Fighting cheating in games where standard tools do not help
There are situations when cheating in online games crosses the boundary of standard protection and becomes at first glance an insurmountable problem.
But even in such situations, you can find a way out.
This article will discuss the not very popular game ARMA 2 and not quite the usual methods of dealing with cheaters.
The theme (game administration) is rather unusual for a habr, but it also has to do with IT, and I think it deserves attention.
For a long time, how much I read Habr, I have never met a single article on the administration of ordinary network games, but there are also such administrators. They, like other administrators, collect hardware, put linux or windows on it, install apache, nginx, do web services, read habr, etc., but the main purpose of all this is to support game servers, which also have their own configuration features. .
In this article, I will not write about setting up game servers, but as I wrote above, I just want to draw attention to how you can deal with cheaters (using the example of ARMA 2) if the standard protection does not cope with this task.
This game has a special atmosphere that attracts a special audience, fans of difficult games. Compared to popular hits, quite a few people play it. And it's not only in some bugs that interfere with playing, but also in a rather complex gamer. After all, not with a simple, this game is positioned as a military simulator, and not a simple 3D action game.
')
In addition to the unique gameplay, the biggest feature of ARMA 2 is that it has a very flexible script system that allows you to make a game out of it that is completely different from the original. For example, you can make a network mode with RPG elements! Basically it all depends on the skills and imagination of those who make missions for this game.
Also this game has a huge base of addons - equipment, models of soldiers, weapons, sounds, etc.
But its biggest feature is its biggest problem in terms of vulnerability. Cheats in ARMA 2 can do anything, from creating any objects on the map, immortality, endless patrons and ending with the execution of commands to control the server.
In such a situation, even the official defense begins to lose this fight. And it seems that nothing but constant monitoring of the game can help in capturing cheaters.
But knowing the features of the game you can still take some measures!
To combat cheaters in ARMA 2 used official anti-cheat BattlEye.
And due to the fact that the game has a lot of add-ons, including those that can give an advantage in the network game, it implements the ability to allow players to the server only with approved add-ons “verifySignatures = 1;” - add-ons are checked by unique signatures.
But all this does not help. If the cheater wants, he can find the means to bypass the verification of unique signatures and get to the server with the cheat addon.
Fortunately, not all cheaters are smart enough and sometimes such logs can appear in the logs:
10:49:46 Player Dimt: Wrong signature for file expansion \ addons \ darky.pbo
In such cases, the administrator himself has to go into the knowledge of cheats and then it will be obvious that the name of the add-on darky.pbo indicates his cheat status.
Personally, to facilitate the analysis of logs, I wrote a simple script:
Accordingly, I registered it in kroner to be executed every 30 minutes.
It really helps me and other administrators of our servers.
But in terms of effectively dealing with cheaters, this is practically useless anyway.
And here comes the most interesting and basic method - traffic analysis!
Administration of game servers is not always the simple inclusion of a specific server application. Here, too, knowledge that directly relates to games has nothing to do.
It happened in this situation. Wireshark traffic analyzer came to the rescue. I will not go into details of using this program - good documentation is attached to it.
The collection of traffic on our ARMA 2 servers is very simple:
The collected information allows you to see the application of the very cheating teams that create equipment, kill other players, etc.
You just need to guess which code can be used by the cheat application, or you can download some cheats yourself to analyze their work.
As a result, when you already know what keywords to search for, you can find the following picture:
As you can see from the player, the hExecCode team was sent to the server with a code that creates ( createVehicle ) a LandRover car.
Of course, in this situation without additional funds (cheats) such code can not be applied.
After that, it will not be difficult to calculate all the necessary data to block the offender.
As a result, we have, though not automatic protection of instant action, but rather effective in terms of recognizing cheat code.
But even in such situations, you can find a way out.
This article will discuss the not very popular game ARMA 2 and not quite the usual methods of dealing with cheaters.
The theme (game administration) is rather unusual for a habr, but it also has to do with IT, and I think it deserves attention.
Foreword
For a long time, how much I read Habr, I have never met a single article on the administration of ordinary network games, but there are also such administrators. They, like other administrators, collect hardware, put linux or windows on it, install apache, nginx, do web services, read habr, etc., but the main purpose of all this is to support game servers, which also have their own configuration features. .
In this article, I will not write about setting up game servers, but as I wrote above, I just want to draw attention to how you can deal with cheaters (using the example of ARMA 2) if the standard protection does not cope with this task.
