"You really should get your head out of noob land and go look
what has been done before, currently and will be doing in the future. Just because you are unaware of it doesn't make it unorthodox."
[GD]My-T-sHarP ([GD] ) 10 Mar 01:30 Reply
My informations is the info that is On cb (not delving like 2yrs into the past). this blog post in case any-one is missing the point is that I do not like
the mthod that the new anti=cheat works, that's it. It's not about saying rmp has cheats but let him off as he didn't use it.
http://www.heise.de/newsticker/meldung/ ... 04983.html
Bundesjustizministerin Sabine Leutheusser-Schnarrenberger (FDP)
"Manche argumentieren nach dem Motto: Wenn alle Daten dieser Welt gespeichert werden, dann sind ja auch die dabei, die wir vielleicht mal brauchen", sagte die Ministerin und fügte hinzu: "Das wird es nicht geben."
(translation: some people argument: If all data of this planet is being stored, then those we may at one time eventually need will be among them", the minister said and added: "This shall not be.")
... not that I put much faith in whatever a politician is saying but oh well, for some - as it was with Hitler - at least one thing is working: the department of propaganda!
=======
Defense Scenarios for PLAYERS against admin abuse, espionage etc in online games
== The Threats ==
1) Espionage
2) Config File Corruption
3) Arbitrary File Corruption
4) Identity Tracking
5) Identity Theft
6) (D)DOS attack
== The methods ==
1) Espionage
- Malware / Trojans
- Network exploits
- Game exploits
- Ingame modifications
2) Config File Corruption
- In Game modification
- Game exploits
3) Arbitrary File Corruption
- In Game modification
- Game exploits
4) Identity Tracking
- Playernames (duh)
- IP address
- MAC address
- Computer Name
- OS logged in username
- "cookies"
- All "Espionage" methods
5) Identity Theft
- GUID CRC fabrication
- All "Espionage" methods
These listings are in no way complete, just what I could think of out of my head.
== The countermeasures ==
- Malware / Trojans -
Well this paragraph should be pretty quick.
If you are in the internet you should have noticed by now that there are numerous people interested in infecting your computer with zombie-bots or trojan horses. Some steal credit card numbers and bank account information, some make your computer part of a large illegal network. Since gaming is an industry too, there are now also trojans which steal game cd keys or your Steam login data. There are also game-specific trojans which look explicitely for your world of warcraft data if present.
Actions to take:
So do I really need to stress that point?
- Keep your OS up to date
- use virus scanners and keep them updated
- use malware/rootkit detectors (HiJackThis, SysInternals...)
- don't click on any porn/viagra/lottery/etc blah mail/im/spam link you are being sent
- use fraud protection measures if your browser offers them
- do inspect security certificates for obvious flaws (signer name = "Fuck You" could mean something is off...), etc...
- RUN APPLICATIONS WITH NON-ADMIN USERS!
Personally, I browse the net without JavaScript or plugins. While tons of pages require JavaScript these days, it is their loss usually since I simply keep away from these with just a few exceptions. Very often the problems are not caused by the application, but by plugins (PDF, ActiveX, mediaplayer, flash and all the other useless clutter nobody ever needs...).
- Network exploits -
Network exploits are sometimes used for fraud, man in the middle attacks. End-to-end enryption helps in most cases, so if a web page HAS https, use it. I'm not addressing LAN / WLAN issues here, and also the concept of network exploits by themselves is not largely relevant for gamers, so I will just skip this.
- Game exploits + Ingame modifications -
These 2 points are listed as one because, although being different, they often interrelate or correlate, at least when used against the interest of gamers. In and by themselves, ingame modifications are very plentyful and harmless in 99.9% of all cases. Many games PROMOTE the use and creation of ingame modifications explicitely, since they enrich gameplay with new gametypes, graphics, sounds, interactions, etc, in other words: ingame modifications enlarge the entire game beyond its original creation. You are playing ARENA MASTER, that is an ingame modification for UT2k4. Admins are often using administrative aiding tools which simplify the setting of servers and these days they very often even have a client GUI for ease of use.
