Difference between revisions of "IAC"

From WolfWiki
Jump to: navigation, search
 
(8 intermediate revisions by 6 users not shown)
Line 3: Line 3:
 
----
 
----
  
 +
[[ETPro]] integrates a new Anti Cheat system named 'IAC' or 'Ikkyo Anti Cheat'.  At the moment it is intended to complement (not replace) [http://www.evenbalance.com PunkBuster™] for cheat detection.  [[ETPro]] looks for things [http://www.evenbalance.com PunkBuster™] cannot, and [http://www.evenbalance.com PunkBuster™] looks for things [[ETPro]] cannot.
  
[[ETPro]] integrates a new Anti Cheat system named 'IAC' or 'Ikkyo Anti Cheat'. At the moment it is intended to complement (not replace) [http://punkbuster.com PB] for cheat detection. ET Pro looks for things PB cannot, and PB looks for things ET Pro cannot.
+
== Controlling the anticheat system ==
 +
''b_anticheat'' controls the anticheat system. The possible settings are:
 +
* 0 - disabled.  [[ETPro]] does not report cheaters at all.
 +
* 1 - enabled (default). Normal sensitivity.  [[ETPro]] reports known cheats from the database and known cheat techniques as cheaters.
 +
* 2 - Increased sensitivity (not recommended).  Includes checks which are likely to cause false positives.
 +
* 3 - Extreme sensitivity (absolutely not recommended). Only absolutely clean Windows systems are allowed. Absolutely clean Windows sytems are very rare though, so lots of players will be reported as cheaters.
  
 +
== Logs ==
 +
If a cheater is found, they are reported to players on the server and in the server logs.
  
Controlling the anticheat system
+
If the word '''CHEATING''' is in '''RED''', [[ETPro]] has detected the player is absolutely using a known public cheat. It is safe to kick/ban these players. You will also see something like this in your logs:
''b_anticheat'' controls the anticheat system. The possible settings are:
+
* 0 - disabled. ET Pro does not report cheaters at all.
+
* 1 - enabled (default). Normal sensitivity. ET Pro reports known cheats from the database and known cheat techniques as cheaters.
+
* 2 - Increased sensitivity (not recommended). Includes checks which are likely to cause false positives.
+
* 3 - Extreme sensitivity (absolutely not recommended). Only absolutely clean windows systems are allowed. Absolutely clean windows sytems are very rare though, so lots of players will be reported as cheaters.
+
  
 
+
<pre><nowiki>21:58.11 etpro IAC: 1 [JiuJitsu^7] [304DADA5916CE3A8E8B6966AB772D142A7578C3D] [^1CHEATER^7 win32]
'''Logs'''
+
----
+
 
+
If a cheater is found, they are reported to players on the server and in the logs.
+
 
+
If the word '''CHEATING''' is in '''RED''', ET Pro has detected the player is absolutely using a known public cheat. It is safe to kick/ban these players. You will also see something like this in your logs:
+
 
+
 
+
''21:58.11 etpro IAC: 1 [JiuJitsu^7] [304DADA5916CE3A8E8B6966AB772D142A7578C3D] [^1CHEATER^7 win32]
+
 
21:58.11 etpro IAC: HWe8auebgXt69-IaJ3TkljBwH7j8FlvEnJDUk1AUNMZgdOZ0WyyL2n
 
21:58.11 etpro IAC: HWe8auebgXt69-IaJ3TkljBwH7j8FlvEnJDUk1AUNMZgdOZ0WyyL2n
 
zx-z0phDJQFvXU74+rqeXadpIWgp822butKGwycggXnA-B9I4Sw9AqGuorR7Mwz+Rt45
 
zx-z0phDJQFvXU74+rqeXadpIWgp822butKGwycggXnA-B9I4Sw9AqGuorR7Mwz+Rt45
 
tyMwxunGdEe0V8MGTzqM4IKm8mPt-6LlY6YaRvyDdOrqyaiInYX2Zeq8k2BI0mufHztkIU
 
tyMwxunGdEe0V8MGTzqM4IKm8mPt-6LlY6YaRvyDdOrqyaiInYX2Zeq8k2BI0mufHztkIU
CiSvtNQwtZFTjSCe6VKHKkbV8UUTKT-0PW5Oa1Y81cRdIBqkRQ''
+
CiSvtNQwtZFTjSCe6VKHKkbV8UUTKT-0PW5Oa1Y81cRdIBqkRQ</nowiki></pre>
  
 +
This is encrypted information which allows an [[ETPro Developer]] to positively identify which specific cheat the player was using, if needed.  An [[ETPro Developer]] does not generally need such logs reported to him.
  
