Imposter BlazEy

by 123abc on 02/20/2008 03:27, 29 messages, last message: 02/29/2008 15:56, 6019 views, last view: 05/05/2024 15:27

I rly dont want to complain about this but it has been getting pretty ridiculous lately. A man or child goes around pretending to be wouters, metlslime, even Aardappel, and destroys maps for no reason. He has even acted like my friend and just destroyed my map. Then after his rampage of blocking and deleting the map he renames himself BlazEy. Now the main reason im telling everyone this is because its not just me getting pissed off, Ive seen more than a dozen people get there maps ruined. Im sure he ruined a lot more than what ive just seen but its pretty sad because i believe this kid may be hurting sauers community. Just today i saw 6 people get there map ruined by him disguised as Aardappel. Hes only messed with one of my maps but just think of all the other people just trying to have fun and a name u think u know connects to the server then destroys your work. When he destroyed my map he was disguised as a friend of mine. I actually thought it was my friend destroying my stuff until i talked to him a few days later. I think this has got to stop or the community may be hurt by this one stupid kid. I rly dont expect anyone to respond to this but i just want u all to know about this dumbass on the loose.

   Board Index   

#10: ..

by scasd on 02/25/2008 18:22

If you run your game logic only in a LUA VM someone could avoid this by modifying the main source/binary. In this case a md5 check would be indeed needless - except the VM has holes but that depends on the clients.

reply to this message

#11: ..

by ezombie on 02/25/2008 20:08

It's pointless in any case. They would just change the network code to report whatever MD5 signatures they wanted to.

If someone REALLY wanted to use glowing enemy skins to gain an (sorta) advantage, there is no way you can stop them - short of taking control of their machine.

And exactly what holes are you referring to?

reply to this message

#12: ..

by scasd on 02/25/2008 23:03

I mean the security hole when servers send code to clients. This was possible in quake2 where parts of the engine are send as code when you have a special flag turned on. There are known quake2 server hacks which infect clients. With an official md5 checksum from a modmakers team this would not be possible (just mentioned).

Checksums are used under Linux and Unix (Windows not by default) to verify code and data. It would be heavy to modify the code AND find the matching md5 and modify it too. I dont trust my provider by the way ;)

hmm fullbrightmodels doesnt work for me...

reply to this message

#13: ..

by ezombie on 02/26/2008 02:46

I see your point.

But each server is free to customize the gameplay through editing the files. In essence, each server can be it's own *official modmaker*.

So the only place to get the checksum is... the server that sent you the data. The quake2 engine is a bad example, since it was not using a VM that was designed from the ground up for being sandboxed, and used in industrial machinery control applications, and refined over eight years by one of the larger oil companies.

(jeez that last sentence was a bit punny)

For those who are crazy paranoid, and cannot read the code for themselves to see that it is properly sandboxed - I suggest you play only on stock ET:CE servers. We will provide a marker on the server list (easily verified by the master server performing a checksum on the code sent by the server) just for this reason.

LOL@eihrul -> go for it, means one less reason for people to try and cheat. It's not a cheat if EVERYONE has access to an advantage...

reply to this message

#14: Re: ..

by Hirato Kirata on 02/26/2008 15:29, refers to #12

it adds brightness, so you need to try values like /fullbrightmodels 200 to actually see it to it's full effect, not just 1.

~Hirato Kirata

reply to this message

#15: Re: ..

by SheeEttin on 02/26/2008 16:09, refers to #13

Rather than checksums, perhaps cryptographically signing the content?
That way, it'd be much harder to forge content.

reply to this message

#16: Re: crypto

by ezombie on 02/26/2008 18:01

So you are proposing that we setup a keysigner on the master server that signs the servers key?

I'm not getting it. Wouldn't a malicious admin just sign his code, like the legitimate ones?

BTW, he is talking about server admins making a *mod* that messes up your machine somehow.

The single answer is a proper sandbox. People have made it a doctoral thesis studying the ways to completely sandbox Lua. There are many good whitepapers, that took many years and involved many good engineers. I would suggest people trust the pro's, and if they don't - just have a crafty coder friend run through the VM code.

A fancy code signing thingy with public/private key pairs and other such stuff is just eyecandy for the soul. It will not increase security, it will just make the program twice as big, and take twice as long to build/test. A false sense of security is actually a *security breach*.

That is why it can be harmful to add such features. We would rely on a secure code concept, instead of spending the time making sure we have a secure running environment.

The biggest strength of open source is review by peers. Remember that ;)

reply to this message

#17: Re: crypto

by graham on 02/27/2008 01:48, refers to #16

A crypto system could work...distributed code could be signed by a trusted authority that could verify that the code is safe. It wouldn't be an automated process, it would need someone to manually inspect people's code. Once a piece of content has been deemed safe, the content's checksum is encrypted with the authority's private key. The encrypted checksum would then be delivered alongside the content. The idea is server admins cannot generate their own checksums, players only trust checksums coming from a "checksum authority".

