New Anti-Cheat Client by Jumper

[Editor’s note: The following text is written by Jumper]

Greetings everyone. I’m ready to introduce to your attention a new anti-cheat named Sauerbraten Tournament Edition (STE for short)!

Introduction

Me and my friend DeathStar felt an urge to create an anti-cheat with high protection to decrease percent of cheating inside the sauerbraten community. That’s how it’s all began, we started working and bringing new ideas. Along with client side anti-cheat, we were working on server side anti-cheat, that would complete each and bring full security to the game servers.

So what is it for?

  • Secure tournaments and public games (mainly tournaments)
  • Verification status (verification method that check if other clients user anti-cheat or not)
  • PAK file loading (no need to explain)

It’s main purpose is to provide a secure gaming on tournaments, however public games as well. This mod has a client side protection, however it interact with our private server mod, which has a server side anti-cheat protection. It means that if you play on our server mod (will be released soon) with our anti-cheat client, other players has 99.9% guarantee that you are clean. This scheme works the same in the direction of other players.

Why is it secure?

  1. Binary check md5sum of media.zip and other files, so if something will be changed or edited, you won’t be able to launch the game. This means that client doesn’t allow you to make changes with some objects and playermodels. As an example, you won’t be able to remove/edit tree model from map capture_night. You also won’t be able to change the size of playermodels and their hitbox radius.
  2. If you are playing with this anti-cheat on our servermod with anti-cheat protection, server check the hash and structure of binaries. Client also send verification code to server and server send other code in return that grant access to the server and client connect to the server, or if you have done some changes to the source or game files it automatically doesn’t allow you to connect.

How do I get set up?

  1. Download the provided .zip file
  2. Extract it and either copy it into the sauerbraten directory or link to the sauerbraten directory (to use the data/ and packages/ folder) in the .bat file: “-kC:\Program Files (x86)\Sauerbraten”` (make sure you check if this is your path too, and change it if it’s not)
  3. Anticheat will not damage your previous mods so you don’t have to create a backup
  4. Game won’t start if media.zip is not in the sauerbraten directory

Who do I talk to?

  • Jumper (developer, administrator)
  • DeathStar (developer)

Where can I get it?

Our modification is cross-platform. This means you are able to download Windows, Linux and OSX versions.

p.s If you found any bugs, report it to Jumper on gamesurge @ #mys

38 Comments

  1. star

    “Releasing an anti-cheat client is a delicate matter, which is based on trust.” – quote pisto

    I don’t think I got the quote litterally, but the general sense is the same. You are basically telling others to run your programm and trust your word, that it won’t do anything shady in the background. Trust obviously isn’t earned likely, especially with a past like our dear Jumper’s.
    Pisto was very aware of the trust issue and therefore he reached out to various respected people from the sauerbraten community, which would oversee his sdos anti-cheat client’s code. The people were carefully selected from different subcommunities and had all a knowledgable programming background.

    Given the already meantioned context and your wish to succeed with this project, I would strongly advise you to do the same.

    Now it’s obvious that, sharing acc code a risky idea by itself and honestly I wouldn’t even dare to recommend any names. Mainly because there isn’t much knowledge left in the community and it’ll furthermore be a huge time investment, which I doubt, anyone I can think of is willing to invest. Sadly, this means, that I can’t really support the use of your programm, yet.

    Reality now is, that Sauer’s competetive side is gone. There aren’t many highskilled clans/players around anymore and I can’t even remember the last cheating accusations (Sativa?!). Active players nowadays have already build up trust due to their long lasting Sauerbraten career. So in conclusion, I think your efforts are too late and there is no need for an anti-cheat client anymore. More usefull would be a propper DDoS defence strategy, for example.

    I wish you still, the best of luck. I know how hard it can be, working on something that isn’t appreciated the way you anticipated.

      on another note:

    Jumper: and I will add soon different rifle colors for bot hteams

    We in comed considerd this as ‘too far’. The point in comed was to not make functions which would give you an unfair advantage over the vanilla client. Having 2 different rifle colours will immediately enable you to decide if you get shot at by an enemy or a supporting teammate. Vanilla players can’t do this and will have to turn around, thereby losing valuable seconds over the gut who can. I agree it would be an awesome feature, but please think about this kind of stuff. Vanilla players should always be the baseline.
    I also admit that wilst in the process of developing, I added some features that I wanted to be discussed, that had the same problems. Sadly many assholes took this as a chance to bitch about it, instead of giving constructive criticism. I’m telling you this, because of the the latter.

