Register
Events
Popular
More
Post #41
Ding ding. Your first part was spot on. Second part Doesn't the VAC gets blocked clientwise because of intrusive behavior and the player gets banned because of it? - No, it would not block VAC from conducting its normal business, because of how I explained of it dropping all the chains on the server machine, you gotta be careful how you configure it. Given you have someone who knows what their doing (cough) you could end up with a pretty nicely configured script injection detection service.
-
-
If the server doesn't do it's own physics, then no you don't. It could very well be (and looks like) physics are all done clientside to reduce stress on the server.
-
You are spot on. This is exactly how it works, and a perfect way to describe it! Nice job sir!
Cheers!
-
Ok smartass, how about explaining a better way of detecting cheats?
Maybe try offering some pointers to make his idea better/more effective?
-
Regardless - I would still like to throw it on a test server and see how it works out, maybe this could lead to something else if were lucky!
-
It's a difficult problem, I will say that.
The ideal solution is to move as much as possible to the server, instead of running it on the client.
This, however, increases server load and therefore requires beefier server hardware to run without lag.
EDIT: I guess a better explanation is, rather than running attempting to detect cheats (reactive solution - you react after a cheat has happened), you design the server so that it cannot be cheated within reason (proactive solution - you prevent cheats before they happen) by not trusting clients with sensitive information.
-
Depends what your using, and how intensive it is though of course
-
Garry wont allow that, The more load on the server the less stable it becomes, and server stability is what the dev team has worked so hard to achieve for a while. Also, the more load on the server the higher the hosting prices get because GSPs will have to allocate more memory and CPU per slot, resulting in less servers and more lag.
gg.
-
Not a lot of information on VAC running on Linux other than it being in beta. I'd assume it's given all the 'permissions' it needs to read the game's memory when you launch the game.
-
I still didn't get how you are detecting a client injecting dlls on the server. KillaMaaki and XoX are absolutely right here from my point of view. You have no clue what you are talking about.
-
Well that's fine if you don't understand, its not easy to comprehend if you don't understand the rules of the game.
game being understanding DLL injection...
Just fyi, if I didn't have a clue of what I am talking about, I wouldn't have started this thread in the first place.
I want to come together and make something work for this!
If other people have ideas that can merge with mine, lets integrate them together for the good of mankind!
-
To add onto KillaMaaki's thoughts:
None of these hacks touch the server in any way. They either add to or modify the client. Simplified examples below.
Aimbot? Get the position of a player from what the server sends to the client and the client's position, use vectors to calculate the direction and point to face and shoot. All done within the client, using what the server sends to the client and manipulating the memory of the client.
ESP hack? The server sends positions of all players, which the hacking program can use to draw information at correct locations on the screen by manipulating the memory of the client. If all textures and models other than the players were removed, you would see players floating around a hundred miles away.
If these hacks were able to inject a DLL or run arbitrary code on Rust servers you would have a much bigger issue at hand.
@steamfreak: There is no way to detect whether it's a "modified .dll file" sending requests to the server, the server only sees a TCP / UDP packet, not which program sent it nor whether the program that sent it has been modified by injecting DLLs.
-
Yes, I agree with you, but I'd still like to try what I'm talking about on a test server.
-
Well, on my background, I understand how multiplayer games and network communication works. I recently got my graduation in IT-Security. But where are you taking this ideas from? What software are you using for your minecraft server? What you are talking about, this whole serverside dll injection detection, is - in XoX' words - nonsense.
Exactly!
-
ok i soldier i have a server what do you need to implement it
-
Exactly. Say someone could inject DLLs onto an HFB server. Disregarding the Rust server application, don't you think HFB would have a serious problem on their hand at this point (and take steps to ensure that such a situation cannot happen)? I mean, what else could the hacker access?
-
I appreciate your persistence but this is comparable to breaking into your neighbour's house to see if you left your stove on.
If a hack can "write a process to memory on the host machine", as I said, that's a whole different issue of being able to run arbitrary code on Rust servers.
