|
I didn't put any screenshots or raw data here because I don't know if it is allowed. TL staff please let me know if I am allowed to post this data. I'll also try and keep this simplified and dumbed down so everybody can actually take in what they're reading without having to Google what I'm saying.
So I backed up both copies of SC2, HotS and LotV, on a separate storage device to open all the files for the game in Linux (Windows has trouble/can't open lots of these files that are inside the MPQ files), because after seeing lots of hackers on LotV already I wanted to look into what the new anticheat did. Keep in mind I am not a pro developer or any shit like that, I know the basics of C++, C#, Python, and D, and by that I mean I know enough to understand what I am looking at and maybe change some of it but I don't know enough to develop a full application beyond that of what you would make in high school to impress the other kids or something, and aside from programming languages I have lots of experience with looking at raw hex data. TLDR of this paragraph is that I'm not perfect or even good, but I know exactly what I'm looking at.
To keep it simple until I hear from staff if I am allowed to post this raw data, I put all the variables that are involved with Warden and hidden information (basically what's in the fog of war) side by side with both games, and the only thing that changed was the name of the data that map hacks would target to reveal this information, whether it be through a DLL injection or an overlay. When the map hacking program searches for this stuff in LotV, it says "You're not running StarCraft! I'm useless right now." In order to bypass this, cheat developers simply had to dig for the same information I did and set their map hacks to target the newly named data.
All that has actually changed in these cheating programs for LotV is the target name of the executable, data within the executable, and some of the sensitive data in your RAM that is exploited to cheat. Nothing else has been changed, and as somebody who knows enough about this to change such a thing on my own, this is a terrible excuse for a better anticheat system. I understand it's a beta and all, but preorders are already available, Blizzard refuses to address the cheating issue, and threads about this in Battle.net are being deleted and users are being suspended for even bringing this up. It's obvious they don't want to address this right now, and whether or not that will change in the future is obviously unknown.
So, to wrap it up, Blizzard's current changes to the anticheat consist of the following:
1. Target name for sensitive data has been changed 2. Executable name has been changed 3. 64 bit renders all 32 bit hacks obsolete and vice versa
|
Nice work, man. I think you underestimate your own capabilities; I am a professional programmer and never had the nerve to actually do reverse engineering like that.
|
On July 28 2015 23:22 rockslave wrote: Nice work, man. I think you underestimate your own capabilities; I am a professional programmer and never had the nerve to actually do reverse engineering like that. I always end up breaking shit, this is the first time something didn't go horribly wrong. I just want Blizzard to address this because while people can either push the hacking issue to the side or blow it up to Avilo level retarded it's still an issue and this shows how many shits Blizzard gives.
This can all change, and I hope it does, but so far it doesn't seem so.
|
Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them.
|
On July 28 2015 23:42 RoomOfMush wrote: Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. This has been requested by the community for years. I hope it's finally put into action but it took me about two hours in total to find all this stuff. If you're looking for a single variable that is reset by schedule you could easily make a program that will pull that data for you.
|
Depends on how it is implemented. They could change the names and introduce garbage data to make the filtering process harder. This can all be done automatically, there are already programs that do this so there is no fear of breaking anything.
|
|
|
Wow, you didn't break something or cause a bug this time. I'm impressed.
|
All around good job, but since a few individuals including yourself have programming knowledge/background (more than I care to admit I have personally) here is a question or two.
What if you run a heavy RAM based system that has numerous processes that run and fluctuate the levels of RAM or you have a piece of hardware (MOBO/Processor/GFX/RAM) that is on the brink of failing which in turn will rev up your system and work "over-time" which causes heavy periods of system use that causes audio/video stutters.
Would the new "anti-cheat" understand this or see it as a potential hack?
I would like to guess that it registers it, a Blizzard Rep would review the report and understand either way but that is shooting for the stars.
|
this is awesome its absolutely rediculous ppl hack in the beta but its even more rediculous blizzard hasnt addressed this. how would we get blizzard to impliment this? thank u for using your skills to benefit the community!
|
Poor good guy blizzard.
I think it has more to do with User rights, than it has to do with Blizzard itself. It is almost impossible to read for a RAM-reader, since it will probably be kernel based tasks, while Blizzards software (Warden) will only have access to the User data. Doing anything more than reading the User values of said program, will immediately start 100 lawsuits in the land of the free, because it will be another form of "invasion of privacy".
So either give Blizzard more rights on your PC to stop cheating, or they can't do shit.
The one thing they can do is increase the ban waves heavily and start banning by ISP (which would kill universities etc ), but I doubt Blizzard would want 1 or more fulltime employees on a job as cheating investigators.
|
You're doing God's work, Dickbutt My word, that feels strange to say. But it's true! I think at this point it's apparent that Blizzard doesn't want to be held accountable. Edit: then again, who does? Besides honest people of course. :D
|
On July 29 2015 03:06 Jaedrik wrote: You're doing God's work, Dickbutt My word, that feels strange to say. But it's true! I think at this point it's apparent that Blizzard doesn't want to be held accountable. It's not always that Blizz doesn't want to be held accountable, as WonnaPlay said it also has to do with user rights and whatnot, but this is just a blatant "fuck you" if nothing changes in the future. You still have to take into account that it is a beta and this can change, but my personal opinion is that they won't, knowing Blizzard like I do. This is also something that seems much worse if you, for example, take Reddit seriously lol. Not to say it isn't a bad thing, because it is, but the problem is heavily amplified in the heads of those that want something to cry about.
On July 29 2015 01:07 FT.aCt)Sony wrote: All around good job, but since a few individuals including yourself have programming knowledge/background (more than I care to admit I have personally) here is a question or two.
What if you run a heavy RAM based system that has numerous processes that run and fluctuate the levels of RAM or you have a piece of hardware (MOBO/Processor/GFX/RAM) that is on the brink of failing which in turn will rev up your system and work "over-time" which causes heavy periods of system use that causes audio/video stutters.
Would the new "anti-cheat" understand this or see it as a potential hack?
