Warden Newsletter #3


# Warden Newsletter #3

##Welcome!
Join us again for another weekly newsletter! Also note we plan to be creating a thread like Soaked UP for you to subscribe too later this week so keep your eye out for that!

:closed_lock_with_key: Today’s Topics :closed_lock_with_key:

#1: Weekly Warden Check
#2: New Members
#3: Some Discussion
#4: Recruitment
#5: Questions

Weekly Warden Check

This week we’ll be going over the speed check. This week I’ve decided to go over the speed check because while it works, and catches about as many public clients as NCP (different ones, but more all the same). It is not actually finished. It still has a bit to go, and that’s why I’ve decided to share it. To hopefully get some polling from the community.

So the way the Warden Speed Check works right now is it grabs the location of the players last position, and the players current position. We then figure out the distance 3D inbetween the points which can be done as so:

xSqr = (secondPosX - firstPosX) * (secondPosX - firstPosX)
ySqr = (secondPosY - firstPosY) * (secondPosY - firstPosY)
zSqr = (secondPosZ - firstPosZ) * (secondPosZ - firstPosZ)
sqrt = Math.sqrt(xSqr + ySqr + zSqr)
distance = Math.abs(sqrt)

A pretty simple distance formula. But I digress. We then perform speed multipliers based on what the player was doing between the two positions. Note some of these (such as ice) are dependent on what player the block is on. We actually perform these checks at the intervals that would cause the speed to stay the same regardless of when they got on/off the blocks. Anyway the basic idea is this:

speedMultiplier = 1.0;
if (player is/was on ice) {
  speedMultiplier *= 1.4;
}
if (player is/was on web) {
  speedMultiplier *= 0.12;
}
if (player is not on ground) {
  speedMultiplier *= 1.5;
}
for (each poition effect) {
  if (speed potion) {
   speedMultiplier *= 1.0f + (0.2f * (levelOfSpeedPotion + 1));
  }
  if (slowness potion) {
    speedMultiplier *= 1.0f - (0.15f * (levelOfSlownessPotion + 1));
  }
}
if (player is/was blocking) {
  speedMultiplier *= 0.5;
}

Wooh. That’s a lot of math. Needless to say tons of testing went into those speed potions. Multiple days. Upon days. Upon Days. Upon Days. Upon days. For reference (took some original statistics around a couple days, than those modified stats took around 4/5 days). You can then multiply the players previous location with that to get a ‘MAX’ distance that they can move. The problem with this is, this would be the max distance if the player was running diagonal. For clients that are running straight they can actually cover a bit more of ground than is normal. I’ve personally been able to test, and get around a 1.4 speed boost off of it. So the question is. Do we want to start trying to grab directions of players, and calculate those offsets, or do we leave it with the little bit of speed being able to become accomplished. When we start messing around with directions it could potentially lead to more lag, and much more data needing to be kept, and more powerful servers to run it. However we could also be deadly precise. So the question to you is where should we go from here?


##New Members We'd like to welcome @Favorlock to the Warden crew as a developer. It was a long, and grueling process for him to fight it out. However we're very glad to have him on the team.

A bit about favorlock: He’s interested in getting involved with the sponge community anyway he can. He’s been programming for 4 years, leading a number of teams. He was a dev team lead at MCProHosting for 8 months, worked on SSundee’s TitanMC network, worked on AntVenom’s network, and is currently the sole developer for BodilGames. Needless to say we’re very happy to have him on the team.


