I might want to use a fog-remover. I hate it when things obstruct my vision.

Same as that flying paper. Totally pisses me off. :3

I might want to use a fog-remover. I hate it when things obstruct my vision.

Same as that flying paper. Totally pisses me off. :3

Then that has to be done server-side, otherwise you would have a "clear" advantage over the other players.

I might want to use a fog-remover. I hate it when things obstruct my vision.

but didn't even Q3 have 'fog'?

I wouldn't say. They have "fog of death" as a map hazard, but Q3 and QL have bright skins and a lot more helpful audio ques, etc.

UT3 has a lot more bullshit because of their advanced graphical capabilities, but in any case in both games you are free to configure your game without fearing the banhammer.

Even worse hax

http://www.mpgh.net/forum/594-call-duty ... esp-p.html

Even worse hax

http://www.mpgh.net/forum/594-call-duty ... esp-p.html

hooks at or around

pigi: oh thats cool, so you are working on aci now?

I just have some memory-changes-scanner that I can run which outputs all the differences..

 

meh, I'll attach it

scans iw5m.dat or something, dunno

check the source or w.e.

pigi: oh thats cool, so you are working on aci now?

I just have some memory-changes-scanner that I can run which outputs all the differences..

 

meh, I'll attach it

scans iw5m.dat or something, dunno

check the source or w.e.

Oh that's a nice tool now we can show it without bothering you nor NTA...

http://www.mpgh.net/forum/594-call-duty ... anner.html

 

randomizes guid... he says it might work for iw5m but I can't tell.

he says it might work for iw5m but I can't tell.

it seems more like he says it 'will' work seeing the topic title

Maybe we need something like "check_session.php" again. Something that will accept the return of the username and the guid, compare it to the database and only accept it if it matches, rather than login to get a guid and then the server accepting whatever that guid is.

That "hack" seems like a lame way of just "echoing" a random guid (like I did the first time that I ran T5 offline).

All this, assuming that the server now accepts any guid, and that the hack actually works.

well that stuff should also be giving an error due to NP ticket checks :/

Well, since they're trying to use that to evade dedicated server bans/anonymous play, I think the most effective way of dealing with it would be by adding a check on client connect.

The same way that the dedicated server checks it's own banlist, it could also send to compare the client name and GUID. If the GUID and username didn't match, then npserver would send a kick message to the dedicated server.

Well, since they're trying to use that to evade dedicated server bans/anonymous play, I think the most effective way of dealing with it would be by adding a check on client connect.

The same way that the dedicated server checks it's own banlist, it could also send to compare the client name and GUID. If the GUID and username didn't match, then npserver would send a kick message to the dedicated server.

such stuff (for ID, names are irrelevant to such due to truncation/sanitizing) should actually already be in; therefore using such hax should cause a 'steam connect failed'

well that stuff should also be giving an error due to NP ticket checks :/

 

well, it only works if you change xuid after "connecting.." dialog appears for few seconds, otherwise the game throws "Server connecting timed out".

but changing userinfo is impossible

Since we are talking about hax and such here, an idea came to my mind ( a little OT though):

why not pick up that old idea for an anti-aimbot JohnD had written?

why not pick up that old idea for an anti-aimbot JohnD had written?

there was some reasoning I had against it, afaik it was not effective enough due to aimbots nowadays a) delaying aim and not shooting 4 people in rapid succession, commonly.

why not pick up that old idea for an anti-aimbot JohnD had written?

there was some reasoning I had against it, afaik it was not effective enough due to aimbots nowadays a) delaying aim and not shooting 4 people in rapid succession, commonly.

hm, wut

recently downloaded a bot, went to arev to fuck them up a little. And the bot exactly did what you said :?

 

Measuring the aim time and the speed seems to be pretty effective (at least it does for me).

Also, to bypass such a detection, wouldnt be the delay that big that it simply would be stupid to use the aimbot?

Measuring the aim time and the speed seems to be pretty effective (at least it does for me).

 

What you should do is get viewangles from two usercmds and check for very high deviation, this method actually works in Source Engine games and it's pretty annoying when you have to compensate your aimbot for it, even more when you have no source code of the detection code, which isnt case of sourcemod plugins, so this might be interesting reading: http://pastebin.com/S0g6XH2n

Only the angle is measured? Nice.

Only the angle is measured? Nice.

 

yeah, high viewangle deviance is typical for rage aimbots, whatelse would you check?

Didnt think of measuring angle at first... However, the aim delay that aimbots have shouldnt be an issue.

I just got this PM:

Thought you should know...

Sent: Fri Nov 30, 2012 1:06
From: Slowz
To: Paulofonta 
Pardon my French but the cocksucker Kenshin just came into my server using your name, and I assume using your XUID. I wasn't in the server but I check my database every night because he comes in every night and I have to re-ban him...every night. I noticed your name and then I took a closer look at the ip, and it matched one of his numerous ip's. God I really am getting sick of him, and there seems to be nothing I can do except ignore him, which is practically impossible for me. I hope that isn't your ip as well.

With this image:

The username and guid are matching. So, the bypass doesn't just pick random values. Either it gets it from a forum link or he inputs it manually (from the forum link aswell)

The only solution seems to be something like the client creating a session ID (or something similar) on login and then the dedicated server retrieve that session ID for client validation.

On login, a session ID is created and stored both on the client and our server. And on game server connection, the client sends that session ID to the game server, and the game server retrieves that same session ID from our server. If it matches, the client can play.

Since the only way to create a session ID on our server is by having a valid username and password, it seems like a reliable way of doing it.

The username and guid are matching.

so much for NTAuthority's self-proclaimed un-bypassable ticketing system

what about asking kenshin?

Paulofonta: damn, stop with this nonsense about session ID, there is such system, but as you can see there is some kind of hole.

Does the dedicated server make any check on it? nope...

That's why they can connect to game servers without logging our server.

My point is not about creating a session id for the client, wich is probably made already. My point is to have the dedicated server checking it, to prevent people from connecting to the dedicated servers without logging on our server first.

I was asked to share (those should be kenshin's IPs)

http://www.forgottenus.net/~downloads/dumus.zip