Hi!
I've been hearing things about some people hack games just to make things either "more comfortable" or just simply because they are evil or something.
Anyway, I'd just like to ask a question, and I hope this will help other online server admins (ReT). When they hack a game, will the game file change size? In which case, when a game joins a server, something in the server could look at the game file's size and if it doesn't match the standard, deny his connection.
So, is my guess a correct one? Will the game file (or any of the important files) change size if hacked?

/Edward

Cheating when playing by yourself is one thing, but cheating when playing with others is really not very nice...

you planing to hack some ames ay.


j/k

No... I'm just having thoughts on making a game and protecting the main online server from rude hackers. So if the file size is different when hacked, I know how to protect the "commoners".

this would work if people didnt use custom maps etc.

The file size could change. But it's also easy enough to fake file sizes. Especially if you're dealing with text files. You can just pad out the extra space with spaces. With any other type of file you can pad out the extra space with a hex editor and just add a bunch of 00s to the end of the file.

One of the better methods is to create an MD5Sum of each file. Then send this list to the server (or for faster connection times, just MD5Sum that list also, and send that along instead), and have the server compare it to its own MD5Sums.

There are some possibilities for hacking this, however. You can hack the game engine itself to spoof the MD5Sum generated to an MD5 that is correct.

But there are methods of stopping this also, but that could make for a long rant, so I'll stop here

Right... That would be a problem...
Scan the program? Looking for these 00s at the end, or?
Copy over the file(s) and if the size (as such) doesn't match...? I've downloaded a file where the "header" told the browser that it was this big, but when it was almost complete there was some alert saying that the sizes didn't match, or something silly like that. I don't know, maybe?

checksum.

Yeah checksums are way more reliable and harder to fake than just file size checks.

It's a shame that in games such as JK we have so many people focused on creating hacks and hardly anyone actually focusing on thwarting them. Creating hacks isn't necessarily a bad thing, but it would be nice to see these people putting more effort into making the game more fun, instead of providing a method to ruin games for the rest of us. As if JK doesn't have enough problems without people hacking games...

Well the thing is, hacks are very fun to use during games that allow them. It was really fun to go into JK games that allowed builder cogs.

It's the ones that exploit them and feel the need to use them to ruin others' fun.

Edward, cheating protection varies greatly from game to game. Jedi Knight is an oddball, in that it's runtime compiling of COGs was very easy and powerful in what it'd let a eprson do. Most games require modifications to the rendering engine via a DLL wrapper or direct manipulation of active memory.

In the case of Counter-Strike, anti-cheating is at it's peak. They scan your hard drive, active memory, have catches in the active memory to try and watch for changes. They scan your setting variables. I know cheating is still rampant, but it also has the most powerful, and invasive anti-cheating.

PlanetSide (an MMOFPS) use dynamic memory allocation (or something like that) to keep the memory offsets for specific things in game shuffled around. While this doesn't prevent all cheating, it helps. Walking through closed doors and moving a little faster than normal are about the only cheats that still occur, and they're not even common.

For Jedi Knight, the server doesn't get all those access privileges. The best way you're going to counter cheating is by making checksum passing COGs that counteract the bad guy's or have level based COGs crafted very specifically so that a knowledgeable cheater couldn't thwart.

On top of all of this, after detecting that someone is cheating, you'd need a method to either kick them from within the COG, or hold them somewhere where they can't cause trouble 'til the host can kick them.

I've been contemplating this type of thing for years. Skill messages requesting client side only data, where if the user doesn't reply within a set amount of time, or reply with an invalid value (indicative of a cheat), they're jailed and an unsync'd client-side jkEndLevel() is attempted to be sent to them. There'd be a lot of work and testing involved, and there'd likely still be many ways around whatever cheat detecting you come up with.

QM

I am far from a JK expert, but how about an external check system. The idea would be to have a server side application that ties into a firewall or IP-filter, and a client side launcher/background task. The Server side application would run in the background on the host machine, and prevent all players from non-authorized IP addresses from connecting to the ports used by the game.