Description and features of the game ARMA 2
This game has a special atmosphere that attracts a special audience, fans of difficult games. Compared to popular hits, quite a few people play it. And it's not only in some bugs that interfere with playing, but also in a rather complex gamer. After all, not with a simple, this game is positioned as a military simulator, and not a simple 3D action game.
')
In addition to the unique gameplay, the biggest feature of ARMA 2 is that it has a very flexible script system that allows you to make a game out of it that is completely different from the original. For example, you can make a network mode with RPG elements! Basically it all depends on the skills and imagination of those who make missions for this game.
Also this game has a huge base of addons - equipment, models of soldiers, weapons, sounds, etc.
But its biggest feature is its biggest problem in terms of vulnerability. Cheats in ARMA 2 can do anything, from creating any objects on the map, immortality, endless patrons and ending with the execution of commands to control the server.
In such a situation, even the official defense begins to lose this fight. And it seems that nothing but constant monitoring of the game can help in capturing cheaters.
But knowing the features of the game you can still take some measures!
Fight against violators
To combat cheaters in ARMA 2 used official anti-cheat BattlEye.
And due to the fact that the game has a lot of add-ons, including those that can give an advantage in the network game, it implements the ability to allow players to the server only with approved add-ons “verifySignatures = 1;” - add-ons are checked by unique signatures.
But all this does not help. If the cheater wants, he can find the means to bypass the verification of unique signatures and get to the server with the cheat addon.
Fortunately, not all cheaters are smart enough and sometimes such logs can appear in the logs:
10:49:46 Player Dimt: Wrong signature for file expansion \ addons \ darky.pbo
In such cases, the administrator himself has to go into the knowledge of cheats and then it will be obvious that the name of the add-on darky.pbo indicates his cheat status.
Personally, to facilitate the analysis of logs, I wrote a simple script:
#!/bin/sh
DETECTED="/usr/games/a2_bans/cheater.log"
DETECTEDTK="/usr/games/a2_bans/teamkill.log"
WRONGSIG="/usr/games/a2_bans/wrongsig.log"
echo " ( 30 ): `date "+%d.%m.%Y %H:%M:%S"` \n" > $DETECTED
grep GameHack /usr/games/arma2*/arma2_server_console.log >> $DETECTED
echo " ( 30 ): `date "+%d.%m.%Y %H:%M:%S"` \n" > $WRONGSIG
grep 'Wrong signature for file' /usr/games/arma2*/arma2_server_console.log >> $WRONGSIG
echo " ( 30 ): `date "+%d.%m.%Y %H:%M:%S"` \n" > $DETECTEDTK
grep teamkill /usr/games/arma2*/log.23* >> $DETECTEDTK
Accordingly, I registered it in kroner to be executed every 30 minutes.
It really helps me and other administrators of our servers.
But in terms of effectively dealing with cheaters, this is practically useless anyway.
And here comes the most interesting and basic method - traffic analysis!
Wireshark against cheaters
Administration of game servers is not always the simple inclusion of a specific server application. Here, too, knowledge that directly relates to games has nothing to do.
It happened in this situation. Wireshark traffic analyzer came to the rescue. I will not go into details of using this program - good documentation is attached to it.
The collection of traffic on our ARMA 2 servers is very simple:
dumpcap -i 1 -f "udp port 2302 and dst xxxx" -w /var/log/dumpcap/arma2co_1/a2co1.pcap -b duration:1800 filesize:200000The collected information allows you to see the application of the very cheating teams that create equipment, kill other players, etc.
You just need to guess which code can be used by the cheat application, or you can download some cheats yourself to analyze their work.
As a result, when you already know what keywords to search for, you can find the following picture:
0040 00 00 0a 92 8f c5 00 68 45 78 65 63 43 6f 64 65 .......hExecCode
0050 00 3c 06 00 00 00 53 54 52 49 4e 47 22 4c 61 6e .<....STRING"Lan
0060 64 52 6f 76 65 72 5f 43 5a 5f 45 50 31 22 20 63 dRover_CZ_EP1" c
0070 72 65 61 74 65 56 65 68 69 63 6c 65 20 28 70 6f reateVehicle (po
0080 73 69 74 69 6f 6e 20 70 6c 61 79 65 72 29 sition player)
As you can see from the player, the hExecCode team was sent to the server with a code that creates ( createVehicle ) a LandRover car.
Of course, in this situation without additional funds (cheats) such code can not be applied.
After that, it will not be difficult to calculate all the necessary data to block the offender.
As a result, we have, though not automatic protection of instant action, but rather effective in terms of recognizing cheat code.
Source: https://habr.com/ru/post/111156/
All Articles