PDA

View Full Version : Combogib botters: Keik, Nexus, TerrorForce



Fader
03-19-2012, 08:30 PM
Was asked to post these up here for the people on the forums to review.

Demos:
http://froze.org/demos/botters.rar

Video clips (be sure to watch in full screen):

keik botting (my PoV):

http://www.youtube.com/watch?v=ZQwbGcoHDX4

Nexus botting (spec PoV):

http://www.youtube.com/watch?v=k1DjE6kKfnI

TerrorForce botting (spec PoV):

http://www.youtube.com/watch?v=cqwm6YXIIYI

Hopefully we can get some bans out on these fools;)

SAM
03-20-2012, 06:38 PM
Ok

These need to be in demo format please rather than uploaded to youtube or something. It enables us to view the person in questions view...

Honestly, I can't draw anything conclusive from this

|uK|Shiva
03-20-2012, 06:57 PM
yup// upload dem files .. also for real conclusive evidence we need demos from the person in question
If you think someone is botting, ask them to demo their games and upload demos. I see diogo has been playing some combo.

Fader
03-20-2012, 07:06 PM
Demos:
http://froze.org/demos/botters.rar


^ here

][X][~FLuKE~][X][
03-20-2012, 09:06 PM
1st and 3rd dont look like bots at all, a few lucky shots but thats about it, 2nd one is odd as he hits his own players as well as others......none of them are aimbots as there is no auto fire on targets.

worst they can be is triggerbots but from these vids....not conclusive at all.

Obs
03-20-2012, 11:41 PM
I have some pictures ...

I have seen keik playing, and I think he uses bot
also an image you can see the name of vx. poison ... I could not make a demo because it was the end of the match... and the next match keik enter to server (you can saw the time and day) and I saw that he sometimes played like bot.. i dont know if is the same person but i believe that he uses bot.
and nexus is 100% botter
299300301

Fader
03-21-2012, 12:35 AM
[X][~FLuKE~][X][_{HoF};25010']1st and 3rd dont look like bots at all, a few lucky shots but thats about it, 2nd one is odd as he hits his own players as well as others......none of them are aimbots as there is no auto fire on targets.

worst they can be is triggerbots but from these vids....not conclusive at all.

the thing is, if people are trying to hide it, this is about as conclusive as you can get. i'm well aware they can turn off the snap aim thats all so obvious.

keik has been accused of botting and replied in game that the reason why he was, was because the other player (accusing him) had been botting too. in this particular instance, i was speccing keik that match and he seemed to have actually set the bot to only target one player on the other team. he was literally sniping across the map (uber long range) and killing the same guy over and over while ignoring the entire rest of the enemy team. while not necessarily indicative of a bot, it definitely raises suspicions of 3rd party programs especially when hes getting monster kills doing this.

then you have this other thing with terrorforce where if you watch the demo, he's clearly holding down the "move forward" key [while not strafing left or right], and also dodging forward. i may be wrong, but i don't think its possible to do this normally as tapping forward while you're moving forward would slow you down... additionally, there are parts where he switches to the impact hammer and doesnt realize it, his bot firing over and over while it kills him because hes near a wall or aiming toward the ground. if he was really just a bad player then it doesn't make sense why he'd do this and then switch to sniper later on and have godlike aim.

not going to say anything about nexus since it's blatantly obvious if you watch the demo/vid

lastly, if they are triggerbotting i don't see why it would change anything about them needing to be banned... it's not fun at all to play against.

|uK|B|aZe//.
03-21-2012, 04:17 PM
just like to add if you download the videos and save them as avi's and play it back FRAME BY FRAME its as good as if not better then watching a first person demo of the person in question that you got from the person supposedly cheating.

that said all 3 of these are cheating the crosshair movement is identical to the bot im sure scar and shiva know about as i do

keik and terrorforce are the same person

nexus is someone else

forget about player movement its not as important as watching the crosshair behaviour and then factoring in the player movement to compensate for late shots, none of these shots have the player moving after or before the bot is about to shoot and the crosshair stops way past where the player is at that frame in time and where they will be going

SAM
03-21-2012, 04:32 PM
I haven't had time to watch them all. I just watched the ones he uploaded to youtube. If you're sure then I'll ban them all now.