If someone did want to join the game, they would use the client side launcher, which would start by checking over all game files to make sure they match a pre-determined server approved configuration, once the client has been cleared by the launcher, it communicates with the Server side app, who then opens up that IP address to join the game. The client side launcher then starts up the game and continues to run in the background to make sure that only one instance of the game is running on the computer, and that the game files have not been modified since launch. If at any time the client side launcher detects changes in the game files, it communicates back to the server app, and the IP address is again blocked.

This is not a 100% watertight method, but it does make hacking a significantly more difficult, and it also can be used to log IP’s and user names to compile a permanent blacklist.

Unfortunately, I don’t have near enough skill to even approach writing such an application, but its still an idea.

"Look guys, my rail detonator shoots Force Destruction projectiles at twice the rate of a Stormtrooper Rifle! My penis is huge!"

The problem with anti-cheat programs or anti-cheat in general is that the client is the one who is hacking, and his side can always spoof the server and trick it into thinking it's clean. It requires significant hacking of binaries on the client end (in modern games that is), and dynamic memory allocation and shifting prevent direct manipulation, but it can always happen. It's EASY to encrypt and secure data between two parties since both parties are trying to keep it secure. When you're trying to prevent the client from hacking, it's a lot more difficult.

Alright let me clearify this for everyone, read this carefully.

"Hacking" in Jedi Knight consists of modified cogs that pass checksum. Basically, you can have any number of modified cogs, which could be anything, including hacks, which would basically be cogs modified to do damaging things to other players or w/e.

Making checksum passing cogs is just 2 factors.

1) Object Count
2) Avoiding Untouchable Lines and Areas

The only thing I need to prevent hackers from messing around on the server is a program that matches IP's to players.

Cmon guys, go bug Zeq about it! j/k lol

But does that make sense? Simple IP banning is far simpler than any of the above suggested methods.

ReT

What West Wind suggested is essentially what PunkBuster is/was for Counter-Strike. It does work initially, but doesn't take too much effort to defeat. My biggest gripe against it is the invasion of privacy second only to the "grr, another stupid program running, slowing down my computer so my framerate is worse and my gameplay suffers" problem.

I've never liked IP banning, because users who can change their IP will get around it, and then if some innocent person winds up with a previously banned IP, they're hosed. I know this is less of a problem now that high speed internet and static IPs are more common.

The way you're planning to manage it ReT should keep the problems at a minimum. I commend the effort you've put into your JK server.

QM

QM, who would put the effort to hack the JK game? moneyobie, who was the coger of the JKDS, admits to being the hacker. You can tell because he/she/it uses the same cogs over and over (turns you into one of those red fish...what are they called....Drugons)

Basically what I'm saying is anything can be hacked. Nothing is security proof. But things are hacked if people put effort into it. And who would put effort into bypassing a JK game?

I personally like ReT's IP matcher program idea. IP banning would work, but ReT and his friend is barley on the game ATM. Unless they keep IP logs...then he could ban them.

At least until quatum computing takes off.

There needs to be some kind of interface, so they can be hacked.

I just hope that my friends and I don't get banned just because alot of people think we're cheating. Someone needs to explain that the 'grunt' isn't the hit sound, but that it's the 'screach'. <-- Whoops, I just did.

P.S. Please don't ban me, I am no hacker!

Seriously. It takes a bit to understand that distinction, especially if you lag a lot, but they are different things.

The largest problem with IP bans is how do you make an IP ban in JK?

JK doesn't exactly have much in the way of networking.

About the only conceivable way I can see this working is this:

Person joins using a URL. (NOT an IP)

Server catches hacker. Using IP logs (maybe from netstat?), he grabs the user's IP.

Server submits IP to the URL redirector. URL redirector bans IP from his webserver, effectively stopping the redirection from occuring, and keeping the person locked out of the server.

Software Firewall. Block connections incoming from a certain IP.

The trickiest part is matching up user IP to in-game name.

QM

Many people "hack" in games because they are bored with the game and want to piss people off, which makes it somewhat entertaining.

"Hacking" was alot of fun.

Especially before JK kicker helper came along, and you could ascii up an impossible name to kick.

Eat Force Destruction repeater!

Some people had some downright clever "hacks."

Like ones that'd make it rain exploding stormies, or flip you on the side.

All sorts of awesome stuff.

Yeah like fade, and freeze-fade. Basically crashing the game.


Friggin dumba-dumba.

