Would love to try out my anti-cheat/hack/injection service on the game - Question. - Rust

[QUOTE=iSoldier;43703154]Doesn't matter, they can connect from a VPN from anywhere in the world, and it can say their on the moon, trust me when I tell you, it WILL detect them injecting their script to alter their client on the server, and it will ban the IP their associated with. If their IP changes, then it bans them instantly again on that new IP FROM THE SERVER ONLY, not from Steam. Do I have something to VAC ban them? No of course not, that already exists with VAC's support. What I have will ban them from your PERSONAL server so they cannot come back and ruin YOUR server that you pay good money for. [B][U]Cheers![/U][/B] :eng101:[/QUOTE] I feel like I am repeating myself. WHAT THE HELL ARE YOU TALKING ABOUT. [quote] it WILL detect them injecting their script to alter their [B]client[/B] on the [B]server[/B][/quote] No one ever injects anything to the server. If they inject anything, it's on the client. And you know what that does to the server? Nothing. [QUOTE=steamfreak;43703158]How about you let him try his shit and if it fails it fails, if it works, great. Instead of pissing on about how this or that wont work, jesus guys.. The way hes explaining things might not work, but he seems to know at least a LITTLE more than some of us about cheat detection. Simply let him test it, adjust it for RUST, and see how it works. These forums get 50 rant threads per day about cheats, and when a person like this raises their hand to offer an anticheat idea you fuckers beat them up for it.. What the fuck? You really are living up to what Facepunch Forums have been marked for..[/QUOTE] This dude knows nothing. He is talking nonsensical technobabble that makes little sense. There is no one on rust [I]injecting their scripts into the machines to gain elevated permissions[/I], which doesn't even make sense. People are injecting code/scripts into their OWN clients to aimbot, speedhack, etc.

[QUOTE=Onisan;43703064]You're wrong about VAC, but you can read my prior post to this one for it's explanation. You're thinking about graphic mods in a wrong manner. Assume they make rocks, trees and grass graphics semi-transparent, and player models/armor bright red. That poses a huge problem for others. Files that are modified on a clients side can not directly affect a server, unless they're actively uploading files to the server - in which such a breach would go beyond simple game manipulation into the legal definition of malicious hacking. The exception to this being position modifying with applications such as Cheat Engine - which VAC detects.[/QUOTE] I was actually talking about the service I run...not VAC, sorry I didn't specify.

If VAC reads the computers memory how does it react to a very strict configured hips or selinux? Doesn't the VAC gets blocked clientwise because of intrusive behavior and the player gets banned because of it?

Im not an expert or anything, but im sure hes talking about detecting a modified .dll file communicating with the server, not detecting it serverside..? Inb4 i completely misunderstood things. >.>

[QUOTE=XoX;43703252]I feel like I am repeating myself. WHAT THE HELL ARE YOU TALKING ABOUT. No one ever injects anything to the server. If they inject anything, it's on the client. And you know what that does to the server? Nothing. This dude knows nothing. He is talking nonsensical technobabble that makes little sense. There is no one on rust [I]injecting their scripts into the machines to gain elevated permissions[/I], which doesn't even make sense. People are injecting code/scripts into their OWN clients to aimbot, speedhack, etc.[/QUOTE] I think if you have a problem understanding what I'm talking about, maybe you should go take some free online classes to help understand more how cheat detection "Really" works. No offense to you, you are entitled to your opinion, but I'm going to backup Steamfreak's comment. If they are using some sort of aimbot, then VAC will take care of them, I literally don't care about that. But if clients are using a injection program to inject script to the host (RUST SERVER) somewhere in the world, then this will catch and ban their IP from connecting to the (RUST SERVER) to play. [B][U]Cheers![/U][/B] :eng101:

[QUOTE=XoX;43703252]I feel like I am repeating myself. WHAT THE HELL ARE YOU TALKING ABOUT. No one ever injects anything to the server. If they inject anything, it's on the client. And you know what that does to the server? Nothing. This dude knows nothing. He is talking nonsensical technobabble that makes little sense. There is no one on rust [I]injecting their scripts into the machines to gain elevated permissions[/I], which doesn't even make sense. People are injecting code/scripts into their OWN clients to aimbot, speedhack, etc.[/QUOTE] If you can go through a door where you normally shouldn't you have to inject something to the server. Or at least the server should scan it "OK there is a door, the player got through... dafuq?"...