##Some Discussion It has been brought to our attention that some developers of Sponge are now working on a "anti-cheat" module directly built into Sponge that can be configured. Now note the following opinions are mine (@LordLambda), and might not be reflective of the entire Warden team. However this new "anti-cheat" module I think brings up some serious discussion points, that I would like to discuss with everyone, and get feedback on. This is a love-hate thing for me. First what I love about it. It's a push for an open-source anti-cheat that can be understood by many people. This is fantastic. This is exactly what Warden is pushing for. Warden is definitely pushing for this all the way, it's the movement we want to see. However. It isn't happening in a good way. Which is what worries me personally. First let me start off with the fact saying I'm disappointed. Mainly because myself (and @FerusGrim ) both asked on the irc if Sponge was going to be implementing a built-in anticheat module. Two different developers specifically said no due to the fact it was "out-of-scope" (which I agree with fully, more on this later). Now we turn around, and theres plans to implement an anti-cheat module directly into Sponge (seemed to being lead by: @me4502). So that upsets me there's either 1) A dis-communication between the Sponge Development team, or 2) Me, and @FerusGrim we're lied too. Needless to say there are other things wrong with this proposal. Let's jump to two things specifically said regarding the form, and advertisements: "making Sponge hack-proof", "incorporate flawless anti-hack measures", and finally "directly into Sponge". Let's start from the last thing said, and work our way backwards.

"Directly into Sponge"
The first problem with this is it’s actually going against some principals of open-source. Instead of working with existing project maintainers, they’re actually choosing to go against, and create their own solution. There is a great section talking a bit about this open-source in this post by saurik here. One of the most important parts of open-source is being able to work together. To more or less say: “hey, I saw you had issues with this thing, can I help?, or hey, I think you can do this more optimally have you tried X?”. Here developers of Sponge are going against multiple implementations. Now you could say Warden is vulnerable of this as well. Which admittedly we sort of are. However we are far less violating this rule. Warden has completely different ideals, and has multiple things planned that NCP developers said they do not want to fix. So we tried working with them. However the Sponge devs who are doing this did not even attempt to work with the existing project maintainers (NCP, Warden, all of the other projects on Spigot). A powerful component of Open source is working together. By not working together we’re actually being detrimental to ourselves. The other problem here is the anti-cheat module will most likely cause problems with other plugins/forge-mods. While certain modifications are needed in order to stop exploits. The exploits the server should implement directly is denial of service, or problems that can mess up data on the Sponge side. The reason we have to use packets for our Bukkit/Spigot implementation is because the API’s actually do not give us a reliable ability to query data. We can specifically see this because NCP’s main problem is it’s event system. Data from events, being added at incorrect times, and so on, and so forth. NCP is directly using the Spigot data passed to it (not packet data). The server is directly a cause of why NCP is not performing as well. The problem here will be even bigger because sponge is meant to be compatible with mods, and lots of custom things. The API already has much more abilities to do custom things than Bukkit/Spigot. This could heavily trip up the anti-cheat module, and possibly other plugins (such as Warden/NCP!). By attempting to fix the problem at the sponge level, their actually worsening it for everyone else (including NCP!) I’m glad they want to do an anticheat however, they should work with existing project maintainers, or handle it in plugin space.

"incorporate flawless anti-hack measures" & "making Sponge hack-proof"
I simply direct you to my post on Warden The Plan. Specifically this quote:
"The Mass of the Earth is: 5.98 * 10^27 gramsNumber of atoms on earth: 1.33 * 10^50Number of atoms in the universe: 10^78 – 10^82

Next Lets put that in bytes:2^K = 10^50K = 50 log(10)/log(2)K = 166.09 (bits)K/8 = 20.76125

So with 21 bytes we can basically fit every single atom in the universe. However most memory sticks are 2GB, which a normal conversion (with calculator) would show 2GB being 2e+9 bytes. Meaning we can literally fit around 2e+9 universes within a single computer running with sub par stats at using 2GB of ram. The problem is there is literally tons of states, and the chance of getting two machines who work in the same way at the same time is virtually impossible. How does this tie in with combat? Well it’s simple you have thousands of states, and thousands of different connections with all different types of bandwidths. So the problem is you can’t try to stop good kill-auras. Instead what you have to do is completely remove any type of advantage that you can. You have to attempt to make it fair, not to make it to block." Again you can’t make MC hack proof. By trying, and advertising your lying, and creating false-advertising. This dissapoints me as one key goal of Warden is too create knowledge about anti-cheats. And the simple fact there is no such thing as a perfect anti-cheat, or an unhackable system. There is always someway to get to it. Microsoft, Valve, Sony, Nintendo, etc. People who get paid to work on anti-cheats days in, and days out still have cheating/hacking problems. You CANNOT create a perfect anti-cheat system. Instead you just have to try to get what you can, and adapt when new exploits come out. Which is what Warden is preaching, and what people need to realize.

