Hacking, Cheating and NS2 Anti-cheat
elodea
Editlodea Join Date: 2009-06-20 Member: 67877Members, Reinforced - Shadow
Editlodea Join Date: 2009-06-20 Member: 67877Members, Reinforced - Shadow
*Important note:
This thread is about spreading awareness of the numerous flaws in UWE's poor anti cheat system in order to motivate UWE recognition of it as an underplayed issue. This thread is NOT about accusing players, it is NOT about providing links to actual hacks or how to hack, nor is it about the current incidence of hacking. Suspecting a hacker is one thing, providing solid evidence and preventing hacks is another.
========
I think its due time to point out the many holes in UWE's system of anti cheat and why i believe fixing them should not be the very low priority that it currently is. There is currently a substantial absence of properly functioning tools available to ensure fairplay, and this isn't exactly new information for many either. Words of assurance tend to mean nothing if issues continue to remain unaddressed for as long as they have been. I believe it is important to have solid anti-cheat foundations in place to support the integrity and growth of the community at large, and it is asking far too much of tournament organizers and server operators to either come up with their own comprehensive anti-cheat systems or accept that cheating is going to occur with nothing they can do about it.
Definitions
In order to stem any kind of useless back and forth discussion about what is or isn't hacking or cheating, here are your definitions.
Hacking
Any third party modification to vanilla ns2 that is designed to give one player an advantage over another player who is not running that same modification. This includes workshop mods
Cheating
Use of any hack that is not within the contextual ruleset of play
The goal is not necessarily to combat hacking, but to combat cheating, although more often than not the two are the same thing.
Types of hacking
a) an injection. e.g. wallhack or aimbot
b) macros and scripts. e.g. pistol script
c) texture modifications. e.g. pink skulks
d) Lag hacks
Types of anti cheat
a) demo system
b) 1st person spec
c) consistency checking
d) Random screenshots (this one is probably best implemented as a community mod).
Simple table asking whether an anti-cheat system can provide evidence or prevent use of a hack, although sometimes with a large error margin. 'Ideally' indicates a severe shortcoming in NS2's implementation. Table does not address feasibility issues.
Why currently implemented anti-cheat is ineffective
a) Demo system
NS2's demo system has many limitations, and although it is effective at providing evidence, it's use as an anti-cheat tool is unreasonably prohibitive due to how buggy and time consuming it is.
1. Playback speed depends on the fps of the watcher relative to the original recorder. For perfect 1:1 time sync, the demo watcher must somehow match his/her fps to the fps of the recording player perfectly. Any fps variation causes game speed in the demo to play back slower or faster than normal. Besides the problem of simple accessibility, what this means is enforcement of pistol scripts through observation of pistol timing is unfeasible.
2. A bunch of ease of use issues that make demo recording frustrating enough to warrant even thinking about whether ensuring fairplay is worth the frustration.
- No skip, rewind, forward, or fast-forward. 2 hour long demos, with alleged incidents occuring 1 hour in literally mean you have to leave the demo playing for about an one hour. And if you miss it while afking, tough luck. Even if an event you need to watch is very early on in the game, you have to sit through the loading screen. Also, if the server has opted to use more extensive consistency checks, you will still have to wait through the 5 minutes of 'waiting for server...'. See consistency checking 1.
- Alt-tabbing out of game will cause demo recording to stop, and the only way to start recording again is to do so before joining a server. *edit* will need to confirm this. Admittedly second hand information.
b) 1st person spec
NS2's first person spec is just barely functional enough to allow the gathering of evidence via demo recording or fraps
1. It is most usually unrepresentative of what the player is actually seeing on his screen or performing. So while it is possible to provide evidence of wallhack, aimbot, pistol scripts and lag hacks, there is a significant error margin which has to be manually corrected.
- Sounds play twice, which may give false positives for pistol scripts.
- Animations and mouse movements are much too frequently out of sync with actual player actions and sometimes skip or repeat. This can make it hard to differentiate between natural lag and lag hacks.
- Player model positions are not accurate, which makes it very hard to detect smart wallhacking as the timings are off.
- ALL minimap dots are visible regardless of whether they are actually in LOS or visible, also causing problems in detecting wallhacking.
c) Consistency checks
ns2 consistency checks are quite frankly a joke. They are easily bypassed, and incur huge loading times.
1. Incurs huge server loading/compilation time. Literally 3-5 minutes depending on how many additional checks you add to consistencycheck.json, which any sane server owner tends to do upon seeing how insufficient and lax the default checks are. The interesting part is that it never used to get stuck on 'waiting for server' for so long and worked perfectly fine for what it was trying to do. It's bordering on ridiculous that players who wish to ensure the bare minimum integrity of play have to suffer such long loading times.