I would like to guess that it registers it, a Blizzard Rep would review the report and understand either way but that is shooting for the stars. This isn't something I can answer to considering how many ways an anticheat can be developed, scan for things, etc. I play this game called osu! and when I played on a dying GT 730 hit circles were all showing up in the center of my screen so I was spamming the shit out of the keyboard for high scores, and got hit with a permanent HWID (hard drive) ban, IP ban, Windows copy ban, a ban based on what unique programs and settings I have on my computer to determine if I am on somebody else's computer or a different IP and HDD/SSD (which was resolved with support later). Something like this would NEVER happen with Blizzard's anticheat, I can guarantee this.
I use this example because when the guy that makes osu! developed the antihack, he basically fucked the law and fucked user privacy and can even see your browsing sessions and user history, and it's an example of a unique form of antihack. Warden scans user processes and nothing more. It can't even obtain the details of the programs you're running, so you could be running a SC2 hack that was addressed and prevented by Blizzard and by changing the up-front program details you can easily spoof it as any other application according to what Warden sees. This is possible with pretty much every hacking program aside from ValiantChaos Map Hack because that uses all sorts of direct injections to your game AND running processes.
TLDR There are MANY ways to develop anticheats, so there is no answer to your question.
|
Awesome man! You did an incredible job there. I really think you need to be more confident about you and your own skills
BTW, for how it looks, it is really hard then for Blizz to stop cheating =/
It is really sad, I hope they can find some way to encrypt the data on the RAM with a unique algorithm the game itself can translate but not easy for hackers, so they won't have it easy simply targeting the items on the RAM.
I thought anyway Blizz could read your RAM freely because I read something like that on WoL times, and thought "Well, I am not using anything weird" (but was kinda scared because I changed the audio files lol, and a lot of people where changing the background on the game as well but I didn't tried)
|
Let's be honest, if the data is on the client side, there is really no way to protect it, the battle will remain on and on between hackers and devs and eventually hackers win and devs give up (happened in many games). The only practical way is to simply not place any information on the client side except the ones that the player is allowed to see. This is rather a huge change that I doubt blizzard will be willing to go through, again I don't know how practical that is for an RTS that includes a lot of units on the map . MOBAs have only few units that need to be hidden and that's why they usually get away with it. Permabans are the way to go.
|
On July 29 2015 03:17 Dickbutt wrote:Show nested quote +On July 29 2015 03:06 Jaedrik wrote: You're doing God's work, Dickbutt My word, that feels strange to say. But it's true! I think at this point it's apparent that Blizzard doesn't want to be held accountable. It's not always that Blizz doesn't want to be held accountable, as WonnaPlay said it also has to do with user rights and whatnot, but this is just a blatant "fuck you" if nothing changes in the future. You still have to take into account that it is a beta and this can change, but my personal opinion is that they won't, knowing Blizzard like I do. This is also something that seems much worse if you, for example, take Reddit seriously lol. Not to say it isn't a bad thing, because it is, but the problem is heavily amplified in the heads of those that want something to cry about. Aye! It's something I didn't really think about until I read the thread after posting, but it's a good point. Yes, it's still a big "we don't really care, k." Also, for the record, I hate Reddit. Was shadowbanned. D:
Now, in an ideal society one could agree to relinquish their privacy via contract, so all Blizz would have to do is attach the contract to their online services. That's a super broad and simplified statement, however... The real issue comes up (besides the obvious hackers getting the data, but that's always a threat regardless) is when someone with power (i.e. the government) wants the data Blizzard has access too. Since they have the culturally-validated threat of violence behind them, they can do all sorts of legal and not-so-legal tricks to get Blizzard to cough up data, so Blizz couldn't guarantee to make good on its promise to protect the data in this hypothetical contract. They do it with Flash plugins, Windows etc. already to an extent, so, there's the reasonable chance for that moral hazard to take affect!
|
On July 29 2015 00:47 OtherWorld wrote: Wow, you didn't break something or cause a bug this time. I'm impressed.
User was warned for this post
|
On July 29 2015 03:25 i)awn wrote: Let's be honest, if the data is on the client side, there is really no way to protect it, the battle will remain on and on between hackers and devs and eventually hackers win and devs give up (happened in many games). The only practical way is to simply not place any information on the client side except the ones that the player is allowed to see. This is rather a huge change that I doubt blizzard will be willing to go through, again I don't know how practical that is for an RTS that includes a lot of units on the map . MOBAs have only few units that need to be hidden and that's why they usually get away with it. Permabans are the way to go. Even then you can still have micro and macro hacks like automatically building workers, blinking stalkers, splitting marines, etc. Sure, it would cut down on the number of hacks available, but hacks will still exist.
In my opinion the best way to fight hacks is to make hacking something tedious and annoying by constantly changing the API randomly. I dont know how well this could be accomplished, I never tried anything like that myself, but in theory it should be possible.
|
On July 29 2015 03:47 RoomOfMush wrote:Show nested quote +On July 29 2015 03:25 i)awn wrote: Let's be honest, if the data is on the client side, there is really no way to protect it, the battle will remain on and on between hackers and devs and eventually hackers win and devs give up (happened in many games). The only practical way is to simply not place any information on the client side except the ones that the player is allowed to see. This is rather a huge change that I doubt blizzard will be willing to go through, again I don't know how practical that is for an RTS that includes a lot of units on the map . MOBAs have only few units that need to be hidden and that's why they usually get away with it. Permabans are the way to go. Even then you can still have micro and macro hacks like automatically building workers, blinking stalkers, splitting marines, etc. Sure, it would cut down on the number of hacks available, but hacks will still exist. In my opinion the best way to fight hacks is to make hacking something tedious and annoying by constantly changing the API randomly. I dont know how well this could be accomplished, I never tried anything like that myself, but in theory it should be possible. Micro and macro hacks are very obvious, especially split hacks. Although these are not obvious to the eye, they are obvious to the system in place to stop them when properly applied. CSGO trigger bots are the best example of this, since it emulates mouse clicks when you hover over an enemy.
