Veritas Profile Joined January 2011 United Kingdom 106 Posts Last Edited: 2012-06-09 19:44:58 #1

I've developed a prototype application. It currently successfully detects all the existing hacks that I've tested it with. It also supports signature recognition of applications running on the system, which will allow blacklisting of hacks.



I've also developed a counterpart to the application which is an off-site service that performs analysis on replays post-game. The off-site service currently successfully detects Auto-Blink, Auto-Burrow, Auto-Inject and Screen blocking maphacks. If you know of other hacks that are evident in replays, and you have replays of them, please post them here or PM them to me.



Both players in a game running the application would ensure a hack free game. One player in a game running the application would still provide a decent detection of hacks through post-game analysis.



I plan to develop a user friendly version of these applications ASAP.



Thoughts?



---



Hello TL,



Right now the community at large has finally been made aware of something that has been prevelant since beta. As a former WoW player, a game in which cheats and botting are rampant, I can tell you that Blizzard will not take sufficient action within a sufficient time frame. Botters in WoW often go unimpeded for months (sometimes years) despite numerous reports, and many never get banned at all.



Blizzard's lax attitude towards hacks could maybe be considered acceptable if it actually worked. However, the "put up with it now in order to be free of it later" method doesn't work. Sure, some people may lose their accounts after a ban wave, but there's new undetectable hacks out within days and then we're back to having months of hacks running rampant.



Even if their method did work in the long run, it would be acceptable if it only affected ladder play. You might lose a few points unjustly, but there would be no real harm done. However, the fact that these people can use hacks freely in the many online tournaments played daily is unacceptable.



What I'm proposing, and what I'd be happy to create if there's interest, is a third-party anti-hack utility. There are many ways to do this, both invasive and non-invasive when it comes to interfacing with StarCraft II. However, Blizzard have shown they're willing to overlook ToS violations when it comes to helpful utilities (R1CH's XSplit Scene Switcher and stream opponent announcer, Starboard, my SC2 Scrapbook utility are ones that come to mind).



I've only done mild initial research in to the matter. However, I've come up with a list of various things that would be detectable. Obviously, to ensure a 100% hack free environment, both players would need to be running the software. However, it's still possible to detect if the other person is cheating with some accuracy. These games could be flagged for review and you could post the replays for further analysis.



The following is a list of features that would be relatively easy to implement:



General Hack Detection:

Similar to iCCup Launcher. Check running programs to make sure they aren't messing with the SC2 Process, and check running programs against a list of known hacks. Blizzard launcher is supposed to do this, but does a very poor job of it.



Enforcing the use of this in tournaments combined with a well updated hack database would be the most efficient way to counter hacks at the competative level. Any other methods of detection aren't fool-proof.



Maphack Detection:

This would check the position of the opponent's camera for known maphack signs. Fog of war peeking is easy to detect. The "screen lock" feature that some maphacks use would be even easier to detect.



If a user is flagged as suspicous then the person running the anti-hack software can be advised to watch the replay when the game is finished.



If both parties are running the software then camera positions of each player can be compared to make sure they match. Even if general hack detection is bypassed, this will reveal users using screen lock while fog of war peaking



Microhack Detection:

Blink/Burrow micro hacks don't select the units they're microing to perform the action. This is one that's easy to detect just by watching the replay, but could easily be automatically detected.



Key Analysis:

This would work in a perfect world if both players are running the software. Many hacks have console commands (E.G., type "/mh" to enable map hack). Comparing keys pressed to the user's key bindings would prevent (or at least detect) the use of hack hotkeys.





Obviously there are many more hacks available, and many more ways to counter them. These are the thing that came to mind immediately.



I'm unsure if this has been proposed before, but it's something I've been thinking about and would be willing to make.