Anyway that’s my rant about it. Please do let me know what you think of this. I’d love to hear your opinions on this, and get a serious discussion going.


Recruitment
That’s right back with recruitment again! Last week we only had one person apply for the web developer position! I know there are many great web folks here! We’d love for you to submit! If you don’t want to tell us why, and maybe we can fix that. As Warden is meant to benefit the community, and be a community driven effort.

Web Developer
However the core part of development is important, we also want to set up a base of operations for all things related to Warden. While we will still try to outreach to the communities as often as possible the goal is if you need something Warden, you can get it here. You should be experienced with both front-end, as well as back-end development.
Amount needed: 3
Apply Here: http://goo.gl/forms/ghg91TJQAJ
(If your the one person who applied last week, no need to re-apply).


Questions?

Do you have any questions for us? Feel free to write down below!

5 Likes

I’m not entirely sure how I feel about Sponge working on an anti-cheat solution. It’s great in some ways, not so great in others. I feel as though @LordLambda covered those points excellently enough.

What I don’t enjoy, though, is being misled. We were told that Sponge wasn’t working on this. Not because they didn’t have time - or because it was too difficult - but because it was, as @LordLambda said, “Out-Of-Scope”. It’s one thing to change your mind about priorities, but such a drastic shift from thinking that Sponge shouldn’t have anything to do with built-in anti-cheating, to deciding that it should? That doesn’t just happen over night.

Now, there are a few possibilities in this situation.

  • Sponge is open-source. @me4502 has the freedom to work on whatever he wants. Whether or not it would be implemented is entirely up to whoever decides PRs.
  • Sponge developers changed their mind on what is and isn’t out-of-scope. Possible, but not likely.
  • This is some elaborate, belated April Fool’s prank.
  • We were just lied to.

In a twitter post from @me4502 detailing that he’s doing research on how to make Sponge hack-proof. His google form goes on to explain that he’s looking for information on known hacks, and ways to bypass cheat plugins such as NCP.

Now, my first thought was that they were looking for ways to block malicious plugins from bypassing these checks, or from malicious plugins that could affect Sponge itself. This wouldn’t be something that @LordLambda and I could stop or prevent, so I was all for it. However, when @LordLambda spoke to @me4502 about it, it was shown that this was going to be a built-in method to stop all types of hacks/cheats.

Of course, this wouldn’t be something I’m not normally supportive of. As a matter a fact, before I started work on Warden with @LordLambda, I was asking what type of prevention would be done for Sponge, hoping that some solution could be come to.

My problem, rather, comes from being misled. Further more, as @LordLambda has already stated, we should have expected some form of collaboration. Because, not knowing what Sponge is going to do affects our ability to make sure Warden isn’t interfering with what’s already in place.

We, @LordLambda and I, did our part in making sure that we wouldn’t interfere with Sponge by asking them if this is something that would be implemented. And not two weeks later, it’s decided that they will, after emphatically telling us that, not only would they not, but it was ridiculous to think that they would, because it’s so out-of-scope.

I guess that’s all I have to say on this. I’m just kind of upset. Sorry for rambling.

6 Likes

I honestly wouldn’t see it as being lied to, rather that there was a change in plan that made it seem feasible as something to implement. Previous discussions somewhere on the forums noted that some people would’ve liked to seen an anti-cheat being implemented since its typically something most server owners would want, and of course for it to be optional in the case that something else like a plugin’s implementation of an anti cheat would be better. Though, I get what you feel, being misinformed isn’t a nice feeling; something they probably should’ve taken note of is to relay that new change to you guys instead of letting it be a surprise to you.

