Over the last few days iv been developing a Anti-Cheat system designed to detect if a user has modded Freelancer files. The concept is simple, the client side would be distributed with a mod(As in whatever mod the server was using) and the user would run freelancer through the FLSAC exe file (sending it the same parameters as normal), this application would peridoricaly(SP) scan the users freelancer directory and get "fingerprints" for the ini files (Not all of them, just ones that could be used to exploit, so it does its job quickley without the user noticing) and then sends them to the server. The server recieves the list of fingerprints and checks them with its own fingerprints, if they match then the user will be allowed to stay on the server, if they don't match the user will be "Temp Banned" for 5 minutes(By default). If after 45 seconds(By default) the server hasn't recieved any fingerprints the client is "Temp Banned" for 1 minute(By default).
Im posting to see what "You" the community think of the concept of the system.
Sorry, I vote against by principle due to the concept mechanism of said protection. I'm very careful about the software I install on my systems to ensure their longevity and stability which are essential to my work. Quite naturally I wouldn't trust a bit unless proven otherwise (so yes, typically I use open source software). Plus such system would be quite easy to circumvent unless it is applied as a wrapper around main executable, but at that point I'd be even further against such method.
The concept of "guilty until proven otherwise" is ridiculous.
Quote:Sorry, I vote against by principle due to the concept mechanism of said protection. I'm very careful about the software I install on my systems to ensure their longevity and stability which are essential to my work. Quite naturally I wouldn't trust a bit unless proven otherwise (so yes, typically I use open source software). Plus such system would be quite easy to circumvent unless it is applied as a wrapper around main executable, but at that point I'd be even further against such method.
Its not easy to get around. As i said, if you didn't run the app the server would kick you after 45 seconds and you wouldn't be able to connect again for 1 minute(which would put people off from trying to terrorise a server if they could only play for 45 seconds then had to wait 1 minute). The FHook side would be open source, but the actual DLL's which get the fingerprints and send them to the server could never be open source, if they were then you could easily write your own application to get around the system.
I don't get why u wouldn't "Trust" a community project to help defend against people modding ini files. The application ONLY sends information to the ip address of the server. The server side doesn't send anything but only recieves information. Its imposible for anything bad to happen by running the software as no information is being sent anywhere except to the server you want to play on.
Quote:The concept of "guilty until proven otherwise" is ridiculous.
You can eather put up with people using mods to cheat, or something can be done to help prevent it. You can't have a "inicent until proven guilty" which will work as quickley as one which takes the opposite approch. You also may want to note that inicent people currently are getting PERMANENTLY banned from discovery for doing nothing wrong, my system which takes the opposite approch only temp bans you for 1 minute to 5 minutes.
Quote:A nice idea, but wouldn't the exe file be 'hacked' since there are some people out there that can crack any file open and send a 'false' fingerprint?
Any system can be cracked. Any safe can be cracked. Everything that you make someone could counter. Iv tryed to put as meny anti-cracking methods as i can into the system, but no system is 100% secure.
' Wrote:Its not easy to get around. As i said, if you didn't run the app the server would kick you after 45 seconds and you wouldn't be able to connect again for 1 minute(which would put people off from trying to terrorise a server if they could only play for 45 seconds then had to wait 1 minute). The FHook side would be open source, but the actual DLL's which get the fingerprints and send them to the server could never be open source, if they were then you could easily write your own application to get around the system.
I don't get why u wouldn't "Trust" a community project to help defend against people modding ini files. The application ONLY sends information to the ip address of the server. The server side doesn't send anything but only recieves information. Its imposible for anything bad to happen by running the software as no information is being sent anywhere except to the server you want to play on.
Why would I trust you or the community in matters of what should be installed my systems in the first place? More importantly why should I prove myself innocent to server each and every time? Plus, I'm afraid your system in such concept will have a one big vulnerability effectively rendering whole protection mechanism useless due to how and when Freelancer initializes data. So why?
Quote:Why would I trust you or the community in matters of what should be installed my systems in the first place?
Why would you trust open source projects when they generaly use dll's from closed source projects. Also i doubt you check every line of code in a open source project. My point is that why should you trust all open source projects just because they have a "open source sticker" on them. Why would you trust Microsoft, they in the past have sent information about whats installed on users pc's to there servers without the users concent, etc.
And what would i have to gain by making a system which does bad stuff to your pc or steals information.
I'm not here to debate on open-source vs closed-source software, nor am I interested in seeing holywars here, so don't drag me into that. Here I'm expressing my personal point of view and my position on the subject of topic with argumentation, you asked for response in the original post - you got it. You have your opinion, I have mine.
After that i started maintenence(With no pay) of Original War and setup Original War Support to help users with problems and to have a place to launch new patches from.
Iv currently only made one application so far for Freelancer which is FLBINI.
If my past deeds arn't worthy of a little bit of trust that FLSAC won't destroy your pc then i don't know what is.
I'm glad to know that you supported the aforementioned communities, however my position remains the same.
Go around hashing files every time, but you are forgetting one thing - not all data is loaded at once on startup. Now if you are going to do periodic hashing and running process on the background it can impact performance for players around, and then there are gaps. And what then? Going to scan memory too? Now really... Cutting hands just because they might steal something is preemptive, after all we also create with the same hands too.
its fine by me ( there s no valuable information on my PC anyway - so i don t care if its spyware or anything ) - but i think the official forum is the wrong place to post it. - you should get into direct contact with igiss and majkp. - thats no matter the public should be concerned with.
if you can convince igiss as the mod creator and majkp as the one the server belongs to, - you re good to go. - provided your system is superior to the other one.
![[Image: stucuk_freelancer_sig.png]](http://www.universalphpscripts.com/images/stucuk_freelancer_sig.png)
![[Image: stucuk.png]](http://miniprofile.xfire.com/bg/sh/type/2/stucuk.png)
![[Image: 7220a57d19cexl1.jpg]](https://imageshack.us/a/img10/5332/7220a57d19cexl1.jpg)
![[Image: just_a_signature_by_sjrarj-d63yjsx.png]](https://img00.deviantart.net/ca73/i/2013/123/e/a/just_a_signature_by_sjrarj-d63yjsx.png)