Hey so I’m going out with a new plugin called Warden. It’s fully covered in this blog post here. However It’s really big, be warned. Feel free to leave your comments here, or on my blog website. Either or:
Warden The Plan
Table of contents
- Preliminaries
a. What brought this post to fruition?
b. What will this post entail?
c. Some Ideas. - The problems we face now
a. The Combat Problem.
b. The Disclosure Problem. - How Warden plans to fix these problems
a. The Combat Problem
b. The Disclosure Problem.
c. Unique Features.
Prelims
What brought this post to fruition? Well it’s quite simple. I’ve decided to work on a brand new AntiCheat plugin. It’s called warden, and you can check it out here (it’s open source). Because there are tons of problems with anticheats that have been brought to light if you simply take a look. Many clients have multiple bypasses for NCP, and many clients nowadays even bypass things like GCheat with little to no problems. For example Anticheat’s fly check could be bypassed by spamming bed packets, NCP has tons of bugs due to a messed up event system, and GCheat is still bypassed by knowing how to properly configure a PRNG. Also the fact comes that these AntiCheats are usually only fully understood by a couple people, and only a few subset of them write said plugins.
What will this post entail? Well many many things. This post will mostly entail problems I see with current anti-cheats, my plan to fix them, and then my plan to provide things I think are necessary to the Anti-Cheat world.
Some ideas? Yea. That’s right, ideas. Many many ideas. No I don’t want this post to be taken as a “OMG ALL ANTICHEATS SUCK BALLZ AND I MAKE A NEW ONE”. I think the anticheats right now are doing a decent job, I just don’t think they’ve been continued in the best light, or one of the thousands of other factors that could have contributed. Needless to say; I don’t think they’re bad, I think they’re going in the wrong direction. There is no innovation, and when there is a glimmer of innovation it is proprietary. I mean it’s not like someone isn’t going to realize their cheats aren’t working any more, and it’s not like java can be reversed to source. Even obfuscated it’s relatively easy to get a easily readable source code version of it. Seriously when you patch against something, give the patch to as many people as you can. Hell even AntiVirus companies do this (which is a much more profitable buisness). Key point? Kapersky (who brings in bank, and deserves too) released signatures, compile times, domains, IPs, and Yara Rules for the Equation Group. Arguably the biggest threat. However in the MC community a step in the right direction to patching kill aura (a serious, but not a super super serious problem) by GCheat (which still has holes, but they’ve taken steps none the less) is covered up, and propitiatory. Now I’m not complaining that they didn’t release it as honestly it’s not that good of an actual protection (probably not even the best in the community), but none the less. This is still a problem I believe though.
The Problems We Face Now
The Combat Problem. That’s right. There’s a combat problem. It’s impossible to patch. That’s right. Impossible to patch combat problems. Due to one (two?) words. False-Positives. To prove this let’s go over some simple math.
The Mass of the Earth is: 5.98 * 10^27 grams
Number of atoms on earth: 1.33 * 10^50
Number of atoms in the universe: 10^78 – 10^82
Next Lets put that in bytes:
2^K = 10^50
K = 50 log(10)/log(2)
K = 166.09 (bits)
K/8 = 20.76125
So with 21 bytes we can basically fit every single atom in the universe. However most memory sticks are 2GB, which a normal conversion (with calculator) would show 2GB being 2e+9 bytes. Meaning we can literally fit around 2e+9 universes within a single computer running with sub par stats at using 2GB of ram. The problem is there is literally tons of states, and the chance of getting two machines who work in the same way at the same time is virtually impossible. How does this tie in with combat? Well it’s simple you have thousands of states, and thousands of different connections with all different types of bandwidths. So the problem is you can’t try to stop good kill-auras. Instead what you have to do is completely remove any type of advantage that you can. You have to attempt to make it fair, not to make it to block.
The Disclosure Problem.
Now I touched on this a bit earlier. However that’s only one part of disclosure. That part was specifically about anticheat developers. How they don’t share anything. Which really turns into a Open Source vs. Closed Source debate. I don’t want to get into that right now. However there is another type of disclosure problem. That with what cheats are out there. Most developers don’t even know about exploits (such as XCarry, DoS bugs, etc.) It’s impossible to really to cover all of them.
How Warden plans to fix these bugs.
That’s right because what about these problems without solutions, or at least an attempt at solutions.
The Combat Problem
That’s right. The combat problem. If you remember earlier I said we don’t have to stop combat problems because we can’t. Instead we should try to make it fair. We can’t try to stop it because it’s simply impossible not to hit too many false positives through most techniques. However Warden attempts to relieve some of these stations.
Kill Aura:
Non-Randomized: These are extremely easy to detect. Simply detect hitting at the same time, every time.
Head-Snapping: Head-Snapping is an interesting problem. The best way I believe to track this problem, and collect anonymized data. Comes with correlation, and always tracking data. There really isn’t the best way to “solve” this in some cases. In some cases it’s really obvious, and we should log it as such. None the less it will not count as many points.
Randomized Kill-Aura: Here is the tough part. Randomized Kill Aura detection is extremely tough. Because a normal player clicks at a Random speed technically. So how do we fight this? Again logging, logging, and even more logging. We can store our data in a nice zopfli compression format. So that way we can store data for a long long time, ship it off to me (or possibly my team if that ever happens), and we can use things like R statistical analysis to determine good anticheats. We can also flag people we know are cheating, but we can’t ban (i.e. an OP, with the option ShouldBanOps disabled). We can log their data especially. This won’t be a perfect system, but it’ll help.
(Other combat hacks are relatively easy to block)
The Disclosure Problem.
Well technically there are two parts of the disclosure problem. First off the disclosure problem for Plugin Developers. Warden solves this by being completely open source, and modifiable. The code itself is under GPL 3.0. Which basic description means it can be used commercially, and such (just tracks of changes have to be kept), and have to be licensed under GPL 3.0. This will hopefully force other anti-cheat engines to become open source. Hopefully we’ll get some more open source plugins now.
What about disclosure due to bugs not being known? Well Warden is planning on solving this through multiple ways. First we will constantly scour websites for new videos/new bugs being discussed. In fact Warden already has some bots to scrape down information from several key sites. (HackForums, LeakForums, MPGH, etc.). The goal being to just get as much information as possible. The more information the better we can start to find bugs, and patch them. The author also has been the numerous finder of bugs (see this blog site haha). The goal is to find as many bugs as possible. The second part of this plan is to release a bug bounty program. That’s right we’re releasing a bug bounty program. However more details will be released later.
Unique Features. That’s right Warden has some of those too. One of those is the e-mail component. Warden will email daily/weekly/monthly reports of what exactly is going on. To any admin addresses you want. That’s right it nicely formats email to you, and your admins so you know whats happening! Tons of configuration! That’s right there is a configuration for basically everything. Next is the fact Warden has it’s own accounts. Accounts can be registered to anyone, and a new account can only be registered through console. Console commands are also the only way to promote/demote users. No changes to Op Files/etc will cause these values to change. That’s right. The ultimate security. Warden accounts are actually secure! (Not vulnerable to any of the attacks I mentioned in the post “A Simple Idea”). So enjoy it! Plus many more things on the way that are in store.
So let me know what you think! Enjoy! And I hope to be able to show you something fantastic soon!
