PDA

View Full Version : Hack Buster App.



Outlaw---
10-20-2007, 02:07 PM
Would the IL-2 server admins and players be interested in an applications that checks the player's game files client side and verifies them with a server? Note that this would require that the player run an application on his PC that communicated with a server to verify the validity of his files. It would also require that the server run an application that would kick any player not verified.

I'm just throwing this concept around in my head and I'm making some assumptions on some things but if the community is interested, I can start slinging code shortly.

The system could use a master server (like Hyperlobby does) that would be run by me to do the verification or each admin could run their own verification server. I note the master server option b/c IL-2 is resource intensive and I have no idea of how much load this application will put on the server. Obviously all network traffic will have to be encrypted and I couldn't even begin to guess the load such encryption would entail given the fact that doing the encryption libraries myself is beyond my realm of experience and desire to learn. I'm also making a couple of assumptions regarding the use of such an app. on a server that is already running IL2SC or somehting similar but I will have those assumptions verified tonight.

As with all applications, I know that the scope required for completion is at least 3 times the scope I'm looking at right now but I don't see it as that big of a deal since my dedicated co-op server app. contains much of the bare bones for this app. I'm looking at Java as the platform of choice right now with the secondary being .Net.

Anyway, I'm just running this up the flag to see who salutes so feel free to post all comments/flames at your leisure.


--Outlaw.

PF_Coastie
10-20-2007, 09:57 PM
Interesting concept Outlaw.

Bump^^

Outlaw---
10-20-2007, 10:53 PM
Thanks for the bump Coastie.

What I'm lookin' for here is a yes or no on player's and admin's willingness to use such an application.

Over 110 views and only a bump so far. With the "sky is falling" vibe about the hack I'm surprised, to say the least, at the lack of responses.

--Outlaw.

Tab_Flettner
10-20-2007, 11:22 PM
Your post and response seems curiously mature.

Almost like suggesting that 4.09 might solve the problem. Not sure how thats going to go over here, after all, the sky IS falling.

Burn you discs, its OVER people!

LW_lcarp
10-20-2007, 11:23 PM
Originally posted by Outlaw---:
Thanks for the bump Coastie.

What I'm lookin' for here is a yes or no on player's and admin's willingness to use such an application.

Over 110 views and only a bump so far. With the "sky is falling" vibe about the hack I'm surprised, to say the least, at the lack of responses.

--Outlaw.

The answer to that would be im not sure because we have to wait for the all impowering Oleg to decide what he will do about this situation.

Yes IL2 is a great game and most people want to see how the community that is IL2 will respond to the FM/DM hacks but no one want to be the first to do anything about it.

So wait til they get sick of being shot down more then once a session to say OMG we need to do something

-HH-Quazi
10-20-2007, 11:24 PM
You shouldn't have a problem for onliners willingness to use such an app. That is what we need & the majority wants I believe, which is a way to ensure online integrity of this sim. I would hope there are server admins on HL that would support & use such an app to more or less guarantee the m8s joining their server aren't using any modified FM's.

You started this thread this morning. I was hoping to see more support than this by now, or at least some questions or comments about the merit of such an app. Hopefully the online players that would like to support an app that would go a long to ensure online fairness & gameplay will post here in show of support for such an idea & be appreciative of your offer to provide such a tool. I for one think it is an awesome idea. You can probably use a hand in contacting and getting the thoughts of the server admins on HL to see if they would be willing to use such an app. Maybe someone familiar with some of those server admins will step in and offer to help you do that.

KUDOS to you sir for stepping up & for your willingness to create such a tool.

Freelancer-1
10-20-2007, 11:38 PM
What Quazi said http://forums.ubi.com/images/smilies/25.gif

I would have thought people would be all over this by now.

Curious...

AKA_TAGERT
10-20-2007, 11:39 PM
Great idea..

But..

If implemented..

The hacker could work around it..

For example.. simply have the orginal files in the dir that the 3rd party util looks.. but pull up the hacked files from another dir.. or have it resident in memory..

Lots of ways around that 3rd party checker..

Only reason the hacker has not gone to that trouble yet.. There has been no need to yet.. But if someone were to make a 3rd party check sum checker.. He probably would..

Long story short..

If the hacker is smart enough to break the SFS encryption code..

Than he is most likely smart enough to work around a 3rd party check sum util

Tab_Flettner
10-20-2007, 11:42 PM
What Quazi said Thumbs Up

I would have thought people would be all over this by now.

Curious...

What fun is a rational, measured concept and response to a situation, when instead I can run around screaming "we done for!" and hitting myself over the head with a 2 x 4?

LW_lcarp
10-20-2007, 11:53 PM
Originally posted by Tab_Flettner:
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">What Quazi said Thumbs Up

I would have thought people would be all over this by now.

Curious...

What fun is a rational, measured concept and response to a situation, when instead I can run around screaming "we done for!" and hitting myself over the head with a 2 x 4? </div></BLOCKQUOTE>

http://forums.ubi.com/images/smilies/agreepost.gif

Outlaw---
10-21-2007, 12:12 AM
Originally posted by AKA_TAGERT:
Great idea..

But..

If implemented.. The hacker could work around it.. Basically have the EXE pull up files from a different directory.. or have it resident in memory.. Lots of ways around that 3rd party checker.. The hacker has not done it yet because there has been no need up to now.. But if someone were to make a 3rd party checker.. He probably would..

Long story short..

If the hacker is smart enough to break the SFS encryption code.. That he is most likely smart enough to re-direct the link locations of the files loaded at startup.

Breaking anything is possible no doubt and the above is one of the obvious attempts to defeat the client side check. However, this is not a typical application in that it's not required to play the game. It's a choice by a server admin and the players have the choice to say no thanks. Therefore, anything goes. For example (and bear in mind that I'm still just throwing ideas around here), if you want to play on a protected server you must tell the security application where your game installation directory resides and the app. will automatically start the game from that directory. The game cannot be running already and as soon as the game is stopped the security application notifies the server that the player is no longer "safe".

Once again, hooks could be written to subvert such activities but IIRC, hooks can be enumerated and examined.

Also, the utility could require registration and username/password/IP tracking that would make a permaban system possible. Hell, make 'em register their MAC address if that's what it takes.

It's true that ANYTHING can be defeated but, that doesn't render it pointless to make it more difficult.

--Outlaw.

Outlaw---
10-21-2007, 12:15 AM
Originally posted by LW_lcarp:
The answer to that would be im not sure because we have to wait for the all impowering Oleg to decide what he will do about this situation.

What possible reason could there be for waiting for Oleg to do something?

--Outlaw.

na85
10-21-2007, 12:30 AM
Originally posted by AKA_TAGERT:
Great idea..

But..

If implemented..

The hacker could work around it..

For example.. simply have the orginal files in the dir that the 3rd party util looks.. but pull up the hacked files from another dir.. or have it resident in memory..

Lots of ways around that 3rd party checker..

Only reason the hacker has not gone to that trouble yet.. There has been no need to yet.. But if someone were to make a 3rd party check sum checker.. He probably would..

Long story short..

If the hacker is smart enough to break the SFS encryption code..