This is encrypted information which allows ET Pro developers to positively identify which specific cheat the player was using, if needed. The ET Pro developers do not generally need such logs reported to them.
 
  
  
 
''The following only applies if ''b_anticheat'' is set to 1:''
 
''The following only applies if ''b_anticheat'' is set to 1:''
  
 +
If the word '''CHEATING''' is in '''YELLOW''', [[ETPro]] has detected the player has software which does exactly the same thing cheats do.  There are two possibilities: they are using software which causes false positives (FRAPS, atitool), or they are using a private/non-public cheat.  Users who get false positives should read [http://bani.anime.net/banimod/forums/viewtopic.php?t=3275 this thread] to resolve them.
  
If the word '''CHEATING''' is in '''YELLOW''', ET Pro has detected the player has software which does exactly the same thing cheats do. There are two possibilities: they are using software which causes false positives (FRAPS, atitool), or they are using a private/non-public cheat. Users who get false positives should read this thread to resolve them.
+
If an admin suspects a player in '''YELLOW''' is using a new undetected cheat, you may forward your logs to an [[ETPro Developer]] for inspection. You will see something like this in your logs:
  
 
+
<pre><nowiki>10:58.03 etpro IAC: 0 [^7[^3AV^7]^2Ikkyo^7^7] [5C650F40214398C58AE5ECDFADBC8D1AB6BFDD89] [^3CHEATER^7 win32]
If an admin suspects a player in '''YELLOW''' is using a new undetected cheat, you may forward your logs to us for inspection. You will see something like this in your logs:
+
 
+
 
+
''10:58.03 etpro IAC: 0 [^7[^3AV^7]^2Ikkyo^7^7] [5C650F40214398C58AE5ECDFADBC8D1AB6BFDD89] [^3CHEATER^7 win32]
+
 
10:58.03 etpro IAC: 5F+yE+tIboJD0TcZW+V3BrfKONQYxCEkmUGp4XWCRamupExR
 
10:58.03 etpro IAC: 5F+yE+tIboJD0TcZW+V3BrfKONQYxCEkmUGp4XWCRamupExR
 
cKGVjS31kmClRCWY0+d+0ugxz-X+9u1IHnispm3MGCt6QFlgVHuK41D3188DvPUY5i1
 
cKGVjS31kmClRCWY0+d+0ugxz-X+9u1IHnispm3MGCt6QFlgVHuK41D3188DvPUY5i1
 
7LXNclCEYwQxs3rZLkCnXew3McNthKA8ASo4yyhbU6OALVV3az+dyEVAvB1NEudU
 
7LXNclCEYwQxs3rZLkCnXew3McNthKA8ASo4yyhbU6OALVV3az+dyEVAvB1NEudU
YoYJoEXFKFEbJSRt+3Rw4atWM8NO7yQbULkFrT1MjPjKzULVr2CiXcy+6YP6rDTXcWg''
+
YoYJoEXFKFEbJSRt+3Rw4atWM8NO7yQbULkFrT1MjPjKzULVr2CiXcy+6YP6rDTXcWg</nowiki></pre>
  
 +
This encrypted information allows an [[ETPro Developer]] to determine if the player was really cheating with a new cheat, or if it is a false positive caused by external programs.
  
This encrypted information allows ET Pro developers to determine if the player was really cheating with a new cheat, or if it is a false positive caused by external programs.
+
Players who are reported as yellow '''CHEATER''' who are unable to resolve their problems by following [http://bani.anime.net/banimod/forums/viewtopic.php?t=3275 these instructions] should post a bug report in [http://bani.anime.net/banimod/forums/viewforum.php?f=14 this forum].
 