It does stand as something out of scope of the implementations, which is something they should be clarifying on. I think the only reason its being implemented now is because of the reason noted above; that its something very useful that most owners would like to have.

This is true. I wouldn’t be as dissapointed as I am if it wasn’t for their adamant. No. It was very clear something like this would never even come close. True it is more of a misleading, however it still is a problem that I felt I should comment on (and obviously @FerusGrim did too). It is extremely useful to server owners however I wish there would have been relaying with already existing project developers (as I mentioned in the open-source proposition). One major part is a community working together, and the fact that no effort was made, and caught us completely off guard is my beef with it. Also the fact that it could mess with readings from other Anti-Cheat plugins, and the total disregard just digs deep.

4 Likes

I wouldn’t expect them to force it; they know its only part of the implementation because its a commonly used and useful feature. They know that other plugins might want to try and take a better, more focused shot at implementing the anti-cheat, so I’d expect them to make it optional, probably putting it in config/sponge.conf/.

Or, at least, they should know.

Well even if they do. You still have to get the user to turn it off, and I know a lot of issues on the anticheat (before it’s discontinued) (that get cancelled), come up from people having problems due to them not reading the message saying “hey turn NCP off”, who don’t.

Personally, I think anti-cheat is extremely out of scope for Sponge. This is getting too far into the realms where spigot started having compatibility issues.

I see Sponge as an API and an API only. I see no reason for the team to sugar coat the server for any reason whatsoever. Frankly I don’t want hacky methods of attempting to stop cheating implemented into every single sponge server. What if I have a mod that interacts with it badly? Or a plugin? What then?

If I want anti-cheat, I am going to head over to NCP (Warden when it is released) and download the plugin. Then, amazingly, I will have a nice anti-cheat system designed by developers dedicated to preventing cheating.

Why this ever needs to be permanently implemented I don’t know because it is not something that everyone needs, it has a rather large potential to break things and it can be easily and better done by plugins. Anti-cheat is also something that is going to need to be updated quite frequently as new exploits come out. Is the sponge team prepared to make that commitment? I don’t think so. They need to focus on expanding and improving the API, not making an anti-cheat which a plugin (such as this one) could do much better and spend much more time on.

As @LordLambda pointed out, this is highly against the ideals of open source and I think that the decision to implement an anti-cheat system directly into sponge should be reconsidered. There is absolutely no reason to include it by default, if a server owner cannot take the time to go out onto a plugin repository and find an anti-cheat plugin that they like then perhaps they deserve to be hacked.

As for making it optional, that makes it even worse in my opinion, why include something in a server that many people will probably never use? Frankly I would rather use NCP or something else made by a dedicated dev team that will be up to date with the latest exploits, that I can update easily, than use something integrated into the server which will not update often given that I would be running a stable release and even if I was running a bleeding edge build it is going to be annoying as hell to update my server frequently verses updating a plugin.

5 Likes

Actually it was I who originally pointed out going against open source :wink: but thats just me playing devils advocate. Anyway glad to see that I’m not alone in this concern.

Lol whoops. Sorry about that. Fixed it.

Feel free to ignore any suggestion here, but reading your post made me think about this multiplier problem.

What about a halfway house? I would expect you are only really interested in the x-z plane when doing speed calculations, so the triangle reduces to two dimensions. You are then only interested in the deviation from either x or z - more specifically, the larger of the two. You would then alter the speed based on the cosine of the angle between the direction of travel and the larger of the x component or the z component. You could then apply this to the speed multiplier (psuedocode-ish):

speedMultiplier *= 1/sqrt(2) * (sqrt(xSqr*zSqr)/max((secondPosX - firstPosX), (secondPosZ - firstPosZ)))

(see 1/Sqrt[2] * (Sqrt[x^2 y^2]/Max[x, y]) where 0<=x<1 and 0<=y<1 - Wolfram|Alpha - swap in z for y)

This will give you a multiplier between 1/root(2) (x = 0 or z = 0) and 1 (x = z). I can’t imagine this to be too expensive to work out - especially if you have the constant parts pre-calculated.