Than he is most likely smart enough to work around a 3rd party check sum util


What outlaw is suggesting is an application similar to Punkbuster or DefenseTurret or VAC.

They're not as easy to defeat as some would have you believe.

Von_Rat
10-21-2007, 12:37 AM
i would have no problem with this as a player.

getting the adimins of the most popular servers onboard might be a problem however.

in the long run after oleg drops all support, somthing like this might be the only salvation of online play.

Freelancer-1
10-21-2007, 12:40 AM
Originally posted by na85:


What outlaw is suggesting is an application similar to Punkbuster or DefenseTurret or VAC.

They're not as easy to defeat as some would have you believe.



I wonder if one of those could be used as is?

Or modified slightly to suit our need.

Are they proprietary or can they be used by anyone?

Could save Outlaw having to reinvent the wheel, as it were.

TX-Gunslinger
10-21-2007, 12:57 AM
I think that this is a great idea Outlaw - and would be a great service to the community.

This community has a quite noble history of problem solving from "within". The number of utilities produced by community members is expansive - with excellent quality.

Of course someone could get around it - but another iteration of code could "Bust" it up again. Imagine that 4.09 actually plugs this hole , but the hackers open it back up after 4.09's release.

Oleg's crew is not going to go back into again, if they even do with 4.09.

Difficulty is finding a skilled programmer who's also familiar and most importantly interested in Il2.

Seems as if that's you.

If you volunteered to do this - it would probably be one of the greater things ever done for the community - as it will allow for the extension of the life of the Il2-series, without impacting the production of SOW.

I support your idea 100%, if you can actually pull it off and don't mind creating a patch or two to plug future holes. Actually, even if you don't want to sign up for that headache - then I still support you.

Thanks

Gunny

rnzoli
10-21-2007, 02:29 AM
Interesting concept Outlaw, I think similar punk-buster applications did exist with other sims, even integrated with HL, but the results were mixed.

The biggest problem is what TAGERT said. They hackers are already 'inside the code', while the hack-buster would be trying to protect it from outside. Quite a challenge to say the least.

Nevertheless, I think too many people like IL-2 just to watch going down the drain, so I think we need to keep discussing the possibilities a bit. Even if 4.09 will solve the problems for time being, it may be hacked again, so thinking about alternative protection system is quite right timewise.

If I may give a suggestion, 2 crucial things would be necessary to make it difficult to break.
- the verification challenges should be randomly initiated from the server side, send to the agent on client side in encrypted format
- the agent itself must be encripted, preferably downloaded from the server every time you connect
- the agent on the client PC should test IL-2 integrity running in memory, not on the hard disk, because I think this is how the hack beats the encryption right now - it overwrites stuff in memory, not in the files.

Also if you want to beat the hackers, you must get very very familiary to the hack itself.

Airmail109
10-21-2007, 05:56 AM
http://www.punkbuster.com/index.php?page=registry.php

JG52MadAdler
10-21-2007, 06:09 AM
Its a good idea.
If it could be done and reliable.

Bearcat99
10-21-2007, 06:12 AM
We'd use it if it did the job.

AKA_TAGERT
10-21-2007, 08:55 AM
Originally posted by Outlaw---:
Breaking anything is possible no doubt
Is what I'm saying..

Well, the main point being if the hacker is SAVVY enough to hack the game, the 3rd party check sum util would be even easier IMHO. Programs like punkbuster are build into the game.. and most likely check the files prior to loading and once they are resident in memory.. and probably allot of other things we don't even think about doing. Not sure if your proposed 3rd party util will have the same ability to check memory resident stuff in that it is not part of the actual game code? Maybe it is a none issue, but I can see where checking the files prior to launch, during launch is doable.. but what about after they are loaded into mem? Can your util keep track of that? Does punkbuster?


Originally posted by Outlaw---:
and the above is one of the obvious attempts to defeat the client side check.
Obvious provided in that anything beyond that would have miss its mark.. ie the general none programing public. It is also only one example of many.


Originally posted by Outlaw---:
However, this is not a typical application in that it's not required to play the game. It's a choice by a server admin and the players have the choice to say no thanks. Therefore, anything goes.
I understand..


Originally posted by Outlaw---:
For example (and bear in mind that I'm still just throwing ideas around here), if you want to play on a protected server you must tell the security application where your game installation directory resides and the app. will automatically start the game from that directory. The game cannot be running already and as soon as the game is stopped the security application notifies the server that the player is no longer "safe".
That would/could make it harder on the hacker.. but still ways around it.. It all depends on how hard the hacker wants to work at it.. Most hackers would see that as a challenge and work day and night to defeat your util.. But this hacker appears to not be that sort.. He appears to just want to provide sounds for others to use and make a few AI enabled planes.. It is the other hackers that have seen the light due to his efforts that are toying around with swapping FM and such. On that note.. It appears that is all they have been able to do up to now.. Is swap one FM for another.. Not tweak an FM. That is to say, they can take the FM from the Me262 and apply it to a P.11 but they can not tweak the P51 FM to make it fly 25mph faster.. But that is only a mater of time. Sorry.. got OT there for a min.. So, your util IMHO would stop most of the hack users.. not the hacker himself.. but most of the users. Which is a good thing.



Originally posted by Outlaw---:
Once again, hooks could be written to subvert such activities but IIRC, hooks can be enumerated and examined.
True.. It really becomes a sort of COLD WAR mind set.. you build a missile.. We build two.. than you build two more to make three.. than we.. You get the picture.. Thus you could be caught up in something big here! http://forums.ubi.com/groupee_common/emoticons/icon_wink.gif


Originally posted by Outlaw---:
Also, the utility could require registration and username/password/IP tracking that would make a permaban system possible. Hell, make 'em register their MAC address if that's what it takes.
Which could be good could be bad.. For example.. Most of the people using the hack are using it for the sounds only.. They could get permaband for something like that along with some pin head trying to cheat with a Me262 FM applied to his P.11


Originally posted by Outlaw---:
It's true that ANYTHING can be defeated but, that doesn't render it pointless to make it more difficult.
Agreed.. Never said pointless.. Just pointing out that if the hacker is smart enough to hack the game, the 3rd party checker should be no problem for him to circumvent.

DooDaH2007
10-21-2007, 10:14 AM
I come from a game called Battlefield 2, a fps which has it's own dedicated anti-cheat program called punkbuster...
Punkbuster gets updated every month or so, but it has proven to be near useless against hacks...

The idea is nice, but implememting it will be very very hard, because hackers find a way...
It would end up driving you nuts...

triad773
10-21-2007, 10:19 AM
What if the 3rd party utility checker checked the SIZE of the IL-2.exe?

With any hack I might guess it would be difficult to match exactly to the byte the size of the expected executable.

Just a thought.

msalama
10-21-2007, 10:27 AM
The sky falling? Hardly, but I still support this idea wholeheartedly. Would still leave offline moddable to everyone who's interested...

So yeah, I'm behind this 100%. S! Sir.