2. They are easily bypassed. I am trying to refrain from detailing how to perform any potential cheating, but it seems impossible to do so without describing the flaw here. Suffice to say, the server instance does not have certain files (quite alot actually), which thus cannot be checked against the client to ensure that those files have not been modified in any way. Pretty big oversight if you ask me.
This is most likely not a comprehensive list of issues, with many other things i've missed.
This thread is about spreading awareness of the numerous flaws in UWE's poor anti cheat system in order to motivate UWE recognition of it as an underplayed issue. This thread is NOT about accusing players, it is NOT about providing links to actual hacks or how to hack, nor is it about the current incidence of hacking. Suspecting a hacker is one thing, providing solid evidence and preventing hacks is another.
========
I think its due time to point out the many holes in UWE's system of anti cheat and why i believe fixing them should not be the very low priority that it currently is. There is currently a substantial absence of properly functioning tools available to ensure fairplay, and this isn't exactly new information for many either. Words of assurance tend to mean nothing if issues continue to remain unaddressed for as long as they have been. I believe it is important to have solid anti-cheat foundations in place to support the integrity and growth of the community at large, and it is asking far too much of tournament organizers and server operators to either come up with their own comprehensive anti-cheat systems or accept that cheating is going to occur with nothing they can do about it.
Definitions
In order to stem any kind of useless back and forth discussion about what is or isn't hacking or cheating, here are your definitions.
Hacking
Any third party modification to vanilla ns2 that is designed to give one player an advantage over another player who is not running that same modification. This includes workshop mods
Cheating
Use of any hack that is not within the contextual ruleset of play
The goal is not necessarily to combat hacking, but to combat cheating, although more often than not the two are the same thing.
Types of hacking
a) an injection. e.g. wallhack or aimbot
b) macros and scripts. e.g. pistol script
c) texture modifications. e.g. pink skulks
d) Lag hacks
Types of anti cheat
a) demo system
b) 1st person spec
c) consistency checking
d) Random screenshots (this one is probably best implemented as a community mod).
Simple table asking whether an anti-cheat system can provide evidence or prevent use of a hack, although sometimes with a large error margin. 'Ideally' indicates a severe shortcoming in NS2's implementation. Table does not address feasibility issues.
Why currently implemented anti-cheat is ineffective
a) Demo system
NS2's demo system has many limitations, and although it is effective at providing evidence, it's use as an anti-cheat tool is unreasonably prohibitive due to how buggy and time consuming it is.
1. Playback speed depends on the fps of the watcher relative to the original recorder. For perfect 1:1 time sync, the demo watcher must somehow match his/her fps to the fps of the recording player perfectly. Any fps variation causes game speed in the demo to play back slower or faster than normal. Besides the problem of simple accessibility, what this means is enforcement of pistol scripts through observation of pistol timing is unfeasible.
2. A bunch of ease of use issues that make demo recording frustrating enough to warrant even thinking about whether ensuring fairplay is worth the frustration.
- No skip, rewind, forward, or fast-forward. 2 hour long demos, with alleged incidents occuring 1 hour in literally mean you have to leave the demo playing for about an one hour. And if you miss it while afking, tough luck. Even if an event you need to watch is very early on in the game, you have to sit through the loading screen. Also, if the server has opted to use more extensive consistency checks, you will still have to wait through the 5 minutes of 'waiting for server...'. See consistency checking 1.
- Alt-tabbing out of game will cause demo recording to stop, and the only way to start recording again is to do so before joining a server. *edit* will need to confirm this. Admittedly second hand information.
b) 1st person spec
NS2's first person spec is just barely functional enough to allow the gathering of evidence via demo recording or fraps
1. It is most usually unrepresentative of what the player is actually seeing on his screen or performing. So while it is possible to provide evidence of wallhack, aimbot, pistol scripts and lag hacks, there is a significant error margin which has to be manually corrected.
- Sounds play twice, which may give false positives for pistol scripts.
- Animations and mouse movements are much too frequently out of sync with actual player actions and sometimes skip or repeat. This can make it hard to differentiate between natural lag and lag hacks.
- Player model positions are not accurate, which makes it very hard to detect smart wallhacking as the timings are off.
- ALL minimap dots are visible regardless of whether they are actually in LOS or visible, also causing problems in detecting wallhacking.
c) Consistency checks
ns2 consistency checks are quite frankly a joke. They are easily bypassed, and incur huge loading times.
