IAC

From WolfWiki
Jump to: navigation, search

ETPro Anti Cheat

ETPro integrates a new Anti Cheat system named 'IAC' or 'Ikkyo Anti Cheat'. At the moment it is intended to complement (not replace) PunkBuster™ for cheat detection. ETPro looks for things PunkBuster™ cannot, and PunkBuster™ looks for things ETPro cannot.

Controlling the anticheat system

b_anticheat controls the anticheat system. The possible settings are:

  • 0 - disabled. ETPro does not report cheaters at all.
  • 1 - enabled (default). Normal sensitivity. ETPro reports known cheats from the database and known cheat techniques as cheaters.
  • 2 - Increased sensitivity (not recommended). Includes checks which are likely to cause false positives.
  • 3 - Extreme sensitivity (absolutely not recommended). Only absolutely clean Windows systems are allowed. Absolutely clean Windows sytems are very rare though, so lots of players will be reported as cheaters.

Logs

If a cheater is found, they are reported to players on the server and in the server logs.

If the word CHEATING is in RED, ETPro has detected the player is absolutely using a known public cheat. It is safe to kick/ban these players. You will also see something like this in your logs: 

21:58.11 etpro IAC: 1 [JiuJitsu^7] [304DADA5916CE3A8E8B6966AB772D142A7578C3D] [^1CHEATER^7 win32]
21:58.11 etpro IAC: HWe8auebgXt69-IaJ3TkljBwH7j8FlvEnJDUk1AUNMZgdOZ0WyyL2n
zx-z0phDJQFvXU74+rqeXadpIWgp822butKGwycggXnA-B9I4Sw9AqGuorR7Mwz+Rt45
tyMwxunGdEe0V8MGTzqM4IKm8mPt-6LlY6YaRvyDdOrqyaiInYX2Zeq8k2BI0mufHztkIU
CiSvtNQwtZFTjSCe6VKHKkbV8UUTKT-0PW5Oa1Y81cRdIBqkRQ

This is encrypted information which allows an ETPro Developer to positively identify which specific cheat the player was using, if needed. An ETPro Developer does not generally need such logs reported to him.


The following only applies if b_anticheat is set to 1:

If the word CHEATING is in YELLOW, ETPro has detected the player has software which does exactly the same thing cheats do. There are two possibilities: they are using software which causes false positives (FRAPS, atitool), or they are using a private/non-public cheat. Users who get false positives should read this thread to resolve them.

If an admin suspects a player in YELLOW is using a new undetected cheat, you may forward your logs to an ETPro Developer for inspection. You will see something like this in your logs: 

10:58.03 etpro IAC: 0 [^7[^3AV^7]^2Ikkyo^7^7] [5C650F40214398C58AE5ECDFADBC8D1AB6BFDD89] [^3CHEATER^7 win32]
10:58.03 etpro IAC: 5F+yE+tIboJD0TcZW+V3BrfKONQYxCEkmUGp4XWCRamupExR
cKGVjS31kmClRCWY0+d+0ugxz-X+9u1IHnispm3MGCt6QFlgVHuK41D3188DvPUY5i1
7LXNclCEYwQxs3rZLkCnXew3McNthKA8ASo4yyhbU6OALVV3az+dyEVAvB1NEudU
YoYJoEXFKFEbJSRt+3Rw4atWM8NO7yQbULkFrT1MjPjKzULVr2CiXcy+6YP6rDTXcWg

This encrypted information allows an ETPro Developer to determine if the player was really cheating with a new cheat, or if it is a false positive caused by external programs.

Players who are reported as yellow CHEATER who are unable to resolve their problems by following these instructions should post a bug report in this forum.

You may see "strange logs" like the following: 

09:20.10 etpro IAC: 0 [^7de^2A^7D ai^2M^7] [556B00DCB87C92A03784A7C558C5BFCA3238B1FF] [??? win32]
09:20.10 etpro IAC:MsCWa5viR4imLMGpS6W7gpMa1OgM-bSPmI69cE-z+nL2xQgc8t7
b6TdkwOfiDBG5llCaW4MuWrQr8VSBxSt+pqJVvJFkR29ppgerMLqGmCh0+bsf5w+m23
Wj-diM68xx4kVc+BDX1ZEMTsMYTccaSXKyNzkKZT1wx9rAWG5plv96QsrieIXY+3LpSK
xuuanLPixzpARZOv5VH6rZFY0LhvdvA3vVQwSynTKkOIW3XLmrmt3LNOWpO3RmTR3
uR87OFCCh38ws3S76cfmG

This does not mean the player is cheating, it simply means there is something unusual about their system that may be of interest to an ETPro Developer. You should not forward these logs unless you suspect a player is cheating or unless an ETPro Developer specifically requests them from you.

Likewise, simply because an encrypted debug follows a player's log does not mean they are cheating: 

21:24.58 etpro IAC: 3 [^7|^0NE^7|R^5a^di^4n^7-^d42^7^7] [BD0875F42CB16B337A0EDC85F6BA03155665AEFF] [clean linux]
21:24.58 etpro IAC: vZHbY0m5i8DJ-my5FxRp1+I9Drj8cuVMAowAoX6XwWKaCh2h3lH
oCVTAgHsngeSrITZQWoFsJRGSjyAqsw9SxirdsZmoR7vLeTJYgk2t35ROlMyxgk+yd1nFq
HKfdE5sn5oE5tQQ-YTEJl7KIWHyG8ODeK+aLbR4NGIvgdWbVrllMEWFL3d99cgej+a+e
MKJIQYEbJB2LVh-MGxmXFovazupjtPGSydBnlCtWG6FWvLrd50tgO6gY2atXLaJfW-b-a
iw1Q5bcZMuZZ8yDHGDdFVoeobI2vw8qsZG-bXlINVVpNhIbNaenba6mvo

In this case it is simply logging information so that the ETPro Developers know the anticheat system is functioning correctly. Please do not forward these logs unless specifically requested.

Keeping up to date

As new cheats are found, they will be added to ETPro's anticheat database, and database updates will be posted in the ETPro News forum. Admins can download these database updates and install them at their leisure to keep up to date.

Autokicking

The cvar b_cheatkicktime controls what is done when a cheater is detected. If it is -1 (default), nothing is done besides reporting to the console and logs. Any other value will kick the player for the specified number of minutes (eg 0 = kick for 0 minutes, 10 = kick for 10 minutes).

FAQ

Q: In which log is this info saved?

A:
// b_cheatlog - defines the name of a separate log for the anti-cheat system 
// when set to an empty string, the anti-cheat system uses the main server 
// log file 
// default: "" 
set b_cheatlog "etpro_cheats.log"

Q: Can 2 different computers have the same GUID?

A: Yes, they can. It seems that every Windows™ 98 User got the same GUID [52FF6283916A9467908E6A771CB70285FB41C5E7]

Retrieved from "https://wolfwiki.anime.net/index.php?title=IAC&oldid=1836"