Airmail109
10-21-2007, 10:32 AM
If I were Oleg Id revert to selling BOB through download only and add in some code that ruins the games files if you try and hack it

Punkbuster has been fairly effective, Its API and memory monitoring has proven very useful. For example If it detects code that doesn't match the games, it'll trigger an alarm and if admins find it to be a significant cheat you may get hardware banned. Lots of known cheats also carry an instant hardware ban.

na85
10-21-2007, 11:28 PM
DefenseTurret is an anti-cheat for Tribes 2

DT works as follows:

Step 1: Server is running, with DT installed.

Step 2: Players wishing to play on that server must run IL2 through the DT client. Think of it as a 'launcher' for the game. Incoming connections that are not through DT are denied.

Step 3: The server and the clients confer with each other and compare files, building a consensus.

Step 4: If any client's files don't match the consensus, it is dropped (kicked, banned, whatever) from the server.

So basically, if I join a server running DefenseTurret, and I've got hacks installed, my data won't match that of the other clients, and the server will see this discrepancy. Presumably I would then be banned.

I think a system like this could be easily worked for IL2. Discuss.

LEXX_Luthor
10-22-2007, 03:49 AM
mslama::
The sky falling? Hardly, but I still support this idea wholeheartedly. Would still leave offline moddable to everyone who's interested...
A mod like this would let Offline players and Online players who have confidence in each other play the mack, while anonymous public servers and their players can choose to play without worrying about cheating, although worries about eventual re-hacking may remain. Outlaw would become the sim's maintainer of public server integrity, displacing the Moscow Bureau?

FB/PF might eventually become like open modded Online play RB3D where people have to trust each other (me thinks), or does RB3D today have anti-modding protection for anonymous play on public servers -- at least something that detects varying FM files? Perhaps, a mod can provide anti-mod protection? http://forums.ubi.com/groupee_common/emoticons/icon_wink.gif

BBB_Hyperion
10-22-2007, 04:09 AM
Not a new idea the main problem is the client protection itself and the workload of the filechecks md5 or crc etc. Maybe read a random sequence into buffer and check with a online libary for a correct crc to reduce performance impact.

I would rather like to see a more open approach of the il2 code that allows to work from the inside instead of restricting it. (i don't talk about fm data etc).

BrotherVoodoo
10-22-2007, 11:36 AM
+1 Here. With minimal work being done by Oleg to fix the current exploit it seems we may need something community driven.

Zoom2136
10-22-2007, 11:54 AM
YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES

And did I say YESSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

Zoom2136
10-22-2007, 11:57 AM
Or we may have to set up new password protected server that are for "trusted user only" where one would have to be invited.... and when one is spotted cheating... is kick with no but or if...

Billy_DeLyon
10-22-2007, 12:18 PM
Glad you brought this up, Outlaw. It's an idea I got to pondering from reading some of these other threads, esp. the one with Oleg answering some questions about BOB and talking about 4.09 a little bit, in which he (to my disappointment) seemed to say that they weren't putting much effort into stopping the current hacks..

I don't know squat about programming, but I was wondering if some of the more savvy community members might step up and develop some new server software that could somehow verify the integrity of the client. If this could be done effectively there's little doubt in my mind that it would be crucial to the health of the online community.

The other solution of course is private servers where everyone knows everyone and is trusted, which might be OK for those who fly every Saturday afternoon from 2-4 PM or something like that, but in the long run it seems like that would just lead to fewer people to fly against and a slow, steady decline in the community where no new pilots come in to replace those who lose interest and move on..

SO... +1! Keep the public servers healthy! http://forums.ubi.com/images/smilies/25.gif

BBB_Hyperion
10-22-2007, 01:52 PM
Problem Zones
-secure client server authorization
-client debug security
-transfer protocol security
-server integrity check (so no one can setup a server that let some cheat others not)
-performance impact

for secure transfer it is possible to use il2 protocol sending chat from client to server only.

For the client security the idea could be plain and simple it does not contain any code only methods to get it via .net remoting and only part of the code can be executed while checked data had correct code it will decode it's own runtime with the sequence it checked if that was wrong file is not identical and it does not know what to do except maybe close il2 down .)

na85
10-22-2007, 01:58 PM
for secure transfer it is possible to use il2 protocol sending chat from client to server only.

For transferring what?

Using SSL and TCP/IP one could set up an encrypted session via a 3rd party launcher. If the clients are exchanging a few numbers every 5 or 10 minutes it would have a negligible impact on bandwidth

BBB_Hyperion
10-22-2007, 02:19 PM
When you consider ssl secure depending on encryption method of course. Il2 uses a non standard protocol so it is way harder to get behind it with military like encryption while to find an approach for ssl may not take that long. Further you would need additional host channels and ports that are provided , firewall etc problems.We can just use the il2 connection itself to avoid work and sending ,receiving on local console port of il2. How many numbers must be send and received is of course vital for the connection so the amount must be reasonable but enough to detect a cheater in a approx. max of 10 minutes.

LEBillfish
10-22-2007, 03:05 PM
Well I know NOTHING about how to impliment such things....Yet can add this from just under a decade of online flight sim experience between the RB3d & IL2 sims...

At this point, adding any anti-hack software is a good idea. Sadly however it will at this point now not stop accusations of "hack or cheat", some will be able to bypass it as they have others, and sadly in their desire to be admired will share how with those less skilled....So though cheating which is already showing more and more online will be reduced, in the end it will not vanish.

YET, that's no excuse to NOT try to impliment something.

That said, as to the issue of "Trusted Players".....Sorry to say yet some who fly now who up till this time you trusted are NOT trustworthy. They have been using cheats all along, and now having the ability to hedge it even more will do so. As winning against another means more then against self.

Point blank, leave a server open to modding and it will be past what you wish for. DOn't and they'll try and find a way around it.....For in the end, being a pathetic ego needy dweeb knows no bounds.

na85
10-22-2007, 05:35 PM
Originally posted by BBB_Hyperion:
When you consider ssl secure depending on encryption method of course. Il2 uses a non standard protocol so it is way harder to get behind it with military like encryption while to find an approach for ssl may not take that long. Further you would need additional host channels and ports that are provided , firewall etc problems.We can just use the il2 connection itself to avoid work and sending ,receiving on local console port of il2. How many numbers must be send and received is of course vital for the connection so the amount must be reasonable but enough to detect a cheater in a approx. max of 10 minutes.

Not sure what you mean by non-standard protocol or military encryption. IL2 communicates via UDP and TCP-IP protocols.

SSL and TLS are not easy to break. It would take days for a modern home computer to brute-force 128-bit encryption, so forgery of the data would not be a problem.

cmirko
10-23-2007, 07:47 AM
nice idea outlaw http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif 102nd servers would use your app http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif

Zoom2136
10-23-2007, 08:08 AM
Hey Outlaw talked to Sparx of Warclouds last night about your idea and he was interested in it...

If it is made to work he would most certainly implement it....

Regards,

-HH-Quazi
10-24-2007, 05:15 PM
There you go Outlaw. Sparx will give this program that you create a shot if you will write it m8. I certainly hope you will.

FA_IKKYO
10-24-2007, 05:29 PM
Hello Outlaw,it has been a long time since I have chatted with you. I would be very much interested in this program. Maybe something like a server side app that can find a hacked file when a person comes into the server.

I think that it would have to be server side only as you and I know that people will not want another app running on their machines. You can meet me on Winds of War teamspeak and we can discuse this.

