning gun is about 80% of the problem. Followed maybe by 10% of the problem being underwater fights where players are slowed and then what little of the rest exists ...

    ..being the boomstick or long-range rocket shots or rare situations where someone can make weird grenade shots. Of course, those are about non-existent but happen every once in a while.
    To be continued ...
    Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

    So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

  • #2
    Seems like the quake community is getting very paranoid. I mean most of us have been playing this game for 10+ years, don't you think this game becomes second nature for most of us?

    It seems like you guys worked so hard to get that wallhack prevention on the server, just to get disappointed and start accusing people of bots. I'd really like to see this list of people who are accused of hacking.. I bet I'm at the top?

    Once you start playing games for money, like counterstrike, you begin to perfect your game play, which eventually turns into bot-like play. You do the fastest route, the smartest movements, and the most efficient ways to kill the enemies., etc. If you watch some of the final tournaments of counterstrike and other games, you will see those players play like bots, but they're not using bots. Once you play a game so long you know what to do, but it's all about being aware of doing it.

    A perfect player would be a bot, bottom line. No emotion, just thoughts of what is the best way to do what you have to do. That's the truth of the matter.

    In my opinion, if you think someone is botting, check their movement. If they can shoot you like a bot, but suck at moving, then they cheat. Movement is 90% of the game. It's all about how to make your enemy move into the position you want them, then you fire. It's almost a psychological game just because you try to manipulate your enemy into your shots.

    If anyone has watched that discovery channel show called "Make me a genius" you would see that we are all programmed to be great at certain things. The girl on there grew up playing chess, and basically her brain was programmed to figure out the best possible chess moves. Like-wise people who grew up playing first person shooters, would obviously be programmed to be good at them and making the best decisions.

    In all reality, I think people who grew up playing games will have that second nature compared to people who didn't grow up playing games. Of course I'm talking about computers, and specifically First Person Shooters. As I grew up playing them and started playing them when I was around 5 or 6, and been ever since.

    I thought a lot about this because I found it very weird that people would accuse me of hacking. I never really thought about all this until Goblin started asking me non-stop questions about my game play, then I realized it's all about mastering the way you play. Discipline and confidence, in my opinion, are the two primary things for games. You can pick out the confident players easily. I told Goblin this, and I believe this, Once you strike fear into your opponent they will begin to doubt themselves, then it's easy to dominate them.

    Games are all psychological. If you think about it, if you get killed by someone multiple times and you try everything you can to kill them, but can't, don't you start to avoid contact with them, or try to be defensive and sneaky around them so you don't have to confront them?

    Majority of players have great aim and movement, but games are more then that. Some players can take it to the next level, and others can't.

    Anyways I'm deep thinking again, bottom line would be if you think someone is botting, watch their movement, if they move sloppy, but shoot perfect, then they are cheating.

    Comment


    • #3
      Originally posted by b4sy View Post
      Seems like the quake community is getting very paranoid. I mean most of us have been playing this game for 10+ years, don't you think this game becomes second nature for most of us?
      I don't think anyone is being paranoid.

      If a method to detect or prevent bots is successfully developed, then there will be a lot less complainers too!

      For instance, I *never* enjoyed playing DM3 in CA or DM until anti-wallhack. DM3 is the ultimate wallhack map and everyone knew that some people were cheating.

      Because of that, every weird corner shot was cause for suspicion.

      Antibot is the final pin in building integrity into the game. Antibot is perfect possible now, it is just that solving it improperly will just lead eventually (months down the road) to someone adapting cheats around it.
      Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

      So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

      Comment


      • #4
        Everything b4sy says stands except:

        -In FFA+CA+Teams there are many people making a f**kload of noise and it is not possible to keep track of who goes where all the time;

        -There are no items to pick up therefore you can not tell the position of players based onto sound unless they RJ, make the "ooomph" sound by falling onto steps and water noise.

        What he says mostly goes for DM where you can focus onto 1 person. 4 - opposing players running around it is virtually impossible to keep track of them all.

        The best way to kill any cheating is to check software for unauthorized assists.

        There is no way to do this unless the server does a checksum of each clients' files and does not allow as legitimate to play anything that fails this check, excepting all other than OFFICIAL approved downloads.

        This is nearing the point as far as my technical knowledge takes me. Beyond this point, I am certain others more technically inclined, can take it from here based onto this concept, for actual realization and implementation.

        Comment


        • #5
          Carmack wrote a bit about the checksumming problem shortly after the original source release. Bottom line is that it won't really work: Quake as an open source program will let a determined cheater modify the engine to send the expected checksum. An alternative proposal was to use a closed source launcher to do the checksum part, but that can be broken by hacking the data transmission to send the expected checksum.

