Topic: NHK Warning
Posted: 2011/03/14 08:40
This is a warning aimed at the whole UT2004 community:
For those of you who did not hear of NHK yet:
* An anti-cheat software/mutator called NudeHaxKiller (shortform: NHK) has been discovered recently.
* The Clanbase uses this software since min. two years and neither has it been mentioned in the rules nor anywhere else! It was approved by the Clanbase-ACT.
* NHK is also in use on [ST2] servers - also since min. two years!
__________________
Here are some information about NHK
What is NHK?
* NHK is made by the clan [ST2] (Sanctuary*Tigers)
* As previously mentioned it's an anti-cheat software/mutator
What does NHK do?
* It scans your whole HDD, your USB devices and your network! Everything that is suspicious for this software will be noted in a log and will be sent to NHK admins.
* NHK creates a list that contains all your Windows usernames on the server.
* Unknown keybinds in the User.ini will be added to the log on the server.
* NHK does not only search for UT2004 cheats but also for other cheats like CoD4 cheats.
* NHK searches for the UT3 directory. However, it is 100% not clear why it does this. It might be that it searches for unknown and suspicious files there too.
* Even spectators will be scanned when they join the server!
What can NHK admins do?
* NHK admins are determined via a configurable GUID list. There are no admin logins with a password, the admins have always full rights and no player can check this.
* NHK admins can use console commands on any client. This way they can "manipulate" the game of any player. The player might have problems to join Anti-TCC servers after such an "attack".
How can I identify a server that runs NHK?
* NHK is not listed as a mutator
* NHK does not ask you before it starts to scan your PC.
* You cannot see that NHK scans you in the console (unlike Anti TCC).
* A scan can be about 30 seconds up to 2 minutes long. While it scans your PC you will encounter very strong lags. You can't compare those to the lags that Anti TCC causes while scanning.
__________________
The following call is aimed at the whole UT2004 community:
I ask you to not join the [ST2] servers or play at the Clanbase as long as NHK is still in use!
If you recognize any of the characteristics of NHK mentioned in the list above and if the server doesn't run Anti-TCC, you should disconnect. It is for your own safety.
And do not forget to spread the word! Put a link to this article on other UT2004 forums and warn the people of NHK!
__________________
An example of what NHK can do is the following situation:
Donzi, an admin at UTzone, serves the community since 2003. He adds cheats to the Anti TCC blacklist and exchanges the updated list with other admins.
One day he got a mail by {FA2K}-dm. It had an attachment with a cheat that was at first quite unknown and Donzi should add it to the blacklist.
After he added the cheat to the blacklist he forgot to remove the files from his network HDD.
Some time later he had a conversation with [ST2]DavVador (an admin) about NHK.
This is the conversation:
Quote:
[22:27] ([ST2]DavVador) any mounted partition on the computer
[22:32] ([ST2]DavVador) so people dont have any informations while being scanned
[22:32] ([ST2]DavVador) except their computer is lagging like hell
[22:34] ([ST2]DavVador) as i said to death, i would really appreciate if it stays as secret as possible
[22:40] (Donzi|UTzone) without an agree we cant scan the complete hdd, agaionst the law
[22:40] ([ST2]DavVador) yeah i know
[22:41] ([ST2]DavVador) if you wanna experience the lag and see the kind of motd we use
[22:43] (Donzi|UTzone) ok,but, i test some hax, because to write them into my blacklist. so, i hope it doenst find anything ^^
[22:44] ([ST2]DavVador) we'll see ^^
Donzi joined the server. It was not a real match, just a demonstration of NHK.
Not a single shot has been fired and no other player was on the server (except for [ST2]DavVador of course). The reason for the connection was the functionality and the spreading of the mutator.
The mutator found the *.dll and *.exe files, created a log and sent it to the Clanbase - without Donzi's knowledge!
After this conversation between the two admins the Clanbase banned Donzi for using cheats although this has not been an official match or a match at all. As a reason it has been said that he His ban is not justified.