Airmail109
10-24-2007, 05:41 PM
Originally posted by FA_IKKYO:
Hello Outlaw,it has been a long time since I have chatted with you. I would be very much interested in this program. Maybe something like a server side app that can find a hacked file when a person comes into the server.

I think that it would have to be server side only as you and I know that people will not want another app running on their machines. You can meet me on Winds of War teamspeak and we can discuse this.

Would most likely need an app. on the client side as well.

People will be willing to use it, if they cant join their favorite server without it.

MrMojok
10-24-2007, 05:49 PM
yeah, and this may well be the last hope for the online future of this sim.

I'm not sure what my situation is going to be hardware-wise and money-wise in coming months, and I may well not get into BoB for quite some time because of that.

I've quit flying altogether while this furor over modding is ongoing, and I suspect I'm not the only one. I'd be willing to run an extra app on my end if it meant I would know everyone in the air is legit.

Dagnabit
10-24-2007, 11:07 PM
Im not sure where to start here ladies & gents, but I want to help. I know absolutly nothing about online play, but I do understand the problem. I agree with Bearcat, that if it will work it should be implemented.
BC and maybe others have already said that if you think someone is cheating to make a track to have proof. Also collect as much info on the alleged cheater as you can, maybe even engage them in conversation to "get to know them better". Dont accuse and dont flame them just do a recon of the situation and how they react just for starters.
But what to do with collected info..Perhaps a couple of volunteers here can set it up with HL to screen suspected tracks, and vote on what actions should be taken. Can IPs be permenantly banned? If so put the spurs to them. Ban them here too if possible. Also maybe a thread posted here or wherever the most online players will see it with the names of the cheaters, and how they operate, specific types of cheats detected, their fav ride, whatever.
Cooperation with HyperLobby is the key as I see it, and I think most will agree that a strong defense there is a must. But a strong defense dosent win many battles, it takes a combined strong offense for that. Thats why I think cheaters should be pointed out
to all, and ostracized.
In our favor, is that there are vastly more of us that want a clean gaming experience, than the ones who would rather cheat.
I dont get it though how a whole squad could continue for long at cheating and still be around? Are people afraid to tell or what? Well I think its time to take some action on this, and I wouldnt wait for Oleg or .409 to do it. No offence intended to Oleg here at all, but I wouldnt count on the next patch for much in the way of correcting this without hearing something specific which to my knowledge we havent.
As I said I am very ignorent regarding online play, and I apoligise if this seems all very oversimplified. I am just trying to throw some ideas around and hopefully stimulate some thoughts with those of you who may come up with something better. At least be assured I am not a cheater....I dont play online (though Im considering it)...and I have enough trouble "hacking' my cars ignition even with key in hand. http://forums.ubi.com/images/smilies/35.gif http://forums.ubi.com/images/smilies/compsmash.gif http://forums.ubi.com/images/smilies/35.gif
Dag

Outlaw---
10-25-2007, 10:47 AM
I am still considering this app, however, for the next few days I'll be climbing around the tops of two loop reactors a billion feet off the ground. Fortunately for me they are shut down right now so the platforms aren't swaying back and forth and there are no live steam lines or heat exchangers to raise the temperature to unimaginable levels. After next week we will have turned in our estimate so things will hopefully slow down a bit on the work side and speed up a bit on the goofing off side.

As we all know, there is no way to completely hack proof anything and IL-2 does not expose an API like Half-Life and Unreal do. So, while the concept is the same, the application is not very similar to the anti-cheats available for those platforms. Due to the lack of an API, a server side only implementation is 100% impossible. If players and admins are not willing to accept this, then it's a no-go.

Has the FM hack been released into the wild? I have yet to find an English language source with instructions for the FM hack. If anyone has the FM hack, please PM me with the info. The sound hacks are easy to defeat b/c, from what I've been told, they change the files on the disk. The FM, however, apparently modify values in memory only, which might prove very difficult to defeat without some close cooperation with Oleg and crew (in which case they would most likely just write it themselves).

There is still some testing to do on my side before I even know if what I want to do can be done but that should be finished up this weekend. I'll post more as soon as I know more.

--Outlaw.

-HH-Quazi
10-25-2007, 10:54 AM
Thanks for dropping by & letting us know you are still willing to give this a shot Outlaw. Good to know m8.

Viper2005_
10-25-2007, 11:05 AM
My post half-way down the page I link to below may be of relevance.

http://forums.ubi.com/eve/forums/a/tpc/f/23110283/m/4861079006/p/2

LEBillfish
11-24-2007, 01:28 PM
I know NOTHING about software, yet What if.........

1. The program is installed in the IL2 directory and activated at start-up upon entering a new game (or new player joining a server) *****.

2. in each file (or relavent) that "never" are meant to change within the IL2 software a simple single character code was placed in 5-10 spots........These places within each file obviously spaces......The single character 1 of perhaps as many are available (1-0, A-Z, various others yet all available in normal software coding).

3. The program makes random checks upon the users files first....If they do not match, the game will not connect publically.

4. If 3 passes, The users check program checks to see if the opposing simply "has" the check program....If not, the connection is refused *****.

5. If 4 passes, the check program (user side) randomly selects from 3-10 files to check of all available......It then randomly selects which "spot" to check within that file and "matches" it to the users.....(IOW, if the users file 73 has in spot 327 in file "6", it checks for the opposing user to have the same)......Point being if the code is altered, the text positions "may" change.....If any of the single file/spot checks fail, the connection is refused.

6. These checks being very minimal and simplistic utilizing minimal resources hence allowing "re-checking" at user determined intervals (2 min, 5 min, 10 min, etc.) to insure the software has not been switched out...(someone utilizing 2 game locations one clean one dirty).

***** = the program is a 2 way communication just like our sim communicates....Most of it client side, yet to move on requiring a response server side back and forth....In fact, if integrated into the IL2 software the communication tools there........So, not only does the software check its users own, it checks the opposing......When requesting information it does not ask for a pat response....It asks that the opposing persons software makes those checks and then reports back.

In this way, it is not just server based, yet also client based (so if say you clean software join a dirty server, you will be informed and the connection terminated).....However, a "server" once checked may give its last response if a new request is made under "X" minutes....The point of that is to keep a server from having to constantly check itself from overly attentive players.

Speed checks and so on need to still be utilized, and it may MISS where a file has been altered as it will not check every file....Yet the point to try and avoid any hacking.....Item 3. above if not utilized would allow hacked games to play with other "equally hacked" games, however would be instantly rejected by all others without consideration that run item 3.


Just some random thoughts from a pc weetawd.

ElAurens
11-24-2007, 01:59 PM
In the "Life After" thread I suggested just such an anti-cheat solution.

For it to be fully effective it would have to come from Oleg/UBI/1C, require the use of a dedicated online game lobby, replacing Hyperlobby and All Seeing Eye, And be run on a real server stack, not a spare PC in someone's bedroom, in the manner of most FPS games.

I'd be all for it.

Outlaw---
11-24-2007, 02:32 PM
Originally posted by LEBillfish:
I know NOTHING about software, yet What if.........