Thoughts? Edit:I've developed a prototype application. It currently successfully detects all the existing hacks that I've tested it with. It also supports signature recognition of applications running on the system, which will allow blacklisting of hacks.I've also developed a counterpart to the application which is an off-site service that performs analysis on replays post-game. The off-site service currently successfully detects Auto-Blink, Auto-Burrow, Auto-Inject and Screen blocking maphacks. If you know of other hacks that are evident in replays, and you have replays of them, please post them here or PM them to me.Both players in a game running the application would ensure a hack free game. One player in a game running the application would still provide a decent detection of hacks through post-game analysis.I plan to develop a user friendly version of these applications ASAP.Thoughts?---Hello TL,Right now the community at large has finally been made aware of something that has been prevelant since beta. As a former WoW player, a game in which cheats and botting are rampant, I can tell you that Blizzard will not take sufficient action within a sufficient time frame. Botters in WoW often go unimpeded for months (sometimes years) despite numerous reports, and many never get banned at all.Blizzard's lax attitude towards hacks could maybe be considered acceptable if it actually worked. However, the "put up with it now in order to be free of it later" method doesn't work. Sure, some people may lose their accounts after a ban wave, but there's new undetectable hacks out within days and then we're back to having months of hacks running rampant.Even if their method did work in the long run, it would be acceptable if it only affected ladder play. You might lose a few points unjustly, but there would be no real harm done. However, the fact that these people can use hacks freely in the many online tournaments played daily is unacceptable.What I'm proposing, and what I'd be happy to create if there's interest, is a third-party anti-hack utility. There are many ways to do this, both invasive and non-invasive when it comes to interfacing with StarCraft II. However, Blizzard have shown they're willing to overlook ToS violations when it comes to helpful utilities (R1CH's XSplit Scene Switcher and stream opponent announcer, Starboard, my SC2 Scrapbook utility are ones that come to mind).I've only done mild initial research in to the matter. However, I've come up with a list of various things that would be detectable. Obviously, to ensure a 100% hack free environment, both players would need to be running the software. However, it's still possible to detect if the other person is cheating with some accuracy. These games could be flagged for review and you could post the replays for further analysis.The following is a list of features that would be relatively easy to implement:Similar to iCCup Launcher. Check running programs to make sure they aren't messing with the SC2 Process, and check running programs against a list of known hacks. Blizzard launcher is supposed to do this, but does a very poor job of it.Enforcing the use of this in tournaments combined with a well updated hack database would be the most efficient way to counter hacks at the competative level. Any other methods of detection aren't fool-proof.This would check the position of the opponent's camera for known maphack signs. Fog of war peeking is easy to detect. The "screen lock" feature that some maphacks use would be even easier to detect.If a user is flagged as suspicous then the person running the anti-hack software can be advised to watch the replay when the game is finished.If both parties are running the software then camera positions of each player can be compared to make sure they match. Even if general hack detection is bypassed, this will reveal users using screen lock while fog of war peakingBlink/Burrow micro hacks don't select the units they're microing to perform the action. This is one that's easy to detect just by watching the replay, but could easily be automatically detected.This would work in a perfect world if both players are running the software. Many hacks have console commands (E.G., type "/mh" to enable map hack). Comparing keys pressed to the user's key bindings would prevent (or at least detect) the use of hack hotkeys.Obviously there are many more hacks available, and many more ways to counter them. These are the thing that came to mind immediately.I'm unsure if this has been proposed before, but it's something I've been thinking about and would be willing to make.Thoughts?

ExO_ Profile Blog Joined September 2009 United States 2299 Posts #2 as long as said program wouldn't get you banned by blizz in Sc2 sounds good...if somebody could make it that is

Gheed Profile Blog Joined September 2010 United States 962 Posts #3 Anything you could do would be greatly appreciated by everyone but the maphackers.

ThirdDegree Profile Joined February 2011 United States 329 Posts #4 This is great initiative. The concerns I would have are a) would this possibly get you banned from bnet? And b) would this flag players that are just using various mods (the stronger team color mod comes to mind)? I am terrible

Niriw Profile Joined July 2011 Chile 13 Posts Last Edited: 2012-06-05 15:32:50 #5



Would be a good idea to implement on online daily tourneys On June 06 2012 00:30 ThirdDegree wrote:

This is great initiative. The concerns I would have are a) would this possibly get you banned from bnet? And b) would this flag players that are just using various mods (the stronger team color mod comes to mind)?

a)no idea

b) i don't think so, since you modify sc2's files, most hacks read the memory while executing a)no ideab) i don't think so, since you modify sc2's files, most hacks read the memory while executing

NoobStyles Profile Blog Joined October 2009 Australia 257 Posts #6 Something like this is always going to be risky while were relying on blizzard servers. I've always hoped that someday the community will get custom server working.



There way this is probably a good utility for the community to have

Veritas Profile Joined January 2011 United Kingdom 106 Posts Last Edited: 2012-06-05 15:43:19 #7 To add more to the legality side of things:



Detecting known hack applications and checking for other applications messing with the SC2 process would not be against the SC2 EULA/TOS. Extra detections (such as checking camera positions and wongful blink micro) would require reading the SC2 process memory. While it is against the EULA/TOS, Warden (Blizzard anti-cheat) does not detect applications that read SC2 process memory. Only applications that modify SC2 behaviour are automatically detected and even then it's easy to hide, thus the many hacks we currently have.



