well, the haxor debate has been started in earnest once again.

Lets meet it at the pass, eh Spartans!?

The first idea that came to mind to at least throw an obstacle in the way of them is a self check in the server code that verfies the file size of the .exe files to ensure that they are no larger than the original version release files. It wouldn't need to be a big deal, but this way the official servers could be free of clients that have added an aimbot.

I thought that perhaps the source already did this but I don't guess it is really working, I got word that the aimbot file is larger than the orginal file, which would seem to make sense.


am I dreaming on this one? I seem to remember that all this has been talked about and every time gavin says that there is no way to stop them from altering the code.

sadly, you'r right.. Being an open-source system, any goof can do it.

the hacked exe is almost the same file-size as any other. But for those
of us that dev and compile from source, there's still going to be minute
discrepancies. And for those using other os's, it will also differ.

Client-side alterations are undetectable by the servers, since all it does
is send shot data and recieve the results.

About the only way to detect is to see the action first-hand. A players
shots that seem to always be on-target.. and players that insist on MCB
constantly. I've never seen the fun in baby's games.

I see this was posted as I posted something like it.... I moved my topic to the global private forum: http://scorched3d.co.uk/phpBB2/viewtopic.php?t=4891
I fifured it is better discussed with all devs and admins.

Yeah it's a difficult one, you just could change the code in the client that sends the size to always send the correct size regardless.

Even commercial compiled games have this problem, I guess the only real way of doing it is to watch play patterns. e.g. a guy with crap tactics have an excelent shot etc...

This also brings up the whole debate of creating an account to play online with to enable better banning etc...

I think it's a decent idea. I don't think people would mind creating an account.

I was just thinking about something: Might it be a good idea to log some info from the client when it connects?

Consider that if we were currently logging the md5 sum and filesize of the client program, we would be able to find who has used the (distributed) hacked exe.

i'd add the hash chech, it doesn't require too much effords to code it and maybe it will work for some time, i say that since it seems that the cheat coders didn't notice about the SUI, so banning the cheaters might still be quite effective...

And I was thinking that if we had this when this one popped up, we could possibly have it "instaban" when someone connects with the known hack, and looking at the history of the sums, we might even be able to ascertain who used it first.

Been looking at adding it... just waiting for the coffee to kick in and maybe I will get there.

Another idea is to sample the players list of option settings similar to
saving the options to the display.xml,but then they could be sent to the
server too.

Servers may or may not have to store these settings, but running a
compare to the base list would cause an error if there was something
un-recognized.
This current hack uses an option not in the normal set called Trajectorypreview on/off
If the list of options sent to the servers contained any that weren't in the
original lists, we'd have an altered exe.

Sweet ideas.

Yes, but all of these can be got around by editing the source code again.

What I am worried of is starting some kind of arms race between the hackers and the fixers. I don't want it to become some kind of challenge/puzzle for them.

I can still only come up with two ideas:-

1) Make people register to play online, so banning is more effective. Some servers could even charge for access (or require credentials etc) then if needed.

2) Have some form of 3rd party compiled exe that is shipped with the game that checks it is ok. (like punkbuster).

I have thought of others, like being able to request a screenshot from the client etc... but they can be got around once found out.

If 1) I dont think most of the regular players would mind.

If 2) How much would something like punkbuster cost?

At the moment, ForumLogin method is broken. But if it were repaired, it
would be an ok way to set the second main server. Requiring the forums
name and pass to enter the server. However.. these players cheating
won't be hindered untill they're actually identified.

As for Punk-buster, it's going to enable the same kind of checking
I mentioned above.. the exe's check-sum, version, and the options
the player has chosen.
If program size / check-sum is used, players using other os's will be
blocked from ever playing scorched again, as well as any dev's that
manually build from the true source.

If the next update were released without the mention of the option-
checking, the current hack would be obsolete, and any new hacks
made will be discovered on thier first use. The top-players discovered
using it will be found-out, shamed, and banned.

Setting such server-side option checking to be un-used unless chosen,
similar to sync-checking, will at least possibly surprise the hack-makers
a little.. since thier local testing will not display any alerts.

This is the part I was hoping someone would say there is a workaround for, but so far no one has said there is one. Seems like it would be more detrimental to the game and community to do this than to deal with hackers 1 at a time detective style.

*sigh*