A CRC check of the file, or parts of the file, is what you're looking for and is simple to implement. In fact, it's the core of the hack buster app. There is no need to put certain codes in certain places in the file. A CRC can determine if any two files are modified without any special encoding of the file itself.

As I mentioned in my initial post, the hack buster app. will have to be a client server app.

It does not have to come from Oleg, UBI, or 1C to be effective if all you are doing is checking files, however, it will almost certainly have to replace services like Hyperlobby. I don't think many people will be willing to do that, which is why I haven't progressed beyond some proof of concept code. Well, not too much. http://forums.ubi.com/groupee_common/emoticons/icon_wink.gif

--Outlaw.

WilliVonBill
11-24-2007, 03:27 PM
Excellent, Outlaw! Speaking as one "from the Dark Side" who is completely an offline player, I certainly hope this app works. Would love to see the online crowd regain a measure of security so we can stop sniping at each other.

S! to you sir!

ElAurens
11-24-2007, 03:29 PM
Outlaw, please understand I am not trying to diminish your efforts. Creative solutions are needed.

However, what we really need is something "from the top". An all encompassing solution from the developers would be the best solution, as it would not be optional. If you want to play online you would need to go there. It's the only way. Any optional solution, no matter how innovative or well done, won't work as it will not be used across the board. What we will end up with is a patchwork of solutions, and non-solutions floating around and it will be guesswork on the user's end as to what is going on.

The solution must be universal.

Outlaw---
11-24-2007, 06:04 PM
Originally posted by ElAurens:
However, what we really need is something "from the top". An all encompassing solution from the developers would be the best solution, as it would not be optional.

I disagree. Server operators should not be forced to use it if they don't want to.


Originally posted by ElAurens:
Any optional solution, no matter how innovative or well done, won't work as it will not be used across the board.

That sounds ridiculous to me. Just because some servers implement an anti-cheat mechanism and some do not, does not mean that the anti-cheat does not work.

The hack is out there, many people want to use it, and we must adapt. If a universal solution is implemented to defeat the cheats then a widespread universal attack will be in demand on a larger scale. Supply will react to meet the demand. If, however, those server operators that want to allow the hacks are allowed to, there will be much less demand for the universal attack and, thus, much less distribution into the wild.

That's the reasoning behind Oleg's remarks about having two modes (official and unofficial) for SOW. Unofficial servers will allow unoffical mods but official servers will not. That's similar to the concept behind Battlefield's "ranked" designation, although money was the reason behind that rather than anti-cheat.

--Outlaw.

96th_Nightshifter
11-24-2007, 07:22 PM
I totally agree that the "Hackbuster" program should be optional for the servers that want to use it.

It lets those that want to use the hacks use them freely on whichever servers don't have the "Hackbuster" program and those of us who want to know with more certainty that we are playing on a a level field will fly in the "Hackbuster" protected servers.

Basically keeps everybody happy and if those that wish to use hacks/mods can still use them then like already stated there will be no need for hackers to go in guns blazing to hack the "Hackbuster" servers.

I'd like to point out that I have yet to see any evidence of FM mods whilst flying online so I'm betting that those that wish to fly in "protected" servers will massively out weigh those that don't so this program is well worth the effort and would be widely used.

bigbossmalone
11-24-2007, 07:22 PM
I applaude your idea, Outlaw, but honestly think it would be like p*ssing into the wind.
Cheaters will find a way, always.
The scary part of this thread is how people seem to think that cheating is rife/rampant, where I have yet to see any evidence supporting this...?
If there are cheaters about, I would put them at 1,2, maybe 3% of the community? Can't we just hunt them down and ostracise them?

ElAurens
11-24-2007, 07:25 PM
They'll do it anyway, or try.

They need to bee squashed like bugs, IMHO.

Sorry , but that's how I feel about it.

LEBillfish
11-24-2007, 07:31 PM
Originally posted by Outlaw---:
It does not have to come from Oleg, UBI, or 1C to be effective if all you are doing is checking files, however, it will almost certainly have to replace services like Hyperlobby. I don't think many people will be willing to do that, which is why I haven't progressed beyond some proof of concept code. Well, not too much. http://forums.ubi.com/groupee_common/emoticons/icon_wink.gif

--Outlaw.

Disagree with this in that if a solution is found, then it can be submitted to Maddox Games for review (which would take little effort)....and then could be released back to the community with their finallized version.

To those that want it optional for servers to install it or not, to that I say fine, that tells me a LOT about that server..........Hence my suggestion it be a 2 way check from server to client and back.....As frankly, I want to know if the server is credible or not and all on it.

That would also mean 3 end possibilities.....

1. Only clean installs can fly together...
2. Only "similarly" hacked versions can fly together...
3. Free for all, fly there at your own risk (if not used).

With such a system I don't even see how the hackers could complain.....and if they don't use it, tells me a whole lot as well http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif

96th_Nightshifter
11-24-2007, 07:37 PM
Originally posted by LEBillfish:

With such a system I don't even see how the hackers could complain.....and if they don't use it, tells me a whole lot as well http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif

Exactly, it would be a wasted effort on their part, they have already hacked the code, if people can still freely use the hacked code then why would they mind.

ElAurens
11-24-2007, 07:58 PM
Yup, somebody stole my car, but I get it replaced on the insurance, so why not let the thief keep my original car?

Sure are some sick minds at work here.

Outlaw---
11-24-2007, 09:41 PM
Originally posted by LEBillfish:
Disagree with this in that if a solution is found, then it can be submitted to Maddox Games for review (which would take little effort)....and then could be released back to the community with their finallized version.

This is incorrect. It would be quicker for them to implement it from scratch than it would be to integrate someone else's code. The only thing they could do with little effort would be to distribute it along with the game which doesn't guarantee it would be used. Also, it would put the burden of support and running the anti-cheat server on their backs, which I doubt they are willing to do.


Originally posted by LEBillfish:
To those that want it optional for servers to install it or not, to that I say fine, that tells me a LOT about that server

EXACTLY my point.



Originally posted by LEBillfish:
..........Hence my suggestion it be a 2 way check from server to client and back.....As frankly, I want to know if the server is credible or not and all on it.

The overwhelming majority of the server's job is marshaling information between clients. Hacking the server would not really make sense since all the flight model calcs are done on the client. The only useful thing you could hack on the server would be something that treats specific clients, such as squad members, differently (ie, AI doesn't target them, no speed checks performed, etc.). Adding these specific checks would increase the load on an already resource intensive application. A client side hack would be more useful (and thus have a larger demand) in that it would work on every server.



On another note...

From my observations, it appears that there are several different kinds of people involved in the hacks. First, there is the person(s) who actually hacked the code. They are the only true hackers. Then there the people who put that hack to use (ie build sound mods, enable different AI as flyables, etc.) Let's call them hack-developers. Then there are hack users. They are the people who just want cool new stuff. They have no idea, nor do they care, how the hack works. In fact, half of them can't even install the hacks without significant help.

Hacking something like IL-2 that does not expose an API is difficult to say the least. However, the actual hack could easily be the LEAST DIFFICULT part. Making it flexible and easy to use (note that the term easy is relative here) is probably a much larger job than just getting past the security.