+
 
+
Players who are reported as yellow '''CHEATER''' who are unable to resolve their problems by following these instructions should post a bug report in this forum.
+
 
+
  
 
You may see "strange logs" like the following:
 
You may see "strange logs" like the following:
  
 
+
<pre><nowiki>09:20.10 etpro IAC: 0 [^7de^2A^7D ai^2M^7] [556B00DCB87C92A03784A7C558C5BFCA3238B1FF] [??? win32]
''09:20.10 etpro IAC: 0 [^7de^2A^7D ai^2M^7] [556B00DCB87C92A03784A7C558C5BFCA3238B1FF] [??? win32]
+
 
09:20.10 etpro IAC:MsCWa5viR4imLMGpS6W7gpMa1OgM-bSPmI69cE-z+nL2xQgc8t7
 
09:20.10 etpro IAC:MsCWa5viR4imLMGpS6W7gpMa1OgM-bSPmI69cE-z+nL2xQgc8t7
 
b6TdkwOfiDBG5llCaW4MuWrQr8VSBxSt+pqJVvJFkR29ppgerMLqGmCh0+bsf5w+m23
 
b6TdkwOfiDBG5llCaW4MuWrQr8VSBxSt+pqJVvJFkR29ppgerMLqGmCh0+bsf5w+m23
 
Wj-diM68xx4kVc+BDX1ZEMTsMYTccaSXKyNzkKZT1wx9rAWG5plv96QsrieIXY+3LpSK
 
Wj-diM68xx4kVc+BDX1ZEMTsMYTccaSXKyNzkKZT1wx9rAWG5plv96QsrieIXY+3LpSK
 
xuuanLPixzpARZOv5VH6rZFY0LhvdvA3vVQwSynTKkOIW3XLmrmt3LNOWpO3RmTR3
 
xuuanLPixzpARZOv5VH6rZFY0LhvdvA3vVQwSynTKkOIW3XLmrmt3LNOWpO3RmTR3
uR87OFCCh38ws3S76cfmG''
+
uR87OFCCh38ws3S76cfmG</nowiki></pre>
 
+
 
+
This does not mean the player is cheating, it simply means there is something unusual about their system that may be of interest to ET Pro developers. You should not forward these logs unless you suspect a player is cheating or unless ET Pro developers specifically request them from you.
+
  
 +
This does not mean the player is cheating, it simply means there is something unusual about their system that may be of interest to an [[ETPro Developer]].  You should not forward these logs unless you suspect a player is cheating or unless an [[ETPro Developer]] specifically requests them from you.
  
 
Likewise, simply because an encrypted debug follows a player's log does not mean they are cheating:
 
Likewise, simply because an encrypted debug follows a player's log does not mean they are cheating:
  
 
+
<pre><nowiki>21:24.58 etpro IAC: 3 [^7|^0NE^7|R^5a^di^4n^7-^d42^7^7] [BD0875F42CB16B337A0EDC85F6BA03155665AEFF] [clean linux]
''21:24.58 etpro IAC: 3 [^7|^0NE^7|R^5a^di^4n^7-^d42^7^7] [BD0875F42CB16B337A0EDC85F6BA03155665AEFF] [clean linux]
+
 
21:24.58 etpro IAC: vZHbY0m5i8DJ-my5FxRp1+I9Drj8cuVMAowAoX6XwWKaCh2h3lH
 
21:24.58 etpro IAC: vZHbY0m5i8DJ-my5FxRp1+I9Drj8cuVMAowAoX6XwWKaCh2h3lH
 
oCVTAgHsngeSrITZQWoFsJRGSjyAqsw9SxirdsZmoR7vLeTJYgk2t35ROlMyxgk+yd1nFq
 
oCVTAgHsngeSrITZQWoFsJRGSjyAqsw9SxirdsZmoR7vLeTJYgk2t35ROlMyxgk+yd1nFq
 
HKfdE5sn5oE5tQQ-YTEJl7KIWHyG8ODeK+aLbR4NGIvgdWbVrllMEWFL3d99cgej+a+e
 
HKfdE5sn5oE5tQQ-YTEJl7KIWHyG8ODeK+aLbR4NGIvgdWbVrllMEWFL3d99cgej+a+e
 
MKJIQYEbJB2LVh-MGxmXFovazupjtPGSydBnlCtWG6FWvLrd50tgO6gY2atXLaJfW-b-a
 
MKJIQYEbJB2LVh-MGxmXFovazupjtPGSydBnlCtWG6FWvLrd50tgO6gY2atXLaJfW-b-a
iw1Q5bcZMuZZ8yDHGDdFVoeobI2vw8qsZG-bXlINVVpNhIbNaenba6mvo''
+
iw1Q5bcZMuZZ8yDHGDdFVoeobI2vw8qsZG-bXlINVVpNhIbNaenba6mvo</nowiki></pre>
 +
 
 +
In this case it is simply logging information so that the [[ETPro Developer]]s know the anticheat system is functioning correctly.  Please do not forward these logs unless specifically requested.
 +
 
 +
== Keeping up to date ==
  
 +
As new cheats are found, they will be added to [[ETPro]]'s anticheat database, and database updates will be posted in the [http://bani.anime.net/banimod/forums/viewforum.php?f=15 ETPro News forum].  Admins can download these database updates and install them at their leisure to keep up to date.
  