Special thanks to the following people:
* Donzi - Thank you for being our guinea pig. I feel sorry for you but thanks to you we all know about NHK and how to identify it.
* Wormbo - Also a big thank you to you for taking a look at this mutator and for providing all the useful information about its functionality and the possibilities the admins have.
__________________
One last thing:
Using a game as a backdoor to access someone's PC - does not matter for what reason - is a violation of privacy, thus it is illegal!
source: http://www.unrealnorth.com/forum.php?ac ... c&id=73345
and this
http://forums.epicgames.com/showthread.php?p=28011820
http://www.utzone.de/forum/showpost.php ... stcount=20
This is a warning aimed at the whole UT2004 community
-
menace
- Posts: 1435
- https://www.facebook.com/warszawa.kuchnie.na.wymiar/
- Joined: Sun Nov 22, 2009 11:22 pm
Seems i need to clarify a few things as i read more and more false things everywhere (including CB, unrealnorth, utzone and this forums).
First about the "illegal part" people are complaining about :
When you join a server running this anticheat you had a motd giving a link to rules and telling if you dont agree with it you should leave. Then you had about 15s to leave ut and check them if you want. Isnt it enough for pressing escape and quit ? I guess most people playing an FPS can do that within 15s.
Now the server displays ingame directly the rules and still gives you more than 15s to quit before starting.
Rules are those ones, on my servers at least :
By joining any of our private or public servers you implicitly accept and allow any of our mutators to run,
being any kind of modification of the game, including any anticheat system which needs to scan your computer
or take some screenshots and may log your IP, GUID, names, game informations and any suspicious files or activity.
So by joining the servers and staying there you definitely allow us to scan your computer and i dont see what's illegal if you agree with this.
If you wanna talk about illegal scans, then i highly invite you to complain about any server running antitcc without agreement text, because it will also scan your private datas located in UT or the prefetch folder.
2nd point, it isnt related to CB at all, that's why it doesnt appear in any rules, but CB validated this anticheat system, so bans can be submitted with logs made by the system.
3rd point, your private data wont run away in the nature...
Only suspicious files maybe logged and they wont be sent automatically to any Admin neither to CB. It just creates a log on the server running it, like antitcc does.
It doesnt read your files (no i'm not interested in what you do in your life, neither interested into getting your bank number or anything), it doesnt send them to some odd mysterious place, it just logs the name of suspicious things it finds.
4th no ban will be issued automatically.
It wont ban you because you have a file call mycheat.exe or any cheat name inside.
As i said before, it will only log those files as suspicious, then admins of the server will decide what to do about this concerning a local ban and then if submited to CB, CB ACT may decide about a CB ban aswell or not.
About Donzi, the logs havent been send automatically to any CB admin it was my own fault, i'm sorry about that and i've been discussing it with him. But again i read false informations, Donzi isnt banned from CB atm and i'm not sure this will happen. So stop spreading lies.
5th The security issue about the remote command is now fully removed, even if it shouldnt have been possible to use it by anyone else.
6th I dont see the relation between this anticheat system and a rootkit... if you wanna show me ?
Or maybe every recent anticheat like ESL wire or Universal AntiCheat are rootkit aswell as they scan a few things outside your game directory ?
Stop being stupid or blind !
Cheats using .u files to put in the system directory are no more used since years.
Now cheats are .exe or .dll you can launch from anywhere on your computer.
So if you dont accept to be scanned (and i repeat it doesnt do it without warning you) and wanna keep playing with a lot of cheaters, its ok for me, do what you want, but on my servers, as a server admin, i try to limit the number of them as much as possible in order everyone can play a fair game.
If you have more questions and i'm sure you have, i may answer a few of them as far as it doesnt concern too much the way it works as it would be helping cheaters too much.
First about the "illegal part" people are complaining about :
When you join a server running this anticheat you had a motd giving a link to rules and telling if you dont agree with it you should leave. Then you had about 15s to leave ut and check them if you want. Isnt it enough for pressing escape and quit ? I guess most people playing an FPS can do that within 15s.
Now the server displays ingame directly the rules and still gives you more than 15s to quit before starting.