Now, the brilliant observation that cheaters and hackers will always try no matter what has been acknowledged and agreed on by everyone in the world. I know it, you know it, Oleg knows it, the whole freakin' world knows it. We also know that at least one of them will succeed.

We also know that a large (dare I say overwhelming?) percentage of the users of the hacks are NOT using it to hack flight models. They want the flyables, different sounds, map mods, etc. Furthermore, an overwhelming percentage of the aforementioned hack users do not want, NOR WOULD THEY USE, a FM hack IF they can get what they want without it.

I liken the situation to the "war on drugs". Ask any DEA agent (or at least the ones that I've asked) and they will tell you it can't be won. There will always be a supply because demand is high. As long as it's illegal there will be collateral damage. You can take the high road and guarantee the collateral damage, or you can accept a certain amount of losses and bring the collateral damage to practically nothing.

So, if anti-cheat is required in every server, then there will be a large demand to hack the anti-cheat (regardless of it's source - 3rd party or 1C) as well as the game. There will also be a demand to make the hack flexible and easy to use so the hack developers can package them up for the hack users.

If the hack users are allowed to use their hacks (whether existing or new) on non-protected servers then there will be less of a demand to hack the anti-cheat. Note that it won't stop the hacker from trying, succeeding, and posting a you-tube video to prove he's done it. BUT, it might lessen his desire to develop that hack up into a truly useful package.

I'll shut-up now.

--Outlaw.

M_Gunz
11-24-2007, 09:43 PM
Originally posted by Outlaw---:
For example (and bear in mind that I'm still just throwing ideas around here), if you want to play on a protected server you must tell the security application where your game installation directory resides

And who needs a hacker to get past that? Not even a kid.

My first thought on seeing the first post of the thread was "how will you find the install"?

Sorry but I'd already posted about this, the check must be performed from inside the running
game. I also emailed to Oleg this and about a fast simple yet *complete* file check already
part of another software that possibly Maddox Games could license app code for seeing as how
the check is no secret. Anyone who has run QuickPar knows how well it works.

A CRC file? OMG! Make one on a clean install and copy it to the hacked that will run!

It does not take code to defeat anything suggested in this thread for 3rd party.

Outlaw---
11-24-2007, 09:57 PM
Originally posted by M_Gunz:
And who needs a hacker to get past that? Not even a kid.


There is nothing to "get around" at this point.


Originally posted by M_Gunz:
A CRC file? OMG! Make one on a clean install and copy it to the hacked that will run!


Please read the post. I did not say a CRC file, I said a CRC CHECK of a file (multiple files actually). The CRC checks are performed and the results validated against a server.


--Outlaw.

96th_Nightshifter
11-25-2007, 03:07 AM
Originally posted by ElAurens:
Yup, somebody stole my car, but I get it replaced on the insurance, so why not let the thief keep my original car?

Sure are some sick minds at work here.
Now that it is hacked the hacked version will be used period.

There is nothing that can be done about it now, it has been hacked it cannot be un-hacked so we have to roll with it and "adapt" as already mentioned.

Giving people a way to fly in servers with more security that won't allow the hacks, lessens the motivation to hack a "you MUST fly this way" game, seems like the only sensible solution.

1C I would imagine won't have the time to do much about this so why not have the community come up with a working solution?

MelloYello
11-25-2007, 04:32 AM
Hello guys i havent got il2 1946 yet but will have very soon, cheaters are a problem in this game aswel i take it http://forums.ubi.com/groupee_common/emoticons/icon_frown.gif Punkbuster would probaly be the best programe, VAC is cack as ive played cs for a mere 6 years and saw cheaters everyday almost. The kind of utility your talking about sounds kinda familiar in the sense of server side "kicks you if not running" sounds abit like thesgl anticheat but that took screenshots fo what you was looking at aswel. anyways my 2 pence if cheaters are a problem then some form of anticheat would be great http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif

ElAurens
11-25-2007, 09:44 AM
Nightshifter,

I know that the virus is out of the test tube and can never be put back. It just saddens me to see people that I once thought to be upstanding memebers of the community now behaving like spoiled little kids in the candy store. I am angry about the hackers sure, but more than that I am saddend by the actions of lots of members who have no moral backbone.

And you are all naieve if you think the community can come up with a solution. It has never happened before in any other sim/game in this genre.

It will end up just like RB3D, no one will know who is running what, and the whole thing will come down like a house of cards.

Mark my words here.

Urufu_Shinjiro
11-25-2007, 10:03 AM
Originally posted by MelloYello:
Hello guys i havent got il2 1946 yet but will have very soon, cheaters are a problem in this game aswel i take it http://forums.ubi.com/groupee_common/emoticons/icon_frown.gif Punkbuster would probaly be the best programe, VAC is cack as ive played cs for a mere 6 years and saw cheaters everyday almost. The kind of utility your talking about sounds kinda familiar in the sense of server side "kicks you if not running" sounds abit like thesgl anticheat but that took screenshots fo what you was looking at aswel. anyways my 2 pence if cheaters are a problem then some form of anticheat would be great http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif

Don't let the paranoia around here fool you. There is very little cheating going on in this game. There was a very small amount of cheating going on before the hack, there is very little cheating going on since the hack. These people can tell you all day long "now that the hack is out FM cheats are super easy", well I guaranty none of them could do it if they tried. And just because a thing can be done does not mean that it IS being done. I, nor my squad mates have seen any more cheating since the hack came out than we did before, which is still to say very little.

K_Freddie
11-25-2007, 10:50 AM
http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif don't you believe Urufu_Shinjiro..

There are a lot of newbies joining this game and it has a heavy leaning curve, one item is being cannon-fodder online to the vets.

The temptation to adjust the FM of say 10% is big, and is very noticable in critical moments. Only the vets will pick this up as they know the a/c limitations AND this 10% makes a big difference.

http://forums.ubi.com/groupee_common/emoticons/icon_cool.gif

Urufu_Shinjiro
11-25-2007, 11:36 AM
Originally posted by K_Freddie:
http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif don't you believe Urufu_Shinjiro..

There are a lot of newbies joining this game and it has a heavy leaning curve, one item is being cannon-fodder online to the vets.

The temptation to adjust the FM of say 10% is big, and is very noticable in critical moments. Only the vets will pick this up as they know the a/c limitations AND this 10% makes a big difference.

http://forums.ubi.com/groupee_common/emoticons/icon_cool.gif

Yes, the temptation is there, my point remains, have you seen an increase in cheating? Are you sure or just paranoid, that is not an insult but a question that needs asked the way things have been here lately. And lastly it is not as bloody easy to change FMs as everyone suggests.

I'm not trying to turn this into another us vs them thread, I'm just letting MelloYello know that this is not the same sort of cheat fest that most online games are. I'm very much for an anti hack checker, would very much like two modes, one that keeps out everything but original game version, and a mode that just checks for FM/DM changes. This would be a great healing tool for this wounded community.

