Post by Frozn on Jul 23, 2009 11:44:48 GMT -5
Hail from HOV and the Tyrants of Rune! It's about time I found the =iNi= forums, I will link to you guys on our site when I have some time. Unfortunately, there is a problem which is wasting the scarce time I have anymore to enjoy the game, and the reason I'm here. I'll try and be as concise as possible, but I have to give a little background info, and those who know me tend to complain about my epic posts. ;D
For the better part of a year, I've paid attention to the Euro side of RuneHOV's paranoia about cheaters, and would brag to them that the US side doesn't care about these things. We're just chill, and enjoy the game. That was until a stupid Euro named DiE passed this cheat to a member of JuNN, who used it to win vs me in a 1v1.
That didn't bother me, and in hindsight I'm still friends with the guy, but I saw the potential for the Euro climate to land on our shores and utterly ruin the game. And since then, it has done that and also ruined friendships between clans. I had originally forced DiE to give me a copy in an attempt to block it, and it has proven impossible.
Because of this, when we destroyed JuNN in a CW they claim we used it because I have a copy, just as our members are demanding proof that JuNN didn't use it because one of theirs had and used a copy. The drama-bitch-fest that ensued has all but made me want to uninstall. So now I must block this cheat to stop the madness on both sides so we can forget this ever happened.
So it is that I'm here asking for help as it is beyond my abilities. My original goal was to batchexport the bot's classes and look over them 1 by 1 until I found the source code for the bot. This has proven fruitless. The bot doesn't exist in the code, it is built at runtime from a tiny botinfo class which replaces the supertick function with its own. The rest of the code is well hidden, so much so that I haven't found it.
I once modified AntiTCC v2 anticheat to be stealthy and catch cheaters via entrapment. My recent idea was to find what vars/functions were created by the bot, and block the client if he attempted to use them. With no source code, this is impossible. The only other way I see to block it is to check the file size of the client's RMenu.u and RuneI.u (where the bot is located to bypass AntiTCC's on-join check) against the default sizes in bytes for 1.06, 1.07 or 1.08.
The problem with this bot is it was made by the maker of AntiTCC, Chakuza. Him and Zisu were working on a 1.09 update for RuneHOV, and Chakuza noticed a bug in the way Rune checked for mismatches. Apparently, if the headers and certain parts of the code matched, even if the byte size was different, the engine wouldn't declare a mismatch.
This allowed for bytehacking of Anti-Cheats via fudged local copies which allow the server's anticheat to exempt that client. When Zisu didn't agree to change direction for 1.09 to fix this problem, Chakuza got angry and wrote this all-in-one hack to highlight the problem, and is difficult to fix without fixing the underlying problem.
So this same absolute byte-size check might have to be run separately, if possible on the server end only, checking that the client isn't using a bytehacked copy of the anticheat which would check for the correct versions of RuneI and RMenu.
To be completely honest, I've tested this "super-hack" once and its aimbots (it contains 2) are all but garbage, but may be effective when properly configured. It contains a form of wallhack, which can be set to beep when a player is closing in, and also give a cheatview box of a player who has spawned close by.
It will not allow noobs to win vs pros by any means, and the rumor of the hack is much more dangerous than the bot is itself. This is why if you need a copy to study if its not possible to check byte size, I will provide it to deliverance, as your reputation assures me it wouldn't be misused.
Thanks in advance, and I await your response.
For the better part of a year, I've paid attention to the Euro side of RuneHOV's paranoia about cheaters, and would brag to them that the US side doesn't care about these things. We're just chill, and enjoy the game. That was until a stupid Euro named DiE passed this cheat to a member of JuNN, who used it to win vs me in a 1v1.
That didn't bother me, and in hindsight I'm still friends with the guy, but I saw the potential for the Euro climate to land on our shores and utterly ruin the game. And since then, it has done that and also ruined friendships between clans. I had originally forced DiE to give me a copy in an attempt to block it, and it has proven impossible.
Because of this, when we destroyed JuNN in a CW they claim we used it because I have a copy, just as our members are demanding proof that JuNN didn't use it because one of theirs had and used a copy. The drama-bitch-fest that ensued has all but made me want to uninstall. So now I must block this cheat to stop the madness on both sides so we can forget this ever happened.
So it is that I'm here asking for help as it is beyond my abilities. My original goal was to batchexport the bot's classes and look over them 1 by 1 until I found the source code for the bot. This has proven fruitless. The bot doesn't exist in the code, it is built at runtime from a tiny botinfo class which replaces the supertick function with its own. The rest of the code is well hidden, so much so that I haven't found it.
I once modified AntiTCC v2 anticheat to be stealthy and catch cheaters via entrapment. My recent idea was to find what vars/functions were created by the bot, and block the client if he attempted to use them. With no source code, this is impossible. The only other way I see to block it is to check the file size of the client's RMenu.u and RuneI.u (where the bot is located to bypass AntiTCC's on-join check) against the default sizes in bytes for 1.06, 1.07 or 1.08.
The problem with this bot is it was made by the maker of AntiTCC, Chakuza. Him and Zisu were working on a 1.09 update for RuneHOV, and Chakuza noticed a bug in the way Rune checked for mismatches. Apparently, if the headers and certain parts of the code matched, even if the byte size was different, the engine wouldn't declare a mismatch.
This allowed for bytehacking of Anti-Cheats via fudged local copies which allow the server's anticheat to exempt that client. When Zisu didn't agree to change direction for 1.09 to fix this problem, Chakuza got angry and wrote this all-in-one hack to highlight the problem, and is difficult to fix without fixing the underlying problem.
So this same absolute byte-size check might have to be run separately, if possible on the server end only, checking that the client isn't using a bytehacked copy of the anticheat which would check for the correct versions of RuneI and RMenu.
To be completely honest, I've tested this "super-hack" once and its aimbots (it contains 2) are all but garbage, but may be effective when properly configured. It contains a form of wallhack, which can be set to beep when a player is closing in, and also give a cheatview box of a player who has spawned close by.
It will not allow noobs to win vs pros by any means, and the rumor of the hack is much more dangerous than the bot is itself. This is why if you need a copy to study if its not possible to check byte size, I will provide it to deliverance, as your reputation assures me it wouldn't be misused.
Thanks in advance, and I await your response.