So you're telling me that you have 100% hacker detection rate by... checking if they inject DLLs onto the server over the game socket connection? This is one of the few times I will use these two words: [B]BULL. SHIT.[/B] The problem I have with that statement is that most, if not all, of the Rust hacks existing at the moment are client-side. Aimbotting, that's clientside. Speedhacking, that's clientside. Noclipping, N-stepping, the list goes on. None of these require elevated permissions on the server, some don't even require client-side DLL injection. You probably wouldn't even catch half of the hackers in Rust, probably not even 10%.

[QUOTE=iSoldier;43703323]I think if you have a problem understanding what I'm talking about, maybe you should go take some free online classes to help understand more how cheat detection "Really" works. No offense to you, you are entitled to your opinion, but I'm going to backup Steamfreak's comment. If they are using some sort of aimbot, then VAC will take care of them, I literally don't care about that. But if clients are using a injection program to inject script to the host (RUST SERVER) somewhere in the world, then this will catch and ban their IP from connecting to the (RUST SERVER) to play. [B][U]Cheers![/U][/B] :eng101:[/QUOTE] No one uses anything to inject anything into the server.

[QUOTE=gnomegemini;43703282]If VAC reads the computers memory how does it react to a very strict configured hips or selinux? Doesn't the VAC gets blocked clientwise because of intrusive behavior and the player gets banned because of it?[/QUOTE] Ding ding. Your first part was spot on. Second part [I][U]Doesn't the VAC gets blocked clientwise because of intrusive behavior and the player gets banned because of it? [/U][/I] - No, it would not block VAC from conducting its normal business, because of how I explained of it dropping all the chains on the server machine, you gotta be careful how you configure it. Given you have someone who knows what their doing (cough) you could end up with a pretty nicely configured script injection detection service.

[QUOTE=gnomegemini;43703339]If you can go through a door where you normally shouldn't you have to inject something to the server. Or at least the server should scan it "OK there is a door, the player got through... dafuq?"...[/QUOTE] If the server doesn't do it's own physics, then no you don't. It could very well be (and looks like) physics are all done clientside to reduce stress on the server.

[QUOTE=gnomegemini;43703339]If you can go through a door where you normally shouldn't you have to inject something to the server. Or at least the server should scan it "OK there is a door, the player got through... dafuq?"...[/QUOTE] You are spot on. This is exactly how it works, and a perfect way to describe it! Nice job sir! [U][B]Cheers![/B][/U] :eng101:

[QUOTE=KillaMaaki;43703360]So you're telling me that you have 100% hacker detection rate by... checking if they inject DLLs onto the server over the game socket connection? This is one of the few times I will use these two words: [B]BULL. SHIT.[/B] The problem I have with that statement is that most, if not all, of the Rust hacks existing at the moment are client-side. Aimbotting, that's clientside. Speedhacking, that's clientside. Noclipping, N-stepping, the list goes on. None of these require elevated permissions on the server, some don't even require client-side DLL injection. You probably wouldn't even catch half of the hackers in Rust, probably not even 10%.[/QUOTE] Ok smartass, how about explaining a better way of detecting cheats? Maybe try offering some pointers to make his idea better/more effective?

[QUOTE=KillaMaaki;43703360]So you're telling me that you have 100% hacker detection rate by... checking if they inject DLLs onto the server over the game socket connection? This is one of the few times I will use these two words: [B]BULL. SHIT.[/B] The problem I have with that statement is that most, if not all, of the Rust hacks existing at the moment are client-side. Aimbotting, that's clientside. Speedhacking, that's clientside. Noclipping, N-stepping, the list goes on. None of these require elevated permissions on the server, some don't even require client-side DLL injection. You probably wouldn't even catch half of the hackers in Rust, probably not even 10%.[/QUOTE] Regardless - I would still like to throw it on a test server and see how it works out, maybe this could lead to something else if were lucky!