Changing things like this are a pain for hackers at first, but after a while they figure it out with programs that will pull this information or even find an alternative to reach their target.
|
So I was playing a game of LotV and since my opponent was obviously maphacking I went through the replay. This is what the game showed me when I went to his vision:
I didn't zoom, when I go back to my vision it isn't zoomed out. But it seems like this guy has some zoom hack and LotV reproduces that somehow in the replay.
|
At least I got fun on this game by playing better myself, but seriously playing against people with advantage is kinda stupid. Also for them it seems that winning with hacks is fun
|
Warden by nature is dynamic in what it can scan for, analyzing client side files offers no insight into what anticheat capabilities the game has when it can execute arbitrary code at any time. While I would hope for an updated Warden, chances are that they still aren't willing to scan outside of the process for legal reasons after all the fuss made over WoW.
|
On July 29 2015 03:54 Dickbutt wrote:Show nested quote +On July 29 2015 03:47 RoomOfMush wrote:On July 29 2015 03:25 i)awn wrote: Let's be honest, if the data is on the client side, there is really no way to protect it, the battle will remain on and on between hackers and devs and eventually hackers win and devs give up (happened in many games). The only practical way is to simply not place any information on the client side except the ones that the player is allowed to see. This is rather a huge change that I doubt blizzard will be willing to go through, again I don't know how practical that is for an RTS that includes a lot of units on the map . MOBAs have only few units that need to be hidden and that's why they usually get away with it. Permabans are the way to go. Even then you can still have micro and macro hacks like automatically building workers, blinking stalkers, splitting marines, etc. Sure, it would cut down on the number of hacks available, but hacks will still exist. In my opinion the best way to fight hacks is to make hacking something tedious and annoying by constantly changing the API randomly. I dont know how well this could be accomplished, I never tried anything like that myself, but in theory it should be possible. Micro and macro hacks are very obvious, especially split hacks. Although these are not obvious to the eye, they are obvious to the system in place to stop them when properly applied. CSGO trigger bots are the best example of this, since it emulates mouse clicks when you hover over an enemy. Changing things like this are a pain for hackers at first, but after a while they figure it out with programs that will pull this information or even find an alternative to reach their target. The micro and macro hacks that exist right now might be obvious, but you can not say that it is impossible to make better ones. Perhaps there are better ones but we just dont know yet because they are too good to be spotted. You have to keep in mind that hackers will always put plenty of work and effort into developing new hacks, simply because they have the manpower to do so.
Getting information out of the program is not that trivial. It might be easy when you know what you are looking for, but a constantly changing API will make this very difficult because you have no point where you can start.
For example lets look at a simple hack that tells you the mineral count of your opponent. You can play a game against yourself or against a friend, at several points during the game you pause, read the mineral value from the UI and then search your RAM for any position that holds the same value. For each time you do this you can narrow down the RAM adress that might be used to store the mineral count. After 3 - 5 tries you will probably have found the correct one and know where the mineral count of your opponent is stored in RAM and then you can write a hack that will read the value at this adress and print it on the screen for you to see.
But what if there is obfuscation? Blizzard could implement it so that the mineral count saved in RAM is always the actual mineral count times 10, the UI would divide the value to display the correct mineral count and all calculations would also be updated to take this into account. Or perhaps the mineral count is stored in 2 different adresses and summed up. Or perhaps some other way to make it more complicated. As long as you know which kind of obfuscation is used it is easy to update the hack to still work, but when the obfuscation is changed every week to something completely different and you have no idea what it might be you will quickly realize that even this trivial hack has become something painful to create.
|
On July 29 2015 04:11 Big J wrote:So I was playing a game of LotV and since my opponent was obviously maphacking I went through the replay. This is what the game showed me when I went to his vision: I didn't zoom, when I go back to my vision it isn't zoomed out. But it seems like this guy has some zoom hack and LotV reproduces that somehow in the replay. Played the same guy, yeah it's obvious. Here's my replay
http://bit.ly/1fEFkta
|
what is the legal fuss over WoW referring to?
|
On July 29 2015 05:37 Lazo89 wrote:Show nested quote +On July 29 2015 04:11 Big J wrote:So I was playing a game of LotV and since my opponent was obviously maphacking I went through the replay. This is what the game showed me when I went to his vision: I didn't zoom, when I go back to my vision it isn't zoomed out. But it seems like this guy has some zoom hack and LotV reproduces that somehow in the replay. Played the same guy, yeah it's obvious. Here's my replay http://bit.ly/1fEFkta
Did you watch the replay and when switching to his view it was also zoomed out?
|
Crazy that people are hacking LotV already. It seemed so easy to cheat the way you describe it. That sucks.
|
I understand tat with an synchronous engine it's hard to make it (information)hack-proof since all information is available to all clients/server. And more so the more popular your game is, the higher the "demand" for hacks are and the challenge or reward to make some is, so there's more hacks/hackers.
But other synchronous engine games that are popular have dealt with it way better than Blizzard did, and soem of 'em are even F2P (eg DOTA2). Be it by more stringent moderation, heck even outsourcing the witch-hunt to the community if needed, or directly attacking the hack-makers (hard to do in some jurisdictions) or trying to add more software protections (hard for already stated facts, but since the most popular hack has its sources on github there might be a way to throw few wrenches), Blizzard need to step-up it's anti-hack policies. A politic of weak reprisal against hackers only isn't working right now and surely isn't going to work.
We are at the point where hackers are getting caught after winning or advancing in some pretty big online tournaments nowadays and Kr servers you're sure to be playing a hacker that doesn't even hide it well (like selecting YOUR building in FOW without prior scouting) a third of the games...
But hey with archon mode now you can play with two totally different hacks at once.
|
Lawsuits from Blizzard against all hackers. Just spend the money to do it. That'll stop this shit real quick.
|
On July 29 2015 07:28 varsovie wrote: I understand tat with an synchronous engine it's hard to make it (information)hack-proof since all information is available to all clients/server. And more so the more popular your game is, the higher the "demand" for hacks are and the challenge or reward to make some is, so there's more hacks/hackers.
But other synchronous engine games that are popular have dealt with it way better than Blizzard did, and soem of 'em are even F2P (eg DOTA2).
DOTA2 isn't synchronous as far as I'm aware, that's why you don't have to simulate up to a certain point to spectate or resume, because it's sending more complete data and not relying on deterministic deltas, that's why you have to download the replays from the server at the end of a game, because your client couldn't create the whole thing, that's why it's replays are massive in comparison (though there's a bit more info in there as well) and that's why one player lagging doesn't affect the other players.