Ingame modifications alone allow a lot of stuff, but not usually to damage the user. However, modification code basically has access to everything that the game programming interface allows, so typically a "user.ini" can be read and modified using normal legit code that is in no way a hack or an exploit. In theory, a modification may execute any command on the client that you could type yourself. What makes a legit use of this ability bad, is if there is a possibility to remotely send arbitrary commands as opposed to a limited set of commands, or if result contents are replicated (sent over the network) and logged.
I will give a LAWFUL example of modification code reading and modifying a user.ini (Unreal):
The mod "UTeamFix" was originally created for Unreal One, however, it also has an Unreal Tournament (99) build. Engine differences from 224-227 (Unreal) when compared to 436+ (UT) have created a problem with regards to some command replication. In particular, the original Unreal command "Fire" and "AltFire" (usually assigned to your left and right mouse buttons by default) would no longer work in UT99 with the original Unreal code. The reason behind that is modified UT weapon code which was intended to optimize for performance and (client side) effects, something Unreal never had in that form. The UT fire code would either work not at all or very unpredictably when used in "Unreal code", so it was not usable.
Since the goal of UTeamFix in UT was to run "Unreal games" inside the "UT engine", I didn't bother rewriting the entire weapon code for UT (whoops yea btw I wrote UTeamFix :-S), instead, I disabled the UT fire code for UTeamFix in UT and created 2 new firing functions called "UTFFire" and "UTFAltFire", which were properly replicated again.
When a normal UT player now uses UTeamFix or joins a UTeamFix server the first time, then of course the player does not have these 2 commands anywhere in his user.ini, so obviously, playing a game would not work. You could run around the map, but without the ability to fire your weapon.
UTeamFix thus scans your user.ini at the start of a map for the 2 necessary fire commands. If they are found, nothing happens. If they are NOT found, a message pops up informing the player that he is missing the 2 commands required to play and offers to set them automatically. The "automatic modification" adds the 2 commands to the existing normal UT fire commands on whatever key the player is already using, and also the modification by itself has no sideeffect on normal UT games.
Of course, for something "trivial" as this, why not just add the modified keys silently in the background without the user ever knowing the 2 commands were added to his user.ini and him starting to play right away happily!??
Because it would WRONG, that's why!
Any change to the client without user consent is pretty much unlawful, although I will refrain from getting into legal details or discussions here because I really don't intend to write a book today. UTeamFix READS the user.ini, TELLS the user about modifying it, ASKS the user if he will allow the modification and also INFORMS about the consequences of ALLOWING or REFUSING the modification. Also, reading and modifying the user.ini is purely CLIENT SIDE, no line of user.ini text is ever sent to the server!
This was a LAWFUL example how client modifying code can be used for good. While this should be the exclusive method of using such code, it is not.
A mod author can decide to write a mod that alters your keys arbitrarily without your knowledge. Pretty much any setting in your user.ini or other ini files can be changed arbitrarily using normal programming methods. Espionage of ini settings is also possible the same way, all you need todo is replicate text either using the ingame replication methods, or some games (including Unreal/UT/UT2k4...) allow even TCP/IP socket connection programming enabling transferspeeds of however fat your upload connection is.
The amount of information that can be garnered this way is somewhat limited, since access is limited to what the game engine can see. Still, if the game engine sees computer names, these can be read and sent, all ini files and probably a few things I don't know the engine can do by itself. Looking at mods like the RemoteScreenSender I have to assume the UT2k4 engine is actually quite powerful even when used without exploiting weaknesses, so regarding espionage the game engine by itself is dangerous.
I do not know how NHK works, but since AntiTCC also scans some folders outside the game directory, I have to assume the engine itself allows for much more than meets the eye. It's obviously possible to traverse entire file systems, I have to assume it is possible to load and transmit any arbitrary file as well, though I did skim the Epic UDK a bit and didn't come up with a good way todo that, usually such topics are kept closed BECAUSE of the abuse they allow.
