Any methods of anti-botting?

ChristianJix · 10/09/2011, 16:24

Hya,

Guys , does anyone knows some methods of anti botting (aim,hunt..(sv)) .

I've tried to make smth that detects process &kill but they can change the name , also I can't make kill process by id cuz pid is always changing..so..I got no ideas!

Thanks

~~pro4never~~ · 10/09/2011, 21:06

There's the simple client edits/fixed including things like...

#1: Change blowfish key (SUPER easy to get around but makes people have to customize any proxy to work on your server). Combine with packing your .exe to make the new key harder to find

#2: Edit magictype.dat skill ids and change server side to match (then edit the conquer.exe to point to a renamed file for magictype leaving the old one there as a decoy). This makes people unable to use fb/ss aimbots without doing some extra searching and editing of their bot

#3: As you said detecting injection into the process and scanning by process name and killing it.

You're far better off doing server side checks. Most bots perform in very specific ways

IE: Old bots often jumped ontop of monsters and immediately tried killing them, same with looting.

You can perform TONS of checks server side to detect suspicious behavior and then either warn a gm to check out what the player is doing, or if it gets super obvious then kick them/warn them (do NOT use a single instance of suspicious behavior as it will kick normal players fairly often).

I do something like that server side on my server to stop aimbotters and unless they do some reasonably large edits to their aimbot or specifically make it less accurate/slower then it will detect them within the first few shots it takes. Clears out 90 percent of hacks just by doing a few simple edits and changes.

~~BaussHacker~~ · 10/09/2011, 21:48

Quote:
Originally Posted by BaussHacker
You need to use an obfuscator and/or a crypter to protect your executable at least. Otherwise people can crack it easy.

But on the other hand, any security should never be made in .NET.

That being said.

Start by making a Windows Form Application.
Delete the form.

Open Program.cs and delete everything in the main method.

Now your application will not show up.

Make a threading system, so it will not close as well.

First thing you do is making a connection between the antihack and the server. It's to ensure people are not closing it. Make sure to send data as well high encrypting it. Make your own algorithms etc. Now to the actual anticheat part.

I will just give some examples, not actual working things.

Use the Process class, but at first make a string array with processnames that's not allowed. A good thing is checking for datas in the process as well. You can use the System.Reflection.Assembly class to do that.
Code:
            string[] NotAllowed = new string[] { "hack" };//Don't write .exe
            foreach (string prc in NotAllowed)
            {
                foreach (Process Prc in Process.GetProcessesByName(prc))
                {
                    Prc.Kill();
                }
            }
Next thing you do is you can check for not allowed injection.
Check your conquer process.
Code:
            foreach (Process Prc in Process.GetProcesses())
            {
                try
                {
                    if (Prc.MainModule.FileVersionInfo.OriginalFilename.ToLower().Contains("conquer"))
                    {
                        foreach (ProcessModule module in Prc.Modules)
                        {
                            if (module.FileName.Contains("notallowed.dll"))
                            {
                                Prc.Kill();
                            }
                        }
                    }
                }
                catch { }//For processors you do not have access to!
            }
Ermm. This is some really basic examples and they are not very good to use, but I hope it helps.

Meh.

_DreadNought_ · 10/09/2011, 23:18

Implement something I invented and called "Stealth-proxy". add's the ability to send custom packets, change encryptions all in C# and with ease. Whats so cool about it is without the Stealth-proxy running conquer cannot understand the gooberdygoop stuff the server sends so without stealth running conquer wont work.

I shall say no more.

~~BaussHacker~~ · 10/10/2011, 00:32

This should be closed or deleted before too much info get's out.

_DreadNought_ · 10/10/2011, 17:15

Mmm no, That would go against the freedom of speech, people will say what they want public.

Thats just like Hybrid and Korvacs trying to hide the CO2 encyption again.

CptSky · 10/10/2011, 17:24

Quote:

Originally Posted by _DreadNought_

Mmm no, That would go against the freedom of speech, people will say what they want public.

Thats just like Hybrid and Korvacs trying to hide the CO2 encyption again.

Actually, there is a lot of things that are hidden

_DreadNought_ · 10/10/2011, 17:28

Yeap I know, wasnt implying there are not, But if someone wants something public then they will make it public, no point in sensoring public information.

~~pro4never~~ · 10/10/2011, 18:39

Quote:

Originally Posted by CptSky

Actually, there is a lot of things that are hidden

It's the difference though between you releasing something and a moderator deciding it shouldn't be public and removing it and you simply not posting it in the first place.

Korvacs · 10/10/2011, 18:49

Quote:

Originally Posted by _DreadNought_

Mmm no, That would go against the freedom of speech, people will say what they want public.

Thats just like Hybrid and Korvacs trying to hide the CO2 encyption again.

Actually i recommended it and the admin team made the decision, and this is a german forum with german law, what you believe applies to you doesnt necessarily apply. Not sure why hybrid was mentioned since he wasnt involved.

You guys only complain about censorship and freedom of speech, when its convenient anyway making your entire argument invalid imo.

Damaging changes and exploits (encryption comes under this) are meant to be released to the underground so that tools can be developed by responsible people to release to the public, thats what the underground is for and how this forum has functioned for years and years, you guys just need to get used to that fact.

_DreadNought_ · 10/11/2011, 18:13

Damaging changes and exploits most defiantly should be kept underground(and I totally respect that), a Co2 encryption is not damaging, certiantly not to people who cant use it without help.

BACK ON TOPIC.

#edit, Antibotting methods doesnt come under damaging regardless.

InfamousNoone · 10/11/2011, 23:48

Quote:

Originally Posted by _DreadNought_

Mmm no, That would go against the freedom of speech, people will say what they want public.

Thats just like Hybrid and Korvacs trying to hide the CO2 encyption again.

I couldn't care less if the most up-to-date encryption is published (assuming we've reached the stage that COGenius is fully functional on it as well). So my response to what you said is 'wat' lol.

_DreadNought_ · 10/12/2011, 00:28

We both know what I mean.

Regardless, Bauss, no point closing a thread to stop informtion getting out.

~~BaussHacker~~ · 10/12/2011, 00:35

Quote:

Originally Posted by _DreadNought_

We both know what I mean.

Regardless, Bauss, no point closing a thread to stop informtion getting out.

There is. Some things shouldn't go public.

_DreadNought_ · 10/12/2011, 00:44

Regarding this part of programming, regardless of what goes out, If you didnt know it already I doubt they'll be able to implement it.