          I think it's a losing battle really. If someone's determined enough to cheat, they will probably always find a way (I can think of at least one way to defeat anti-wallhack code right off the top of my head without even trying), and you can go round in circles closing each loophole only to find another one being opened. Unless you run in a completely isolated sandbox environment that's totally under the control of the server at every layer of the protocol and application stacks, it's hard to see a definitive solution. One of those situations where getting 90% there is the best you can hope for.
          IT LIVES! http://directq.blogspot.com/

          Comment


          • #6
            Originally posted by mhquake View Post
            Carmack wrote a bit about the checksumming problem shortly after the original source release. Bottom line is that it won't really work: Quake as an open source program will let a determined cheater modify the engine to send the expected checksum.
            ProQuake's cheat-free mode uses a digital signature to authenticate a client as real. For instance, someone can't compile their own ProQuake and have it work on a cheat-free server (it will run on a non-cheat-free server).

            So I don't worry about cheater clients very much. Cheating with ProQuake cheat-free always involves some external cheat.

            I think it's a losing battle really. If someone's determined enough to cheat, they will probably always find a way (I can think of at least one way to defeat anti-wallhack code right off the top of my head without even trying)
            How?
            Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

            So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

            Comment


            • #7
              If not completely eliminating is not possible, although maybe it can - I do not know as I am not that techy advanced - reducing it considerably is better than nothing!

              Also realize that someone has to be making these cheats. That takes time and determination and they have to be good at it. Frankly why would anybody bother to crack a 12 year old game played online? Most play the newer games where they already have well established anti-cheating systems, see Valve's VAC and PunkBuster.

              Most cheaters are not all die hard hackers and programmers, they just do a Internet search for easily, accessible cheats and they mostly come up with nothing and if they do find something it is outdated and will not work.

              I say we are really close to eliminate cheating. We are just not a big corporation to have the brain and resources to put together a good anti-cheating systems as some of the newer games posses.

              We have to make do with who and what we have.

              Comment


              • #8
                About the crc flaw, ProQuake encrypts the crc with a random seed.
                if (seed+model->crc) != (seed+client->model->crc) false
                it also does this for clc_move packets...
                www.quakeone.com/qrack | www.quakeone.com/cax| http://en.twitch.tv/sputnikutah

                Comment


                • #9
                  Ooh!! Ooh!! Drop that sexy techy knowledge boiii!

                  Ima take that seed and grow me a nice flower with it. HeHeHe!!

                  Comment


                  • #10
                    Originally posted by b4sy View Post
                    Seems like the quake community is getting very paranoid. I mean most of us have been playing this game for 10+ years, don't you think this game becomes second nature for most of us?

                    It seems like you guys worked so hard to get that wallhack prevention on the server, just to get disappointed and start accusing people of bots. I'd really like to see this list of people who are accused of hacking.. I bet I'm at the top?

                    Once you start playing games for money, like counterstrike, you begin to perfect your game play, which eventually turns into bot-like play. You do the fastest route, the smartest movements, and the most efficient ways to kill the enemies., etc. If you watch some of the final tournaments of counterstrike and other games, you will see those players play like bots, but they're not using bots. Once you play a game so long you know what to do, but it's all about being aware of doing it.

                    A perfect player would be a bot, bottom line. No emotion, just thoughts of what is the best way to do what you have to do. That's the truth of the matter.

                    In my opinion, if you think someone is botting, check their movement. If they can shoot you like a bot, but suck at moving, then they cheat. Movement is 90% of the game. It's all about how to make your enemy move into the position you want them, then you fire. It's almost a psychological game just because you try to manipulate your enemy into your shots.

                    If anyone has watched that discovery channel show called "Make me a genius" you would see that we are all programmed to be great at certain things. The girl on there grew up playing chess, and basically her brain was programmed to figure out the best possible chess moves. Like-wise people who grew up playing first person shooters, would obviously be programmed to be good at them and making the best decisions.

                    In all reality, I think people who grew up playing games will have that second nature compared to people who didn't grow up playing games. Of course I'm talking about computers, and specifically First Person Shooters. As I grew up playing them and started playing them when I was around 5 or 6, and been ever since.

                    I thought a lot about this because I found it very weird that people would accuse me of hacking. I never really thought about all this until Goblin started asking me non-stop questions about my game play, then I realized it's all about mastering the way you play. Discipline and confidence, in my opinion, are the two primary things for games. You can pick out the confident players easily. I told Goblin this, and I believe this, Once you strike fear into your opponent they will begin to doubt themselves, then it's easy to dominate them.