1. Incurs huge server loading/compilation time. Literally 3-5 minutes depending on how many additional checks you add to consistencycheck.json, which any sane server owner tends to do upon seeing how insufficient and lax the default checks are. The interesting part is that it never used to get stuck on 'waiting for server' for so long and worked perfectly fine for what it was trying to do. It's bordering on ridiculous that players who wish to ensure the bare minimum integrity of play have to suffer such long loading times.
2. They are easily bypassed. I am trying to refrain from detailing how to perform any potential cheating, but it seems impossible to do so without describing the flaw here. Suffice to say, the server instance does not have certain files (quite alot actually), which thus cannot be checked against the client to ensure that those files have not been modified in any way. Pretty big oversight if you ask me.
This is most likely not a comprehensive list of issues, with many other things i've missed.
Comments
Long story short; you will never stop cheating, so why put an exorbitant amount of resources into trying? If you had the choice, right now, between a Gorgeous sized patch or a patch which reduces the feasbility of hacks by 90%, which would you choose?
I would like to be reassured that UWE does in fact feel a responsibility to tackle the issue of cheating, and not that it's just too hard. I would like to hear (broadly) what steps are being taken in the coming months.
The base systems required for reliably identifying anyone cheating are already in the game. They're just not implemented well or were not designed with this application in mind. Consistency checks for example, yes they work. However only for the files that the server actually has. If you have looked at the files on a default NS2 server install you'd notice that files for the most basic checks for first person view and alien and marine models are not on the server. As a result they are not checked, whether specified in ConsistencyConfig.json or not.
The most useful tool to the admin of a league investigating an accusation is a functional demo system. And I would much rather see a demo recording and playback system developed than the next exosuit variation. If the the playback speed of a demo was independent of the PC it is run on, basic go to tick, pause, fast forward playback options were added and we had the ability to begin a recording at any time. A demo would be invaluable for this purpose.
Although, I'm curious about I've never had an issue with demo recording stopping when alt-tabbing. Is there a specific, repeatable time you can get this to occur, like in fullscreen alt-tabbing?
And like I've said many times before, I've encountered no cheaters, and I've seen no real evidence against anyone.. so all these people posting, where is some proof? :P I feel like you guys are just getting outmatched and instead of accepting being beaten you resort to blaming!
Dis gone be good.
The reason no one hacks this game is the same reason that 10 years ago no one made viruses for macs, no one gives a shit. As the game (hopefully) becomes more popular cheating will increase in proportion, and if the anti cheat systems are as bad as op claims that popularity will promptly evaporate.
Also replays not having fast forward or rewind? Wtf were the devs smoking when they were developing them? Thats like building a car without a steering wheel.
Being cognizant of this reality is not the same as accusing UWE of having dropped the ball with respect to their anti-cheat efforts, and it isn't the same as suggesting that cheating is proliferating like wildfire. It surely isn't. Even so, cheaters are showing up more often, and this is to be expected as we distance ourselves from the release date.
youtube.com/watch?v=aaX9Hc5gCgw
youtube.com/watch?v=abZDpC3LtUg
You are this stupid.
Halt right there criminal scum, if we're being totally serious and using the same in built NS2, start recording before you even join a server in game recording tool that alters play back depending on CPU/in game FPS, loses sound, frames, animations every time it's zipped/unzipped, 0 features that have been standard of spec systems since 2003...it is not effective.
It's not an exaggeration or flame baiting or being a shitty troll to say HLTV was doing a better job of spectating 10+ years ago, it's an uncomfortable truth. It's easier to install and use hacks in NS2 than it is to use the spectate system to catch them.
If anyone could recommend video capture, I've tried FRAPS with some limited success and I'm not sure how to get around the 1gig+ recording unless you have to edit them, I've heard dxtory but that's been out of update for 5ish years, do people use stream programs to capture? Are people editing their FRAPS footage with sony vegas or something into smaller videos?
To me it's the best video capture software as it doesn't have an impact on the FPS while recording, FRAPS gives me huge FPS drops.
StaxRip is the Tool I use to convert the captured videos into smaller ones.
This is why allowing modding in a game such as this is just stupid to some extend. Some people will abuse it whenever they can and infact it doesn't improve the game (it only gives advantages over those who don't use such things).
I have played this game for about 500hrs and have only come across one player who i could say for sure was aimbotting. But as OP and myself said before, texture mods and pistol scripts are cheating aswell.
But some people just suck too much to be able to play without advantages over others.
My solution would be to restructure the game to not allow any kind of mod.
Creating anticheats that dosnt effect the gameplay is no easy task, and takes alot of resources. But as a closing statement, we are aware and working on bettering the gaming experience for all players.
