WPE Pro Anticheat

[Mistr22]

Hi,is any chance to create anticheat for WPE pro? Many ppl using it

THANK you

[Patman128]

Hi,is any chance to create anticheat for WPE pro? Many ppl using it

THANK you

You can't detect WPE Pro. You need to figure out how the cheat works and add a security check.

Goodbye.

[SkyRanger]

Is there ANY anticheat-patch available for Mangos ?

I have Mangos 0.16.0 rev. 9766

[Patman128]

Is there ANY anticheat-patch available for Mangos ?

I have Mangos 0.16.0 rev. 9766

Yes. Look in the Core Mods section.

[TOM_RUS]

WPE pro can be easily detected with warden (since it uses dll injection), but warden isn't supported because of some reasons...

[The_Game_Master]

Hey TOM, how about creating a separate anti-cheat process similar with warden but totaly independent? It dosen't necesarly need to use client included warden, i think a custom luncher could do the job as well.

[freghar]

Hey TOM, how about creating a separate anti-cheat process similar with warden but totaly independent? It dosen't necesarly need to use client included warden, i think a custom luncher could do the job as well.

What's the point? If it's client-side, you can't enforce it's usage. There are _always_ ways to bypass it. Even if it uses some sort of asymmetric cipher to "sign" packets sent to a server, it can still be fooled. Even if you "overhack" client's OS (as StarForce protection does) by running the OS kernel under your control, it can still be broken. Using virtualization, firewire interface (direct memory access) - ie. halting CPU for a few microseconds and modifying it's registers / RAM.

It isn't just warden, other games have ie. punkbuster that does something similar. There's technically no way to prevent cheating in multiplayer games unless you're controlling everything server-side. That includes movement calculations, weapon firing, player interaction, and so on. It can be reasonably managed for 32-64 players (ie. battlefield-like games), but there's no chance for games like WoW .. except using some kind of trojan on the client (warden).

[Patman128]

What's the point? If it's client-side, you can't enforce it's usage. There are _always_ ways to bypass it. Even if it uses some sort of asymmetric cipher to "sign" packets sent to a server, it can still be fooled. Even if you "overhack" client's OS (as StarForce protection does) by running the OS kernel under your control, it can still be broken. Using virtualization, firewire interface (direct memory access) - ie. halting CPU for a few microseconds and modifying it's registers / RAM.

It isn't just warden, other games have ie. punkbuster that does something similar. There's technically no way to prevent cheating in multiplayer games unless you're controlling everything server-side. That includes movement calculations, weapon firing, player interaction, and so on. It can be reasonably managed for 32-64 players (ie. battlefield-like games), but there's no chance for games like WoW .. except using some kind of trojan on the client (warden).

Couldn't you log each of Warden's queries and responses and make it return the OK signal even if you are using hacks, similar to AC2's crack?

[freghar]

Couldn't you log each of Warden's queries and responses and make it return the OK signal even if you are using hacks, similar to AC2's crack?

I've never used the "fake server" for AC2, so I don't know any details other than it's been already broken down to a "normal" crack level recently, ie. no fake server needed, you can google out the details.

Back on topic - no. Imagine a client-side "warden" using some kind of PGP-encrypted/signed messages. You can't modify the message without breaking the signature. This means there's no way around without either breaking the (say, 4096-bit) encryption key or modifying the client (making your own using extracted key(s) and mimic the "valid" one, ... directly modify the client's memory, making it skip the "hack check" and so on).

There's (currently) no known effective open-source way of ensuring client-level security. As said earlier - warden builds it's success on closed source. There's actually nice analogy saying "my computer = my fortress", which seems to be true.

The safest solution for "remote" multiplayer would be to host a terminal server and allow only remote desktop logins directly into the game.

PS: To complete my explanation - you can't (in most cases) even replay the client's reply, since it can use things like timestamps encoded within it's message (like SPA auth does), randomly generated parts (see WPA/WPA2 authentication) and so on.