Rules are those ones, on my servers at least :
By joining any of our private or public servers you implicitly accept and allow any of our mutators to run,
being any kind of modification of the game, including any anticheat system which needs to scan your computer
or take some screenshots and may log your IP, GUID, names, game informations and any suspicious files or activity.
So by joining the servers and staying there you definitely allow us to scan your computer and i dont see what's illegal if you agree with this.
If you wanna talk about illegal scans, then i highly invite you to complain about any server running antitcc without agreement text, because it will also scan your private datas located in UT or the prefetch folder.
2nd point, it isnt related to CB at all, that's why it doesnt appear in any rules, but CB validated this anticheat system, so bans can be submitted with logs made by the system.
3rd point, your private data wont run away in the nature...
Only suspicious files maybe logged and they wont be sent automatically to any Admin neither to CB. It just creates a log on the server running it, like antitcc does.
It doesnt read your files (no i'm not interested in what you do in your life, neither interested into getting your bank number or anything), it doesnt send them to some odd mysterious place, it just logs the name of suspicious things it finds.
4th no ban will be issued automatically.
It wont ban you because you have a file call mycheat.exe or any cheat name inside.
As i said before, it will only log those files as suspicious, then admins of the server will decide what to do about this concerning a local ban and then if submited to CB, CB ACT may decide about a CB ban aswell or not.
About Donzi, the logs havent been send automatically to any CB admin it was my own fault, i'm sorry about that and i've been discussing it with him. But again i read false informations, Donzi isnt banned from CB atm and i'm not sure this will happen. So stop spreading lies.
5th The security issue about the remote command is now fully removed, even if it shouldnt have been possible to use it by anyone else.
6th I dont see the relation between this anticheat system and a rootkit... if you wanna show me ?
Or maybe every recent anticheat like ESL wire or Universal AntiCheat are rootkit aswell as they scan a few things outside your game directory ?
Stop being stupid or blind !
Cheats using .u files to put in the system directory are no more used since years.
Now cheats are .exe or .dll you can launch from anywhere on your computer.
So if you dont accept to be scanned (and i repeat it doesnt do it without warning you) and wanna keep playing with a lot of cheaters, its ok for me, do what you want, but on my servers, as a server admin, i try to limit the number of them as much as possible in order everyone can play a fair game.
If you have more questions and i'm sure you have, i may answer a few of them as far as it doesnt concern too much the way it works as it would be helping cheaters too much.
Last edited by DavVador on Mon Mar 14, 2011 8:39 pm, edited 1 time in total.
well the reason i posted it is we play ladder matches against ST2 and did play that means u allready got logs of some of our players without they knowing. And other thing is u can scan my PC i dont have nothing to hide never did. But they also say u can change things in user.ini file so how can u proof we can trust u 
Last edited by menace on Mon Mar 14, 2011 8:47 pm, edited 1 time in total.
-
}TCP{Ramses
- Posts: 3754
- Joined: Sun Feb 02, 2003 12:09 am
Kudos for replying DavVador
I don't know you but I am sure that you have implemented this erm program with the best of intentions.
However I don't see anything in your reply that is likely to reassure anyone with reservations.
I would expect any program like this to blaze a warning in neon, up front, that it scans the whole disk, and detail exactly how it works and what it logs. It simply isn't a good enough defense to hide bahind a motd which in turn just points to a general set of "rules" giving you a free hand to run whatever you want to, malware or otherwise. This is my impression of the warning taken from your post.
I certainly am not going to risk joining your server to check whether your warnings and agreement clauses are adequate
As for the program itself, I would have to leave it to other more techie peeps to verify that it doesn't, and isn't capable of being misused by people less honest than yourself .
Now, if you can't see the security issues and possible misuse of this "mutator" (or at least the fears of those who do not know exactly how it works, if it is in fact incapable of misuse), and you expect innocents who don't know you to trust your word then I am afraid you are being naive.
