|
|
Canada11355 Posts
I signed up for beta testing. I hope this device works and doesn't impact performance or latency.
|
On April 17 2015 07:38 Fecalfeast wrote: I signed up for beta testing. I hope this device works and doesn't impact performance or latency. I covered this a bit on reddit, but (from my testing) latency is < 0.1 milliseconds; that is, undetectable by a human.
|
Very cool.
I assume you'd only be looking at using this for tournaments, though? Unless one parity server could handle an inordinate amount of other game servers, I don't think any game company would ever be interested. It's just increased overhead and points of failure.
|
On April 17 2015 08:48 danl9rm wrote: Very cool.
I assume you'd only be looking at using this for tournaments, though? Unless one parity server could handle an inordinate amount of other game servers, I don't think any game company would ever be interested. It's just increased overhead and points of failure.
AC servers (that I run myself) could probably handle an very large amount of game clients. All game devs would need to do is send movement data via the API, so it's not very intrusive. LANs are definitely something I'm interested in, but even playing games like H1Z1 or Rust without a hardware AC is becoming a hassle. We'll see what the future holds, I'm at the mercy of the community, as it were
|
It would be pretty cool to have it so cheap that motherboard makers include the logic on their boards.
|
Sounds like an awesome idea! Why don't you produce it as a custom board, rather than using the Arduino platform? What will be the KS rewards?
|
Zurich15234 Posts
I am sure this has been asked before: How do you prevent the device from sending sensitive information like contacts, passwords, etc?
|
Will be following this closely, because it certainly sounds and looks interesting! Good luck!
|
Whatever combats cheating is absolutely mint in my book.
Great job!
|
|
Zurich15234 Posts
On April 17 2015 20:21 Nesserev wrote:I applaud this idea, but I'm pretty sure that it is only viable in a tournament environment. There's nothing that stops a person from reverse engineering the device, and making sure that the 'spoofed hardware input' that is send to the anti-cheat server mimicks the 'ingame input'. In a tournament environment, the presence of said hardware device can be confirmed, and enforced. So, tournaments: TOTALLY YES, online: NO. Show nested quote +On April 17 2015 19:48 zatic wrote: I am sure this has been asked before: How do you prevent the device from sending sensitive information like contacts, passwords, etc? Trust. If you can trust every program you use on your computer to not send sensitive information, you can trust this device.. I can check (to a degree) what the programs on my computer send. Also I see a difference between trusting a program not to send information and trusting the recipient of a hardware keylogger to not misuse information that is definitely being sent.
|
On April 17 2015 20:54 zatic wrote:Show nested quote +On April 17 2015 20:21 Nesserev wrote:I applaud this idea, but I'm pretty sure that it is only viable in a tournament environment. There's nothing that stops a person from reverse engineering the device, and making sure that the 'spoofed hardware input' that is send to the anti-cheat server mimicks the 'ingame input'. In a tournament environment, the presence of said hardware device can be confirmed, and enforced. So, tournaments: TOTALLY YES, online: NO. On April 17 2015 19:48 zatic wrote: I am sure this has been asked before: How do you prevent the device from sending sensitive information like contacts, passwords, etc? Trust. If you can trust every program you use on your computer to not send sensitive information, you can trust this device.. I can check (to a degree) what the programs on my computer send. Also I see a difference between trusting a program not to send information and trusting the recipient of a hardware keylogger to not misuse information that is definitely being sent.
Maybe have it so that it only spews out checksums? That way you're able to verify input is the same but don't actually send the content of the keystrokes.
On April 17 2015 20:21 Nesserev wrote:I applaud this idea, but I'm pretty sure that it is only viable in a tournament environment. There's nothing that stops a person from reverse engineering the device, and making sure that the 'spoofed hardware input' that is send to the anti-cheat server mimicks the 'ingame input'. In a tournament environment, the presence of said hardware device can be confirmed, and enforced. So, tournaments: TOTALLY YES, online: NO. Show nested quote +On April 17 2015 19:48 zatic wrote: I am sure this has been asked before: How do you prevent the device from sending sensitive information like contacts, passwords, etc? Trust. If you can trust every program you use on your computer to not send sensitive information, you can trust this device... ALSO: I would love to do some beta testing There could be some security measures like a security chip inside the hardware to prevent such reverse engineering.
What I wonder is how to detect actual input from a mouse/keyboard compared to doctored input.
Such as keyboard -> cheating device -> anti-cheating device -> computer
whatever the cheating device spews will be accepted as legitimate. You'd need a security chip on the input devices as well to create a trusted connection across the chain. Makes the whole thing a massive undertaking as you'd need mass vendor support for consumer use.
|
Great idea but the trust concern is a big issue
|
What existing cheats/hacks inspired you to make this?
