User panel stuff on forum
  125 posts on 5 pages  First page12345Last page
Client Talk
2007-09-18, 13:57
Member
188 posts

Registered:
Jan 2007
dakoth wrote:
I wouldn't say he doesn't care. He obviously does, or he wouldn't go through all the trouble of explaining WHY the fundamental idea behind the current security module is stupid.

I think it's too late. Either it's because I'm part of that evil FTE gang where we apparently a few years ago ran a smear campaign against Ezquake, despite me not having touched the FTE code until more than half a year after the supposed incident, or maybe it's because I'm somehow 'helping' a leage Molgrum is running which I until a few minutes ago didn't even know he was running, and I still don't know which one it is. Or well, insert your own silly conspiracy theory here.

dakoth wrote:
Here's my question though (and forgive me if it's a bit dumb, but I'm not a coder), shouldn't it be possible to place the security check server-side instead of client-side, and let a closed-source client-side module (sort of like the security module currently) verify itself and then send info from the client that is connected to the server (which the client-module and the server-module can ensure are one and the same) which allows the server-module to verify that the client is unmodified?

The thing is that you're being deceived by the 'closed-source' thing. Just because you don't easily have the source code does not mean you can't figure out how it works or even work around it without even knowing how it works.

What you described is pretty much how it works now, except that the server would be the other clients. The problem is not in the verifying the response from the obscurity module, which is the part you want to move to the server. The problem is that you're asking the client to reliably determine if it is cheating or not, which it's completely impossible as long as the player has access to the computer he is playing on.

dakoth wrote:
Or would it be possible to hack that client-side module as well, and then send whatever you want? Like I said, I'm not a coder

Oh yes, absolutely. That's pretty much what's going on right now.
2007-09-18, 14:09
Member
188 posts

Registered:
Jan 2007
Ake Vader wrote:
bigfoot wrote:
Renzo wrote:
I'm pretty sure something can be done to improve the situation.

Yes, but it requires that people don't get offended when you point out the obvious. As has been witnessed on this thread, there are plenty of people who are willing to defend their flawed 'religion'.

The thing is that you seem to want to make us all live like atheists rather than presenting an alternative religion that we can switch to.

Oh yes. Why go from one evil to another?

Ake Vader wrote:
While this would be perfectly fine with me IRL (), having absolutely no kind of cheat modules in QW, even if they aren't 100% safe, would feel like opening up the doors to hell and we'd have to fight Shub Niggurath and her minions all over again instead of living in pleasantville.

Well, what you have now is about 0% safe. You just THINK it works.

Here's a few possible attack vectors which would go 100% undetected by the obscurity module:
1) Proxy cheat
2) GL library modifications
3) Driver modifications
4) Kernel modifications
5) Input faking
6) Modifying executable on disk (The Ezquake 1754 obscurity module only verified 1.08% of the binary, the rest is free for you to modify)
7) Modifying the executable in memory (even easier, that's completely unchecked)
8) Insert more suggestions here

The thing is that the current obscurity module detects 0 (zero) cheats as it is right now. It doesn't even attempt to detect any cheats.

Ake Vader wrote:
On a more serious note: feel free to offer a valid replacement or at least plan on how to improve the situation if you want people's minds to change.

Whatever cheat prevention you want, it must be on the server. See what Molgrum wrote earlier, for example.
2007-09-18, 14:12
Member
1011 posts

Registered:
Feb 2006
bigfoot wrote:
please tell me how to disable mouse acceleration in MacOS X

http://lavacat.com/iMouseFix/
2007-09-18, 14:18
Member
1011 posts

Registered:
Feb 2006
bigfoot wrote:
The thing is that the current obscurity module detects 0 (zero) cheats as it is right now

clearly incorrect as it prevents a (fairly large) percentage of potential cheaters due to the simple fact that as of today there doesn't exist a link to a download package containing modified cheat client + hacked security module for win32, the majority of people playing have no interest in cheating and the aim is to establish a level playing field of client

as it has been said, the client side protection cannot be made uncrackable, but it can easily be improved to the point where the time and effort to crack it becomes less and less worthwhile, especially with new release happening as often as they do
2007-09-18, 14:26
Member
569 posts

Registered:
Feb 2006
Didnt read all of the things you guys said here.