I definitely do know that is IS possible to corrupt (write to) files, any file in the working directory is a guaranteed given, and I am confident any other arbitrary file may be overwritten with garbage if the mod author chooses that. I also know HOW, I have example sourcecode somewhere that does just that.
Actions to take:
- write protect your ini files
- write protect all other game files
- run games with a user account that has no writing permission anywhere except ini files and cache folder
- run games with a user account which has exclusive access to your OS and your GAME you play, and no file access anywhere else
- unmount all drives you do not need during game
- keep backups of your ini files somewhere safe
- optionally: keep MD5 / SHA checksum records of your files and occasionally recheck them for changes
A few details to above actions:
Write protecting your files will avoid corruption safely. While it might theoretically be possible to exploit a game to access file attributes and remove the "read only" status prior to causing corruption, I never heard of it and deem that scenario unlikely. So if you are only concerned about file corruption, the "read only" attribute should suffice. Note that if you write protect your ini files any in game setting YOU CHANGE YOURSELF will of course also be forgotten when you exit the game.
A user account with limited access to your drive would be the "crown" solution to all your troubles, you can limit a user file access to the personal home directory and the game dir, and that would prevent espionage and arbitrary file corruption OUTSIDE YOUR GAME DIR pretty safely. The catch with this approach is, that it takes a lot of effort to setup properly and is prone to error (on your part). Also, I do not know for Linux, but for Windoze it may take quite some time to change NTFS ACLs in a large file system, and if you have multiple computers the amount of effort to do it right everywhere amounts to more than just annoyance. Further, some anti-cheats like XRay may not function at all with limited accounts, or malfunction. I was unable to run both XRay and UT2k4 as non-admin properly. Either one of the two wouldn't even start, or they would but XRay would never detect the game was launched. I probably could have solved this with some fiddling but I already was annoyed with all the time this setup required so eventually I CBA...
Unmounting USB drives etc is a manual job you simply should do. Network shares can be SCRIPTED to be shared (server side), and probably also client side, my knowledge of the command line is a bit limited but I know it's possible. Last but not least you should be able to unmount local fixed devices such as harddrive partitions you do not need - in Windoze, just assign no letter to a partition, then it is effectively "unmounted". Of course, if you only have one large C drive then that is very much suboptimal
My setup:
I'm using Truecrypt as virtual drive. While Truecrypt is not needed for that (it is an encryption tool, not a virtual drive), I already have Truecrypt installed everywhere anyway so why look for another tool if this proven and stable one gets the job done.
On my server, I remove all network shares except one dir containing the virtual drives of my games (one file per game), so my terabytes of porn are no longer visible, all that someone could see is what other games I have virtualized.
Locally, I dismount my MAIN partition, so all that remains visible locally is the C drive and the swapdrive, the third partition will be the virtual one from my server mounted over the network.
Teamspeak is shared explicitely from my laptop, so I will have one other network mounted share but all that contains is Teamspeak and nothing else, big deal... My laptop also runs instant messaging/irc etc while I play on the other machine.
The cool thing about the Truecrypt virtual driver is that it allows you to mount volumes as READ ONLY, so if I have all the files I need to play downloaded and KNOW the server I visit is dangerous, mount as read only. Also, the virtual driver allows FORCEFUL dismounts, so even if Windoze protests that there is still a handle open when I want to dismount, I can do that (at my own peril if I am not sure what I am doing). Lastly, Truecrypt runs on LINUX as well, and reads/writes NTFS under LINUX pretty much flawlessly, so I could just connect to my Windows server with a gaming-capable Linux box, use truecrypt to mount the game in Linux and go play too! The same goes with my instant messaging / etc stuff, which is on a USB stick but inside a virtual truecrypt file, which I can mount on a Linux box and run the stuff via WINE if necessary.
This way, I am pretty much independant of both hardware and mostly even the operating system. All I need is Truecrypt which runs natively anywhere, and access to my 25 gig virtual truecrypt drive containing my game (which I can also copy around if I have to). Honestly I haven't tested the Linux version of UT2k4 but I can't imagine it is so difficult to get running.