All }TCP{ despise cheats and applaud any legitimate effort to make cheating as difficult as possible. However, I get the impression that the frustration and hatred of cheats may have in your case made you "stupid or blind". Or maybe you do indeed have some fears that your efforts may be over the top and infringe laws, why else resort to the tone used in your post when surely the tone should have been one of reassurance ?
I don't know you but I am sure that you have implemented this erm program with the best of intentions.
However I don't see anything in your reply that is likely to reassure anyone with reservations.
I would expect any program like this to blaze a warning in neon, up front, that it scans the whole disk, and detail exactly how it works and what it logs. It simply isn't a good enough defense to hide bahind a motd which in turn just points to a general set of "rules" giving you a free hand to run whatever you want to, malware or otherwise. This is my impression of the warning taken from your post.
I certainly am not going to risk joining your server to check whether your warnings and agreement clauses are adequate
As for the program itself, I would have to leave it to other more techie peeps to verify that it doesn't, and isn't capable of being misused by people less honest than yourself . Now, if you can't see the security issues and possible misuse of this "mutator" (or at least the fears of those who do not know exactly how it works, if it is in fact incapable of misuse), and you expect innocents who don't know you to trust your word then I am afraid you are being naive.
All }TCP{ despise cheats and applaud any legitimate effort to make cheating as difficult as possible. However, I get the impression that the frustration and hatred of cheats may have in your case made you "stupid or blind". Or maybe you do indeed have some fears that your efforts may be over the top and infringe laws, why else resort to the tone used in your post when surely the tone should have been one of reassurance ?
Thanks.}TCP{Ramses wrote:Kudos for replying DavVador
I don't know you but I am sure that you have implemented this erm program with the best of intentions.
Im sorry about that, i try my best but it's always hard to talk about what it does exactly without giving too much informations which would help the wrong people and especially when i dont know people.}TCP{Ramses wrote: However I don't see anything in your reply that is likely to reassure anyone with reservations.
The server clearly displays the rules within the game, what it may log and that a scan of your computer may be done in the chat box before it actually starts and you cant miss it.}TCP{Ramses wrote: I would expect any program like this to blaze a warning in neon, up front, that it scans the whole disk, and detail exactly how it works and what it logs. It simply isn't a good enough defense to hide bahind a motd which in turn just points to a general set of "rules" giving you a free hand to run whatever you want to, malware or otherwise. This is my impression of the warning taken from your post.
I certainly am not going to risk joining your server to check whether your warnings and agreement clauses are adequate
This mutator is not released for public and shouldnt be used on other places than a few selected thrusted ones.}TCP{Ramses wrote: Now, if you can't see the security issues and possible misuse of this "mutator" (or at least the fears of those who do not know exactly how it works, if it is in fact incapable of misuse), and you expect innocents who don't know you to trust your word then I am afraid you are being naive.
I'll add that only GUID, IP, names, game informations and filenames of suspicious files may be logged.
None of your private data will be sent to any admins neither stored on the server (try to imagine how much space it would need if i did so).
I'm actually in talk at unrealnorth aswell and a few other forums, and i hope i can help getting rid of the false informations being spread about it all over the web.}TCP{Ramses wrote: All }TCP{ despise cheats and applaud any legitimate effort to make cheating as difficult as possible. However, I get the impression that the frustration and hatred of cheats may have in your case made you "stupid or blind". Or maybe you do indeed have some fears that your efforts may be over the top and infringe laws, why else resort to the tone used in your post when surely the tone should have been one of reassurance ?
Last edited by DavVador on Mon Mar 14, 2011 9:08 pm, edited 1 time in total.
The issue with the remote command has been removed and as i said it shouldnt have been possible to use it by anyone else.î-øLùJà ^ wrote:well the reason i posted it is we play ladder matches against ST2 and did play that means u allready got logs of some of our players without they knowing. And other thing is u can scan my PC i dont have nothing to hide never did. But they also say u can change things in user.ini file so how can u proof we can trust u
About the logs, yes i have some, but it contains only the informations given above and there was on the server message talking about this (even if i admit it wasnt as clear as it is now).
And let me remember you, you got logs aswell with antitcc or safegame.