There could be some security measures like a security chip inside the hardware to prevent such reverse engineering. No. If anyone capable gets their hands on any hardware device, they can reverse engineer it.
I'd be more interested in a replay analysis tool that checks if someone is in fact cheating.
Are there any Dota2 hacks in circulation? All I see is some people playing as if their life depended on the 25 points each game. Maybe because it does. If you think esports is the only way to make money, and you're not already manipulating bets, then i suppose that venue could make for an attractive target.
|
On April 17 2015 22:13 Dagobert wrote: What existing cheats/hacks inspired you to make this?
The description quotes aimbots, that set the mouse pointer to the head of the target for an easy headshot in shooters.
On April 17 2015 22:13 Dagobert wrote:Show nested quote +There could be some security measures like a security chip inside the hardware to prevent such reverse engineering. No. If anyone capable gets their hands on any hardware device, they can reverse engineer it.
There are ways to rely on a security chip to prevent the reverse engineering from being useful. Typically, if you need a secure connection from the hardware to the server and the hardware has active intrusion detectors to trigger security chip erase when reverse engineering is attempted, it makes is very difficult to move between traps for your analysis.
The system is easy to bypass if you have the possibility to modify hacking program and input device though. Just send the modified input instead of the original one.
As stated above, the main point is the privacy of the data sent. - in France, I believe such a system would be illegal : you have to get an authorization for the data you will receive, that contains a description said data. Since you cannot make such a description, you cannot get the authorization ... - at the international level, you risk at least having banking information on the link for which you need your server audited and checked against PCI/DSS ...
If you can prove you don't actually send the content received, but an encrypted or anonymized version for which you can't get the decrypted information, you are probably fine.
|
I assume you have to tell it what your keybindings are, your rates are, etc, so it knows exactly what's going on, and to figure out the useful information. Also, I could simply make a macro that sends what I'm doing in game (if aimbotting) to the device. It just just needs to figure out retroactively that frame what I did to get the mouse to the right location and send that through. It's a neat idea, but I think it's both too easily beatable and too risky to use at the moment.
|
|
On April 17 2015 22:38 Gowerly wrote: I assume you have to tell it what your keybindings are, your rates are, etc, so it knows exactly what's going on, and to figure out the useful information. Also, I could simply make a macro that sends what I'm doing in game (if aimbotting) to the device. It just just needs to figure out retroactively that frame what I did to get the mouse to the right location and send that through. It's a neat idea, but I think it's both too easily beatable and too risky to use at the moment.
I believe this doesn't work.
If you look at the diagram, the AC device does not receive anything from the PC. To bypass it like you said, you'd have to have a way of sending info to it, and if the AC device does not receive anything, then you would have to go through the keyboard directly and from it reach the AC device.
Also what if the AC system uses some kind of frame timer with the server in sync?
Like AC device sends frame xxx inputs are ABC ; server sends frame xxx inputs are ABC When you cheat AC device sends frame xxx inputs ABC and server sends frame xxx inputs DEF THEN it sends frame yyy inputs ABC
Also trust issues could be resolved easily : when you are not in a match, either unplug the device or have some sort of switch embedded in it that turns it off and make it behave like a simple USB cable. That way, plus the simple fact that you trust the software editor, you'd be safe.
TLDR bypassing this device is NOT possible only with software IMO, and any hardware hack is much more difficult to engineer and hide.
This is a very good idea OP, best of luck with it!
|
On April 18 2015 00:05 Nesserev wrote: For those proposing chips, tamper detection, or any forms of physical security. It makes things more difficult, but not impossible. They don't prevent anything, and are also not intended to do so... A person can try to reverse engineer these devices as many times as he/she wants (at a certain cost, lol), breaking or trying anything in the process, and try again, over and over.
Security chips, tamper detection, etc. are SUFFICIENT in a lot of cases, which is why they are used. For example, in a hotel, temperature regulators are sometimes equipped with contraptions to prevent hacking; and it's sufficient because the thing will probably break, if the person has no knowledge of them beforehand, or by the time that you could've reverse engineered the thing, five weeks would've passed. It's not like the hotel is gonna react 'HERE IS A NEW ROOM, TRY AGAIN'. It's gonna be 'WTF ARE YOU DOING? GET THE FUCK OUT!'. You get only one chance.
Goal is usually not to make it impossible: It is to make the cost high enough to prevent people from investing in an attempt, or simply to guarantee that it is not the weakest link in the security chain by a sufficient margin. That's why I was talking of avoiding all the traps.
Note that on high quality security hardware, bypassing the security even knowing the architecture requires a good lab equipment. Main issue with that type of protection is you'd end up trying to sell 10k$ anticheat equipment. Perhaps not the right market for that.
|
|
|
|