XyZspineZyX
11-25-2007, 11:58 AM
Can't work for offline

Anybody here like FSM's campaigns? Well you can forget about having planes that behaved as he expected them to in his missions. It's just been kicked out the door

Offline suffers perhaps more so than online with the hack. When the player's plane climbs too well, flies too fast, or does anything the builder didn't plan for, it breaks the mission. Same with AI

MelloYello
11-25-2007, 09:25 PM
thats cool if its not riddled with cheaters etc. i just played my copy of forgotten battles on campaign and blow me side ways its way better then cfs3 and handles much sweeter on my dog of a comp http://forums.ubi.com/groupee_common/emoticons/icon_biggrin.gif oh and looks alot better aswel http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif
PS. cant wait till my copy of 1946 comes through my letter box http://forums.ubi.com/groupee_common/emoticons/icon_wink.gif

M_Gunz
11-25-2007, 10:30 PM
Originally posted by Outlaw---:
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by M_Gunz:
And who needs a hacker to get past that? Not even a kid.


There is nothing to "get around" at this point.


Originally posted by M_Gunz:
A CRC file? OMG! Make one on a clean install and copy it to the hacked that will run!


Please read the post. I did not say a CRC file, I said a CRC CHECK of a file (multiple files actually). The CRC checks are performed and the results validated against a server.


--Outlaw. </div></BLOCKQUOTE>

You miss the point and answer pieces only. This I get for bothering to explain.
As long as you rely on the player to find the files being USED, anything you write is easy
to fool.
Will you check the entire machine for all copies? CAN you in all cases?

From much thought, the answer must lie within the running game itself which I did post above
and elsewhere and in email to Maddox Games. THAT is the POINT.

But go ahead, waste your time.

Skoshi Tiger
11-25-2007, 11:49 PM
As an alternative I wonder if it would be possible to create a program that sits in the background and looks at the packets of information being passed around during a multipayer game.

It could look at the values in the packets and compare them to a table of the standard aircraft and to determine if they are within the acceptable range.

It may not be able to tell if someone has a modded game but could tell if their plane has too much performance (Too much power avaliable, increased climb/roll rate) and could keep track of things like weapons fired, ammo expended etc.

The way I see it working is that it would just connect to the multiplayer game as a client, sit in the background and keep track of the data being passed around (or it could be part of the dedicated server - need Olegs help for that one). The host would have it on in the back ground and it would record/graph the info.

If anything out of the ordinary happened it could broadcast a message like "Player:XXXX P-51 using excessive xxxxxxxxxxxxx". It would not stop the Mods but at least everyone in the game would know if someone was using a modded version of the game.

I hope I am explaining this right?

Outlaw---
11-26-2007, 04:47 AM
Originally posted by M_Gunz:
You miss the point and answer pieces only. This I get for bothering to explain.
As long as you rely on the player to find the files being USED, anything you write is easy
to fool.

You are either not reading the entire concept or simply don't understand it.

I am not relying on the player to find the files, I'm requiring the player to specify WHICH executable will be run. Note that it's not his choice to run that one. The security app. will start that exe, not the user. If that exe is hacked to look elsewhere for the SFS files, it will not pass the CRC check.

If it's so easy to circumvent that, please explain it. Note that I hate for you to bother explaining but since you've already enlightened us so much...


Originally posted by M_Gunz:
Will you check the entire machine for all copies? CAN you in all cases?


The structure I have in mind will allow for this, but, it will take too much time IMO. Of course, if the admins feel that is necessary, then players would just have to submit to it. This alone would probably defeat most cheaters as they would just move on to servers that don't require the check.

I can do anything up to and including a rootkit to prevent hacks from finding the security app. I can disconnect all network drives, unmount all local drives (including USB, IDE, SATA, PP, etc.) except for the one the game is to be run from (this would obviously require that the game be installed on the root drive), prevent the user from minimizing the game to start anything else, and/or force the game to bail out if any on the above is circumvented. I can check for listeners to defeat network initiated cheats or add a hook to intercept and scan all network comms, along with a gazillion other things. Of course I'd rather not get to that point and I don't feel that it will be necessary.



Originally posted by M_Gunz:
From much thought, the answer must lie within the running game itself which I did post above
and elsewhere and in email to Maddox Games. THAT is the POINT.

But go ahead, waste your time.

Even THAT can and will be hacked so it's just a waste of time too is it not? SOW will be hacked, so why even bother to develop it?

As I said before, EVERYONE KNOWS THAT EVERYTHING CAN BE HACKED.

It's amazing how many people miss the point of an anti-cheat entirely.


--Outlaw.

hotspace
11-26-2007, 04:51 AM
M8, I think you'll find that all games at somepoint will be hacked:

PC.
XBOX.
PS2/3

etc....... http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif

Outlaw---
11-26-2007, 04:51 AM
Originally posted by Skoshi Tiger:
As an alternative I wonder if it would be possible to create a program that sits in the background and looks at the packets of information being passed around during a multipayer game.

It could look at the values in the packets and compare them to a table of the standard aircraft and to determine if they are within the acceptable range.

It may not be able to tell if someone has a modded game but could tell if their plane has too much performance (Too much power avaliable, increased climb/roll rate) and could keep track of things like weapons fired, ammo expended etc.

The way I see it working is that it would just connect to the multiplayer game as a client, sit in the background and keep track of the data being passed around (or it could be part of the dedicated server - need Olegs help for that one). The host would have it on in the back ground and it would record/graph the info.

If anything out of the ordinary happened it could broadcast a message like "Player:XXXX P-51 using excessive xxxxxxxxxxxxx". It would not stop the Mods but at least everyone in the game would know if someone was using a modded version of the game.

I hope I am explaining this right?

What you're talking about is performance checking and many games do this already. It's a function of the server software. It can't be run as a client connected to the server b/c clients only see their own traffic. The only traffic the checker would see would be it's own.

Building it into the game client exposes it to hacking.

--Outlaw.

rnzoli
11-26-2007, 05:01 AM
Originally posted by Skoshi Tiger:
As an alternative I wonder if it would be possible to create a program that sits in the background and looks at the packets of information being passed around during a multipayer game.
IL-2 multiplayer data traffic is entirely encrypted, impossible to evaluate by an externel program in the background.

M_Gunz
11-26-2007, 06:16 AM
Originally posted by Outlaw---:
You are either not reading the entire concept or simply don't understand it.

I am not relying on the player to find the files, I'm requiring the player to specify WHICH executable will be run. Note that it's not his choice to run that one. The security app. will start that exe, not the user.

That will probably hold at least until 4.09 comes out unless it gets hacked first which at
least is not something simple. My reply about this was to early posts in the thread.

Yes sure in time all may be hacked. It's no reason to never do anything.

Hope you are very good, maybe you will have something stable before 4.09 arrives.

LEBillfish
11-26-2007, 06:45 AM
Fact of the matter is, 4.09 has already been hacked if I understood Olegs comments correctly......In that he intends on doing nothing about changing its security from 4.08....So is not a matter of months, weeks, or days.....Yet minutes before the 4.08 hacks are applied.

jasonbirder
11-26-2007, 11:28 AM
Maybe someone can "Mod" the server software...to prevent the use of the sound mod http://forums.ubi.com/groupee_common/emoticons/icon_biggrin.gif

M_Gunz
11-26-2007, 04:04 PM
Originally posted by LEBillfish:
Fact of the matter is, 4.09 has already been hacked if I understood Olegs comments correctly......In that he intends on doing nothing about changing its security from 4.08....So is not a matter of months, weeks, or days.....Yet minutes before the 4.08 hacks are applied.