So, to sum it up:

You would not be at risk for being banned for using this application unless Blizzard decided they wanted to ban this specific application, which would be the most ironic thing ever.



Edit:

Added clarification.

zezamer Profile Joined March 2011 Finland 3797 Posts Last Edited: 2012-06-05 15:49:59 #8 On June 06 2012 00:17 Veritas wrote:

As a former WoW player, a game in which cheats and botting are rampant, I can tell you that Blizzard will not take sufficient action within a sufficient time frame. Botters in WoW often go unimpeded for months (sometimes years) despite numerous reports, and many never get banned at all.



GCD hacking got fixed in Cata(?) so maybe they will add better antihack system to HotS if people complain enough about hackers.

GCD hacking got fixed in Cata(?) so maybe they will add better antihack system to HotS if people complain enough about hackers.

archonOOid Profile Blog Joined March 2011 1928 Posts #9 Create the program and use it. Then 3 likely scenarios will follow:

Blizzard outlaws your program (looks stupid) and have to come up with a blizzard version of the same program.

OR

Blizzard outlaws your program (looks stupid) and will not come up with a blizzard version of the same program (looks stupider).

OR

Blizzard gives the thumps up (looks cool). I'm Quotable (IQ)

Nightwatch Profile Joined March 2011 13 Posts Last Edited: 2012-06-05 15:52:55 #10 This is kinda pointless for a lot of reasons.

Many people probably don't want to play tournaments if they have to download a software. Thought you have to convince any tournament to use it in the first place.



It probably won't stop many hackers, unless you are willing to spent some money and have a lot of knowledge, there is no way you can't secure your software against someone with even just a little knowledge. The effect will only be very little at best.



In my opinion it's very likely just a waste of time.

Gheed Profile Blog Joined September 2010 United States 962 Posts #11 On June 06 2012 00:46 zezamer wrote:

Show nested quote +

On June 06 2012 00:17 Veritas wrote:

As a former WoW player, a game in which cheats and botting are rampant, I can tell you that Blizzard will not take sufficient action within a sufficient time frame. Botters in WoW often go unimpeded for months (sometimes years) despite numerous reports, and many never get banned at all.



GCD hacking got fixed in Cata(?) so maybe they will add better antihack system to HotS if people complain enough about hackers.

GCD hacking got fixed in Cata(?) so maybe they will add better antihack system to HotS if people complain enough about hackers.



Didn't GCD hacking only get fixed because they changed how the GCD worked? I know all throughout Cata (or at least until I quit after the Deathwing patch) there were still rampant mining/herb/fishing bots, AFK honor farm bots, auction house bots, etc. Didn't matter if you reported them, they were still there the next week. Didn't GCD hacking only get fixed because they changed how the GCD worked? I know all throughout Cata (or at least until I quit after the Deathwing patch) there were still rampant mining/herb/fishing bots, AFK honor farm bots, auction house bots, etc. Didn't matter if you reported them, they were still there the next week.

CrushDog5 Profile Joined March 2010 Canada 204 Posts #12 This is a good idea, I think.

At the SkillCraft.ca project (http://www.teamliquid.net/forum/viewmessage.php?topic_id=264852), we've been gathering replays from hackers to see if we can detect hacking in the replay. Since we have a good idea what a player of each skill level should look like, hackers who don't have the skills associated with their league should pop out as outliers.



It would be really helpful to us if there are ways to confirm, positively, that someone was hacking. That way we can build the classifier with accurate data.



As far as Blizzard is concerned, the question is always resources. They have to decide whether a few hackers are worth pulling people off other aspects of the game to address them. Maybe creating a thread that detailed specific ways to detect hackers would make it easier for Blizzard to implement something by doing some of the work for them.



SkillCraft.com - StarCraft + Science

Jinsho Profile Joined March 2011 United Kingdom 3057 Posts #13 You're a real ideas man, OP. Why don't you start a Kickstarter to fund this? Name yourself the "supervisor" of the project too, coders love it when a guy with a vision tells them what to do.

Gheed Profile Blog Joined September 2010 United States 962 Posts #14 On June 06 2012 01:03 Jinsho wrote:

You're a real ideas man, OP. Why don't you start a Kickstarter to fund this? Name yourself the "supervisor" of the project too, coders love it when a guy with a vision tells them what to do.