There is no point to monitoring DLL injections to the server process when the only thing that can do that is software running on the server machine itself.
-
Alright so this thread is starting to slip off topic..
So, again i ask why question it? Why not just let him test it and see the results. If he fails then meh, shit goes back to normal and people still whine about hacks, 50 threads a day.
If it works, itll make you fucks look stupid for stomping on him for offering an opinion.
I cant believe what assholes some of you are.
-
I have no clue why you made this thread, but it's definitely not because you know what you are talking about.
-
Simply because what he describes is impossible. We are trying to figure out what exactly he is using to prevent cheaters from joining his game servers. Because it's not what he says. No serverside client dlls injection detection.
-
Curiosity over all here but the ultimate issue is finding out how the hacks work. They hack/modify/alter something that tells the game to do something different than designed. Something somewhere is modifying it and affecting how its played.
Now if thats modifying files on your own computer and not affecting/talking/associating/injecting/etc the server or its script in any way thats fine, I imagine these files are still required to play Rust with right? Without the files the game wouldnt run properly I imagine.
So why not have it so every time you connect to Rust that the system forces you to re-download and overwrite those files. Or recognizes your using modified files and only lists servers on which they would allow modified files. Public Servers, and Hosted Servers that dont allow modified files could even be setup to force the files to be defaulted on login. Sure this means a download wait as it updates the files on your computer though would ensure everyone is running the same configurations.
Of course then you need a way to stop them from modifying files -in play- I dont know much about the programming level of things but I am sure there are as many ways to find to stop a hacker as there is for hackers to find a way to change the game.
-
I wouldn't have been "an asshole" had he said "I think this could work..." or "I wonder if it would" (and I would have calmly explained why it wouldn't work). But no, his claims are that "it works 100% always catches all the hackers". It makes him sound like a goddamn telemarketer, and the claims are clearly false since most Rust hacks are clientside.
-
Because his solution is as effective as smearing lube all over the server machine so that the hacks just glide off instead of sticking to the server.
I can't believe how ignorant you are.
-
Again i ask.... Why not let him try it? If it fails it fails.... No harm done.
Your the biggest asshole on this thread, if your so sure hes going to fail then why not sit back and watch?
-
It's not slipping off-topic as we are discussing information relevant to his system.
The problem is that this is technically impossible.
iSoldier: "I think I can break the laws of gravity! Can someone lend me a roof to jump off of to test it?"
steamfreak: "Why are you doubting him, it sounds complete feasible. Why not let him test it? I can't believe what assholes some of you are!"
-
There are but at this stage of development they did not think of it already. That' why it is how it is at the moment. And as you can see in garry's posts, they are already working on it.
-
It is a waste of time.
-
Maybe i like to watch people try to jump off roofs?
-
You guys are shady.
"Why not let him try it"
I bet you 1 cent that this is duh virus or sum shit.
He kinda joined in January, so idk i'm probably a dumb shit but this shit is just dumb . Calm your balls and don't rage as this is my opinion which don't really matter (Y).
-
Then why are you wasting your time arguing with him?
-
So people like you don't listen to his nonsense.
-
Who says im listening, i already told you i dont know jack shit about this crap. Im not a software engineer.
But i do like it when someone walks in and has a wild idea and wants to test it. Trial and Error.
-
If it was remotely plausible, sure, but it's not.
-
Im not sure how many times im going to repeat this, but, Why not let him try?
-
There is nothing to try. He just describes something impossible.
-
To be fair, the OP's claims are factually correct. He DID catch 100% of everyone he caught ;)
-
-
In that case, why not let him try?
-
I'm sure also caught 100% of people who were injecting their scripts into the machines to gain elevated permissions or using a particular DLL, and running it in the process memory on the host machine
-
You don't get it: You cannot try something implausible. It's like letting someone try to walk upside down on the ceiling...
Agree x 1
Disagree x 2
Dumb x 1
Informative x 1
Funny x 1
Winner x 1