And occam's razor: when you're basing a game on the source engine it's easier to make the network architecture the same as all your other games, multiplayer shooters aren't synchronous or they would be a nightmare with the number of players.
|
United States142 Posts
I wish they would just spend some time to make hacking annoying. I like the idea of a small update every 5-7 days that changes things. It's the same with real world stuff. You will never be able to stop the professionals, but you can make it annoying for the casual offender. I compare it to a car thief or somebody braking into a bank or jewelry store. You won't be able to stop the people who are pros, but you can stop the casual smash and grab type of stuff.
Make hacking difficult for everybody who downloads hacks cheap, you'll never stop people who can do this themselves or are willing to pay a lot to get a hack. but you can stem the people who pay a few bucks and have an easy time at it. You just have to make it more annoying than most people are willing to put the time into it.
|
I'm not sure about what you exactly did, I mean you wouldn't find the anti cheat code in the MPQ files. What?
|
On July 29 2015 11:12 Dumbledore wrote: I'm not sure about what you exactly did, I mean you wouldn't find the anti cheat code in the MPQ files. What? I tore apart the entire game, and anticheat data is scattered throughout the game and usually contained in files inside MPQ files when you properly decompress them. There is no single folder that says "I AM THE ANTICHEAT FOLDER" though, it's quite all over the place.
|
On July 29 2015 11:18 Dickbutt wrote:Show nested quote +On July 29 2015 11:12 Dumbledore wrote: I'm not sure about what you exactly did, I mean you wouldn't find the anti cheat code in the MPQ files. What? I tore apart the entire game, and anticheat data is scattered throughout the game and usually contained in files inside MPQ files when you properly decompress them. There is no single folder that says "I AM THE ANTICHEAT FOLDER" though, it's quite all over the place.
I'm doubtful that you would find things like D3D hooks, suspend thread checks and etc inside MPQ files. Can you show me an example of what exactly you found that belongs to the anti cheat?
|
On July 29 2015 04:11 Big J wrote:So I was playing a game of LotV and since my opponent was obviously maphacking I went through the replay. This is what the game showed me when I went to his vision: I didn't zoom, when I go back to my vision it isn't zoomed out. But it seems like this guy has some zoom hack and LotV reproduces that somehow in the replay. The Zoom hack was in HOTS too, It was in the thread I posted months ago about the ladder system needing to be changed and on battle.net
|
On July 29 2015 08:27 wUndertUnge wrote: Lawsuits from Blizzard against all hackers. Just spend the money to do it. That'll stop this shit real quick. Unfortunately Blizzard most likely will not do that as it costs them money and time, they can just keep randomly finding hackers through mass sweeps and banning them, and hackers buying more accounts. Which in the end is more profitable, and it proves to provide the line of least resistance for Blizzard.
|
I do not think the weekly update thing works. I have no idea how this really works but I assume, that you somehow can "break" into the executable and make specific function calls. So if for example if the mineral count is saved every week on another place you can just update the hack by running something like: drone.deliverMinerals() or similar. Then you just profile which memory accesses are made and you now know where the mineral count is stored. Or for the production tab you run something like openProductionTab(). It will check whether you are a spectator or not. Well, there is the position for the spectator rights Boolean in the memory. Obfuscation of the values would also not work. Just say you build a drone, your worker has minerals, your worker shall deliver them. The last two you repeat 10000 times. You do not have to let it play this for real. Just set the has Boolean that it has minerals true and then deliver. Your cpu should run through this in no time. That way you have all the values from 0-50000 minerals that end on 0 or 5. Then you make some extractor trick at the beginning and you get the values that end on 4 and 9 etc. Actually, imo this "obstacle" would make it more fun to write the hack. To make it one level harder you could change the function names to random signs. The problem is that at some point the function has to be clear. If you press a hotkey the "hotkeyToFunction"-function needs to know what to do. You would not want your marines to manually detonate when you press stim;) So what you do is call the "hotkeyToFunction"-function with "[stim hotkey]" and monitor which function calls are made after this. Voila you know that 9q82(/&Hsjg& is in fact marine.stim(). So the plan is basically: poke it with a stick and see what exactly happens. Is this hard or tedious? Yes (depending on your hacking abilities). But after you have done it once you just write a script that replicates this very systematically poking and you just run it once per week.
Like I said, I have no idea whether the assumption that you can "break" into the executable, make and monitor function calls and memory accesses is too far fetched. And I am quite sure it is not as easy as described above, but I am also convinced there is no way to prevent or even make it too complicated to hack. The only way is to try to detect hacks somehow when they are used. But this is a lot harder on the blizzard side without violating your privacy. (And then I would be f*cked since I use the MMR Rating Tool;) )
|
Ok, on the other hand - lets assume blizzard CANT fix the hacks. Does it really matter?
Unless hes disrupting my game - drophack etc, or hes gaining an economical advantage - more minerals - the game is still winnable. Maphack really only punishes hidden expansions or cheesy builds you dont want scouted. Maphack basically provides the advantage of 1 scan in his base, and an SCV searching for hidden expos.
Im not trying to defend it, but think of it this way - maphack boosts you up one league, but unless youre winning money it makes no difference .
Imagine, You are diamond, Tony is Silver, and Bob is also diamond.
The other 2 decide that hacking is the way to go. So bob now advances to master league, but faces mechanically superior opponents - hits a wall and can barely improve - hes still a bad player. Tony has special service on his hack, advances to diamond - but you still crush him because he makes 30% less SCVS and spends his time supply blocked while looking at the map.
In any way, these players are still "Bad", and for 99% theres no other reason to play sc2 than self improvement.
|
Czech Republic12116 Posts
On July 29 2015 16:19 weikor wrote: Ok, on the other hand - lets assume blizzard CANT fix the hacks. Does it really matter?
Unless hes disrupting my game - drophack etc, or hes gaining an economical advantage - more minerals - the game is still winnable. Maphack really only punishes hidden expansions or cheesy builds you dont want scouted. Maphack basically provides the advantage of 1 scan in his base, and an SCV searching for hidden expos.
Im not trying to defend it, but think of it this way - maphack boosts you up one league, but unless youre winning money it makes no difference .
Imagine, You are diamond, Tony is Silver, and Bob is also diamond.
The other 2 decide that hacking is the way to go. So bob now advances to master league, but faces mechanically superior opponents - hits a wall and can barely improve - hes still a bad player. Tony has special service on his hack, advances to diamond - but you still crush him because he makes 30% less SCVS and spends his time supply blocked while looking at the map.