Those were dumbness.

I prefered the ones that'd like... send someone up, and have them not come down.. or make them spin uncontrollably.

Which are equally as moronic.
Well, I guess hacks are only as dumb as the people that use them. Which.. you know, since you use them, worsen hack's reputation.

And people like you are the reason they're fun to begin with.

And there again too, If JK's gameplay offered more than KILL KILL KILL CONCUSSION RIFLE LOL it might be a little more fun.

Although one could propose that there is such a thing as tasteful JK "hacks," anything that gave you an overwhelming advantage, or was meant to terrorize a game is just trashy.

A grappling hook instead of blinding, tiny dashes instead of speed; they could be set up within reason and without blowing gameplay balance out the window. But slamming someone against the sky, pumping their suicide count through the roof, and giving them seizures is only fun if you're the lowest common denominator.

Just like PvP in MMORPGs, JK "hacking" is only fun if it's consensual.

QM

P.S. - Notice the quotation marks. I wish there was a better word for what's going on. "Cogging" is horrible because it reflects poorly on the COG artists who make mods and levels work. "Hacking" is incorrect because you're neither gaining unauthorized remote access to another computer nor modifying active memory after the program's been executed. "Cheating" to me has always meant cheating within the confines of the game (i.e. god mode cheat code, all guns cheat code, etc.). JK and passing the checksum certainly was a special circumstance.

I suppose I've always generalized it as hackers myself. Or "hax" hehe.

ReT

I try to refrain from calling most of them hackers as it tends to be too complimentary. I mean, if the general cheaters just download their cheats then they're really not worthy of a title that suggests they made them.

I'd have to agree with QM on this. If you take pleasure in ruining the enjoyment that games bring to many, there's obviously something wrong upstairs. When I come home from a hard day at work and sit down to play JK, the last thing I really desire is for some idiot to ruin my fun. Essentially what you're really doing is ruining the little leisure time that many of us have. You'd also be ruining the competitive spirit of such games, but we won't go into that.

Anyone who believes this to be true regarding JK is simply misinformed. Come join the server and I guarantee you that I can take you out with my Lightsaber or a weaker weapon, regardless of you having the Concussion Rifle. Despire the belief of many, JK was a relatively well-balanced game once you really learned lag-prediction and useful gun tactics. NF CTF, to this day, offers some of the most complex and exciting gameplay out there.

While I've often used the term "hackers" to describe these people as well, I would have to agree. There should be a derogatory name that we use...something that doesn't just feed their little egos.

Actually, I think it's absolutely hilarious when I get ganked in WoW. Dunno why.

Like one time, I was playing with a priest friend of mine, got killed by a wolf or something in Ashenvale. She went to res me, and not two seconds after she ressed me, she got backstabbed by a rogue and died. Naturally, I ran the other direction and hid, crept out to res her, and was prompty ganked myself. It was hilarious.

---------

As far as JK hacking goes, though, I hate it. I can't start to count the number of times someone crashed my game or just flat out messed up a perfectly good duel. IE, flooding rooms in MotS, changing weapons, taking all my weapons, etc.

Sucked.

I loved creating a huge fort at the Starport in MotS with the boxes MotS had...that was great

Gah Charoziak, if that happened to me in EQ I'd log out and not play for like a week! I can respect that you thought it was funny, but blech, I personally couldn't stand it if that sort of thing was even a possibility.

I was never a big fan of "build COGs" in JK, but I did think they were one of the most constructive (no pun intended) things checksum passers did. There was one time in Valley of the Jedi Tower where these two guys built a very complex set of walkways, and built perfectly formed (very symmetrical with no real holes) buildings up in the sky. I think they had 2 streets and 6 buildings before they hit the thing limit.

QM

I liked that one hack that made two parallel, vertically aligned rail det shots fire from the nearby person. Or any other hack that made it look like other people were hacking. I also liked morphing into a door and then deleting the door and standing in its place. Then you could shoot someone when they came up close, hahaha.

Although one of my all time favorites was morphing into a TIE-Bomber and using a fly hack in the Valley of the Jedi Tower. I believe the proton bomb template is included in the JKLs, so you could fire proton bombs if you wanted to as well.

I also liked changing character skins to level textures.. That was fun.