In this case it is simply logging information so that the ET Pro developers know the anticheat system is functioning correctly. Please do not forward these logs unless specifically requested.
+
== Autokicking ==
  
 +
The cvar b_cheatkicktime controls what is done when a cheater is detected.  If it is -1 (default), nothing is done besides reporting to the console and logs.  Any other value will kick the player for the specified number of minutes (eg 0 = kick for 0 minutes, 10 = kick for 10 minutes).
  
'''Keeping up to date'''
+
== FAQ ==
----
+
Q: In which log is this info saved?
  
As new cheats are found, they will be added to ET Pro's anticheat database, and database updates will be posted in the ET News forum.
+
<table><tr><td valign="top">A:</td><td><pre>// b_cheatlog - defines the name of a separate log for the anti-cheat system
Admins can download these database updates and install them at their leisure to keep up to date.
+
// when set to an empty string, the anti-cheat system uses the main server
 +
// log file
 +
// default: ""
 +
set b_cheatlog "etpro_cheats.log" </pre></td></tr></table>
  
 +
Q: Can 2 different computers have the same GUID?
  
'''Autokicking'''
+
A: Yes, they can. It seems that every Windows™ 98 User got the same GUID '''<nowiki>[52FF6283916A9467908E6A771CB70285FB41C5E7]</nowiki>'''
----
+
  
The cvar b_cheatkicktime controls what is done when a cheater is detected. If it is -1 (default), nothing is done besides reporting to the console and logs. Any other value will kick the player for the specified number of minutes (eg 0 = kick for 0 minutes, 10 = kick for 10 minutes).
+
[[Category:ETPro:Server_Cvars]]

Latest revision as of 12:59, 19 November 2005

ETPro Anti Cheat


ETPro integrates a new Anti Cheat system named 'IAC' or 'Ikkyo Anti Cheat'. At the moment it is intended to complement (not replace) PunkBuster™ for cheat detection. ETPro looks for things PunkBuster™ cannot, and PunkBuster™ looks for things ETPro cannot.

Controlling the anticheat system

b_anticheat controls the anticheat system. The possible settings are:

  • 0 - disabled. ETPro does not report cheaters at all.
  • 1 - enabled (default). Normal sensitivity. ETPro reports known cheats from the database and known cheat techniques as cheaters.
  • 2 - Increased sensitivity (not recommended). Includes checks which are likely to cause false positives.
  • 3 - Extreme sensitivity (absolutely not recommended). Only absolutely clean Windows systems are allowed. Absolutely clean Windows sytems are very rare though, so lots of players will be reported as cheaters.

Logs

If a cheater is found, they are reported to players on the server and in the server logs.

If the word CHEATING is in RED, ETPro has detected the player is absolutely using a known public cheat. It is safe to kick/ban these players. You will also see something like this in your logs:

21:58.11 etpro IAC: 1 [JiuJitsu^7] [304DADA5916CE3A8E8B6966AB772D142A7578C3D] [^1CHEATER^7 win32]
21:58.11 etpro IAC: HWe8auebgXt69-IaJ3TkljBwH7j8FlvEnJDUk1AUNMZgdOZ0WyyL2n
zx-z0phDJQFvXU74+rqeXadpIWgp822butKGwycggXnA-B9I4Sw9AqGuorR7Mwz+Rt45
tyMwxunGdEe0V8MGTzqM4IKm8mPt-6LlY6YaRvyDdOrqyaiInYX2Zeq8k2BI0mufHztkIU
CiSvtNQwtZFTjSCe6VKHKkbV8UUTKT-0PW5Oa1Y81cRdIBqkRQ

This is encrypted information which allows an ETPro Developer to positively identify which specific cheat the player was using, if needed. An ETPro Developer does not generally need such logs reported to him.


The following only applies if b_anticheat is set to 1:

If the word CHEATING is in YELLOW, ETPro has detected the player has software which does exactly the same thing cheats do. There are two possibilities: they are using software which causes false positives (FRAPS, atitool), or they are using a private/non-public cheat. Users who get false positives should read this thread to resolve them.