How effective would a trusted authority be at detecting all malicious code? A secure sandbox is a much better idea. :)

reply to this message

#18: Re: crypto

by yetanotherdemosthenescomputer on 02/27/2008 01:52, refers to #17

Extremely ineffective. All you have to do is grab *one* good checksum via a packet grabber and rip into the code and have it send that in place of generating and sending one.

reply to this message

#19: Re: crypto

by graham on 02/27/2008 02:06, refers to #18

lol but the modified content would not match the trusted checksum. Players would use the authority's public key to decrypt the checksum.

reply to this message

#20: Re: crypto

by yetanotherdemosthenescomputer on 02/27/2008 02:16, refers to #19

Oh, read it wrong. Why would distributed code matter at all? There's no reason for anything of that nature, aside from proper sandboxing. It's modified copies of it that would need to be worried about. Your whole suggestion is based on the backward assumption that people would continue downloading content from a provider that the community didn't trust. Any malicious stuff is going to get informally blacklisted even without sandboxing, and therefore made harmless.

reply to this message

#21: Re: crypto

by ezombie on 02/27/2008 03:23, refers to #20

BINGO!

Give this man a prize.

Proper sandbox + central authentication of players and servers = winning combination. It's simple, very effective, doesnt take two years, and if you focus on ONE thing, chances are much much better you can do it correctly.

Plus in the ET world (like many other online team FPS games) most people play on a couple favorite servers, and develop friendships and communities. Hence why I like it so much :D

reply to this message

#22: Re: crypto

by graham on 02/27/2008 04:00, refers to #20

@post #22

The security implications of distributed code matter a great deal. We're talking about game servers being the content providers. It takes nothing for a game server to be listed on the master server, malicious servers could pop up at anytime and wait for victims to connect, an "informal blacklist" developed by the community just wouldn't work.

Using a cypto system gives you the trust of a domain with decentralised distribution.

@post #23

Central authentication is not a winning strategy, it sucks big time for scalability. Using cryptography for authentication and data integrity is a more superior solution. :D

reply to this message

#23: Re: crypto

by yetanotherdemosthenescomputer on 02/27/2008 05:06, refers to #22

Actually, the whole deal is that none of that should be necessary.

Proper sandboxing would limit the scope of the code and the ability of the content to overwrite other downloaded content. So, any downloaded content would be unable to destroy other downloaded content, or anything else on your computer. It would be unable to add anything to your computer, except what runs in the sandbox.

Nothing is requred except for proper sandboxing, if you can ensure that the sandboxing is done properly, which is generally easier when done with a subset of an existing language, or a new limited language.

Now, why would central authority or an encryption/cryptographic system be required on top of proper sandboxing?

reply to this message

#24: Re: crypto

by graham on 02/27/2008 05:28, refers to #23

I agree, a trust system wouldn't be necessary if sandbox security was used, a restricted execution environment solves the problem of untrusted code. *I'm in favor of a sandbox over a trust system.* Post #18 gave the impression that a crypto system would be useless, I was merely correcting this. :)

reply to this message

#25: Re: crypto

by ezombie on 02/27/2008 16:47, refers to #24

Sorry, I meant in the current *context* one would be useless. Without central code review, someone WILL slip something through a overworked and unpaid code review board sooner or later. And without a proper sandbox, it would run RAMPANT until someone noticed something:

"my configs got erased!"
"file a bug report, must be something wrong with the engine"
<three months later of meaningless bug testing>
"well, nothing wrong with the engine"
...
"Oh wait, some admin must be leaking bad code"

You are thinking only of hackers. I am thinking of the much more likely *innocent code bugs* from admins as well. A proper sandbox protects you from malicious as well as accidental harm.

[I agree, a trust system wouldn't be necessary if sandbox security was used]

And I say it is actually harmful (worse then useless) if full sandboxes are NOT used as well. I come from the commercial Unix world. That is kinda one of the basic security rules here. You chroot/jail anything that can be accessed from outside, and you sandbox ANY active code sent over the internet. One day Steam will slip up, and you will wish that you had never installed it.

BUT - here is the big one folks ->

This is all just *armchair quarterback* theory jabber. The REAL point is this: We have not the resources (and NEVER will) - to run such a thing as central code review and signing. Period. I have worked for companies that do that in-house, and at it's cheapest it's alarmingly EXPENSIVE (in time and/or money). This means it will never happen, no matter how good of an idea it may be.

Heck, with a gaming community of over 200K(!) active players, Splatterladder BARELY squeaks by with donations. And they just do server & player stats!

reply to this message

#26: Re: crypto

by graham on 02/28/2008 00:34, refers to #25

Inspecting and testing code isn't difficult and shouldn't cost anything to perform, the open source community could provide free peer review. ;) What resources are you thinking about?

I'm thinking about a code modification being a rare occurrence, in most cases server admins should be satisfied by an extensive set of server variables, provided by the original software.

reply to this message

#27: Re: crypto

by a`baby`rabbit on 02/28/2008 05:35, refers to #26

Yikes.. my poor blood pressure, I almost missed the smilie in your message...

reply to this message

#28: Re: crypto

by SheeEttin on 02/28/2008 15:30, refers to #26

Given the ability to mod a server, I don't think that it'd be left alone...
I've played Unreal Tournament 2004, with its mutators, and believe me, there is some weird stuff out there. Last time I checked, there were two servers running some kind of UT RPG! (Never could figure that one out.)
If you build it, they will come...

reply to this message

#29: ..

by James007 on 02/28/2008 21:37

The ut2004rpg mod allows you to upgrade your health, weapon fireing speed, amount of ammo being held, etc. By gaining exp and leveling up you can purchase stat points and special abilities.

reply to this message

   Board Index