How hard would it be to embed the current mod's INI files (Just the ones that one would have use in modding) in a background program, and need it running while Freelancer is? I could possibly do that, but the method I had in mind could very possibly be easily circumvented (is that the right word?). It would be a hell of a lot easier for me than trying to get the clock ingame..
EDIT: Basically what the embedding would do is compare the said INI's to the ones in the program, and stop or shut down Freelancer if a change is found.
While being quite funny, your sig was the biggest one i've ever seen so far. No more than 700x250 please. ~utrack http://pastebin.com/SYQXBufs
Quote:Thing is that I think it will likely not stop people who know how and what, but will put unnecessary load on players that have nothing to do with it. Ironically seems to be quite common to those intrusive protection mechanisms relying on client-side proxies.
I have never claimed it would be 100% perfect. Some people may find ways around it. The concept isn't to make a system thats 100% perfect and drains your entire pc's resources and fails to be perfect(PunkBuster for example, wastes loads of resources and isn't perfect) but to make a lite simple system which should stop most exploits. It shouldn't put alot of load on a user as all they rearly have to do is change a shortcut to point to FLASC insted of Freelancer.
BTW, the system stops people modifying the files its protecting while its running.
' Wrote:There are many weak chains along the way to that server that can easily break up, as a result you can be sanctioned for F1.
It would be possible to log everyone(When its "not valid") who was kicked by the system with there name + timestamp. FLHook side does the actual kicking.
Quote:I am completely against any form of "phone home" or local system or client monitoring applications, even for good purposes.
If you should ask my reasons you will have them however.
I would like to know the reasons as Freelancer is already talking to the server anyway, my system doesn't give the server operater any data they don't already know. All FLHook gets is an IP address(Which it already knows) and a Boolean(True/False) for if its valid or not, so they can't use a modifyed FLHook to gain any information about you that they don't already know.
Quote: Could we offer them a choice: Perma-ban their IP, or show us how you broke the anti-cheat?? how bout running a competition: load up a vanilla server, install the anticheat, and say to the haxors 'give it yr best shot'?
Thats actualy a good idea, tho i can't personaly host a server as my ISP assigns me a random IP each time i connect to the net.
' Wrote:For example well-known Warden system from WoW, which performs both client-side and server-side processing. However this solution doesn't seem to be trustworthy yet, at least in my personal opinion. I would not rush all too fast about it or put high hopes.
Quote:The fact is that the warden client reads information from other processes on the computer. Regardless of the reasons, this technically counts as 'spying' on a user. So, reasons aside, the term 'spyware' is fitting
One thing id like to note is that my system only reads ini files and sur files, it doesn't scan your pc, or do anything else. It just makes a database of "fingerprints" and sends them to the server you are playing on. So its not spying on processes for known cheating applications, etc.
Quote:EDIT: Basically what the embedding would do is compare the said INI's to the ones in the program, and stop or shut down Freelancer if a change is found.
You would still have to contact the server, it would also mean that you would have to build the program specificaly for a mod, rather than having a generic client.
Quote:And here is another concern. Given the existing rules here on this server a lot of things can go wrong between you (client) and server. There are many weak chains along the way to that server that can easily break up, as a result you can be sanctioned for F1. I would be extremely cautious before adding additional chain to it. A solution that can cause "some problems from time to time" which may end up in rather quite unpleasant consequences does not look like a good solution to me.
To address this issue, when FLSAC kicks a player it will globaly announce it. It works exactly like the "Possible Cheating Detected (Playername)" does. To be honest it wouldn't be hard to make FLHook (Even Discovery's version without implementing FLSAC) announce globaly when it kicks players, which would include when it kicks due to high packet loss/high ping(Which is what it kicks you for when u get disconected). So tbh it wouldn't be hard to stop sanctions caused by getting disconected/kicked by the server. See Example code below.
Quote:Now if you're going with periodic checks then let's assume that it has crashed, it's own thread crashed silently. It doesn't send "heart pulse" signal to server, so server after a period of defined timeout kicks the player out and bans. Ouch? That's why I said that stability is paramount and so I wouldn't put my trust as quickly. But without periodic checks it becomes all to vulnerable.
The worse case would be a 5 minute ban. Tho its unlikley to crash, the system is actualy simple, its just a loop. If its going to crash it should crash on the first loop, not randomly down the line as its just doing the same stuff(Each procedure isn't dependant on external data, all it does is fill up an array basicaly with data so there shouldn't be anything which could cause a "random crash").