When your software that hasn't been released has already been hacked it is time to clean house.
If that is what Oleg meant, Olegish is very hard to read into if possible at all.

Perhaps what they could afford to do had been shown vulnerable so Outlaw or like will be the
only thing going short of the old squads solutions for serious events and the like.
There are enough honest players to keep such going at least until SOW.

M_Gunz
11-26-2007, 04:05 PM
Originally posted by jasonbirder:
Maybe someone can "Mod" the server software...to prevent the use of the sound mod http://forums.ubi.com/groupee_common/emoticons/icon_biggrin.gif

Once you can, once the way is known then that little bird tends to get around.

LEBillfish
11-27-2007, 08:33 AM
Originally posted by M_Gunz:
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by LEBillfish:
Fact of the matter is, 4.09 has already been hacked if I understood Olegs comments correctly......In that he intends on doing nothing about changing its security from 4.08....So is not a matter of months, weeks, or days.....Yet minutes before the 4.08 hacks are applied.

When your software that hasn't been released has already been hacked it is time to clean house.
If that is what Oleg meant, Olegish is very hard to read into if possible at all.. </div></BLOCKQUOTE>

Not sure you get what I meant.....Meaning, if he does nothing to add security to 4.09, it's a simple matter to apply current hacks to it...

Sadly yet as expected, it seems clear that the hackers are anxious to start chewing at 4.09 as well.........So you all can forget your illusions of "they might stay with 4.08"....They won't for the simple reason of not wanting to be excluded from non-hacker play yet hacked.

jasonbirder
11-27-2007, 08:59 AM
Or more likely...because they will want to use the Slovakia, Bessarabia and Desert maps...
Most Mod users are offline players and couldn't give two hoots about online play!

Bearcat99
11-27-2007, 09:39 AM
Originally posted by jasonbirder:
Or more likely...because they will want to use the Slovakia, Bessarabia and Desert maps...
Most Mod users are offline players and couldn't give two hoots about online play!

I disagree... I think that many more mod users fly online than are willing to admit. Not only that I have seen several posts on the AAA forum indicating that even if there is a "fix" in 4.09... it will be just another challenge.

Aggghhhh I told myself I wouldn't get involved inthese threads anymore.... http://forums.ubi.com/groupee_common/emoticons/icon_mad.gif

Zoom2136
11-27-2007, 09:41 AM
This utility would be great IMHO. But if poeple are really interested in a sound MOD, maybe a community approved sound MOD could be make and included in your approved checked files...

So this way you sort of "cut the grass" from under the feet of hackers... by giving to the majority who just want better sound want they want... and nothing else....

Just my 2c

LEXX_Luthor
11-27-2007, 09:45 AM
Sound is nothing(*). The neat stuff is in maps, increased visibility distance to more realistically simulate the air warfare environment (Smoke,Fire), airfield skinning, etc... The PF Team came out with some fantastic new airfield skins ... coral and volcanic are my favorite.

We don't really know that most Mack users are Offline players. Or I don't -- never looked into it. I'd think the number of Offline players has dropped over time since Oleg told us 95% of his customers played offline, and I can gurantee that Online players tend to keep up more with recent developments such as this.

--

(*) Footnote added later: But then I don't even have sound on my computer, I have a stereo for that DUH! Jamming the box helps me relax during the dogfight woof woof

LEBillfish
11-27-2007, 10:47 AM
Originally posted by Bearcat99:
I disagree... I think that many more mod users fly online than are willing to admit. Not only that I have seen several posts on the AAA forum indicating that even if there is a "fix" in 4.09... it will be just another challenge.

Aggghhhh I told myself I wouldn't get involved inthese threads anymore.... http://forums.ubi.com/groupee_common/emoticons/icon_mad.gif

+1......though naturally it must be because I'm a hater http://forums.ubi.com/images/smilies/59.gif

ElAurens
11-27-2007, 10:52 AM
One of the very virulent posters over there has even hinted at holding the online communtiy hostage by widely releasing the decompiler tool, if we at this forum don't kiss and make up and let them have their way.

I was shocked when I read that.

LEBillfish
11-27-2007, 10:58 AM
Originally posted by ElAurens:
One of the very virulent posters over there has even hinted at holding the online communtiy hostage by widely releasing the decompiler tool, if we at this forum don't kiss and make up and let them have their way.

I was shocked when I read that.


Well that would be a VERY serious threat except for the fact it has been....

ElAurens
11-27-2007, 11:02 AM
Well, I only mention it because it points out the character of many of those over there.

BOA_Allmenroder
11-27-2007, 12:47 PM
What's the "AAA" forum address? Would like to read some of the goings on.

DuxCorvan
11-27-2007, 02:13 PM
Originally posted by ElAurens:
One of the very virulent posters over there has even hinted at holding the online communtiy hostage by widely releasing the decompiler tool, if we at this forum don't kiss and make up and let them have their way.

I was shocked when I read that.

Shocked why? It will happen sooner or later. It's just a matter of time. Of a short time, IMHO. This is just downhill.

As if everyone of us wouldn't know. There's a lot of denial and self-delusion around this topic.

Pandora's box is open. Abandon all hope. http://forums.ubi.com/images/smilies/shady.gif

Enthor1
11-27-2007, 02:41 PM
ElAurens, how do you get from 1 virulent poster:

"One of the very virulent posters over there has even hinted at holding the online communtiy hostage by widely releasing the decompiler tool, if we at this forum don't kiss and make up and let them have their way.

I was shocked when I read that."


To the character of many?:

"Well, I only mention it because it points out the character of many of those over there"

Got a link to that particular post?
If linking to that site is still a capital offense here, at least copy the offending statement and paste it here just in case one might think you are simply stirring the pot.

Bearcat99
11-27-2007, 02:53 PM
Originally posted by BOA_Allmenroder:
What's the "AAA" forum address? Would like to read some of the goings on.

All Aircraft Arcade (http://allaircraftarcade.com/forum/index.php?sid=822607d452ca9d37eea709e5f13483d4)

BrewsterPilot
11-27-2007, 03:00 PM
Originally posted by Bearcat99:
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by BOA_Allmenroder:
What's the "AAA" forum address? Would like to read some of the goings on.

All Aircraft Arcade (http://allaircraftarcade.com/forum/index.php?sid=822607d452ca9d37eea709e5f13483d4) </div></BLOCKQUOTE>

I thought it was forbidden to post links to sites with illegal h4x's...? http://forums.ubi.com/groupee_common/emoticons/icon_biggrin.gif

slipBall
11-27-2007, 03:00 PM
Very active place http://forums.ubi.com/images/smilies/shady.gif

Urufu_Shinjiro
11-27-2007, 03:06 PM
Originally posted by ElAurens:
One of the very virulent posters over there has even hinted at holding the online communtiy hostage by widely releasing the decompiler tool, if we at this forum don't kiss and make up and let them have their way.

I was shocked when I read that.

I have not read this, and as a mod user I am shocked as well, can you point me to this post? If not willing to post a link in the thread could you pm me the link? Was he flamed for this statement or at least discuraged?