A trick I used when writing complex simulations in Physics was the use of a lookup table. Rather than do loads of calculations on the fly, you could just get an approximate multiplier from the table - which would probably be a map in your case. You could pre-calculate a range of multipliers by generating a table using x/z or z/x at startup (x < z, 0 <= x/z <= 1) (when x/z = tan(theta) = 0, the multiplier is 1/root(2), when x/z = tan(theta) = 1, the multiplier = 1, etc.) You could then simply pick the nearest multiplier at runtime based on Min(x, z)/Max(x, z)

That might let you get a better speed check with less of a speed sacrifice. A quick, no IDE example (so may not be completely working, but will hopefully give you the idea) gist can be found at lookup.java · GitHub

Hope my ramblings help, anyway.

As stated by the OP, team members are free to work on whatever they please (but typically are assigned tasks by me and sometimes blood). @Me4502 was never assigned an anti-cheat module task by either of us. At this point, its merely a project he is working on (as he is free too) and only would matter if it ever comes up as a PR to Sponge.

At that point, a decision would be made to approve or deny it.

4 Likes

This is actually a pretty good idea. I just went for 3D distance, merging the X/Z axises could provide a nice way. I’ll take a look at some of the stuff you mentioned. Thanks for your ideas. I’ll mess around with it.


Thanks for your insight Zidane this helps. Actually makes me less dissapointed. Thank you for helping clear this up.

We are aiming at completly different things
I am trying to just patch cheats which can be completely transparently stopped, I am not trying to create a massive anti cheat system.
An Anti Cheat plugin is more powerful, more customizable, and has loggingstrong text

2 Likes

Glad to be a part of the team. Look forward to working with you guys. :smiley:

1 Like

Hey, your application link does not work for me, it gives a 404 “not found” error.

However, I am extremely busy right now, but when it gets better, I will see if you still need people :smile:

There we go fixed. Thanks for finding that.

2 Likes

Fly check does not take into account wether or not the player is in creative mode, and shouldn’t you check for illegal stack sizes / items in inventories?

Fly check will account for creative mode in the shouldCheckPlayer method (however the shouldCheckPlayer method right now is merely a placeholder (as sadly a lot of things are right now. Waiting on @FerusGrim on that one :wink: )). Also Minecraft will actually remove negative stack sizes. The only way those have been able to happen are through exploits on the server software, or a hole in MC. Even the hole I posted has been patched of 1.8.3. While we will add in checks for these exploits. They are a much lower priority as we still have many other things we believe are vital.

Also, does kill aura spam sword swing packets? Might do some wireshark investigation if I can get my hands on a safe (virus free) client that supports it.

KillAura’s nowadays are very well done (and no need for wireshark investigation, I’ve already been doing some logging. Once I clean up the source I’ll release it. (Right now it’s written in a Python/R mix.)). Though if you want to contribute data that’d be cool we’d love to have it. Most usually aim before sending the move packet, and then attack after the move packet. I.e.
(pseudo-code):

public void onEvent(PreMotionUpdate event) {
 Entity toAimAt = aimAtPlayer();
}

public void onEvent(PostMotionUpdate event) {
  Minecraft.getMinecraft().getNetManager().addToSendQueue(attackPacket(toAimAt));
}

Mostly Warden is going to be doing the following things:

  • Checking for massive head snaps (i.e. above 180 deg)
  • Checking for excessive head snaps to player (i.e. always snapping to a player when in range)
  • Checking for movements on X axis with no Y axis gain, or movements on the Y axis with no X axis gain (because a player cannot move to the left without moving up a little bit, I’ve been reading tons of “how mice work”, and looking at their hardware, and such)
  • Checking for always hitting with the same delay (within 1~3 milliseconds for lag)
  • Attempting to find patterns in already existing clients, (statistical data all calculated through R, and python to find patterns. (I have a whole boatload of clients to test with)).