I have dedicated alot of time in finding and relaying alot of em to the devs
How are the sound files controlled at the moment? In the ol' CS days people pretty commonly had modified sound files. Nothing like having a hit sound that plays the heart beat sound of your opponent for the next minute or so. In general you could see the sound mods as an extension of the texture modification, just invisible to visual detection.
As in general, I think reliable and precise demos are a vital thing in any kind of anticheat system. Unless there's a clear tell, you have to go looking back and forth on slightly odd reactions and timings and rewind those to again and again to separate the good skill and game sense from hacking.
Demos are also the way to prove cheating. Conclusive demos are a requirement for any kind of consistent community maintained banlists and such.
I probably sound like a broken record player with all the talk about the demos, but I really find them vital for the long term development of NS2 community. You can for example take a look at the ENSL NS1 content (there's loads of it) and see that almost all of it somehow originates from the demo recordings.
But one small thing could help alot versus many optical hacks (picmic style, texture, wallhacks, etc) - a screenshot feature. In NS1 on the source engine, some guys did write a plugin for ENSL to randomly force screenshots on the client with various data on it to proof the origin of the screenshot. Only doing a screenshot is not enough, you need to enrichen it with several information (like players ids, hashkeys on the plugin provide at that time etc).
Here are 2 example screenshots the ENSL plugin enforced on NS1 during matches:
Basically, we only need a feature in the spark engine to hit screenshots of the client with text overlays delivered as parameter through a lua mod. Some modders told me this is not possible at the moment (maybe I have wrong or outdated information here) - this simple feature could help us ALOT.
---
The ENSL plugin is definitely cool, but it also requires active management and surveillance and the uses are still kind of limited. I guess it's a potential makeshift solution, but it's ideal place is to serve as a support for other measures, not as a backbone.
As said, demos are probably loads of work to implement properly. I mostly want that their importance and potential are well understood. From that point on it's someone else's job to judge their actual priority and all that.
Anything pro-active that can be done by the community in my opinion should be encouraged. If that same system Blind talked about could be implemented into NS2 it would be awesome.
They would have to implement some kind of packing system and modify the engine to accommodate that, but it might be worth it.
Would been great if this could be implanted, the good old n1 ensl checks, even I did help with it (rate checking). Could be more better than buggy/heavy demo system. But the first step is to get good consistency check for competitive game
The mods here are a joke when it comes to reporting cheaters, much easier to delete cheater threads than confront the reality. Even when proof is posted, the default answer is ban them from your server - that's nice, what about the hundred others they will go on to abuse. I've seen the game Dayz recently explode in popularity to 1mil+ players and promptly implode back to 25k players when cheating totally ruined the experience.
I doubt that there are hundreds of NS2 cheaters/hacker out there.
http://steamcommunity.com/sharedfiles/filedetails/?id=109537600&searchtext=down+with+this
786 current subs, and that's just from one version of those textures.
The question is, out of the 1.5k - 2k concurrent players (might be out of date on those numbers), what percentage are utilizing cheats/hacks and what percentage are you willing to allow?
Even a single cheater/hacker is ruining people's games and that should not be tolerated.
While I understand that it is work (probably a significant amount of work), I would rather see something done to help prevent cheating/hacking than a new content update.
I don't think you know how pistol scripts work, they simply can't be stopped in any case due to completely legal external stuff publically available. And about threads being deleted, they go into our evidence vault and if there are obvious hacks, reported to the developers. We've said it many times before and it's simply a dumb idea to allow naming and shaming, as it always turns into a witch hunt even when the hacking claim is false. So please stop spreading your misinformation and drawing conclusions on things you can't possibly know... It's not a conspiracy, its just common sense!
Also you might want to have a look a the Public service announcement regarding hacking proof thread, it might elighten you to some extent :P
TF2 made every pistol script useless years ago.
edit: not saying that it's the best way to go or that I want NS2 to do it (i don't), just pointing it out.
There used to be a vulnerability in TF2 server code that allowed screenshots of players, including overlays. It has since been patched out.
I say "vulnerability" because from what I heard, if someone has the ability to hook into their players and grab true screenshots, they also have the ability to steal more important data or even deliver payloads. Don't quote me on that though.
You're the one who is clueless, NS1 easily removed pistol scripts - just slow down the amount of bullets that can be fired in a certain time. Do you have any skills besides being a moderator? That's great, so the community reports these issues and then they vanish off into an "evidence vault", quite easy to ignore or overlook it from that point on and the community has no idea if any progress is made. You're typical of the forum staff who just want to deny there is any problem and uses a typical cookie cutter "read this thread" answer. We're all here to make the game better, every game is vulnerable to cheating and it does put off the hardcore players.