Status update on Warden Anti-Cheat needed

As of the moment we are going by the console version of Warden - [url]https://github.com/mangoszero/server/tree/Rel19Warden[/url] First off this needs testing as i barely have any time to do so. If i can get some testers to report back information and logs i could possibly began looking into it a bit more.

I could help you with testing.

That would be excellent if you could! I need to know if it actually works or not.. just compile it like normal and install what ever is needed and report back how its all running with screen shots and what not ;)

Is there nothing else needed? No different SQL table, no warden.conf or something like that?
Because it first looks like a normal Rel20 release. Please help me how to configure this :)

As the config file says this seems only to work on windows hosts. I can't test it then.

Yeah, Warden will most likely not be getting a port over to unix for awhile, unless some one wants to step up and do that.. but there is a lot of work to do with it still regarding modules to get it to actually read signatures on the 1.12 client. On top of that there is not a hole lot of signatures available.. a few memory and dll modules are available (Like teleport, infinite jumping and like 10 more)

However if we where able to actually get warden fully working (If that ever happens) i would spend a lot of my time and research into implementing hundreds (Possibly thousands) of static malware, viruses, keyloggers and rogue drivers and ect. But warden needs to be fully working before that happens ;)

Then I can't test it on my live server because I'm not running windows :(

Or would it be possible to only run wardend on a windows machine and the rest stays on linux?

In theory, you should be able to by setting the bind ip.. but that's never been tested and last time i checked it did not compile on unix. If you did by chance fix the compile errors and get the world and auth them self to run under unix and had the daemon under windows, users could experience lag, modules not being sent on time (Results with a kick after 10 minutes due to module failure) or everything could just explode.

That does not sound like something I wanna do then. Don't want my machines to explode! :D
Maybe someone else is using Windows as a host and could test this. I could assist that guy if his server is puplic with joining and cheating a lot and see if something happens. :)

I would appreciate everyone trying the Develop21 branch of Zero and report back on any Warden issues found

Now in Zero warden, the main problem is that the (client) signatures are present for 5875 version, and some of these will fail for 6005 version. At least, it is the 634 check. Until multi-client support implemented, the check is better to be removed. The question is, should we do it globally in develop21 branch; I suggest no.

We do have the address/info for 634 for 6005 and what ever the other one was.. But we need to figure out how to implement multi version support.

Since the server knows the version of the connected client, one possible solution is to extend the db table to include the target client version.

Then when it performs it's checks, it can skip the ones not for the current client.

That sounds reasonable and simple.

Does how ever make me want to cry a tad bit because now i have to go through the 50+ signatures to apply to other versions lol

Debugging all of that is going to be a GINORMOUS PITA

This is not really a feasible option as we want the implementation to be dynamic between different expansions. Hardcoding client versions is the exact thing we want to prevent. We should figure out a dynamic way to handle the client version differences instead.

ok, my impression was that some signatures had offsets unique to each version of the client - in which case having a client version associated with those checks in the db seems the logical place to have them.

That way the implementation would remain the same with just the db entries changing

Yeah, Usually the offset is different for each patch.. But some times they stay the same.. usually the length and result change though.