Saturday, August 1, 2009

What a day ...

Man i m still shocked about what we have learned today. Our admin version of fps-death got leaked again and this time an admin of xj gave it away to someone who submitted a bhopscript demo to xj and then gave it to kayne who released it. Those people made him and other admins trust them. Since this is inexcusable he ll get kicked out today or tomorrow and we ll have to find a new admin who is doing his work and we can trust in.

What we learn from this is that you can t secure a program from leaking by giving it to as few people as possible ... still the temptation seems to be too big. So for future analysing programs there has to be a system that we know exactly who is using what and when and bind programs to computers even for people you think you can trust absolutly and of course an emergency shutdown so noone can use these progs after a leak. To do this and make it as hard to hack as possible will be a lot of work but it seems to be necessary.

23 comments:

Lt.RAT said...

It was 1.2.8.b or newer version?

Think that exists much newer version, coz 1.2.8.b has that 0.0625 addition to distance :) and new lj records without it :)

"What`s new" section not changed from 1.2.8.a http://playpic.net/viewer.php?file=xx6yn696eirs7hd6xo24.png

I think that such programs should tested like "crypto systems", but im not fully see structure of demo, only for loading section, may be there is no way to do 100% protection...

Working on "mouse speed limit" (etc) detection for next ljstats, and fps-death helps here alot... But such ppl like kayne ><

Some words about thopa - sometimes need to give another chance... But worstest thing that such things (warning with reason etc) goes to public...

eDark said...

when i was writing fps-death i knew very little about crypto systems and realising a protection in the language i wrote it would be really hard ;)

anyway i m not developing on fps-death anymore since that prog is totally outdated

I don t know exactly but i think the change from .a to .b was the removal of the added jump distance

so now something for the future: once we ll have released our next anti cheat tool gangien, bentski and i will open our programs and the demoformat. We hope we can get some new development on this matter this way

if thopa deservs a second chance? i don t know and today might be the wrong day to think about it. I think he himself knows exactly what it meant what he was doing.

Unknown said...

The second time that trusted demo admin's have leaked this tool. I thought that after the first time I would not have to see this happen again, but that FPS-Death admin actually came in the heads of cheaters, from a trusted XJ admin is very shocking.

Let's hope that the damages are limited and that the spread has been stopped. Which unfortuanately has a small chance of happening :/

Lt.RAT said...

>>if thopa deservs a second chance?
If he understand all situation and regret about it and want to correct his mistake - he is the only person who should correct his mistake, and check demos more harder...
As i know he never accept cheat-demos specially - but if he specially accept them then there is no second chance.
Also i think that he cant do more damage than it (faker said same thing)... After it he can only trying to correct his mistake himself.

Trinitron said...

thopa was the remarkable admin.
anyhow I so considered, seeing its work for people XJ.
thopa has thought up (probably I am mistaken) such system newpost's demorelease.
for it to it many thanks, for its long work.

the second chance thopa? - to begin with, let thopa itself will solve, whom it is for XJ.
if he wants that the site would move ahead further, thopa will return itself and will do everything what to prove it but if to it all is equal the second chance/vote for people is superfluous.

>> so now something for the future: once we ll
>> have released our next anti cheat tool
>> gangien, bentski and i will open our programs
>> and the demoformat. We hope we can get
>> some new development on this matter this way

it at least will be unreasonable.

I searched for this format everywhere where only it is possible where I only did not find it, questions on it and other.
I wrote to you and another on XJ and as heads valve, developers valve and to all for whom it is possible (even BAILOPAN), but nobody has answered me except for few many people.
if to open demoformat for everything there will be malicious people who will have benefit.
they will make much cheats which will be difficult for finding out.
it already will be struggle cheats and anti-cheats when at each party is sourcecode.
it is all it is necessary?

it is good for those who wishes to write anti-cehats, but after all in the world it is a lot of those who breaks and hacked all it.
it is not necessary to give priority hackers.

do not to upload new anti-cheats at the site/ftp XJ's.
because hackers can break the protection of the site (early or late).
whatever defense there was not.

my IMHO - to keep the demo from the only head admins.
introduce rules and restrictions on andti-cheadssdts to other admins.

for example:

make these versions anti-cheats for admins who would not mind losing if the admins will hand over these anti-cheats other people.

would be stupid to give the latest versions of all admins - it will never lead to success.

eDark said...

well trinitron as always your english is very hard to understand and it s not really fun to talk with a translator ... but i think i got what you want to say

The version that got leaked was never posted anywhere it was sent in an email to thopa only. So you see not posting it at the site/ftp didnt prevent it.

also why shouldn t we open the demo format? we can check if a demo got edited then. Hackers can always find out the demo format very easy if they try it and have some basic knowledge.

The ideas you re posting here sounds like we haven t done anything regarding this at xj yet ... thopa knew very well that he broke a rule and can t be demo admin anylonger after that, because that was a rule for demo admins. So that didn t prevent it either.

So you see everything you posted here was already thought of and it wasn t enough obviously.