[QUOTE=steamfreak;43703393]Ok smartass, how about explaining a better way of detecting cheats?[/QUOTE] It's a difficult problem, I will say that. The ideal solution is to move as much as possible to the server, instead of running it on the client. This, however, increases server load and therefore requires beefier server hardware to run without lag. EDIT: I guess a better explanation is, rather than running attempting to detect cheats (reactive solution - you react after a cheat has happened), you design the server so that it cannot be cheated within reason (proactive solution - you prevent cheats before they happen) by not trusting clients with sensitive information.

[QUOTE=KillaMaaki;43703413]It's a difficult problem, I will say that. The ideal solution is to move as much as possible to the server, instead of running it on the client. This, however, increases server load and therefore requires beefier server hardware to run without lag.[/QUOTE] Depends what your using, and how intensive it is though of course

[QUOTE=KillaMaaki;43703413]It's a difficult problem, I will say that. The ideal solution is to move as much as possible to the server, instead of running it on the client. This, however, increases server load and therefore requires beefier server hardware to run without lag.[/QUOTE] Garry wont allow that, The more load on the server the less stable it becomes, and server stability is what the dev team has worked so hard to achieve for a while. Also, the more load on the server the higher the hosting prices get because GSPs will have to allocate more memory and CPU per slot, resulting in less servers and more lag. gg.

[QUOTE=gnomegemini;43703282]If VAC reads the computers memory how does it react to a very strict configured hips or selinux? Doesn't the VAC gets blocked clientwise because of intrusive behavior and the player gets banned because of it?[/QUOTE] Not a lot of information on VAC running on Linux other than it being in beta. I'd assume it's given all the 'permissions' it needs to read the game's memory when you launch the game.

I still didn't get how you are detecting a [B]client injecting dlls[/B] on the [B]server[/B]. KillaMaaki and XoX are absolutely right here from my point of view. You have no clue what you are talking about.

[QUOTE=AmShaegar;43703456]I still didn't get how you are detecting a [B]client injecting dlls[/B] on the [B]server[/B]. KillaMaaki and XoX are absolutely right here from my point of view. You have no clue what you are talking about.[/QUOTE] Well that's fine if you don't understand, its not easy to comprehend if you don't understand the rules of the game. game being understanding DLL injection... Just fyi, if I didn't have a clue of what I am talking about, I wouldn't have started this thread in the first place. I want to come together and make something work for this! If other people have ideas that can merge with mine, lets integrate them together for the good of mankind!

To add onto KillaMaaki's thoughts: [B]None of these hacks touch the server in any way.[/B] They either add to or modify the client. Simplified examples below. Aimbot? Get the position of a player from what the server sends to the client and the client's position, use vectors to calculate the direction and point to face and shoot. All done within the [B]client[/B], using what the server sends to the client and manipulating the memory of the [B]client[/B]. ESP hack? The server sends positions of all players, which the hacking program can use to draw information at correct locations on the screen by manipulating the memory of the [B]client[/B]. If all textures and models other than the players were removed, you would see players floating around a hundred miles away. If these hacks were able to inject a DLL or run arbitrary code on Rust servers you would have a [B]much[/B] bigger issue at hand. @steamfreak: There is no way to detect whether it's a "modified .dll file" sending requests to the server, the server only sees a TCP / UDP packet, not which program sent it nor whether the program that sent it has been modified by injecting DLLs.

[QUOTE=Pseudochu;43703510]To add onto KillaMaaki's thoughts: [B]None of these hacks touch the server in any way.[/B] They either add to or modify the client. Simplified examples below. Aimbot? Get the position of a player from what the server sends to the client and the client's position, use vectors to calculate the direction and point to face and shoot. All done within the [B]client[/B], using what the server sends to the client and manipulating the memory of the [B]client[/B]. ESP hack? The server sends positions of all players, which the hacking program can use to draw information at correct locations on the screen by manipulating the memory of the [B]client[/B]. If all textures and models other than the players were removed, you would see players floating around a hundred miles away. If these hacks were able to inject a DLL or run arbitrary code on Rust servers you would have a [B]much[/B] bigger issue at hand. @steamfreak: There is no way to detect whether it's a "modified .dll file" sending requests to the server, the server only sees a TCP / UDP packet, not which program sent it nor whether the program that sent it has been modified by injecting DLLs.[/QUOTE] Yes, I agree with you, but I'd still like to try what I'm talking about on a test server.