Interesting Read.
I'm all for anti-cheats.
I use to run multiple PCs at my house. A dedicated media server PC that was on 24/7 to UPNP/DLNA movies and music to players through out the house. A Video/Photo editing PC with dedicated firewire capture card and Windows OS, a PC dedicated to gaming with fast CPU and video card, and a work PC used to VPN into my job's network.
I have since consolidated all of the above to 1 PC. It is based on the AMD 1090T hex core CPU, 16GB of DDR3 ram, a 8 port SATA raid card with 8 2TB hard drives in a RAID-5 array, 2 DROBO USB (4 x 2TB each) a Synlogy 411+ NAS unit (4 x 2TB drives as an iSCSI Target), a Media Sonic USB-3 unit (4 x 2TB drives in RAID-5), and multiply 2TB drives in USB carriers.
So, I have over 40TB of usable storage (after the RAID-5 parity).
Now, to my question. What will happen to me if I join one of the servers running this anti-cheat and I don't see the motd or answer in time or whatever? I have no problem with showing the list of files or to have my system scanned for cheats. I just don't think this would work on my system and return my PC to a usable state with any reasonable time frame. What happens if I quit out of UT2004 because my system starts lagging? Will this anti-cheat continue to run? Does it mean that my UT2004 will now take forever to complete the scan?
I don't play that much online games anymore. But I do join in once in a while. I don't want something like this to cause problems on the ONLY PC that is so important for other functions. If I don't know the possible problems this anti-cheat may cause and/or a way to remove it from my PC, I may have to elect to never play UT2004 online again.
In other words, I can't risk my PC's stability and functions for a game.
I'm all for anti-cheats.
I use to run multiple PCs at my house. A dedicated media server PC that was on 24/7 to UPNP/DLNA movies and music to players through out the house. A Video/Photo editing PC with dedicated firewire capture card and Windows OS, a PC dedicated to gaming with fast CPU and video card, and a work PC used to VPN into my job's network.
I have since consolidated all of the above to 1 PC. It is based on the AMD 1090T hex core CPU, 16GB of DDR3 ram, a 8 port SATA raid card with 8 2TB hard drives in a RAID-5 array, 2 DROBO USB (4 x 2TB each) a Synlogy 411+ NAS unit (4 x 2TB drives as an iSCSI Target), a Media Sonic USB-3 unit (4 x 2TB drives in RAID-5), and multiply 2TB drives in USB carriers.
So, I have over 40TB of usable storage (after the RAID-5 parity).
Now, to my question. What will happen to me if I join one of the servers running this anti-cheat and I don't see the motd or answer in time or whatever? I have no problem with showing the list of files or to have my system scanned for cheats. I just don't think this would work on my system and return my PC to a usable state with any reasonable time frame. What happens if I quit out of UT2004 because my system starts lagging? Will this anti-cheat continue to run? Does it mean that my UT2004 will now take forever to complete the scan?
I don't play that much online games anymore. But I do join in once in a while. I don't want something like this to cause problems on the ONLY PC that is so important for other functions. If I don't know the possible problems this anti-cheat may cause and/or a way to remove it from my PC, I may have to elect to never play UT2004 online again.
In other words, I can't risk my PC's stability and functions for a game.
Rick a.k.a Rewind
The anticheat runs within UT, meaning if you experience too much lag and for a too long time, then just quit the server and problem is solved.
Once you leave the server running the anticheat it will stop, so you'll still be able to use your PC without any lag or any change to prior state.
Btw there is now an message with an agree/leave button, if you dont agree or dont do anything before timeout, you are ejected from the server, meaning no check.
Once you leave the server running the anticheat it will stop, so you'll still be able to use your PC without any lag or any change to prior state.
Btw there is now an message with an agree/leave button, if you dont agree or dont do anything before timeout, you are ejected from the server, meaning no check.