    1. h8

      It’s laughable to me when IRC veterans say there’s no need for an anti-cheat client. There’s always a need for an anti-cheat client in a tournament, even if just for peace of mind.
      PSL had it and that’s why it was popular. Noobs/newbies/amateurs could against pros without feeling like they were playing against cheaters.

      Point is, veterans may “trust” each other and feel no need for an anti-cheat but you can’t expect newbies to feel the same way (given sauer’s rich history of “pros” later coming out as “cheaters”).

      1. swatllama

        PSL was popular for a lot of other reasons that would be difficult for you to understand considering that I don’t believe you were really involved in any aspect of it. I’d be happy to give a lengthy detail only three people would read upon request.

      2. mefisto

        Actually, the PSL anti-cheat client was introduced rather late in the history of PSL. Certainly well after the high point of its popularity, and it was prompted by a high-profile cheating controversy. It doesn’t seem like you really know what you’re talking about with the history of PSL.

        I am not sure what incidents of “pros coming out as cheaters” you’re referring to.

      3. h8

        Are we really going to argue about the efficacy of an anti-cheat client for an open source game with no in-built cheat prevention system? The point is undebatable.
        Anti-cheat would be great, period.

        I was involved in PSL as a participant sometime Oct.2009, the reason I felt comfortable participating was I knew I wasn’t going against cheaters. – That’s the newbie perspective I request you to take into consideration.

        It all depends, whether you believe the games is dead, in which case why bother making these posts.
        If you think there is still scope for new players to join, you can make tournaments more inviting by including some anti-cheat measures.

      4. mefisto

        A bad anti cheat is worse than no anti cheat. The client, as described in the OP, would be bad, and I’m not confident in the abilities of its developers.

      5. Jumper

        I personally don’t give a fuck if you’re not confident with my abilities. You can keep arguing but just like H8 said, anti-cheat is a “MUST HAVE” rule in any tournament of any game.

      6. Jumper

        Also you cannot say it is not good enough as you haven’t even tried it and you barely know how it works. I’d say that this anti-cheat has a quite good level of protection

      7. greenadiss

        >> “you barely know how it works”
        that’s the main problem, there can be hidden anything and that’s why it’s important to trust the developers. I wouldn’t risk running it. I’d better not participate at all if that’s the only way.

        >> “I personally don’t give a fuck if you’re not confident with my abilities”
        maybe that’s the main problem of your constant failure? Maybe you better give a fuck about things like people’s trust.

        I agree with Star. It’s a bit too late. The community isn’t that big to develop an anti-cheat for it. We all know each other, we know our skills, we can detect serious cheats with our eyes if we aren’t sure in something. Yes, it’s not that good as if there was an anti-cheat but we aren’t desperate that much to use an anti-cheat client like this one.

      8. Jumper

        “but we aren’t desperate that much to use an anti-cheat client like this one.” Although you do not trust me, but I could say that this anticheat is not worse than SDoS or SWLACC. THe other thing is that you don’t want to use it i because it’s made by me and you are scared to launch it. On the other hand, take it from my perspective, I cannot share the source to prove that there is nothing hidden inside, as if I would share the source, it wouldn’t be secure anymore. Obst and I has already talked about this anticheat, and we might work together on it. I hope Obst is trusted enough in our beloved sauer community, so you won’t be afraid using it after Obst approves that there is nothing evil inside the binary. Peace.

      9. star

        god did anyone even read my comment or have we just again arrived at the random rant generator?

      10. aga

        If obst will use your client, am done with his tournament. And i think that you can count much more players.

        Just fuck it, and play the game with your real skills. You dont have to make a better player from yourself. Who cares. Cheaters and Dossers killed the fun of this game. Thanks to obst that hes starting something.

        Instead of your effort in client, try to find some clan or make one, so we have more clans to play. Convice your friends to play. thats what sauer needs.

  2. star

    and all this crap in response to my comment, in which i never mentioned anything you were discussing. great job h8, you are now my no #1 fagget.

  3. Obstriegel

    ~(O.OOO.O)*> <*(O.OOO.O)~ <*(O.OOO.O)~

    I believe it is not 1st April yet but still this sauerworld post seems to be real. There are no plans to use Jumper’s client for our tournament and I don’t want to get mentioned in connection with him. I told him that I am interested in the code to see if there is something useful in it. But there is no agreement about this and there never will be. In fact his or their crap is just useless.

    As mefisto already said,

    “A bad anti cheat is worse than no anti cheat.”

    especially if it is as bad as this one which would only create a false sense of security.

