[ANTIHACK] Developing SMAC Wrapper (no longer public) - Page 3

pubhero

I don't know what is the situation with the other games, but with the CSS game, the SMAC hold one's own. Catch 90% of the cheaters. And have new functions. I love that plugin.

Dragonskin

Quote:

Originally Posted by pubhero

I don't know what is the situation with the other games, but with the CSS game, the SMAC hold one's own. Catch 90% of the cheaters. And have new functions. I love that plugin.

not anymore buddy... now it only catches the old cheats, there is new cheats with no shaky screen and stuff

El Diablo War3Evo · *Last edited by El Diablo War3Evo; 03-14-2015 at 18:17.*

Quote:

Originally Posted by Dragonskin

not anymore buddy... now it only catches the old cheats, there is new cheats with no shaky screen and stuff

The newer cheats would require more than one session to detect, or a period of time to check. If your looking for better instant detections for smooth aimbots, you'll have no choice other than to record data overtime. Currently, hacking software developers know SMAC is session based and does not record data over time. Believe it or not, SMAC detections expire after 10 minutes for each detection! (Can you imagine how the new cheats currently work? If so, try my high senstivity mode from my alpha version, and you'll see more detections because players with new cheats probably use the 10 minute marker as a way to go undetected and also the 45 degree snap angle) The pro versions allow a 1 degree snap angles, and I've set it there and it does detect 1 degree angle versions. The only issue with 1 degree angle version is you can't use those based on one playing session. You'll need to save the player sessions over time to decide if their 1 degree variations are real paid/pro versions of cheats.

Smooth aimbot can be detected. It's just that the deviations for snaps is less than SMAC default.

If you want, you can just start using my alpha version right now and turn on high sensitivity mode. Then watch your database fill up with it counting aim bot detections. Instant session of high sensitivity mode is not recommended for bans, and only to use it to help you detect possible aimbot faster.

My Alpha version is in working state, but I plan so many changes to it, that I'm not pushing it right now.

One of the changes I plan to add something similar to this to the new database update:

SELECT
`antihack_aimbot`.`player_id`,
`antihack_aimbot`.`time`,
`antihack_aimbot`.`detection_number`,
`antihack_aimbot`.`deviation`,
`antihack_aimbot`.`weapon_name`,
`antihack_aimbot`.`aim_angle_change`,
`antihack_aimbot`.`highsensitivity`
FROM `antihack`.`antihack_aimbot`;

I also plan to add ip address tracking:

SELECT
`antihack_ip_addresses`.`player_id`,
`antihack_ip_addresses`.`ip_int`,
`antihack_ip_addresses`.`ip_ascii`,
`antihack_ip_addresses`.`hits`,
`antihack_ip_addresses`.`first_connect`,
`antihack_ip_addresses`.`last_connect`
FROM `antihack`.`antihack_ip_addresses`;

If you plan to use my alpha version for testing purposes, do take note it may not be compatible with a future update as I plan to change a lot of things.

Just my speculating, and it may or may not be true....

The reason why VAC ban takes so long before it bans a player is because players have to reach a certain "threshold" before STEAM VAC Bans a player on how many cheats they use before they get banned.

I wish to create a similar database function for Anti-Hack. So that it is 100% accurate based on database details. The reason I believe that SMAC gives false alerts is because all it has to go on is the current player session. I feel that banning players blindly is killing your player population unnecessarily and all based on one session.

The reason I believe SMAC doesn't detect all hacks, is because they raised the sensitivity to prevent false alerts which is only based on the current player session. If SMAC kept a record of the events and used that record to base its information on, then it would lessen the false reports.

VAC bans usually take about 1-3 weeks to ban a player for cheats. I'm quite sure, VAC bans could do it in short a time like SMAC, but STEAM doesn't want to loose people and so they have to be 110% sure before they VAC ban.

Those "undetected" pay for cheats, probably have figured out what the threshold that VAC bans have and go under it. Plus, STEAM uses client side detections for detecting hacks (which can be bypassed). I feel that this threshold must have some kind of timer limit on it before it is no longer counted and is why the "paid versions" usually don't get detected by VAC Bans.

Other notes...

Our Anti-Hack system will soon be able to allow you to change its variables (or you can allow our system to auto change based on your players).

I would like to create a "Optional" application that would interface with my server and report players you have caught using my anti-hack system. Also allow your server to download the latest list of caught players from other servers involved with the reporting. I plan to create a "open source java application" that will do the communications to our servers (probably require registration with our servers to prevent a hacking network from false reports). The main reason I don't want to just create a open source plugin for sourcemod that would do this is that War3Evo servers tend to use a huge number of plugins that tend to sometimes cause plugin-lag and our community would preferably off-load what we can to another engine. Java seems the best language to use because it will be compatible with all OS engines and I don't have to worry about compiling something for each server engine.

pubhero · *Last edited by pubhero; 02-07-2015 at 23:46.*

Quote:

Originally Posted by Dragonskin

not anymore buddy... now it only catches the old cheats, there is new cheats with no shaky screen and stuff

You try the 8.6.0 from the repo? I use that. ~15 - 20 cheater / day busted. It is also true that I use other plugins too for detect rage aimbots and free cheats, with autosay functions. Max. 2-3 cheater undetected / day.

