[httmann (old)]

Hi all, my suggestion is that, we can code this plugin or it can be in urt 4.2. For example, when you are playing a league match or other, our plugin will take screenshots randomly. For example it will take screenshots at 5:00, 5:49, 7:01... There will be 20 screenshots. And when the match is over, you have to upload this screenshots. So, if you use wallhack, radarhack or something, you can see it easily on screenshots. We take screenshots randomly, so our hacker is a bit helpless. F1, F2 or F3?

[fda| ObScUrE]

screenshots?
record a demo!
for 4.2 we will have anti-cheat

[httmann (old)]

1) you cant catch pro wallhackers with demos.

2) all of the anti-cheat systems are breakable. For example Valve Anti-Cheat...

[fda| ObScUrE]

1) but with screenshots?

2) yeah but it will help to reduce it

[httmann (old)]

1) if you use wallhack, demos cant record this, but screenshots can. you can see what is in the screen and you can make a decision easily.

2) it can reduce, but cant obstruct, obscure.

[|it| Seven of Nine]

It isn't a bad idea, with the random screenshots people wouldn't use wallhacks true, however it won't solve the problem of aimbots and autoshoot, these are easiest to detect but still difficult. Afaik most of our recent bans at UrbanZone League have been wallhack related.

This post has been edited by Seven of Nine: 31 October 2009 - 04:11 PM

[httmann (old)]

maybe players should to send to admins a zip file or .7z file(for less file size), include screeshots and demo. and we can catch aimbot and autoshoot too. dont forget it, .7z file, with screenshots and demo, has got less file size than only a dm_68 file.

It's a root solution.

This post has been edited by httmann: 31 October 2009 - 04:24 PM

[disabled [51] don]

Watching demos is a lot of work, not to mention boring as even good players aren't interesting to watch 90% of the time.

PB used to do this [the screenshots], and the conclusion was it didn't work against people who actually knew something about hacks. There are programs out there that can block the screenshots or even make it so the screenshot can't see the hacks. A third party program could easily be monitored by the hack as well, shutting off wallhacks and radars when the screenshot was about to be taken. What's to stop someone just deleting or retaking incriminating screenshots? It's not hard at all. Finally, anyone who isn't suspected (all the cheaters caught in this season of FTW were known cheaters from the beginning, it's just admins acted too slowly) of hacking, but in fact is, is probably just toggling their wallhack on and off. They don't use it every kill, and will make sure they die a few times when they should without a WH. They might have a wallhack on for 2 or 3 seconds a minute, which really reduces the risk of getting screenshotted.

Screenshots also lag you out when they're taken because the HD has to wake up and do a write. So you'd be dealing with people complaining they died because the screenshot happened in a fire fight.


To make something like this work, you'd need to be writing the screenshots to RAM, and then immediately uploading them to an admin-controlled server to prevent tampering. The screenshots would also need to be compressed to make it possible to quickly upload screenshots with very low speeds (maybe 5kb/s to avoid any network lag). That's 240 screenshots in a 5v5 with 1 sub each for a 20 minute map. 480 for both maps. Thousands of screenshots for all the matches in a week. Less time than demos, sure, but still a lot of work, especially when you'd have to carefully examine every one. You'd still have to deal with screenshot blockers and make the screenshot program's code well designed and protected so a hack can't just monitor it to find when it will take the next screenshot.

[httmann (old)]

don, on 31 October 2009 - 09:36 PM, said:

Screenshots also lag you out when they're taken because the HD has to wake up and do a write.

yes you're right don. Ok, so we have to wait 4.2

[_nSS (old)]

Growler GunCam, trial version on 2 FPS per second recording.

Ezpz.

[Well Cooked Nade Burgers (old)]

I vote f1 this would be JUST another thing the "hackers" would need to work around and make IT THAT much harder
if the admin gets a a corrupt screen(be it hack related or something else) shot he can just default to a demo

[GT- Rick]

There are better ways of detecting hacks that don't cause this much lag. Also screeenshots can be spoofed somewhat easily depending on how they're done. You really expect someone to sit there and look through thousands of screenshots just on the off-chance that one might be a hacker? Sure it could be one more level of protection, but you really want to add protection that lags your system everytime it takes a screenshot and uploads it? Just look at what FPS people get now on a 10 year old game. UrT players don't have the meanest of gaming rigs.

[disabled [51] don]

Even new computers have FPS problems in this game... It's just not an efficient engine.

The best way to stop cheats is to not allow any non-stock or unauthorized (popular clients like ikalizer could be approved for use) clients and do not allow any changes to the running process. If you can't inject a cheat, how can you use it? Not sure how you stop cheats that use a hook, but you could probably block access to Urban Terror by any third party programs. Detection relies on the AC knowing what to look for. It's easier to just stop the methods cheats use to interact with the game. It's not like there are legitimate reasons you'd need to inject code into a game process anyway. You can get good results with detection as long as there is no innovation. As long as idiots keep using crap they find on public cheat forums, it's easy to keep ahead. But what if someone thinks up some crazy cheat that doesn't wallhack, doesn't autoaim, but, say, displays both teams on the minimap, and keeps that hack private. I can't imagine there are too many ways to wallhack or aimbot, so it's reasonable to say you can just detect the methods they use, rather than the actual hack program. But if you don't know what to look for, or even if you should look, then how can you detect something? Am I wrong about how anticheat works? Wouldn't it just be better to completely lock down the UrT process so it can't be interfered with?

[Well Cooked Nade Burgers (old)]

don, on 07 November 2009 - 09:54 PM, said:

Even new computers have FPS problems in this game... It's just not an efficient engine.

The best way to stop cheats is to not allow any non-stock or unauthorized (popular clients like ikalizer could be approved for use) clients and do not allow any changes to the running process. If you can't inject a cheat, how can you use it? Not sure how you stop cheats that use a hook, but you could probably block access to Urban Terror by any third party programs. Detection relies on the AC knowing what to look for. It's easier to just stop the methods cheats use to interact with the game. It's not like there are legitimate reasons you'd need to inject code into a game process anyway. You can get good results with detection as long as there is no innovation. As long as idiots keep using crap they find on public cheat forums, it's easy to keep ahead. But what if someone thinks up some crazy cheat that doesn't wallhack, doesn't autoaim, but, say, displays both teams on the minimap, and keeps that hack private. I can't imagine there are too many ways to wallhack or aimbot, so it's reasonable to say you can just detect the methods they use, rather than the actual hack program. But if you don't know what to look for, or even if you should look, then how can you detect something? Am I wrong about how anticheat works? Wouldn't it just be better to completely lock down the UrT process so it can't be interfered with?

what your saying is impossible there is NO way to lock down urban terror completely even if you lockdown the process and mange to disable user mode hooking there tons of ways around this ( low lv input hooks and video driver hooks kernal hooks) all this would do is disable stuff like fraps and ATI tray tools overlay ect ect
edit
and unless your internet connection is sub 128k/s a jpeg or png compressed screen shot would not even be noticeable and even if it was it would't be any worse then say .. a 1/8s hichup you don't need to send a FULL screen capture in 100% native res the fastest and most hack-resistant way would be to dump the frame buffer directly

This post has been edited by Well Cooked Nade Burgers: 08 November 2009 - 06:55 AM

[disabled [51] don]

Exactly. You don't need FRAPS or ATI during a match. It's possible.