-
}TCP{Ramses
- Posts: 3754
- Joined: Sun Feb 02, 2003 12:09 am
-
}TCP{Wolf
- Site Admin
- Posts: 4663
- Joined: Thu Dec 19, 2002 7:30 pm
- Location: https://signal.me/#eu/4zInut2kHeg_ry0GD ... pdqka17o2F
- Contact:
Honestly, I am very glad this issue had such widespread effects on numerous forums and gaming community parts, if only to shake people awake to what (has been) going on.
I was preparing a lengthy post to the public, detailing how to protect your system and network from espionage - and I am actually still considering publication of said post. Am I a cheater? Certainly not! I have indeed been the author of several anti-cheat tools myself in the past for Unreal, have written and helped in writing administration tools and also classified/secret less ethical code for "the good cause". But I grew older and learned that not everything you CAN do SHOULD be done. I consider this very topic one of the greatest POLITICALLY MOTIVATED ones of the recent past in gaming history, and indeed it reflects political motivation throughout the EU.
What comes to mind are things like Data Retention, Trojan Horses which are sanctioned by governments and used by the Police force, questions as to which types of data actually constitute "personal" data (I am still unsure of the current German legal situation if an IP address actually represents personal data or not...), which actions are legal by whom to make under what circumstances, or moreover, which actions are originally intended by politics for a "good cause" but in reality just serve the agenda of politicians who want their names to be entered into history books, or are outright invented justifications to create a state even worse than Orwell's 1984 nightmare!
I - despite being a fervent fighter against cheaters and hackers - in particular am especially sensitive to such matters, because the recent years of continued anti-social anti-democratic and anti-people politics that have been legislated have been proven to be both ineffective/useless for their intended purpose, open a large can of worms regarding potential abuse, and are in stark contrast or outright contradiction to basic human rights.
Example: Data Retention.
Germany's first passed law for this EU demand for all its states to legislate into state laws was outrageously overbearing. In the time it was put to use, criminal statistics PROVED that the law itself had next to NO effect on the crime resolve rate it was targeted at, while at the same time....
- costing insane amounts of money
- opening the path to new interests (industrial queries against bootleggers...)
- being prone to error especially since implementation was rushed
- implicitly declaring the entirely population criminals by default (if you have nothing to hide, why do you oppose...?)
- AND BEING OUTRIGHT UNCONSTITUTIONAL!
The German supreme court finally killed this unlawful attempt of population control, but obviously, this is only one of many examples of our politicians currently trying to undermine democracy, free speech and free will all for the good fight against crime. The inevitable result - should they ever succeed - is conformity (gleichschaltung), since "nobody would want to stand out of the masses and automatically become a suspect. Everybody would try to be as inconspicuous as possible and behave as is expected of what the state defines as "good citizen". At that point, individualism is destroyed, and since individualism is an explicitly granted constitutional right, our constitution and democracy would be automatically destroyed with it.
Is this a phenomenon limited to Germany? LOL certainly not! The Romanian Supreme Court had its local counterpart law killed even BEFORE Germany, and just now (2011-03-31), the Czech Supreme Court did the same in the Czech Republic.
Data Retention without explicit suspicion is ILLEGAL, as now at least 3 European Supreme Courts (that I know of) have agreed. PERIOD!
Do you see the parallels?
NHK is a tool that originally was built to work "in secret", which is even more despicable than an "open political affront". From what I could see, DavVador has gone to great pains to defend his work, justify it, outline its INTENDED TARGET (fight against cheaters and hackers) and - after the secrecy was blown - to remove the outright despicable pieces of code (admin client control) and to assuage all of the serious requests for improvement with regards to legality, consent and transparency.
DavVador, you are a POLITICIAN!
And it is my personal (political) opinion that NHK has to be set next or equal to the EU Data Retention law - and therefore should be OPPOSED!
NHK, like the "Telecommunication Data Retention without suspicion" implementations, collects way too much data to justify the cause. The arguments used to defend the NHK tool are equal or similar to the political defense arguments of Data Retention, and the possibilities of abuse and future third party interests are equally present same with Data Retention. Another parallel is, that we, the people, would have to trust YOU (legislative) that you actually know how you wrote your program and it does what you say it does, and that all the ADMINS (executive) abide by its intended and limited use for the purpose specified (find criminals = cheaters) - that would make YOU and the ADMINS the government of us, the community!