El Diablo War3Evo
Don't forget the materials wh detection please. Too many idiot use that shit.

El Diablo War3Evo

Quote:

Originally Posted by pubhero

You try the 8.6.0 from the repo? I use that. ~15 - 20 cheater / day busted. It is also true that I use other plugins too for detect rage aimbots and free cheats, with autosay functions. Max. 2-3 cheater undetected / day.

El Diablo War3Evo
Don't forget the materials wh detection please. Too many idiot use that shit.

Weird, they never changed that version number. Ever since it was commited 14 months ago to a new repo, it has always been 8.6.0 even though they made some changes every few months. A total of 25 commits since it was moved.

This is what I found in their changelog for 8.6.0:

Spoiler

So, yeah, I'll continue to monitor their changes for updates to incorporate into Anti-Hack.

pubhero · *Last edited by pubhero; 02-08-2015 at 02:47.*

Ok. But what is your plans with the materials wh? You can detect that. You planning to do?
And what is your plans with free cheats, what use autosay? Some times the SMAC not detect these cheats on my server,
but a simple regexfilter yes. Or HS counting for the undetected aimbots?
In my opinion, a really good anti-cheat use these options too.

El Diablo War3Evo

Quote:

Originally Posted by pubhero

Ok. But what is your plans with the materials wh? You can detect that. You planning to do?
And what is your plans with free cheats, what use autosay? Some times the SMAC not detect these cheats on my server,
but a simple regexfilter yes. Or HS counting for the undetected aimbots?
In my opinion, a really good anti-cheat use these options too.

does SMAC's version of anti-wallhack work for you against materials wh ? I feel that your game is probably css or csgo?

as far a filtering autosay text, we have it where you can add filter words: https://github.com/War3Evo/Anti-Hack...ent_filter.cfg via that configuration file.

HS would create counts for possible undetected aimbots yes. HS was created to detect the undetectable over time. I have a friend who has the professional version of one of the newest "undetectable hack" if you turn the sensitivity to 1 degree snap angles, it can detect it.

pubhero

Game CSS.
Thanks for the autosay ideas. I know well, these cheats not working on the CSS game?
Never not see these autosay messages on my log files. I'll give you another one. Maybe this cheat CSS specific.
Here is the autosay output:

Code:

BH4x Public HvH

Dragonskin

Quote:

Originally Posted by El Diablo War3Evo

does SMAC's version of anti-wallhack work for you against materials wh ? I feel that your game is probably css or csgo?

as far a filtering autosay text, we have it where you can add filter words: https://github.com/War3Evo/Anti-Hack...ent_filter.cfg via that configuration file.

HS would create counts for possible undetected aimbots yes. HS was created to detect the undetectable over time. I have a friend who has the professional version of one of the newest "undetectable hack" if you turn the sensitivity to 1 degree snap angles, it can detect it.

It's all about the angle snap, i've turned down the angle detection on smac and suddenly aimbot were getting caught right and left. But I was getting alot of false positive.

El Diablo War3Evo · *Last edited by El Diablo War3Evo; 03-14-2015 at 18:17.*

Quote:

Originally Posted by Dragonskin

It's all about the angle snap, i've turned down the angle detection on smac and suddenly aimbot were getting caught right and left. But I was getting alot of false positive.

Do you know the if it was "actual" false positive by using a hacking software, or did players complain and tell you they wasn't hacking?

People whom use hacking software know exactly what to tell server owners to get out of being banned or targeted for the hacks they use. They get special information from the people whom sell the hacks on how to get out of being banned from community based servers and they have forums where they go and talk to each other.

I've had one guy tell me he was caught by "spinning his mouse" which is also known as spinhack, but what really caught him was a different detection method. In a sense he was using the excuse that a majority of people whom use hacking software use in order to "get out of jail card". It tends to work against server owners time and time again, because they don't trust their anti-hack or anti-cheat software, and they don't want to lose player base.

The topic I'm talking about on War3Evo community forums:
https://war3evo.info/forums/index.php/topic,3424.0.html

So, keep in mind. You might "think" they are false reports if your not confirming it with actual hacking software.

For those of you that don't know War3Evo, we "ban" players a different way. We do not "ban" them from our servers, we just make it really hard for them to benefit from using their hacks on our servers...which annoys them. It also shows people our system works, and makes people think twice before using any kind of hack on our system. Once caught in our system, it's like a ban. They can't get out of it, they can continue to play, but they'll be nerfed to hell. We believe that banning a player makes it too easy on them to have them know they've been caught. We want them to figure it out for themselves that they have been caught, and it makes things so much easier on our admin.

On a different topic...
I'm running a private version of Anti-Hack right now on our WarCraft server, and the alpha version of the new Anti-Hack on our jailbreak server. As soon as I incorporate all the new features into the new Anti-Hack, I'll be moving it to our WarCraft server. The older Anti-Hack, uses a modified version of SMAC and integerates itself into War3Source.

Question: Would your server be willing to share data collected from players that it has detected using hacking software to a central server that would share with all other servers using the same plugin?

Question 2: Do you know how to crash a client from the server? If so, could you please private message me your findings. I would like to add it to the library of crash code for Anti-Hack to use against people whom use hacking software. (Just disconnecting a client is being too "nice" to people whom use hacking software)