Its more likley that you would get temp banned for missing packets(It does allow you to miss a few so it should only effect someone whos got major packet loss, tho if they have lots of packet loss playing fl would be extremely laggy). Note that if you got disconected from the internet, FLHook would kick in and disconect you before FLSAC stepped in.
This does sound resonable... and great... but how good is it performance wise, how much incoming and outgoing bandwith will it use? Clearly you'd have to scan a large portion of the ini file, let's say a weapon mod, could only change one damage from 1 to 9 and you get 900 on a weapon that only did 1xx,.... How could it work?
Donate to the Poor Pilot's Fundation via Sirius Bank /givecash GreenHawk 1000000 now, and support poor pilots sirius wide!
Skype: jure.grbec
My primary char: Jose El Nino - Corsair Elder captain of the SS Greenhawk
Currently Inactive due to pursuit of life long dreams, will be back...*edited* As promised am back.
Quote:how good is it performance wise, how much incoming and outgoing bandwith will it use?
Performance wise you shouldn't notice it. With Freelancer minimised(So it wouldn't be rendering anything meaning less CPU usage) and FLSAC running the CPU stays low. It doesn't seem to cause any lag ingame with a AMD Semptron 2800+, 512MB ram, Geforce 5900XT. Bandwidth wise it should use about 1MB every 64 minutes(Which is 8KB every 30 seconds, or 1GB after 45.5 days(Of constant use)).
Quote:Clearly you'd have to scan a large portion of the ini file, let's say a weapon mod, could only change one damage from 1 to 9 and you get 900 on a weapon that only did 1xx,.... How could it work?
It doesn't read the file, it just loads it into memory and gets a fingerprint of the file (A number which is unique enough that when combined with the files size should be accurate enough to work out if a file is different) which it sends to the server for it to check against its own files.
The system also monitors the files for signs they have been altered(I.E one method is checking every so oftern to see if the date they were last modifyed on differs from the date it was set to when FLSAC was started).
It's been tried before on other servers and they took it out. Buck's Freelancer connection manager which scans files on Tekagis Server. (They took it out because of massive problems.)
What problems did they have? FLSAC hasn't been tested on a server with alot of people on it (As i can't host a server for more than a hour or 2 per day, i have a dynamic ip and noone else has offered to) but it shouldn't cause any noticeable load, it only scans the files on a server once when its initaly loaded and stores the result so it can compare it with what the user submits.
Quite interesting reading, Stucuk, I must say I like it (as every server host would) but a lot of testing would have to be done before we could use it on Discovery.
I understand the concerns that appeared here, but there really are tons of cheaters these days, and server is pretty unstable so yes, it might affect everyone's perception of security, but it would get us rid of all cheaters and modders. I don't say our current solution doesn't work. It does, but it's not 100% reliable as it tends to catch and ban a lot of innocent people. We had to switch off auto-bans and do it manually from the logs (which are huge of course).
My question is could you create a testing version (that would be installed server-side) which would allow both players with and without the client-side program to connect? I mean ignore those who don't have it installed and control those who do have it installed. We could create a testing group and watch the behavior of the server before making it mandatory and distribute it with the next mod version. Maybe make it possible to switch on/off this feature on the server. Logging all kicks would also be handy. I don't think we need to ban the players whose fingerprints don't match, just kicking them after 45secs would do the job I think. The player would have to get a message prior to the kick so he/she knows what's happening.
I like the idea. A server/client program that validates the FL installation would not only get rid of cheaters, but also would improve server stability due to clients with corrupt installs.
But, the program source code should be available to us so we can verify it. That way, we eliminate mistrust by seeing that the program is 100% clean of anything malign. People tend not to trust clientside anticheating stuff after all the crap sony and co made with their DRM stuff...
(If you find any mistake in my English, please let me know via a PM)
(Really, I speak terrible English, so please, tell me if I make mistakes. I'd like to improve it a bit )
![[Image: stucuk_freelancer_sig.png]](http://www.universalphpscripts.com/images/stucuk_freelancer_sig.png)
![[Image: stucuk.png]](http://miniprofile.xfire.com/bg/sh/type/2/stucuk.png)
![[Image: opgbar.gif]](http://www.seounghoun.com/opgbar.gif)
![[Image: rightbar.jpg]](http://www.seounghoun.com/rightbar.jpg)
![[Image: Sungi_sig.png]](http://i277.photobucket.com/albums/kk72/Zelot827/Sungi_sig.png)
![[Image: hG0lGaj.png]](https://i.imgur.com/hG0lGaj.png)
![[Image: 3cfefe54.jpg]](http://lordkorrd.dynalias.org/docs/misc/3cfefe54.jpg)
)