In any way, these players are still "Bad", and for 99% theres no other reason to play sc2 than self improvement. It's the frustration you get from losing against someone who is obviously worse player but has these aids and Blizzard is not doing anything, since the player was reported several times just by you personally.
This is the problem in a nutshell. Also there are cheaters in online tourneys. A year ago it was mentioned as a big deal, but as I don't play these I don't care that much to remember details.
And if you play for the fun - and usually fun is playing a good game with a chance of winning - you don't have fun playing a cheater. You cannot have. The outcome of the game is mostly not in yours hands. Fun, sure. Is playing against someone with cheat that shoots your head in CS fun? I wouldn't say so. And the "he's still bad" argument doesn't care the victims of his precise headshots...
|
On July 28 2015 23:42 RoomOfMush wrote: Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. you realize that security through obscurity is a sarcastic term and its actually a bad thing, right?
|
On July 29 2015 16:19 weikor wrote: Ok, on the other hand - lets assume blizzard CANT fix the hacks. Does it really matter?
Unless hes disrupting my game - drophack etc, or hes gaining an economical advantage - more minerals - the game is still winnable. Maphack really only punishes hidden expansions or cheesy builds you dont want scouted. Maphack basically provides the advantage of 1 scan in his base, and an SCV searching for hidden expos.
Im not trying to defend it, but think of it this way - maphack boosts you up one league, but unless youre winning money it makes no difference .
Imagine, You are diamond, Tony is Silver, and Bob is also diamond.
The other 2 decide that hacking is the way to go. So bob now advances to master league, but faces mechanically superior opponents - hits a wall and can barely improve - hes still a bad player. Tony has special service on his hack, advances to diamond - but you still crush him because he makes 30% less SCVS and spends his time supply blocked while looking at the map.
In any way, these players are still "Bad", and for 99% theres no other reason to play sc2 than self improvement.
Sorry, but that's not how it works. Counterattacking, dropping and mutalisk-play all become unviable with this. I've once played a hacker who made it to mass ravens. Good luck trying to get a fungal off if he always knows where your infestors are, even if you burrow them (I didn't even get close to his ravens). Techswitch based play - completely useless too.
|
On July 29 2015 16:40 brickrd wrote:Show nested quote +On July 28 2015 23:42 RoomOfMush wrote: Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. you realize that security through obscurity is a sarcastic term and its actually a bad thing, right?
Worked for Apple.
|
On July 29 2015 16:40 brickrd wrote:Show nested quote +On July 28 2015 23:42 RoomOfMush wrote: Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. you realize that security through obscurity is a sarcastic term and its actually a bad thing, right? It is not a "sarcastic term" it is a strategy. Some people believe it is a suboptimal strategy, but that really depends on the problem at hand. You can not say one tool is just bad. Its a tool, its designed to do a certain purpose. There are no bad tools, there might only be too few applications for them.
People who say "Security through obscurity" is "bad" really mean that it is worse then a solid foundation that allows you to use more profound security measures. Unfortunately the foundation in our situation is flawed (from a security point of view) and unlikely to change so security through obscurity suddenly becomes a valid option. Dismissing an option on the grounds of what others say is a very stupid move.
On July 29 2015 15:53 Archiatrus wrote: I do not think the weekly update thing works. I have no idea how this really works but I assume, that you somehow can "break" into the executable and make specific function calls. So if for example if the mineral count is saved every week on another place you can just update the hack by running something like: drone.deliverMinerals() or similar. Then you just profile which memory accesses are made and you now know where the mineral count is stored. Or for the production tab you run something like openProductionTab(). It will check whether you are a spectator or not. Well, there is the position for the spectator rights Boolean in the memory. Obfuscation of the values would also not work. Just say you build a drone, your worker has minerals, your worker shall deliver them. The last two you repeat 10000 times. You do not have to let it play this for real. Just set the has Boolean that it has minerals true and then deliver. Your cpu should run through this in no time. That way you have all the values from 0-50000 minerals that end on 0 or 5. Then you make some extractor trick at the beginning and you get the values that end on 4 and 9 etc. Actually, imo this "obstacle" would make it more fun to write the hack. To make it one level harder you could change the function names to random signs. The problem is that at some point the function has to be clear. If you press a hotkey the "hotkeyToFunction"-function needs to know what to do. You would not want your marines to manually detonate when you press stim;) So what you do is call the "hotkeyToFunction"-function with "[stim hotkey]" and monitor which function calls are made after this. Voila you know that 9q82(/&Hsjg& is in fact marine.stim(). So the plan is basically: poke it with a stick and see what exactly happens. Is this hard or tedious? Yes (depending on your hacking abilities). But after you have done it once you just write a script that replicates this very systematically poking and you just run it once per week.
Like I said, I have no idea whether the assumption that you can "break" into the executable, make and monitor function calls and memory accesses is too far fetched. And I am quite sure it is not as easy as described above, but I am also convinced there is no way to prevent or even make it too complicated to hack. The only way is to try to detect hacks somehow when they are used. But this is a lot harder on the blizzard side without violating your privacy. (And then I would be f*cked since I use the MMR Rating Tool;) ) That is not how it works. SC2 is not written in Java, it is a compiled program that you get in byte-code format. There are no functions, there are no methods, there are no classes and there are no structs.
All you can do is monitor the values in your RAM and change them and see what happens. There is no dynamic code analysis that you can perform. Detecting a "hack" is impossible when the hack simply reads and writes your RAM. The user is in full control of his/her computer and blizzard can do jack shit about that. If they want to read their own memory they can do so and you can not detect it or do anything about it.
|
I'm not sure you quite understand Blizzards anti cheat methodology. This is proven from the past. Warden is there to execute a payload of arbitrary code at any time. Blizzard just looks at the popular cheats programs out there, they write a detection routine and one day turn it on. Then they ban all the sheeple that were using it over a weekend in a big wave and make a story about it to scare others from trying it until next year. It's their cost efficient approach of taking out the trash once a year rather than cleaning up every day.
|
On July 29 2015 17:45 aka_star wrote: I'm not sure you quite understand Blizzards anti cheat methodology. This is proven from the past. Warden is there to execute a payload of arbitrary code at any time. Blizzard just looks at the popular cheats programs out there, they write a detection routine and one day turn it on. Then they ban all the sheeple that were using it over a weekend in a big wave and make a story about it to scare others from trying it until next year. It's their cost efficient approach of taking out the trash once a year rather than cleaning up every day. They can still do that. The method I proposed can be applied on top of that to make hacking more annoying for the casual hackers. Its a completely automated process that doesnt cost blizzard a penny except for the initial employment.