Let me know

|uK|B|aZe//.
03-21-2012, 07:22 PM
100%

|uK|Shiva
03-21-2012, 07:38 PM
Thats conclusive enough for me.

SAM
03-21-2012, 07:54 PM
Incoming ban hammer

|uK|kenneth
03-21-2012, 09:40 PM
terrorForce is probaly using dodgebot.

nOs*Wildcard
03-22-2012, 12:52 AM
Question!

Is this server running ACE?
If so why is it not detecting cheaters?
Simple Question? right?
[shrugs]

SAM
03-22-2012, 03:05 AM
It does but v8h is over a year old and well there is a paid for bot which bypasses. Tgere is no free publically available bot though. We do have closed beta v9c however a few issues with it so we downgraded unfortunately

Feralidragon
03-22-2012, 06:31 AM
I think there's a huge misunderstanding relative ACE:
ACE does NOT catch 100% of the cheats, why do you think it's constantly updated?

ACE is like an AV, it tries to catch most of them (around 90 to 95%), but there are always the ones which aren't detected and therefore once found and understood the way they work, whichever AV has to be updated.

That's why admins and players may see aimbotters and all which are only caught recording demos and such, because Anthrax does ACE in his free time and provides it to everyone for free, the cheat-makers pretty much make a living out of it, as they actually license and sell them with profitable prices, which then these f*cking losers with enough money to spend buy them. So obviously these can bypass ACE, all Anthrax can do is lower the amount of cheaters, but never avoid them at 100%, that's impossible.

|uK|B|aZe//.
03-24-2012, 08:25 AM
well my question and answer to yours is why didnt epic games lock the engine for all their ut series, i know this would have stopped any mods being made etc and ut might not even be here today if that was the case..... so i guess that wasnt really a viable option

so why not for siege somehow only allow certain files to be used for the mod to work on the server and not let any external programs or influences deviate the gameplay of a person? would that be even possible? if everyone downloaded the same ut from say this site to play siege it would stop cheaters without a doubt because you would have to be running the same packages the mod runs and requires?

Feralidragon
03-25-2012, 08:40 AM
Blaze, it isn't that easy, far from that.

The engine IS closed, as all the dlls that come by default. The only thing which is open is the UScript side (as you may know, UT runs over 2 separate layers: top layer UScript, the part we can see and mod from, and the bottom layer C++, which is closed and I only know 1 guy who actually has it unlocked provided by Epic itself).

It was already built to check the packages (package mismatches? This is the way they have to secure the packages AND ensure binary compatibility), so that's not the problem either.
Plus, ACE sees this even further and all new packages are blacklisted by default, and the admins (or Anthrax in each new release) have to add trusted packages (and their MD5 hash I think) to this white list (for instance, remember the D3D10 kicking issues? D3D10 wasn't white listed, although it was legit).

The problems are as follows:
1 - The design of the engine itself: 12 years ago cheating wasn't that big of a problem specially since almost no one had a good internet connection nor knowledge how the engine worked.
Therefore the engine has some critical flaws that can be exploited and which were corrected in the following engine versions (2.x and 3.x).
One of those flaws is that you can code replication of functions from client to server in a mod and change variables in the server from the client.
This was fixed in UEngine 2, thus is not possible to make client to server direct replication afaik, therefore mods like ZP aren't even possible in UEngine 2 since it uses exactly this sort of replication, and that's why ZP is closed code.

2 - Another problem is that Epic released some C++ headers, to make possible for coders to develop new things not only at UScript level, but at C++ level as well (the actual engine code is still closed, they only released the headers to be able to compile C++ code for UT).
This means anyone with enough knowledge can run and develop something to start up with UT like a plugin easier (custom renderers for instance), but it can be easily misused and code your own renderer to render things your way (and this is why ACE kicks new ones by default).
Epic didn't release any for UEngine 2 for instance, and in UEngine 3 (UDK) they reintroduced the ability to include C++ files, but it's by far much more secure afaik.

