SpeedHack protection

A SpeedHack Protection using Crasher and MMF's Time object.

A SpeedHacker to test with:
http://vr.mmosite.com/download/download.shtml

I getting a trojan report - TR/Agent.123E from AntiVir Guard. :) for speeder.

NOD32 doesn't report it...

Probably another false positive.

Crasher is useless. It took me 2 minutes 8 seconds to stop it from crashing.

you can do what you want to secure a program but think about it, major games get cracked, all you have to do is open it in a decompiler / hex and change the jump hex address. In mmf, you replace the included .mfx file to contain a blank function

At least it stops the "ima 1337 haxx0r cuz i can speed hax lololololol" hackers.

I doubt it would be hard for them to get hold of a crack.

What is Speed Hacker? Why would you need protection from it?

What is the point of the Crasher extention?

I saw in its description that crasher can crash an illegal copy of a program, can I find out more?


thanks.

Dood:

Speed hack is a program that can speed up your game/app X times, in online games that often means that you move much faster (especially 3D FPS with no server control). Some of speed hackers are able to overheat your CPU.

Crasher..Since in MMF2 are some ways that lead certainly to crash, you dont have to use this. And Crasher also doesnt find if the copy is illegal or so, it can only crash the program.

"Some of speed hackers are able to overheat your CPU."
you need to make some decent protection, if they speedhack cheat 3 times, overclock their ram without asking / telling them :)

thanks Blinza and NK2!

My opinion is still that a speed hack protection should be on the server side. It should be really easy to detect if a client is sending "move" messages too frequently, or if a player have traveled too many pixels within a set time.

make so that if the player is going faster then it normally should then get the crash object(available from updates and extensions) and make it crashes the app

Why is it so important that it have to crash? A kick or ban should alone make a good point - and besides, that's server side (and more secure).

Crashing will make your software look unstable. Not good. I'd just make a message saying stop cheating or reverse the controls and plaster cheater all over the screen.

I did your second suggestion in one of my games... LIJI was caught out by it, if I remember correctly :)

Interesting... anyone have any proof that the speedhacker doesn't have a virus? I don't feel good about this program.

Anyway, to crash someone using a speedhacker in an MMO would be good... maybe I can adopt it if I need to.

A program must NEVER CRASH...
Crasher extension should not be used in any way.

This protection is not very good too, because if application freeze for a calculation reason (for example a big fastloop), application will crash or react to the false "cheating". To prove it, just drag your application window during 3 or 4 seconds and drop it after that.

Usage of crasher aside, I like the example showing how to detect local speed hacks.

Is it not better to make the crasher crash for a complex reason, instead of just divide with 0...
I've no experience about that kind of things, but would it not be harder then for hackers to ignore?

I would think if a good hacker could figure it out, they could just create an IPS patch that would prevent that from happening.

I don't know, in my opinion, to crash a program for that reason might not be a good idea. Instead of crashing, pop up an error and have the program close normally. (or if it's like an Online came, have the program send an email / message to a GM).

ips ? you dont even need that, its old sk00l. all you would have to do is decompiler and recompile the exe (changing the JUMP addresses) or hex edit the objects functions to be blank, even change the JUMP parts in that if you understand it

You sound so experienced in the field of hacking... ;)

Actually he's right, it is possible. A debugger helps, so you can find out what instructions do whatever.

The assembly code for doing nothing is "noop" (no-operation, nop on some assemblers), and happens to be one byte long and is normally a 0. No matter what some code does, you can just replace it with a set of no-ops to remove it without affecting any code that didn't rely on what you removed. Alternatively for longer code you can put a jmp (jump / goto) instruction at the start of the code you want to remove pointing to the end.

Fun fact: Windows .exe files often contain areas of just 0s between functions, and there used to be a virus that stored itself in these so it could infect a program without changing its size or damaging it.

A good thing for protecting a program against hacking could be to store its original crypted MD5 into an external file. Then, program can compare its current crypted MD5 with original crypted MD5. If the program has been changed, it can react by closing itself or by display a message before closing.