|
On July 29 2015 17:31 RoomOfMush wrote:Show nested quote +On July 29 2015 15:53 Archiatrus wrote: I do not think the weekly update thing works. I have no idea how this really works but I assume, that you somehow can "break" into the executable and make specific function calls. So if for example if the mineral count is saved every week on another place you can just update the hack by running something like: drone.deliverMinerals() or similar. Then you just profile which memory accesses are made and you now know where the mineral count is stored. Or for the production tab you run something like openProductionTab(). It will check whether you are a spectator or not. Well, there is the position for the spectator rights Boolean in the memory. Obfuscation of the values would also not work. Just say you build a drone, your worker has minerals, your worker shall deliver them. The last two you repeat 10000 times. You do not have to let it play this for real. Just set the has Boolean that it has minerals true and then deliver. Your cpu should run through this in no time. That way you have all the values from 0-50000 minerals that end on 0 or 5. Then you make some extractor trick at the beginning and you get the values that end on 4 and 9 etc. Actually, imo this "obstacle" would make it more fun to write the hack. To make it one level harder you could change the function names to random signs. The problem is that at some point the function has to be clear. If you press a hotkey the "hotkeyToFunction"-function needs to know what to do. You would not want your marines to manually detonate when you press stim;) So what you do is call the "hotkeyToFunction"-function with "[stim hotkey]" and monitor which function calls are made after this. Voila you know that 9q82(/&Hsjg& is in fact marine.stim(). So the plan is basically: poke it with a stick and see what exactly happens. Is this hard or tedious? Yes (depending on your hacking abilities). But after you have done it once you just write a script that replicates this very systematically poking and you just run it once per week.
Like I said, I have no idea whether the assumption that you can "break" into the executable, make and monitor function calls and memory accesses is too far fetched. And I am quite sure it is not as easy as described above, but I am also convinced there is no way to prevent or even make it too complicated to hack. The only way is to try to detect hacks somehow when they are used. But this is a lot harder on the blizzard side without violating your privacy. (And then I would be f*cked since I use the MMR Rating Tool;) ) That is not how it works. SC2 is not written in Java, it is a compiled program that you get in byte-code format. There are no functions, there are no methods, there are no classes and there are no structs. All you can do is monitor the values in your RAM and change them and see what happens. There is no dynamic code analysis that you can perform. Detecting a "hack" is impossible when the hack simply reads and writes your RAM. The user is in full control of his/her computer and blizzard can do jack shit about that. If they want to read their own memory they can do so and you can not detect it or do anything about it.
Hm I always thought you could find even after compilation the functions (or specific instruction patterns or.. sry I do not know how to call those). But how did the OP then find the anti-cheat code? So I can not run those "functions" from the outside on purpose. But what about the editor? You make a special map where the units make a certain set of instructions and you make snapshots of the RAM. See what changed after each instruction and then automatically deduce where what is stored? For example you walk over a mineral globe, get 100 mins, build spine crawler. So some value got up and than down to its original value. Then you run those map after each weekly update.
|
There are literally millions of values that change every few nanoseconds. Just watching for any change and trying to deduce which adress is the right one is a very suboptimal solution, especially if the original value might be obscured (through one of the means I originally described). It would be like picking the right grain of sand on the beach.
If you are interested in the detailed mechanics of reverse engineering I would suggest watching a video on this or reading a tutorial. There are actually videos where people show you how to write a hack for SC2 yourself. Alternatively do an internet search for "reverse engineering C++".
|
On July 29 2015 18:36 RoomOfMush wrote: There are literally millions of values that change every few nanoseconds. Just watching for any change and trying to deduce which adress is the right one is a very suboptimal solution, especially if the original value might be obscured (through one of the means I originally described). It would be like picking the right grain of sand on the beach.
If you are interested in the detailed mechanics of reverse engineering I would suggest watching a video on this or reading a tutorial. There are actually videos where people show you how to write a hack for SC2 yourself. Alternatively do an internet search for "reverse engineering C++". I think this is the best summary for why the weekly update idea is not a good one.
|
be aware using this. ReminD (wc3 pro player) got banned from Blizzard by using anticheat (in wc3 days).
|
making hacking very difficult or impossible can't be done. its been a problem for 20 years and lots of big companies have taken a shot at this issue and have failed.
many aspects of the online experience have been improved since 1995 by several studios. however, players using hacks continues to this day.
|
On July 29 2015 21:02 Dickbutt wrote:Show nested quote +On July 29 2015 18:36 RoomOfMush wrote: There are literally millions of values that change every few nanoseconds. Just watching for any change and trying to deduce which adress is the right one is a very suboptimal solution, especially if the original value might be obscured (through one of the means I originally described). It would be like picking the right grain of sand on the beach.
If you are interested in the detailed mechanics of reverse engineering I would suggest watching a video on this or reading a tutorial. There are actually videos where people show you how to write a hack for SC2 yourself. Alternatively do an internet search for "reverse engineering C++". I think this is the best summary for why the weekly update idea is not a good one. What? How? Nothing I said in that quoted post has anything to do with weekly updates.
|
I understand nothing about programming but it saddens me to hear this, but from reading your post it seems like you have no clue either about what to do about it? It sucks, but I guess hacking is something we are going to have to deal with. If Blizzard was just more proactive about catching players and looking at reports, that would at least be something.
|
Papua New Guinea1053 Posts
Blizzard is suing hack devs, just the big ones, and have been since the early days of WoW. And trust me, it's not a solution.
|
There is no new anticheat.
It's just the old one from HotS, applied onto LotV. So the cheat works the same by possibly changing 4-10 lines of code?
Blizz is lazy. But they have to find an anticheat, because Heroes of the Storm shares the same engine and the SC2 hack also serves to give vision, and I bet they have to do something about it.