3 - The engine runs as a VM (Virtual Machine), which means that UScript is byte code that runs in a virtual machine (the UEngine) which is written in C++ (this is why the engine has 2 layers of code), so it's like Java and it was made that way so UScript mods can run everywhere: Windows, Linux, Mac and whatever OS Epic designed a UEngine version for.
This means however that, once you know most of possible compile byte codes, you can reverse the process easily and obtain the source in a way called "decompilation". And Epic helped a certain group of folks relative most existent byte code, and they developed a tool which can easily decompile any mod.

This means that no UScript mod is safe, either it's obfuscated or not. For instance, I always heard how certain mods like ZP were closed and obfuscated to not be able to cheat... however I accessed the actual code in a matter of seconds when I felt some curiosity to check it, and believe me, it was very very easy.
You may take weeks to develop a protection through any way possible, but as long it's made on the top layer (UScript) AND and it's on the side of the client, anyone can bypass it in seconds, it's this serious.
No matter what kind of UScript protection you add, as long the client has to have a copy, anyone can extract it and see the code and even crack it in seconds, and I am not joking (for instance I needed one of uK maps recently to check something for Scar, so I got it from my cache, and you guys have a "protection", and I just needed roughly 5-10 seconds to bypass it and it was easy, again not joking, your protection may work with most).
Of course, I won't tell how I did it nor release the maps or decompiled mods, but there are people who can and already did as you may remember.

4 - In any software (no matter how secure it is), as long that "security" sits on the client it can be easily hacked. How? Quite simple and this is public knowledge: for it to run it has to be in your physical machine, it has to be loaded to memory because it's the way computers work, and basically with the right tools you can simply modify the values directly in memory and crack that security and even do some funny experiments.
Of course for this you have to know exactly where the things you want to change are stored, but with some experiments anyone gets there sooner or later.
This is what little apps like "trainers" do (basically 3rd party software that detects a game and enables cheats), and the aimbots, radars, and such are actually nothing more than these.
ACE was specifically developed to detect those, however it checks things on the client (such as external running processes, function calls and values in memory) and sends a reply to the server, so as you can understand, ACE relies heavily on what the client reports, and that's a critical security flaw by itself but Anthrax doesn't really have any other way around it.
All he can do is make it harder for cheaters to be able to bypass it, but in the end of the day this small detail is what makes bypassing ACE quite easy to other cheating veterans with deep knowledge on the engine like Anthrax has.

5 - Last, but no less important, it's been allowed more and more frequently in servers and around the community the following:
* Publication of decompiled important mods;
* Publication of online exploits;
* Hacking/cheating and forgive;
* Allowing the usage of certain glitches (which only motivates players to seek more glitches to exploit, and that's why I got a bit pissed off when I saw some members in this forum saying how using some was "ok", and the ironic thing is that those same members judge the cheaters, funny)

And the base of software security is this: "the security starts with people actions".


So as you can see, it's far from being an easy subject, and as long as you can interact with a system, you can hack it, it's that simple, specially in an old game which has "how to" documents and active brains all over the world.
UT is actually one of the most insecure game engines I know.

terminator
03-25-2012, 01:27 PM
As long as exploiting glitches is not called cheating, nor is banned, i guess everyone will use it.
i certainly will because i don't want to lose by handicaping myself and not making rocket bombs trough wall or Super Container in the floor, while enemy will keep exploiting that glitch. So as long as some of the admins don't set the rule that glitch exploiting is forbidden, everyone will use it. (I agree that it's lame though)

|uK|B|aZe//.
03-25-2012, 02:35 PM
okay that explains a lot thanks for pointing some of that out to me its pretty much a never ending cycle anticheaters vs cheaters.