File corruption will be limited to the game(s) and my local OS if things come to the worst scenario (OS backups make that threat moot though, as for a corrupted game... oh well... I probably COULD have backups of that too
) and as for espionage, all that is visible are the currently mounted game, the local OS, and a list of other games I play with virtual mounts.The downside is, that my setup evolved and is NOW easy for me to setup and maintain, but of course it requires that you partition your computers properly etc. If you just put everything on one partition or half of what I am writing sounds like Chinese noodles to you then don't bother trying to protect yourself, you're screwed anyway
- Tracking -
With the above in mind, identifying YOU as one particular PERSON - or identifying your INSTALLATION of the game becomes a bit fuzzy because it all comes down to what is being used to track and id you. With espionage methods, ANYTHING could be used alone or in combination with other info to tag you. When looking through the UDK forums for file access techniques I cam across queries from scripters wanting to read out hard drive serial numbers and stuff like that. By itself, a request/question like that is preposterous! There is NO REASON EVER for a GAME to KNOW the SERIAL NUMBER OF YOUR HARD DISK, but there is NO REASON for your GAME to know your MAC ADDRESS either and it can obviously be read ANYWAY! So unfortunately, there is a flaw in design here, similarly to most political decisions our rulers have decided in absence of common sense lately, for allowing access on data if the data is not absolutely necessary for a process to function, then the access MUST BE DENIED. That is something neither game designers nor politicians seem to understand. Now let's go to some popular examples...
Playernames...
... can be easily changed. Probably the only thing that hackers and anti-cheat modders agree on, that Playernames are pretty much useless when trying to identify someone, since they are arbitrary and a change is just a "setname ..." away.
IP address...
... are already good to "narrow things down", but in no way conclusive! If people know your IP is static, and you have -LEGIT- reasons to hide your identity, then the following means might be viable:
- 2ndary ISP
- TOR - see http://en.wikipedia.org/wiki/Tor_(anonymity_network)
- Proxy/Tunnels/VPN (either public or private, paid or friends you have)
Secondary ISPs are very much viable when you are on dial-up, no matter if analogous or digitally. In my modem-times numerous ISPs had dial-on-demand services with a public login/password, so anyone could just dial in and pay over the phone bill on months end. I was probably using 15 different ISPs at times, though mostly because there was a horrible price war going on and some ISPs were cheaper at certain times of the day, some billed always by byte-volume etc... However, billing considerations notwithstanding, dial-in ISPs give you plenty of different IPs and IP-ranges to hide in if necessary. If your IP was banned off a website, this could be a backup plan.
TOR has its uses for research of stigmatized or questionable materials, circumventing governmental censorship etc... If set up properly, you can route ALL internet traffic through TOR and all your government or ISP will ever see is that you are using TOR, but not what for. Be aware that some Firefox versions do have an error when using TOR, falsely routing DNS requests to your LOCAL DNS, not the TOR over socks... but I am getting sidetracked... again using TOR is a good way to get to some info if you have been banned by IP (range) somewhere. I advise strongly against using TOR for security critical stuff, since TOR end nodes may and sometimes do spy the traffic. Also, webpages may decide to ban being accessed from TOR entirely. Speed is also horrible. Use sparingly.
Proxy/Tunnels exist in numerous forms. Public anonymizers have pretty much the same limitations as TOR but are even less secure. Some companies offer professional VPN solutions for the explicit purpose of hiding your identity while surfing or doing other things in the net, however, that will not help you if you plan illegal things, because these companies are still bound by law to hand over your data in case of a crime. It would be the "crown jewel" for a gamer to play over such a VPN, since the IP he gets is not even in the same COUNTRY as the player. However, using this method may be useless since obviously your ping WILL increase and likely make the game unplayable for you. The same goes for tunnel solutions. Both tunnels and VPNs are non-trivial to setup and require you to trust the service you are using, so there are distinctive limits.