                    Games are all psychological. If you think about it, if you get killed by someone multiple times and you try everything you can to kill them, but can't, don't you start to avoid contact with them, or try to be defensive and sneaky around them so you don't have to confront them?

                    Majority of players have great aim and movement, but games are more then that. Some players can take it to the next level, and others can't.

                    Anyways I'm deep thinking again, bottom line would be if you think someone is botting, watch their movement, if they move sloppy, but shoot perfect, then they are cheating.
                    YOU ARE SUCH A FUCKING SCUMBAG. SINCE WHEN CAN YOU CONTRIBUTE ANYTHING TO AN ANTI-CHEAT DISCUSSION? GET THE FUCK OUT OF QUAKE, YOU HAVE BEEN CHEATING FOR 6+ YEARS AND VERY OPEN ABOUT IT AND NOW SUDDENLY YOU PUT ON A FACADE OF INNOCENCE AND MASQUERADE AS A REAL PLAYER?

                    FUCK OFF KID.

                    Comment


                    • #11
                      Originally posted by R00k View Post
                      About the crc flaw, ProQuake encrypts the crc with a random seed.
                      if (seed+model->crc) != (seed+client->model->crc) false
                      it also does this for clc_move packets...
                      Problem with CRC though is that it's rather prone to collisions, so it's really only suitable for short bursts of data (like the move packets). Try CRC'ing your textures and see how many of them come up with the same checksum. An n-bit CRC only guarantees accurate detection of a modified consecutive n bits of data. Anything longer and the reliability drops off. http://en.wikipedia.org/wiki/Cyclic_...s._correctness

                      As for anti-wallhack, who said that the server should be the only part of Quake that keeps track of entities? A modified client could do a reasonable job with 50% to 75% accuracy in many cases, which would be more than enough to give a leg-up to a cheater, but still apparently random enough to other players to disguise it.

                      That wouldn't work on ProQuake, but other servers would have the vulnerability.
                      IT LIVES! http://directq.blogspot.com/

                      Comment


                      • #12
                        I love how this thread evolved! Keep thinking onto it O, you geniuses! The solution WILL come!

                        Comment


                        • #13
                          Originally posted by mhquake View Post
                          Problem with CRC though is that it's rather prone to collisions, so it's really only suitable for short bursts of data (like the move packets). Try CRC'ing your textures and see how many of them come up with the same checksum. An n-bit CRC only guarantees accurate detection of a modified consecutive n bits of data. Anything longer and the reliability drops off. http://en.wikipedia.org/wiki/Cyclic_...s._correctness
                          Would a more useful checksum be fast enough, though? Given how long it takes to md5 a 700MB .iso cmbined with the number of times it would have to be done, I can forsee at least a 20% increase in cpu usage. Potentially much higher...

                          As for anti-wallhack, who said that the server should be the only part of Quake that keeps track of entities? A modified client could do a reasonable job with 50% to 75% accuracy in many cases, which would be more than enough to give a leg-up to a cheater, but still apparently random enough to other players to disguise it.

                          That wouldn't work on ProQuake, but other servers would have the vulnerability.
                          You're forgetting that ProQuake's cheat-free is unreliable at best. It has been demonstrated at least once that it's possible to make a client appear to be clean if it knows the correct song to whistle...
                          16:03:04 <gb> when I put in a sng, I think I might need nails
                          16:03:30 <gb> the fact that only playtesting tells me that probably means that my mind is a sieve

                          Comment


                          • #14
                            Originally posted by Lardarse View Post
                            You're forgetting that ProQuake's cheat-free is unreliable at best. It has been demonstrated at least once that it's possible to make a client appear to be clean if it knows the correct song to whistle...
                            As LordHavoc demonstrated, on Linux someone really smart, knowledgeable and intuitive can penetrate it. It took LordHavoc only like 20 minutes to defeat.

                            ProQuake did 3 or 4 things very "right" in the way of security. Due to the opengl32.dll cheats, it ultimately proved to be inadequate.

                            I don't hold out any hope that any Quake can ever be made totally secure on Linux, not just due to LordHavoc but from things that say, Bigfoot, has conveyed. I'm sure that on Windows, given enough time someone could crack it.

                            There will always be a role for administrators.
                            Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

                            So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

                            Comment


                            • #15
                              Speaking of Administrators HMM. Baker, someone stole my shit.
                              Want to get into playing Quake again? Click here for the Multiplayer-Startup kit! laissez bon temps rouler!

                              Comment

                              Working...
                              X