However... a ezquake security dll as it looks today will not stop the serious cheaters today (as bigfoot) among others have pointed out 1000times. We all know it wont stop cheaters that really want to use wallhacks, aimbots or pass f_modified with hacked models. But what it does tho, is that it forces the average player (who is not cheating) to actually keep qw-folder clean from modified models, bugged clients and other stuff. Which will help legit players to compete on more equal terms.
2007-09-18, 14:32
Member
188 posts

Registered:
Jan 2007
oldman wrote:
bigfoot wrote:
please tell me how to disable mouse acceleration in MacOS X

http://lavacat.com/iMouseFix/

I think that's what I tried some time ago, and it kept forgetting the settings every time it started... Or rather, it remembered the setting in the GUI, it just didn't apply it.

While we're at it, do you know how to set the keyboard repeat rate to somewhere inbetween 'bloody insane' and 'I'm gonna fall asleep soon'?
2007-09-18, 14:39
Member
188 posts

Registered:
Jan 2007
oldman wrote:
bigfoot wrote:
The thing is that the current obscurity module detects 0 (zero) cheats as it is right now

clearly incorrect as it prevents a (fairly large) percentage of potential cheaters due to the simple fact that as of today there doesn't exist a link to a download package containing modified cheat client + hacked security module for win32, the majority of people playing have no interest in cheating and the aim is to establish a level playing field of client

OK, so you're agreeing that it doesn't prevent any cheats or what? If not, then please name a cheat it prevents.

Does it prevent or detect something like Enemy Detector for 3D Games?

oldman wrote:
as it has been said, the client side protection cannot be made uncrackable, but it can easily be improved to the point where the time and effort to crack it becomes less and less worthwhile

It can? I'd very much like to see that

The easiest attacks don't involve the obscurity module itself at all. I just attack it to prove that you can't win.

oldman wrote:
especially with new release happening as often as they do

You mean once every 2 years?
2007-09-18, 14:40
Member
188 posts

Registered:
Jan 2007
Willgurht wrote:
But what it does tho, is that it forces the average player (who is not cheating) to actually keep qw-folder clean from modified models, bugged clients and other stuff. Which will help legit players to compete on more equal terms.

But you can easily do that without the disadvantages of an obscurity module.
2007-09-18, 14:43
Member
1011 posts

Registered:
Feb 2006
are you using a proper mac or are you using one of the hacked intel versions on unsupported hardware? or some fruity external keyboard? i've never felt the need to change keyboard repeat rates from default

if the mouse fix gui doesn't work for you, grab the source and compile a small binary from the source http://www.knockknock.org.uk/mac/MouseFix_v1.2.tar.gz that disables the accel for you, then just set it to run on user login
2007-09-18, 14:51
Member
188 posts

Registered:
Jan 2007
oldman wrote:
are you using a proper mac or are you using one of the hacked intel versions on unsupported hardware? or some fruity external keyboard? i've never felt the need to change keyboard repeat rates from default

It's a proper Mac. A G4 Mac Mini running MacOS X 10.4.10 using a Logitech UltraX keyboard (but I don't see how the keyboard could affect the repeat rate needed )

The thing is that if I set the key repeat rate to the second highest value, it repeats about 5 times per second and if I set it to the highest, it repeats 25+ times per second. I need somewhere inbetween that.

oldman wrote:
if the mouse fix gui doesn't work for you, grab the source and compile a small binary from the source http://www.knockknock.org.uk/mac/MouseFix_v1.2.tar.gz that disables the accel for you, then just set it to run on user login

Thanks, I'll try that.
2007-09-18, 14:52
Member
569 posts

Registered:
Feb 2006
bigfoot wrote:
Willgurht wrote:
But what it does tho, is that it forces the average player (who is not cheating) to actually keep qw-folder clean from modified models, bugged clients and other stuff. Which will help legit players to compete on more equal terms.

But you can easily do that without the disadvantages of an obscurity module.

In what way would we do that today?
2007-09-18, 14:57
News Writer
2260 posts

Registered:
Jan 2006
bigfoot wrote:
BTW, when was the last time you actaully saw anyone type f_version? I know that the last 100 times I saw anyone do it, it was Cecco on Nobody's Alternative FFA, just to spam and annoy people. Then I remember seeing it once in a TF match a few years ago.

Its used frequently in european leagues!
2007-09-18, 15:25
Member
805 posts

Registered:
Mar 2006
Question to Bigfoot!

Can you join the mvdsv dev team and integrate a serverside security check for the last stable ezquake (1.8.2 in this case)?
https://tinyurl.com/qwbrasil - QuakeFiles
2007-09-18, 15:28
Member
715 posts

Registered:
May 2006
Willgurht wrote:
In what way would we do that today?