    Or for @h8: Noob perspective… when I play against a cheater it’s sad, I can say “oh damn this fucking asshole”, when I play with an anti-cheat which is not worth it’s name and people believe it proofs something I would go crazy. I would have to be angry at the people who employ it, angry at the players who believe in it and at the cheater. I don’t even have enough anger for that.

    So… I told Jumper shortly before he tried to launch his tournament in the beginning of 2016 I think that his client mighty be shitty, and I demonstrate it another time now…
    https://www.youtube.com/watch?v=i7Xt31qvm8o

    It’s my proof to show his claim “Binary check md5sum of media.zip and other files, so if something will be changed or edited, you won’t be able to launch the game.”[…] is wrong. A little experienced person can crack this “protection” within 5 minutes.

    “Pisto was very aware of the trust issue and therefore he reached out to various respected people from the sauerbraten community, which would oversee his sdos anti-cheat client’s code. The people were carefully selected from different subcommunities and had all a knowledgable programming background.

    Given the already mentioned context and your wish to succeed with this project, I would strongly advise you to do the same. “

    -Star

    Sharing the source is not necessary with Jumper’s client as they left symbols in the binary which makes it look a bit naked to me (Function calls in clear text there to make it extra easy). Anyone can open the thing in a debugger and review the internals. This is a sad thing which renders this client totally useless as an anti-cheat client in my eyes and shows that the creators have no clue about what they are doing.

    To get an idea of what I mean:
    http://obstriegel.de/sauer/jumperclientsymbols.txt
    http://obstriegel.de/sauer/sdosclientsymbols.txt

    Krasser verkacker einfach. It is left to our imagination why you hurried up too much with that “1.1.0” release now. Even if you had a good incentive for it now you can basically flush this code down the toilet, start from scratch and try again in 2018.

    I would also like to have some restricted client, ban certain settings etc. but it is a very complex task which requires continued effort.
    So again to those who thought we might use this for our tournament: There won’t be a special anti-cheat client in the next events and if it ever happens it will not be based on one of Jumper’s hobby projects and of course would have to be reviewed by external entities. As it has been said already at the moment probably nobody will come up with a nice solution to this problem so we rely on the small community playing honest, knowing each other and detecting wrong behavior.

    ~(O.OOO.O)*> <*(O.OOO.O)~ <*(O.OOO.O)~

    1. Jumper

      Just KEK. First you lied to me that you agreed with me about working together on this anticheat, now you lie about my anticheat’s security.

      To make it clear, me and obst talked about anticheat thing on IRC, before the tournament. After some talk, we decided that I share with him the source on BitBucket website, and we work together to improve it, and he would be able to use it in his future events, because as he claims, he had not enough time tot tell everyone that it is’s “must rule” to use anticheat on his tournament. Day after, when I was excluded from the tournament, for some bullshit reasons without proof, he wrote this on irc:

      I wanted his code but I would never give it back. If there is something to check data those would be a few lines I don’t have to write myself.

      Oh dear Obstriegel, to be honest you just literally fall in my eyes, as I trusted you before, and I thought we could really work together.

      About the anticheat security. Most of his claims are false. First of all it is possible to use social engineering to disassemble the binary and then you could try to put some hacks into it. BUT! As I mentioned before, this anticheat becomes complete, ONLY when it’s being used on special servermod used to interact with THIS EXACT anticheat. IF you would try to do the same thing on the servermod I am talking about, server would automatically disconnect you, as it would detect changed within the binary structure as it checks your machine memory through the binary. Does that mean we are able to steal your credit accounts or smth? Nope. It means server is checking the integrity of the binary and it’s code, after that it checks if any programs are currently interacting with anticheat’s process within your RAM. If so, then it won’t let you connect. So obst you can tell w/e you want, but it’s ain’t proved. :P I believe you could do this in offline mode without connecting to the server-side anticheat, but there are also some misunderstanding in that video. As you don’t show the process where you download .zip file, disassemble it and do everyhing you showed in the video, I claim that you could easily just taken the vanilla client, write few lines to make it display smth like “Sauerbraten Tournament Edition v1.1.0 is launched” and then just easily hack, as you have the original source. In configuration I see that you removed Settings tab, with geoip settings, stats settings, and you left only the “About” tab. Did you do that because in original source there are no such variables? :DD

      1. star

        First of all it is possible to use social engineering to disassemble the binary and then you could try to put some hacks into it.

        damn right, the social disassembler is your friend. uninstall.

    1. Jumpy

      I know it doesn’t work properly. I’m working on the security of the code in my free time, so will make a new release in a near future.

Comments are closed.