Jump to content

WPE Pro Anticheat


Guest Mistr22

Recommended Posts

  • 1 month later...
Hey TOM, how about creating a separate anti-cheat process similar with warden but totaly independent? It dosen't necesarly need to use client included warden, i think a custom luncher could do the job as well.

What's the point? If it's client-side, you can't enforce it's usage. There are _always_ ways to bypass it. Even if it uses some sort of asymmetric cipher to "sign" packets sent to a server, it can still be fooled. Even if you "overhack" client's OS (as StarForce protection does) by running the OS kernel under your control, it can still be broken. Using virtualization, firewire interface (direct memory access) - ie. halting CPU for a few microseconds and modifying it's registers / RAM.

It isn't just warden, other games have ie. punkbuster that does something similar. There's technically no way to prevent cheating in multiplayer games unless you're controlling everything server-side. That includes movement calculations, weapon firing, player interaction, and so on. It can be reasonably managed for 32-64 players (ie. battlefield-like games), but there's no chance for games like WoW .. except using some kind of trojan on the client (warden).

Link to comment
Share on other sites

What's the point? If it's client-side, you can't enforce it's usage. There are _always_ ways to bypass it. Even if it uses some sort of asymmetric cipher to "sign" packets sent to a server, it can still be fooled. Even if you "overhack" client's OS (as StarForce protection does) by running the OS kernel under your control, it can still be broken. Using virtualization, firewire interface (direct memory access) - ie. halting CPU for a few microseconds and modifying it's registers / RAM.

It isn't just warden, other games have ie. punkbuster that does something similar. There's technically no way to prevent cheating in multiplayer games unless you're controlling everything server-side. That includes movement calculations, weapon firing, player interaction, and so on. It can be reasonably managed for 32-64 players (ie. battlefield-like games), but there's no chance for games like WoW .. except using some kind of trojan on the client (warden).

Couldn't you log each of Warden's queries and responses and make it return the OK signal even if you are using hacks, similar to AC2's crack?

Link to comment
Share on other sites

Couldn't you log each of Warden's queries and responses and make it return the OK signal even if you are using hacks, similar to AC2's crack?

I've never used the "fake server" for AC2, so I don't know any details other than it's been already broken down to a "normal" crack level recently, ie. no fake server needed, you can google out the details.

Back on topic - no. Imagine a client-side "warden" using some kind of PGP-encrypted/signed messages. You can't modify the message without breaking the signature. This means there's no way around without either breaking the (say, 4096-bit) encryption key or modifying the client (making your own using extracted key(s) and mimic the "valid" one, ... directly modify the client's memory, making it skip the "hack check" and so on).

There's (currently) no known effective open-source way of ensuring client-level security. As said earlier - warden builds it's success on closed source. There's actually nice analogy saying "my computer = my fortress", which seems to be true.

The safest solution for "remote" multiplayer would be to host a terminal server and allow only remote desktop logins directly into the game.

PS: To complete my explanation - you can't (in most cases) even replay the client's reply, since it can use things like timestamps encoded within it's message (like SPA auth does), randomly generated parts (see WPA/WPA2 authentication) and so on.

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use