Trinitron said...

I asked you, bentski, gangien about a format dem.
to me the answer have given refusal, but it not the main thing.

question in other.
нou somewhere saw a format dem on the internet?
I've not found it, except two references which describe default a set of parametres.
if hackers wished to decipher a format it would lie for a long time on the Internet, I am not right?
I can be not the rights, but...

to decipher a format dem - for this purpose it is necessary to know slightly more than you have told.

>> we can check if a demo got edited then

you have a full confidence of it?
I not in a course take concrete hackers concerning format change дем for demo XJ's.

it is a question of other realisations of a format dem.
is usual cs-non-steam, cs-steam, zombie-mod, default-cs-game, etc.
unless hackers and those who like to do cheats - for them the format дем will not be "holy grale?".
найдуться people who will do even more good cheats for cs.

yes, on the other hand much full decoding of a format dem will help to create new anti-cheats programs.
but, I consider that is dangerous.

eDark said...

... at least you could make sure that all words are translated, or i ll have to delete your comments.

anyway to read the demo format you really don t need much knowledge it s really easy and if it s not for you, then you obviously don t know much about hacking.

The other part is that the most people still think that demos when they see them are the same as when they were recorded but whether we release the format or not that s not true. For a start it s really easy to change the steam id or any strings in a demo so we ll have to get a system that cen detect demo editings anyway.

Next thing is we wont have to analyse the demos to detect cheats anymore at that time so when they edit the demos we don t care about it. Any everybody else should know by now that you shouldn t trust a demo anymore. So if they have problems with our demo format release they should have thought about that for a long time now.

So please let the people who know what s going on decide what to do since you obviously don t have any idea how everything will work then.

Trinitron said...

I'm sorry. Please, remove my message above (I have missed it), I did not wish you to offend by it. Only wished to express the thought, but not to protest against what you wish to make.

eDark said...

I don t feel offended i just tried to explain it to you that you see some things completely wrong.
But i saw them very similar to yours not a long time ago so i can understand you.

Trinitron said...

Moxx and omilo quit XJ stuff - surprise proceed.

eDark said...

xj will get two new admins

kielor said...

you said about anticheat tool. you're talking about kcac? or something for CS 1.6?

eDark said...

both
kcac for kzmod and since the requirements are very similar for cs we ll port it for that

kielor said...

but will you release final version of fps-Death, or you'll waste it? after writing new brand anticheat tool

Trinitron said...

good XJ, TinTin perfect blackmetali man :)

it is a pity that your demo-program for XJ (new anti-cheat) does not work on my computer of the house.
probably it debug-version.

but on work the program is working.
I think - at home, on my computer, there are no files for program starting.

eDark said...

@Trinitron: You need the "Microsoft Visual C++ 2008 SP1 Redistributable Package" for it
and the demo checker posted here is not a new anti cheat program

@kielor: When we release our new anti cheat tool we ll try to start a platform for developing demo tools where we ll post some of our programs with the source
there is currently no final fps-death version planned but maybe we can develop one together there which will be open source too

Trinitron said...

I've Microsoft Visual Studio 2008 Professional Edition (Russian) - original MSDN.
fairly, I am surprised that it not new anti-cheat.
I hope new anti-cheat will bring the big surprise and the big revolution for XJ (new XJ hole grale).

but this "pre-release-version" will provide food for thought.
for example she will be easier for understanding if to make dissasemble.
to understand with assemble code => to understand, how to define simple parametres of the client.
it is easier, than disassemble the program - DemoFreak.
"fast-demo-checker" the size of 16 KB (32 KB without UPX), and DemoFreak 360 KB (850 KB without UPX).

>> there which will be open source too.
it is good.
I wish to look for a long time at code DarkBasic.
DBS has given some explanatories DB High-Level VM, but for me it is a little clear.

eDark said...

Trinitron i ll never code in DarkBasic again :P

and the things your thoughts are about didn t happen accidentally ;)
but i can t give any more infos on this ofc

Trinitron said...

yes eDark.
code in DB - A Nightmare on Elm Street :D
however, I will be glad, if you lay out an initial code fps-death is it will be useful for me.
I would tell that it will be for the general development.

Trinitron said...

I've started a demo "clintmo_bhoptoon_s1z3_0004.dem".
the first "demo-check" (10 kb) has given out the following (I used rec_data.dat which goes with the second .rar archive "demo_check"):

average fps: 99.971558
...
server time: 1 min 57sec

the second "demo-check" (16 kb) has given out the following (I used rec_data.dat which goes with the second .rar archive "demo_check"):

average fps: 100
...
server time: 0 min 57sec

then, I tried to start both programs - gave out an error of start of a demo (offset error, etc), I tried to start another the demo - wrote "file not found").
interesting things, I understand that the program not final - it's debug-version, but...
where correct calculations fps and server-time in a demo? :)

kielor said...

Your fast demo checker is in DB too?

will you post sources of it?

eDark said...

lol no it s in vc++ 2008
and yes i ll definetly post the source