Wallhack can be prevented serverside.
Simple aimbots can be prevented serverside.
Forward rocketjumping can be prevented serverside.
And assuming that the average player knows nothing about programming, the client can do the model/sound modification check without any module.

This would be the best way that I can think of.
---Where can you see lions? Only in kenya! Come to kenya we've got lions.
2007-09-18, 16:22
Member
1011 posts

Registered:
Feb 2006
afaik the only key i ever hold down to repeat would be backspace or cursor keys, why do you need key repeating so much?
2007-09-18, 18:07
Member
950 posts

Registered:
Apr 2006
vegetous wrote:
Question to Bigfoot!

Can you join the mvdsv dev team and integrate a serverside security check for the last stable ezquake (1.8.2 in this case)?

I'm interested by the answer
You could be of great help to resolve a major issue it would seem.
2007-09-18, 19:02
Member
1435 posts

Registered:
Jan 2006
Comedy!
"Aimbot detected server side" - haha, Molgrum, like there are 100 quakeworld developers dying to start coding a detection algorithm for this!
"Yes, the whole idea behind it is completely flawed." - mixing facts and own opinions in your posts
"server-side security" - again, SO MANY HORNY DEVELOPERS ready to start coding it! Not commenting that like noone who talked about it in this thread knows what it means or how it would work, haha.
"Peer reviewed code" - haha, bigfoot, the greatest joke in this thread. Wake up from your dream...

A) "Proxy cheat", "GL library modifications", "Driver modifications", "Kernel modifications", "Modyfying the executable in memory"
B) remove one line from the code, usually some 'if (!Ruleset_Allows_This()) return;', read compiling_on_windows.txt, make your own new executable.
How many ppl can do (A) and how many can do (B)?

Bigfoot's acts are not defended by any valid arguments, as has been said already, he only destroys other people's work and intentions. He had enough time to present his own solution, which still wouldn't be a reason to destroy other people work.
Why is his qw.nu account still active? I expect admins of this forum and EQL admins to express their stances on this issue. Not because I'm ezQuake admin (security module is a third-party software), but because this situation is fucking ridiculous.
I'd like to ask forum moderator to move all posts related to third party software to a new thread.
2007-09-18, 20:45
Member
34 posts

Registered:
May 2007
damm it this new ez security dont work good, it would be a mess , it replay f_version crc on random ,sometime it is or not ,more sometime it replay nothing.More i have alias with command weapon|attack and teamplay macro in it ,and it is blocked but when i reload config from menu it is working!
2007-09-18, 21:16
Member
188 posts

Registered:
Jan 2007
Willgurht wrote:
bigfoot wrote:
Willgurht wrote:
But what it does tho, is that it forces the average player (who is not cheating) to actually keep qw-folder clean from modified models, bugged clients and other stuff. Which will help legit players to compete on more equal terms.

But you can easily do that without the disadvantages of an obscurity module.

In what way would we do that today?

Just do the same thing. You've already got the build date of the client inside Ezquake. This way you can check which version they're running. Then put the code which checks the models inside the client. Problem solved at least as well as it already is, but with none of the disadvantages.
2007-09-18, 21:18
Member
188 posts

Registered:
Jan 2007
sassa wrote:
bigfoot wrote:
BTW, when was the last time you actaully saw anyone type f_version? I know that the last 100 times I saw anyone do it, it was Cecco on Nobody's Alternative FFA, just to spam and annoy people. Then I remember seeing it once in a TF match a few years ago.

Its used frequently in european leagues!

Well, I must be spectating the wrong games then, because I can't remember last time I saw it used
2007-09-18, 21:20
Member
188 posts

Registered:
Jan 2007
vegetous wrote:
Question to Bigfoot!

Can you join the mvdsv dev team and integrate a serverside security check for the last stable ezquake (1.8.2 in this case)?

Short answer: No.

Long answer: It has nothing to do with the client, so it wouldn't depend on the client at all. Furthermore the MVDSV guys and I don't get along for various reasons, including disagreeing on development and release model and generally the MVDSV guys are the same as the Ezquake guys, and as you can see here, two of them think I should be banned from this very website. Furthermore, there's already a much, much better server than MVDSV out there. It's called FTE, and it already has some of this stuff.
2007-09-18, 21:21
Member
188 posts

Registered:
Jan 2007
oldman wrote:
afaik the only key i ever hold down to repeat would be backspace or cursor keys, why do you need key repeating so much?