It's 1 problem (engine-based) for 2 games, so they have to fix it some day, for sure.
|
On July 29 2015 17:31 RoomOfMush wrote:Show nested quote +On July 29 2015 16:40 brickrd wrote:On July 28 2015 23:42 RoomOfMush wrote: Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. you realize that security through obscurity is a sarcastic term and its actually a bad thing, right? It is not a "sarcastic term" it is a strategy. Some people believe it is a suboptimal strategy, but that really depends on the problem at hand. You can not say one tool is just bad. Its a tool, its designed to do a certain purpose. There are no bad tools, there might only be too few applications for them. People who say "Security through obscurity" is "bad" really mean that it is worse then a solid foundation that allows you to use more profound security measures. Unfortunately the foundation in our situation is flawed (from a security point of view) and unlikely to change so security through obscurity suddenly becomes a valid option. Dismissing an option on the grounds of what others say is a very stupid move.
One good example: even if you have a very good password in a server, there's no good reason not to change the SSH port. You gain nothing against the serious offender, but the random chinese brute force bots won't bother you.
|
I used to laugh at Avilo for constantly accusing his opponents of cheating until I played against a very blatant hacker in a game. I mean I hear about hacks here and there but never experienced very blatant hacking and after that experience, I pretty much lost interest in the game. Coming here and seeing how prevalent it is, I'm glad I stopped playing. It's just not fun playing a game with the goal of getting better and getting higher ranking when in the back of your mind, your opponents could be cheating.
|
On July 29 2015 23:54 bucckevin wrote: I used to laugh at Avilo for constantly accusing his opponents of cheating until I played against a very blatant hacker in a game. I mean I hear about hacks here and there but never experienced very blatant hacking and after that experience, I pretty much lost interest in the game. Coming here and seeing how prevalent it is, I'm glad I stopped playing. It's just not fun playing a game with the goal of getting better and getting higher ranking when in the back of your mind, your opponents could be cheating. How old are you ? Welcome to the real world. I can guarantee you that you'll see it everywhere, be it sport, politics, or anything. But hey, it's better to think that the world is fair and peaceful right ?
|
On July 29 2015 23:34 rockslave wrote:Show nested quote +On July 29 2015 17:31 RoomOfMush wrote:On July 29 2015 16:40 brickrd wrote:On July 28 2015 23:42 RoomOfMush wrote: Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. you realize that security through obscurity is a sarcastic term and its actually a bad thing, right? It is not a "sarcastic term" it is a strategy. Some people believe it is a suboptimal strategy, but that really depends on the problem at hand. You can not say one tool is just bad. Its a tool, its designed to do a certain purpose. There are no bad tools, there might only be too few applications for them. People who say "Security through obscurity" is "bad" really mean that it is worse then a solid foundation that allows you to use more profound security measures. Unfortunately the foundation in our situation is flawed (from a security point of view) and unlikely to change so security through obscurity suddenly becomes a valid option. Dismissing an option on the grounds of what others say is a very stupid move. One good example: even if you have a very good password in a server, there's no good reason not to change the SSH port. You gain nothing against the serious offender, but the random chinese brute force bots won't bother you. Thats not a counter-argument. As I said, whether a strategy is "good" or "bad" depends on the situation. A server password is a different situation then a massively multiplayer online game like starcraft.
|
On July 29 2015 17:31 RoomOfMush wrote:Show nested quote +On July 29 2015 16:40 brickrd wrote:On July 28 2015 23:42 RoomOfMush wrote: Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. you realize that security through obscurity is a sarcastic term and its actually a bad thing, right? It is not a "sarcastic term" it is a strategy. Some people believe it is a suboptimal strategy, but that really depends on the problem at hand. You can not say one tool is just bad. Its a tool, its designed to do a certain purpose. There are no bad tools, there might only be too few applications for them. People who say "Security through obscurity" is "bad" really mean that it is worse then a solid foundation that allows you to use more profound security measures. Unfortunately the foundation in our situation is flawed (from a security point of view) and unlikely to change so security through obscurity suddenly becomes a valid option. Dismissing an option on the grounds of what others say is a very stupid move. +1 obfuscation is an option and can work well in the hands of a skilled software developer for certain problems. obfuscation has been used for many years.
didn't the first few versions of MS Visual Studio come with an obfuscator ? i'm almost positive MS VS 2005 had one.
Many encryption methodologies include an element of obfuscation.
|
Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not?
An option could then be given in game "only match me vs. other people who've agreed to enhanced scanning".
Who here would be willing to go for such a system?
A lot of this talk of cheating & anti cheating stems from Blizz's inability to communicate well. This is something they've finally cottoned on to with the weekly community feedback blog, it just needs to spread to other aspects of their community interactions. For the life of me I can not recall reading of bannings due to hacking in sc2. Maybe if I idled forums where hacking was top priority I wouldn't have this opinion?
|
On July 30 2015 01:47 fruity. wrote: Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not? Because thats illegal in many countries in this world, whether you agree to it or not. Just because you agree does not make an illegal thing legal. You can agree to somebody murdering you, but they will still be trialed for murder in several parts of this world.
But what is the scanning going to do? You can only look for specific things, every time there is a new hack your scanning would be absolutely pointless. You would have to keep updating the anti-hack program just like you have to update your anti-virus programs. Blizzard is never going to do that because it means they have to constantly put more and more work into SC2 although they do not get any additional money for that.
|
On July 30 2015 01:56 RoomOfMush wrote:Show nested quote +On July 30 2015 01:47 fruity. wrote: Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not? Because thats illegal in many countries in this world, whether you agree to it or not.
Out of curiosity, which countries and which specific laws?
|
On July 30 2015 02:18 DonJimbo wrote:Show nested quote +On July 30 2015 01:56 RoomOfMush wrote:On July 30 2015 01:47 fruity. wrote: Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not? Because thats illegal in many countries in this world, whether you agree to it or not. Out of curiosity, which countries and which specific laws?
I'd love to know too. Or is it just rhetoric once read repeated?