If you're going to be a dickhead, at least read his entire post.



"I'm unsure if this has been proposed before, but it's something I've been thinking about and would be willing to make." If you're going to be a dickhead, at least read his entire post."I'm unsure if this has been proposed before, but it's something I've been thinking about and

Charger Profile Blog Joined September 2010 United States 2403 Posts #15 We need this badly, If done correctly this would be by far the most beneficial SC2 utility software out there for a long time to come. Blizzard will never be able to (or willing) to stay on top of this type of thing, especially in the pro scene, all the time for years and years to come - we have to do it ourselves. Of course by we I mean you OP and any other programers :p It's easy to be a Monday morning quarterback.

toiletCAT Profile Blog Joined June 2012 Qatar 284 Posts #16 I would like to test it, if it can help.

Scootaloo Profile Joined January 2012 655 Posts #17 Godspeed to this plan.



Also amusing how the features you describe is basically what Warden SHOULD be, if they got half a brain and a concern outside of just money they should implement these as soon as possible.



But I expect it will be the same response as with the disconnect problem, "We'll fix it in HotS... Maybe.".

superbarnie Profile Joined March 2012 United States 280 Posts #18 On June 06 2012 00:38 NoobStyles wrote:

Something like this is always going to be risky while were relying on blizzard servers. I've always hoped that someday the community will get custom server working.



There way this is probably a good utility for the community to have



There already is custom server,look up Starfriend. There already is custom server,look up Starfriend. Zerg OP | CreansRNub | k-Poop | Zerg OP | Sea lions | \\m//

ZeromuS Profile Blog Joined October 2010 Canada 12923 Posts #19 I posted this in the other thread but here it goes.



In MOHAA there was an anti hack that would screen cap randomly. If you were suspected of hacking you would be given 24 hours to email an admin the screenshot collection and if hacks were found you would be banned, if none no ban and if no Emil you would get banned as well. Worked pretty well and it can work for tournaments run online only for sc2 idf there was a similar application. Strategy Overwatch is awesome | Support is the best role | @TL_ZeromuS | www.twitch.tv/Zeromus_

Heh_ Profile Blog Joined April 2012 Singapore 2245 Posts Last Edited: 2012-06-05 16:21:36 #20

1: If a player scans a base, briefly looks and it, and comes back a minute later to see what he might have missed/count buildings, then these instances should be highlighted but not scream "maphack".

2: Looking at base locations to shift-click a scouting worker shouldn't be highlighted. Some people prefer to click on a screen instead of the minimap.

3: Scouting for proxies in the normal spots.

4: What should definitely be highlighted is when the player camera goes over a random area that has "nothing", but is hiding a proxy pylon or tech.



How to fix this? For point 1 I don't have a good idea. You just have to flag it up and analyze manually. For point 2 and 3, I would suggest to ignore the instance if it is followed up by a click (or shift click) within 2 seconds of vision in that area. That way, you won't have a million false positives showing up when a player decides to spam shift click for legitimate scouting.



Edit:

Sounds like a good plan, but there's something to consider about looking at fog of war:1: If a player scans a base, briefly looks and it, and comes back a minute later to see what he might have missed/count buildings, then these instances should be highlighted but not scream "maphack".2: Looking at base locations to shift-click a scouting worker shouldn't be highlighted. Some people prefer to click on a screen instead of the minimap.3: Scouting for proxies in the normal spots.4: What should definitely be highlighted is when the player camera goes over a random area that has "nothing", but is hiding a proxy pylon or tech.How to fix this? For point 1 I don't have a good idea. You just have to flag it up and analyze manually. For point 2 and 3, I would suggest to ignore the instance if it is followed up by a click (or shift click) within 2 seconds of vision in that area. That way, you won't have a million false positives showing up when a player decides to spam shift click for legitimate scouting.Edit: On June 06 2012 01:19 ZeromuS wrote:

I posted this in the other thread but here it goes.



In MOHAA there was an anti hack that would screen cap randomly. If you were suspected of hacking you would be given 24 hours to email an admin the screenshot collection and if hacks were found you would be banned, if none no ban and if no Emil you would get banned as well. Worked pretty well and it can work for tournaments run online only for sc2 idf there was a similar application.

You could run an overlay that's recording your game with "normal vision", so the hack can only be seen by you, making the screenshot worthless. You could run an overlay that's recording your game with "normal vision", so the hack can only be seen by you, making the screenshot worthless. =Þ

1 2 3 4 5 6 7 Next All