The best thing to have is several ISPs locally. Simple.
MAC address...
... is supposedly unique to every individual network card. I know there are some tools which can change them, but I have no idea if/how they work, or if there are limits. Feel free to add to this point.
If you run a virtual machine like VirtualBox, you can manually set the MAC address of your virtual machine to whatever you like, perfectly hiding your real MAC address... but I have never tried playing from inside a VM. VMs are usually built for server environments and not for gaming, not only may the performance of a modern game be horrible from inside a VM, it's quite possible all hardware acceleration is lost by the virtualization. The current build of VirtualBox, which I use myself (though not for gaming), supports multimedia APIs, but from what I understand this support is aimed at construction rendering applications (CAD etc...) so that these run a little faster inside a VM. I doubt the virtualized OpenGL / DirectX 9 support it advertises will blow your minds if you decide to start a game.
Still, for older games this is a good solution if necessary, for newer games it may one day be. Virtual machines would ALSO (virtually - excuse the pun
) solve all problems of espionage or file corruption. Why? Well, somebody spies out your virtual machine... big deal, all he can see is faked stuff except your game files. Somebody hacks and trashes your virtual computer? Who cares, you were probably smart enough to snapshot your VM build before, so the damage is repaired in 2 minutes and with 3 clicks.Computer Name...
... bah... another shoddy one. Computer names are changeable, though it does require a few clicks, probably too much NOT to have it automated in case you KNOW you are being tracked by computer name. The best strategy here is to simply use a very common computer name for your main machine, such as "OEMCOMPUTER", which is the name many vendors give their computers by default when they assemble them for sale. If a large mass of people uses that name, tracking of individuals is impossible this way. The worst thing you can do is give your computer your own name or something that is publicly known to be associated with you. Don't be an idiot, when asked for a random number, would you say your birthdate...?
OS logged in username...
... this is a new one. NHK is the first time I ever heard that existing operating system users can and are checked! Now, all the stupid windoze users who always run as "Administrator" are at an advantage lol. Though probably the best idea - since I told you to use "restricted users" might be to run as "Guest" account. Refrain from using personalized user names, or your REAL first name, that would be plain dumb if you plan to stay anonymous! I strongly recommend the user name "User", another default from the OEM vendor world...
"cookies"...
... in quotations because I neither meant brownies nor internet explorer cookies. In game modifications may also save their own data CLIENT SIDE. By alone that is perfectly okay. My own mod "UTeamFix" saves a "cookie" on client computers to id them, but the only function that is associated with is the scorerecovery - meaning - if you crash in the middle of a game and rejoin, the cookie is sent back to the server when you rejoin, then you get all your points and stats back. While "UTeamFix" could also track and ban people on sight of the cookie, it would be stupid todo that. The cookie by itself is arbitrary plaintext and can be changed by the user at will, so once the cookie is known to exist its "powers of observation" (whoa another pun today yay) do get extinguished.
But THAT is the real trouble if somebody WANTs to track you, he might put several cookies on you which you simply do not know! Write protecting your files helps against that, but only if the cookie is not yet present at the time you do that! Also, sometimes cookies hide inside fields that exist for different purposes, or which came out of use. Epic Megagames is a good candidate for old variables that are simply left in new sourcecode and not cleaned up after an update...
Tracking by espionaged data...
... well since espionage is a constant danger, as mentioned before pretty much anything could be used to ID you if one can reasonably and safely assume the data does not change (much) over time. At that point, the "preposterous" hard drive serial number example from above no longer looks all that preposterous does it?! There is not really much you can do, except virtualize as much as possible, and reduce the amount of data the game can access to a minimum (by unmounting unnecessary drives, using restricted users etc...).
- Identity Theft -
Malware...
The most direct and obvious method of identity theft is again through malware, as explained several passages up top. Just because most malware is profit oriented these day and steal your bank account information or game keys for sale to third parties, it is just as conceivable to attack and infiltrate specific gamers' PCs with the same methods with the explicit goal to steal their ingame information to impersonate them. So again, firewall / virus killer / malware scanner / rootkit revealer etc etc etc by now you know that drill...