If an admin suspects a player in YELLOW is using a new undetected cheat, you may forward your logs to an ETPro Developer for inspection. You will see something like this in your logs:

10:58.03 etpro IAC: 0 [^7[^3AV^7]^2Ikkyo^7^7] [5C650F40214398C58AE5ECDFADBC8D1AB6BFDD89] [^3CHEATER^7 win32]
10:58.03 etpro IAC: 5F+yE+tIboJD0TcZW+V3BrfKONQYxCEkmUGp4XWCRamupExR
cKGVjS31kmClRCWY0+d+0ugxz-X+9u1IHnispm3MGCt6QFlgVHuK41D3188DvPUY5i1
7LXNclCEYwQxs3rZLkCnXew3McNthKA8ASo4yyhbU6OALVV3az+dyEVAvB1NEudU
YoYJoEXFKFEbJSRt+3Rw4atWM8NO7yQbULkFrT1MjPjKzULVr2CiXcy+6YP6rDTXcWg

This encrypted information allows an ETPro Developer to determine if the player was really cheating with a new cheat, or if it is a false positive caused by external programs.

Players who are reported as yellow CHEATER who are unable to resolve their problems by following these instructions should post a bug report in this forum.

You may see "strange logs" like the following:

09:20.10 etpro IAC: 0 [^7de^2A^7D ai^2M^7] [556B00DCB87C92A03784A7C558C5BFCA3238B1FF] [??? win32]
09:20.10 etpro IAC:MsCWa5viR4imLMGpS6W7gpMa1OgM-bSPmI69cE-z+nL2xQgc8t7
b6TdkwOfiDBG5llCaW4MuWrQr8VSBxSt+pqJVvJFkR29ppgerMLqGmCh0+bsf5w+m23
Wj-diM68xx4kVc+BDX1ZEMTsMYTccaSXKyNzkKZT1wx9rAWG5plv96QsrieIXY+3LpSK
xuuanLPixzpARZOv5VH6rZFY0LhvdvA3vVQwSynTKkOIW3XLmrmt3LNOWpO3RmTR3
uR87OFCCh38ws3S76cfmG

This does not mean the player is cheating, it simply means there is something unusual about their system that may be of interest to an ETPro Developer. You should not forward these logs unless you suspect a player is cheating or unless an ETPro Developer specifically requests them from you.

Likewise, simply because an encrypted debug follows a player's log does not mean they are cheating:

21:24.58 etpro IAC: 3 [^7|^0NE^7|R^5a^di^4n^7-^d42^7^7] [BD0875F42CB16B337A0EDC85F6BA03155665AEFF] [clean linux]
21:24.58 etpro IAC: vZHbY0m5i8DJ-my5FxRp1+I9Drj8cuVMAowAoX6XwWKaCh2h3lH
oCVTAgHsngeSrITZQWoFsJRGSjyAqsw9SxirdsZmoR7vLeTJYgk2t35ROlMyxgk+yd1nFq
HKfdE5sn5oE5tQQ-YTEJl7KIWHyG8ODeK+aLbR4NGIvgdWbVrllMEWFL3d99cgej+a+e
MKJIQYEbJB2LVh-MGxmXFovazupjtPGSydBnlCtWG6FWvLrd50tgO6gY2atXLaJfW-b-a
iw1Q5bcZMuZZ8yDHGDdFVoeobI2vw8qsZG-bXlINVVpNhIbNaenba6mvo

In this case it is simply logging information so that the ETPro Developers know the anticheat system is functioning correctly. Please do not forward these logs unless specifically requested.

Keeping up to date

As new cheats are found, they will be added to ETPro's anticheat database, and database updates will be posted in the ETPro News forum. Admins can download these database updates and install them at their leisure to keep up to date.

Autokicking

The cvar b_cheatkicktime controls what is done when a cheater is detected. If it is -1 (default), nothing is done besides reporting to the console and logs. Any other value will kick the player for the specified number of minutes (eg 0 = kick for 0 minutes, 10 = kick for 10 minutes).

FAQ

Q: In which log is this info saved?

A:
// b_cheatlog - defines the name of a separate log for the anti-cheat system 
// when set to an empty string, the anti-cheat system uses the main server 
// log file 
// default: "" 
set b_cheatlog "etpro_cheats.log" 

Q: Can 2 different computers have the same GUID?

A: Yes, they can. It seems that every Windows™ 98 User got the same GUID [52FF6283916A9467908E6A771CB70285FB41C5E7]