Frankly, THANKS BUT NO THANKS! I'm not afraid of terrorists, and I'm definitely not afraid of cheaters either. One could argue that since corrections and improvements towards transparency have been made due to public outburst, in light of the fact NHK was originally intended to be a secret, what is that if not a plain attempt of damage control.
-- SUMMARY --
I congratulate you, DavVador, on a tool well laid out and intended.
I congratulate the community for finally getting its ass up and realizing what is going on, and also voicing its educated opinion.
If nothing else good comes from it, at least it may have shown some parallels to current ongoing politics in our real life world, and the real life dangers these present. I can perfectly understand people who care nothing for politics, I have been one of those uninterested ones myself, until my government decided to behave - at least partially - like an enemy to its subjects, instead of representing their subjects' interests. However, only by KNOWING facts you can form educated opinions and react with educated measurements and possibly get involved if warranted, therefore, raising the subject alone is a good thing for everyone involved.
NHK is certainly not the only tool out there that allows partial espionage or (in older versions) allows client corruptions. One of the reasons I am thinking of posting my "defense post" is that just a few days ago, an old Unreal friend told me that her Unreal files got corrupted repeatedly after visiting one particular server. Learning who the admin of that server was the accusation did not surprise me, for the guy has stolen sourcecode from me and Smartball in the past and selling the work as his own, and his reputation for being an asshole is not altogether unjustified. Also, I do -KNOW- of exploits and UScript code that enable client side file corruptions, I probably have a proof of concept code flying around somewhere on my drive. As for a mod that changes your user.ini or Unreal.ini, I can write one of those in my sleep, and I bet most decent scripters can too. So who protects players from abuse like that?
This has been interesting.
~Wolf
I was preparing a lengthy post to the public, detailing how to protect your system and network from espionage - and I am actually still considering publication of said post. Am I a cheater? Certainly not! I have indeed been the author of several anti-cheat tools myself in the past for Unreal, have written and helped in writing administration tools and also classified/secret less ethical code for "the good cause". But I grew older and learned that not everything you CAN do SHOULD be done. I consider this very topic one of the greatest POLITICALLY MOTIVATED ones of the recent past in gaming history, and indeed it reflects political motivation throughout the EU.
What comes to mind are things like Data Retention, Trojan Horses which are sanctioned by governments and used by the Police force, questions as to which types of data actually constitute "personal" data (I am still unsure of the current German legal situation if an IP address actually represents personal data or not...), which actions are legal by whom to make under what circumstances, or moreover, which actions are originally intended by politics for a "good cause" but in reality just serve the agenda of politicians who want their names to be entered into history books, or are outright invented justifications to create a state even worse than Orwell's 1984 nightmare!
I - despite being a fervent fighter against cheaters and hackers - in particular am especially sensitive to such matters, because the recent years of continued anti-social anti-democratic and anti-people politics that have been legislated have been proven to be both ineffective/useless for their intended purpose, open a large can of worms regarding potential abuse, and are in stark contrast or outright contradiction to basic human rights.
Example: Data Retention.
Germany's first passed law for this EU demand for all its states to legislate into state laws was outrageously overbearing. In the time it was put to use, criminal statistics PROVED that the law itself had next to NO effect on the crime resolve rate it was targeted at, while at the same time....
- costing insane amounts of money
- opening the path to new interests (industrial queries against bootleggers...)
- being prone to error especially since implementation was rushed
- implicitly declaring the entirely population criminals by default (if you have nothing to hide, why do you oppose...?)
- AND BEING OUTRIGHT UNCONSTITUTIONAL!
The German supreme court finally killed this unlawful attempt of population control, but obviously, this is only one of many examples of our politicians currently trying to undermine democracy, free speech and free will all for the good fight against crime. The inevitable result - should they ever succeed - is conformity (gleichschaltung), since "nobody would want to stand out of the masses and automatically become a suspect. Everybody would try to be as inconspicuous as possible and behave as is expected of what the state defines as "good citizen". At that point, individualism is destroyed, and since individualism is an explicitly granted constitutional right, our constitution and democracy would be automatically destroyed with it.