Well, I think I mostly use the backspace key as well, but the problem is when I've got a lot of text to delete. 5 chars per second is just too slow, and 25+ per second is just too fast to be able to do it precisely
2007-09-18, 21:22
Member
188 posts

Registered:
Jan 2007
deurk wrote:
vegetous wrote:
Question to Bigfoot!

Can you join the mvdsv dev team and integrate a serverside security check for the last stable ezquake (1.8.2 in this case)?

I'm interested by the answer
You could be of great help to resolve a major issue it would seem.

Considering your post from earlier, which either you or someone else deleted, which from my memory told me something along the lines of "bugger off", why exactly would I want to work with you again?
2007-09-18, 21:30
Member
1011 posts

Registered:
Feb 2006
[ off topic ]: if a moderator has some free time, please can they split this thread into three separate threads, move all security discussion to this thread, and split all Mac related discussion (like that which follows) into a Miscellaneous thread.

bigfoot wrote:
I think I mostly use the backspace key as well, but the problem is when I've got a lot of text to delete. 5 chars per second is just too slow, and 25+ per second is just too fast to be able to do it precisely

Well you can get some vim/emacs/regex style movement in Cocoa input, Opt-Delete will delete to the word boundary for you (Opt+Arrow also jumps between words), Ctrl-K deletes from current position to the end of the line and so on

There is usually a better way to do something
2007-09-18, 21:30
Member
188 posts

Registered:
Jan 2007
JohnNy_cz wrote:
Comedy!
"Aimbot detected server side" - haha, Molgrum, like there are 100 quakeworld developers dying to start coding a detection algorithm for this!

As opposed to the single developer taking up the guaranteed 100% pointless task of writing client side 'security'?

JohnNy_cz wrote:
"Yes, the whole idea behind it is completely flawed." - mixing facts and own opinions in your posts

I explained this to you several times over. You didn't understand it. I provided proof of concept several times, and you still don't want to understand it. Just because you don't understand simple logic doesn't mean it ain't so.

JohnNy_cz wrote:
"server-side security" - again, SO MANY HORNY DEVELOPERS ready to start coding it! Not commenting that like noone who talked about it in this thread knows what it means or how it would work, haha.

Well, quite obviously noone from your 'camp' knows how it would work, but please, speak for yourself.

JohnNy_cz wrote:
"Peer reviewed code" - haha, bigfoot, the greatest joke in this thread. Wake up from your dream...

Ask anyone who knows just a tiny bit of security, and they will tell you that security through obscurity doesn't work. The only way you can have security is releasing your work for EVERYONE to look and poke and, and if noone can break it, you can reasonably consider it secure. How many successful encryption algorithms do you know which are not public?

Luckily for you, I did review the Ezquake obscurity module, and I've got an analysis in the pipeline. It should be an interesting read for anyone who does programming, and a really good reason why nobody should ever trust the Ezquake obscurity module.

JohnNy_cz wrote:
A) "Proxy cheat", "GL library modifications", "Driver modifications", "Kernel modifications", "Modyfying the executable in memory"
B) remove one line from the code, usually some 'if (!Ruleset_Allows_This()) return;', read compiling_on_windows.txt, make your own new executable.
How many ppl can do (A) and how many can do (B)?

Have you ever compiled a program on Windows? It's pretty damn difficult First of all you need the right version of Microsoft Visual (C++|Studio), then you need to manually get all the includes and libraries needed, then pray that they actually work. Then you need to pray that the project actually also compiles on your machine, which might not be the case. Luckily I haven't done too much development on Windows, 'cause I think I would go crazy after not too long.

OTOH, anybody can use Google to find anything from category A

JohnNy_cz wrote:
Bigfoot's acts are not defended by any valid arguments, as has been said already, he only destroys other people's work and intentions. He had enough time to present his own solution, which still wouldn't be a reason to destroy other people work.
Why is his qw.nu account still active? I expect admins of this forum and EQL admins to express their stances on this issue. Not because I'm ezQuake admin (security module is a third-party software), but because this situation is fucking ridiculous.
I'd like to ask forum moderator to move all posts related to third party software to a new thread.

Listen, pal, I'm not the one breaking the rules of this forum. You did. Disconnect did. Allow me to quote:

Quakeworld.nu forum rules wrote:
4) The discussion or distribution of illegally-obtained software (i.e. warez/appz/crackz etc) is not allowed on these forums.