In UT2K4 in particular, there are also exploits that allow a hacker to steal your CRC. If you just want to -KNOW- someone elses CD key CRC, all you have todo is mute him locally, then the CRC shows up in your ini file. I do not know how the CRC fabrication itself works when playing, but I have seen it first that hackers may use the CD key hash value of arbitrary other players and thus circumvent bans or cause OTHER PLAYERS TO BE BANNED IN THEIR STEAD. The only solution to this is to buy 2 CD keys and use one for public, one for official matches EXCLUSIVELY! And even then you can never be sure since obviously there are cheats and hacks in some clans out there playing on CB... so solution 3 may work for those who believe in God: pray.
- All "Espionage" methods -
Well looking at the sheer amount of possibilities, I am quite astounded that so little seems to go wrong. Or is it only that we - the public - are unaware of the true size of the iceberg?
There are no possible defenses against every kind of espionage or attack. A dedicated hacker -WILL- hack something, the only question is, how much effort he or she is willing and able to invest. The question "if" something is hackable can always be answered with "yes", the only question open is "when" (or "how fast").
- (D)-Dos Attacks -
Err... honestly, there is no real solution against that. If a DOS attack is being created by an exploit (for example, you are running an outdated version of a web-server, or an old Unreal server), and an attacker uses manufactured IP packets to cause high CPU load on your server, which in turn binds so many resources your server is no longer able to respond to normal requests, then the OBVIOUS method is: update your server!
For players it is much less likely to become a (D)DOS attack target, but in theory everything is possible. In most cases of today's broadband, simple DOS attacks will have no effect on players, because one's downstream is usually A LOT LARGER than someone else's upstream. However, if somebody uses a bot-net or a bounce hack (fabricated IP source addresses) to attack you, then there's nothing much you can do - except disconnect and hopefully get a new IP when you reconnect.
*** Abbendum: Running restricted users on all your computers but sharing data/partitions/virtual drives between them ***
If you have - like me - decided to use virtual drives to put all your online games in, and perhaps also to use the same virtual drives on multiple computers as you move around, you may encounter a small problem if your virtual drives are using a file system that supports permissions - in Windows' case: NTFS, if the problem I am about to describe exists in Linux and how it shows I do not know because I do not know enough about Linux file systems, but maybe somebody else can append a paragraph on that.
If you create a user on one machine, at least in Windoze that user is not identified by its NAME, but instead by a created ID. So even if you create the same user, or more precise, a user with the same NAME on several computers, they will all carry different IDs - at least as long as your computers are not ruled by a master domain controller, and I doubt any home user would bother to set one up - even I am not THAT craz... err... enthusiastic.
So the problem ensuing is, that once you take your carefully configured virtual drive to another computer, you may encounter windows telling you that your entire virtual drive suddenly can only be opened in READ ONLY mode or that the games you put inside cannot write their own configs. That's because the original user they were put there with, does not exist on your other computer. And while arbitrary other users may by default READ, writing permissions may be missing. So now what? Add a writing rule on all your computers you put your virtual drives to?
Nah.. you will end up collecting IDs on your NTFS ACLs, these actually show under the "Security tab" on your other computers as "unknown IDs" btw..
The easy solution here is to use FAT32 for your virtual drives you put online games on. I wouldn't use FAT32 anywhere much else, but even SD cards are pre-formatted with it for that reason, so that they easily be read and written to on any camera/device/computer you put it in, since FAT32 does not support file permissions and allows for large enough drives for a single game.
If you wish to use NTFS for your virtual drives, assign writing permissions to "Everyone" on those files you know need to be written to (like your ini files, or your CACHE directory). The IDs of default windows groups such as "Everyone" etc, are identical on all Windows installations, so the ACLs set on one this way will be understood on other computers as well.
******************
Now go forth, use your brain....
reminds me of your Readme files 