Is this a phenomenon limited to Germany? LOL certainly not! The Romanian Supreme Court had its local counterpart law killed even BEFORE Germany, and just now (2011-03-31), the Czech Supreme Court did the same in the Czech Republic.
Data Retention without explicit suspicion is ILLEGAL, as now at least 3 European Supreme Courts (that I know of) have agreed. PERIOD!
Do you see the parallels?
NHK is a tool that originally was built to work "in secret", which is even more despicable than an "open political affront". From what I could see, DavVador has gone to great pains to defend his work, justify it, outline its INTENDED TARGET (fight against cheaters and hackers) and - after the secrecy was blown - to remove the outright despicable pieces of code (admin client control) and to assuage all of the serious requests for improvement with regards to legality, consent and transparency.
DavVador, you are a POLITICIAN!
And it is my personal (political) opinion that NHK has to be set next or equal to the EU Data Retention law - and therefore should be OPPOSED!
NHK, like the "Telecommunication Data Retention without suspicion" implementations, collects way too much data to justify the cause. The arguments used to defend the NHK tool are equal or similar to the political defense arguments of Data Retention, and the possibilities of abuse and future third party interests are equally present same with Data Retention. Another parallel is, that we, the people, would have to trust YOU (legislative) that you actually know how you wrote your program and it does what you say it does, and that all the ADMINS (executive) abide by its intended and limited use for the purpose specified (find criminals = cheaters) - that would make YOU and the ADMINS the government of us, the community!
Frankly, THANKS BUT NO THANKS! I'm not afraid of terrorists, and I'm definitely not afraid of cheaters either. One could argue that since corrections and improvements towards transparency have been made due to public outburst, in light of the fact NHK was originally intended to be a secret, what is that if not a plain attempt of damage control.
-- SUMMARY --
I congratulate you, DavVador, on a tool well laid out and intended.
I congratulate the community for finally getting its ass up and realizing what is going on, and also voicing its educated opinion.
If nothing else good comes from it, at least it may have shown some parallels to current ongoing politics in our real life world, and the real life dangers these present. I can perfectly understand people who care nothing for politics, I have been one of those uninterested ones myself, until my government decided to behave - at least partially - like an enemy to its subjects, instead of representing their subjects' interests. However, only by KNOWING facts you can form educated opinions and react with educated measurements and possibly get involved if warranted, therefore, raising the subject alone is a good thing for everyone involved.
NHK is certainly not the only tool out there that allows partial espionage or (in older versions) allows client corruptions. One of the reasons I am thinking of posting my "defense post" is that just a few days ago, an old Unreal friend told me that her Unreal files got corrupted repeatedly after visiting one particular server. Learning who the admin of that server was the accusation did not surprise me, for the guy has stolen sourcecode from me and Smartball in the past and selling the work as his own, and his reputation for being an asshole is not altogether unjustified. Also, I do -KNOW- of exploits and UScript code that enable client side file corruptions, I probably have a proof of concept code flying around somewhere on my drive. As for a mod that changes your user.ini or Unreal.ini, I can write one of those in my sleep, and I bet most decent scripters can too. So who protects players from abuse like that?
This has been interesting.
~Wolf
-=]I AM GETTING TOO OLD FOR SUBTLETY[=-
mail: chaos.worx[at]gmx.net
IRC Quakenet +OTR: }TCP{Wolf @#oldunreal @#tcp.clan
Jabber/XMPP +OTR: Wolfy359@jabber.org
Threema: CR6Y9YSS
Signal: see profile
ICQ: dead since russian takeover disables OTR
mail: chaos.worx[at]gmx.net
IRC Quakenet +OTR: }TCP{Wolf @#oldunreal @#tcp.clan
Jabber/XMPP +OTR: Wolfy359@jabber.org
Threema: CR6Y9YSS
Signal: see profile
ICQ: dead since russian takeover disables OTR