Jump to content

Warden - The definitive anti-cheat system

Auntie Mangos

By Auntie Mangos
in OldCore modifications

 Share

Recommended Posts

slackware Member

slackware

Posted
Posted
at this moment warden can`t detect cheats, which use dynamic memory. But you can write reading of dynamic offset ;) add some value to it and read data from dynamic struct.

great, i dont know how... but its will be great :P

  • Replies 286
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Tassader2 Advanced Member

Tassader2

Posted
Posted
And what do you think MEM_CHECK is for? I'm not sure what you're definition of "modify the client" is, but if it's screwing with WoW's data I would most certainly call that modifying the client.

It may check only the code, not data (as data that are dynamic probably can't be digitally signed) - like run speed that's just a variable in memory, that may change every now and then.

But I don't know - that's why I was asking ;-)

Patman128 Advanced Member

Patman128

Posted
Posted
And what do you think MEM_CHECK is for? I'm not sure what you're definition of "modify the client" is, but if it's screwing with WoW's data I would most certainly call that modifying the client.

It may check only the code, not data (as data that are dynamic probably can't be digitally signed) - like run speed that's just a variable in memory, that may change every now and then.

But I don't know - that's why I was asking ;-)

Well, presumably since it's in the same memory space it should be able to check it. But it might have to change depending on what the data should be. So maybe there's more involved then just sending cheat checks.

  • 2 weeks later...
Sephiroth1983 Advanced Member

Sephiroth1983

Posted
Posted
Hi TOM_RUS, firstly BIG thanks for amazing work.

I am testing on local, and i have questions, my gm account continue been banned by warden without any third program...

Here examples of this bans

2011-06-29 06:09:31 RESULT PAGE_CHECK fail, CheckId 800 account Id 5

2011-06-29 06:36:40 RESULT PAGE_CHECK fail, CheckId 261 account Id 7

2011-06-29 06:36:40 RESULT PAGE_CHECK fail, CheckId 88 account Id 7

2011-06-29 06:36:42 RESULT PAGE_CHECK fail, CheckId 261 account Id 5

2011-06-29 15:45:56 RESULT PAGE_CHECK fail, CheckId 799 account Id 5

2011-06-29 15:56:00 RESULT PAGE_CHECK fail, CheckId 799 account Id 5

2011-06-29 16:17:59 RESULT PAGE_CHECK fail, CheckId 261 account Id 5

2011-06-29 18:53:57 RESULT PAGE_CHECK fail, CheckId 88 account Id 5

2011-06-30 00:48:43 RESULT PAGE_CHECK fail, CheckId 261 account Id 5

2011-06-30 03:19:02 RESULT PAGE_CHECK fail, CheckId 799 account Id 5

2011-06-30 03:53:15 RESULT PAGE_CHECK fail, CheckId 134 account Id 5

2011-06-30 04:36:18 RESULT PAGE_CHECK fail, CheckId 261 account Id 11

2011-06-30 17:12:57 RESULT PAGE_CHECK fail, CheckId 782 account Id 11

2011-06-30 17:58:36 RESULT PAGE_CHECK fail, CheckId 88 account Id 11

Thanks for any reply man

There are false positives indeed. A friend of mine told me warden is banning for having Ati Tray Tools opened, which only changes Anti Aliasing and other graphic stuff.

This quite screws up everything if not fixed. Checks that found Ati Tray Tools as cheat are page ckecks with id 88, 261 and 783 (with `address` = 174688 AND `length` = 37)

kerhng Member

kerhng

Posted
Posted 
INSERT INTO `warden_data_result` (`check`, `data`, `str`, `address`, `length`, `result`, `comment`) VALUES
(243, '', '', 5345728, 2, '558B', NULL);

For LUA Protected function usage client side (this is the most common address to modify for it)

Xfurry Advanced Member

Xfurry

Posted
Posted

Did anyone try this on Mangos one?

I backported the whole patch (Tomrus' version) but I can't connect to the server anymore. It gets stuck at "Connected".

Can anyone help me with this? Thanks.

leak Advanced Member

leak

Posted
Posted

On a server with a few hundred players there are some that exceed the maximum client response delay (90sec default) even though they still seem to be connected and their latency is fine. The number of people failing the max response delay is much bigger than those who fail actual checks, that seems a bit odd.

Anyone an idea what that is all about?

Tassader2 Advanced Member

Tassader2

Posted
Posted

There are some dupes in SQL data (TOM_RUS version)

SELECT MAX( id ) 
FROM`warden_data_result` 
GROUP BY address, length, data, result
HAVING count(*)>1
ORDER BY MAX( id )ASC; 

DELETE FROM `warden_data_result` WHERE id IN 
(385,450,473,476,477,482,483,484,488,497,554,569,617,626,652,655,667,694,747,758,763,765,791);

lillecarl Advanced Member

lillecarl

Posted
Posted
Why is wardend external and not a part of mangosd? Sucks to use wine imo.....

It needs to be able to run Windows binaries (Warden modules).

Heh, this has been in my head ever since you posted it... And i cannot understand how it must run the modules on the server? doesn't the server just throw them away to the clients and receive data? I mean i hardly think blizzard is running Windows servers for WoW, i mean they must have some kind of unix systems

Sorry for might being rude questioning you but it has been so bothering i have been thinking on it alot :S

- LilleCarl

tyrael Advanced Member

tyrael

Posted
Posted

I believe that the purpose of mangos and especially of this patch is not to standardize the server only for unix...but for all platforms!... And blizz use unix servers only for speed, safety, low resources.... addion to this they use like 2 servers for 1 realm... 1 is server with realmd in our case only with accounts... and the other one is the world...

lillecarl Advanced Member

lillecarl

Posted
Posted

That is false, the world is divided into instance servers, bg servers.. And i think each big map got its own server, anyways warden is only Windows atm so your answer did not clearify anything, i asked why warden were Windows only;) MaNGOS is built completly platform indepentent, so if warden is going into mangos main some time ut must be independent of platform(i apologise for my spelling, using my iphone atm)

Wojta Advanced Member

Wojta

Posted
Posted

Well, I guess blizz has source code of warden since its their creation, so they can compile it for whatever they like. And they do not need to load it, neo2003 is loading the modules because its the easiest way to get hash/crypted something - forgot what already, but tom_rus explained it here a few posts ago - i think blizz is doing it entirely different way.

lillecarl Advanced Member

lillecarl

Posted
Posted

But i do not understand, if the modules has to be run on the server, then their warden cannot be unix compiled, or its compiled platform independent or something, i see no reality in how you have to run windows modules on the server when only the client is windows and the server for sure is some kind of *nix platform i mean seriously? You must get my idea, the modules cannot be windows only if they are going to run on the blizz servers, and if blizzard aint running them on the server, then mangos wardend does not have to run them either, this problem must be solved to get warden into mangos/master

TOM_RUS Advanced Member

TOM_RUS

Posted
Posted

Blizzard don't have to run whole module on server, they only need single function to generate RC4 encryption seed's and they can compile this function for any platform they want...

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

Contact Us

To contact us click here
You can also email us at [email protected]

Privacy Policy | Terms & Conditions

Repositories

The Link to the master list
of MaNGOS repositories:
Copyright © getMaNGOS. All rights Reserved.

This website is in no way associated with or endorsed by Blizzard Entertainment®
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use