Do I have to remind you once again that the Ezquake obscurity module contains GPL code and that no GPL notice nor source code is included with the obscurity module? This by definition makes the Ezquake obscurity module 'illegally-obtained software' and 'warez'.

Can we please ban Disconnect and JohnNy_cz for discussing and distribution warez?
2007-09-18, 21:31
Member
950 posts

Registered:
Apr 2006
bigfoot wrote:
Considering your post from earlier, which either you or someone else deleted, which from my memory told me something along the lines of "bugger off", why exactly would I want to work with you again?

Because you could prove you are not the one people describe in this thread... but you seem to make a point beeing the one NOT helping.

My old post was: If you guys hate ezq/mvdsv so much and the people developing them, why are you still trying to get attention here? Go to your nice little qw bubble. Seems fair considering your tone so far...
2007-09-18, 21:33
Member
188 posts

Registered:
Jan 2007
oldman wrote:
bigfoot wrote:
I think I mostly use the backspace key as well, but the problem is when I've got a lot of text to delete. 5 chars per second is just too slow, and 25+ per second is just too fast to be able to do it precisely

Well you can get some vim/emacs/regex style movement in Cocoa input, Opt-Delete will delete to the word boundary for you (Opt+Arrow also jumps between words), Ctrl-K deletes from current position to the end of the line and so on

There is usually a better way to do something

Well, I already developed quite precise backspace repeat timing, so usually I don't have any problems with this

But in case I had to do it the other way, I'd really prefer it to be configurable so I could either have it Unix-style (^W and friends) or Amiga-style (shift+backspace, alt+backspace and friends).

Oh well, suppose I can't have it all
2007-09-18, 21:37
Member
1011 posts

Registered:
Feb 2006
bigfoot wrote:
Do I have to remind you once again that the Ezquake obscurity module contains GPL code and that no GPL notice nor source code is included with the obscurity module? This by definition makes the Ezquake obscurity module 'illegally-obtained software' and 'warez'.

afaik if any code is used or linked against by the dll then it is probably LGPL or BSD licensed and does not require source release
2007-09-18, 21:39
Member
188 posts

Registered:
Jan 2007
deurk wrote:
bigfoot wrote:
Considering your post from earlier, which either you or someone else deleted, which from my memory told me something along the lines of "bugger off", why exactly would I want to work with you again?

Because you could prove you are not the one people describe in this thread... but you seem to make a point beeing the one NOT helping.

My old post was: If you guys hate ezq/mvdsv so much and the people developing them, why are you still trying to get attention here? Go to your nice little qw bubble. Seems fair considering your tone so far...

In what way am I not helping?

People posting in this thread can be divided into two groups: Those who say 'yeah, client side security can't really work' and those who insult me. The latter group by far outweighs the former group.

I can't really help people who can't discuss a problem but have to resort to insults and rallying for censorship. And that's the people you want me to help?

I've already helped by 1) Pointing out that the current 'solution' is placebo at best and discriminating against people at works, 2) There are better ways to do this. Today. You just choose not to do it.
2007-09-18, 21:41
Member
950 posts

Registered:
Apr 2006
bigfoot wrote:
Have you ever compiled a program on Windows? It's pretty damn difficult First of all you need the right version of Microsoft Visual (C++|Studio), then you need to manually get all the includes and libraries needed, then pray that they actually work. Then you need to pray that the project actually also compiles on your machine, which might not be the case. Luckily I haven't done too much development on Windows, 'cause I think I would go crazy after not too long.

Errr.... you quoted it yourself:

JohnNy_cz wrote:
A) "Proxy cheat", "GL library modifications", "Driver modifications", "Kernel modifications", "Modyfying the executable in memory"
B) remove one line from the code, usually some 'if (!Ruleset_Allows_This()) return;',read compiling_on_windows.txt, make your own new executable.
How many ppl can do (A) and how many can do (B)?

I did that without any knowledge of windows compilation and it worked... Hmmmm. Really tough.

bigfoot wrote:
OTOH, anybody can use Google to find anything from category A

Yet I find the read_how_to_do_it_in_steps for Win32 compilation way easier. Shitload of info on google for those things, not a single clue how to apply it to the code...
But whatever... I'm too noobie or ezquake friendly to be of any interest to you anyway
  125 posts on 5 pages  First page12345Last page