Well, on my background, I understand how multiplayer games and network communication works. I recently got my graduation in IT-Security. But where are you taking this ideas from? What software are you using for your minecraft server? What you are talking about, this whole serverside dll injection detection, is - in XoX' words - nonsense. [QUOTE=Pseudochu;43703510]If these hacks were able to inject a DLL or run arbitrary code on Rust servers you would have a [B]much[/B] bigger issue at hand.[/QUOTE] Exactly!

ok i soldier i have a server what do you need to implement it

[QUOTE=Pseudochu;43703510] If these hacks were able to inject a DLL or run arbitrary code on Rust servers you would have a [B]much[/B] bigger issue at hand.[/QUOTE] Exactly. Say someone could inject DLLs onto an HFB server. Disregarding the Rust server application, don't you think HFB would have a serious problem on their hand at this point (and take steps to ensure that such a situation cannot happen)? I mean, what else could the hacker access?

[QUOTE=iSoldier;43703531]Yes, I agree with you, but I'd still like to try what I'm talking about on a test server.[/QUOTE] I appreciate your persistence but this is comparable to breaking into your neighbour's house to see if you left your stove on. [QUOTE=iSoldier;43701403]The service that runs on the box that's running the server simply monitors DLL's being used to write a process to memory on the host machine. When it detects a DLL being used and sees a process ID that is attached to it, it gets rid of it, just dumps it and then blacklist's the IP associated with that PID.[/QUOTE] If a hack can "write a process to memory on the host machine", as I said, that's a whole different issue of being able to run arbitrary code on Rust servers. There is no point to monitoring DLL injections to the server process when the only thing that can do that is software running on the server machine itself.

Alright so this thread is starting to slip off topic.. So, again i ask why question it? Why not just let him test it and see the results. If he fails then meh, shit goes back to normal and people still whine about hacks, 50 threads a day. If it works, itll make you fucks look stupid for stomping on him for offering an opinion. I cant believe what assholes some of you are.

[QUOTE=iSoldier;43703499]Well that's fine if you don't understand, its not easy to comprehend if you don't understand the rules of the game. game being understanding DLL injection... Just fyi, if I didn't have a clue of what I am talking about, I wouldn't have started this thread in the first place. I want to come together and make something work for this! If other people have ideas that can merge with mine, lets integrate them together for the good of mankind![/QUOTE] I have no clue why you made this thread, but it's definitely not because you know what you are talking about.

[QUOTE=steamfreak;43703601]Why not just let him test it and see the results.[/QUOTE] Simply because what he describes is impossible. We are trying to figure out what exactly he is using to prevent cheaters from joining his game servers. Because it's not what he says. No serverside client dlls injection detection.

Curiosity over all here but the ultimate issue is finding out how the hacks work. They hack/modify/alter something that tells the game to do something different than designed. Something somewhere is modifying it and affecting how its played. Now if thats modifying files on your own computer and not affecting/talking/associating/injecting/etc the server or its script in any way thats fine, I imagine these files are still required to play Rust with right? Without the files the game wouldnt run properly I imagine. So why not have it so every time you connect to Rust that the system forces you to re-download and overwrite those files. Or recognizes your using modified files and only lists servers on which they would allow modified files. Public Servers, and Hosted Servers that dont allow modified files could even be setup to force the files to be defaulted on login. Sure this means a download wait as it updates the files on your computer though would ensure everyone is running the same configurations. Of course then you need a way to stop them from modifying files -in play- I dont know much about the programming level of things but I am sure there are as many ways to find to stop a hacker as there is for hackers to find a way to change the game.

[QUOTE=steamfreak;43703601]Alright so this thread is starting to slip off topic.. So, again i ask why question it? Why not just let him test it and see the results. If he fails then meh, shit goes back to normal and people still whine about hacks, 50 threads a day. If it works, itll make you fucks look stupid for stomping on him for offering an opinion. I cant believe what assholes some of you are.[/QUOTE] I wouldn't have been "an asshole" had he said "I think this could work..." or "I wonder if it would" (and I would have calmly explained why it wouldn't work). But no, his claims are that "it works 100% always catches all the hackers". It makes him sound like a goddamn telemarketer, and the claims are clearly false since most Rust hacks are clientside.