Also how exactly does looking for hacks on someone's computer equate to a privacy issue? If they're not reading your email, or storing data on which sites you visit and so on, where exactly is the problem? It seems to me this whole issue is being bundled in with the likes of the NSA or GCHQs (and the like) Invasive data gathering strategies, and it shouldn't be.
|
Completely off topic question... but @OP are you the same Dickbutt that played Archeage on Tahyang?
|
On July 30 2015 00:58 JimmyJRaynor wrote:Show nested quote +On July 29 2015 17:31 RoomOfMush wrote:On July 29 2015 16:40 brickrd wrote:On July 28 2015 23:42 RoomOfMush wrote: Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. you realize that security through obscurity is a sarcastic term and its actually a bad thing, right? It is not a "sarcastic term" it is a strategy. Some people believe it is a suboptimal strategy, but that really depends on the problem at hand. You can not say one tool is just bad. Its a tool, its designed to do a certain purpose. There are no bad tools, there might only be too few applications for them. People who say "Security through obscurity" is "bad" really mean that it is worse then a solid foundation that allows you to use more profound security measures. Unfortunately the foundation in our situation is flawed (from a security point of view) and unlikely to change so security through obscurity suddenly becomes a valid option. Dismissing an option on the grounds of what others say is a very stupid move. +1 obfuscation is an option and can work well in the hands of a skilled software developer for certain problems. obfuscation has been used for many years. didn't the first few versions of MS Visual Studio come with an obfuscator ? i'm almost positive MS VS 2005 had one. Many encryption methodologies include an element of obfuscation.
I have a lot of experience with different obfuscation techniques in my line of work. It can help to delay the inevitable, but it is always possible to reverse it. You tend to have to mix various techniques of obfuscation to reach the most secure solution. Especially if you want to load your resources into the memory.
The problems we ran into with obfuscation is that the more secure and obfuscated we made our binaries, the bigger performance hit we took We fell into the trap trying to balance obfuscation with performance, but as soon as our binaries were sent to our security contractors they broke it within days and could freely read and write memory. The first time with just basic memory obfuscation was broken in house before we even sent in on review.
The only real solution is to have everything that is sensitive to take place server side and the client is kept as thin as possible. However I don't think a solution like that is doable for a game like StarCraft.
Honestly, I don't see a final solution to the hacking problem that does not impact the game too much.
One idea that has been thrown around is to implement crowd-sourcing for review of hacker replays. If a player gets reported, a replay for that game is uploaded with the report. Then players from the community can review the game. The names of the players as well as the chat is disabled to keep the players anonymous. If the community reviews flags the replay as hacking then Blizzard officials can have a look at it and deal out a ban if needed That way you'd get rid of the bulk of the replays of players that were not hacking but reported anyways and Blizzard only has to deal with the amount of replays that are left and flagged by reviewers.
|
On July 30 2015 04:17 JulDraGoN wrote: The problems we ran into with obfuscation is that the more secure and obfuscated we made our binaries, the bigger performance hit we took
obfuscating data in RAM... ya true. i was referring to obfuscation as a general technique...
On July 30 2015 04:17 JulDraGoN wrote: Honestly, I don't see a final solution to the hacking problem that does not impact the game too much.
yep, i agree. i'm sure we'll got lots of people trashing Blizzard when no RTS developer has come anywhere close to solving this problem.
|
I'm a laymen when it comes to in-depth computer science, but I've got an idea for an anti-hack system that Blizzard could implement. I remember back in WC3 there was an anti-hack for Dota that would crash the game if a hacks were being used because they could see an "invalid" unit that was hidden for everyone else. There was also a UMS for Broodwar that used a Scourge for a similar effect. Couldn't Blizzard do something similar in an actual ladder environment, and instantly ban the account that sees the "invalid" unit?
|
I'm sure this is all an intellectual orgasm for the IT people here, but surely the specifics are not that relevant. It's like drug cheating, you develop one way to detect or sport something you have 10X as many people trying to come up with another cheat.
Wouldn't it be better to have a better to have a better system to ban players who hack so that it discourages the behavior rather than trying to make the game hackproof.
|
Aotearoa39261 Posts
On July 30 2015 11:07 Lazo89 wrote: I'm a laymen when it comes to in-depth computer science, but I've got an idea for an anti-hack system that Blizzard could implement. I remember back in WC3 there was an anti-hack for Dota that would crash the game if a hacks were being used because they could see an "invalid" unit that was hidden for everyone else. There was also a UMS for Broodwar that used a Scourge for a similar effect. Couldn't Blizzard do something similar in an actual ladder environment, and instantly ban the account that sees the "invalid" unit? Only works for a time since you can probably code a hack to avoid looking at that unit. Some hacks will instead give you a replay type interface where you can see buildings in production/units in production etc which wouldn't trigger your proposed anti-hack.
|
United Kingdom20158 Posts
Nice work.
As long as people are talking about an issue there is hope, keep talking about it.
|
On July 30 2015 02:18 DonJimbo wrote:Show nested quote +On July 30 2015 01:56 RoomOfMush wrote:On July 30 2015 01:47 fruity. wrote: Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not? Because thats illegal in many countries in this world, whether you agree to it or not. Out of curiosity, which countries and which specific laws?
In germany the EULA is invalid. I don't know which law it contradicts with exactly and I'm to lazy to look it up right now, but it's invalidity is more or less common knowledge over here.
|
Blizzard just did a new "round" of bans, this time it seems they've finally caught some fishes. I went to a well known hacker forum (thanks google), and it seems lots of people using the famous "DSH maphack" got bans. Probably a little detection trick found by blizz and inputted in the last patch since every other hackers (even blatant ones) haven't got anything yet. Let's bet this hack gonna be fixed soon or that its concurrence becomes even more popular.
Of course it's only 1 software in a sea of 'em, but for once Blizz hit the mark with "ban waves" because past ones were mostly words without any real impact.
* Note DSH seems to be a paid hack, with the creator not being very active since a few months. Alternatives can be found eailly for free. Also note that some maphackers have "test" accounts with different tools/hacks and even behaviors (normal play, ful cheat) to continuously monitor Blizz' reaction.
|
On July 30 2015 11:07 Lazo89 wrote: I'm a laymen when it comes to in-depth computer science, but I've got an idea for an anti-hack system that Blizzard could implement. I remember back in WC3 there was an anti-hack for Dota that would crash the game if a hacks were being used because they could see an "invalid" unit that was hidden for everyone else. There was also a UMS for Broodwar that used a Scourge for a similar effect. Couldn't Blizzard do something similar in an actual ladder environment, and instantly ban the account that sees the "invalid" unit? Completely useless. If a hacker is smart enough to analyse SC2 and find all the necessary data and change it at will to do almost anything they wont even be bothered by a broken unit model. Simply not load the model, or the unit.
|
|
|
|
|