Recently, due to combination of hitting a wall in reversing sc2 internals for a bot api (think bwapi), and real life stresses, I have turned my sights on an easier project which I can release to the hack leeching community on d3scene: cheating custom maps.
I would like to give the community a quick overview of the anti cheating protection I have encountered so far, and tips on what works and what doesn't.
Bank Signature
Despite me having replicated the signature generation code, this method I deem to be pretty secure. It allows you to save your variables without any custom made encryption scheme and still be safe from tampering by 99% of the community.
The signature is generated using a combination of the bank values, player account number, and author account number. It is vital that you note that only the primitives are encrypted(ie. int, fixed, string, bool). Objects such as Text, Unit, etc are not used in the signature generation.
Custom Encryption Scheme
While I'm not aiming to deter people from learning and playing around with encryption, it is important for you to know that any moderately skilled programmer/hacker can simply open your galaxy script and copy&paste all your methods into C# to duplicate your code. The 2 languages are so similar that only a few minor things have to be tweaked, mainly the string manipulations.
I don't recommend putting a lot of time into this method due to how simply it can be hacked. A much better option would be the bank signature.
Obfuscation
Of all the maps I've looked at, only the SotIS map has attempted to obfuscate their code. I want to stress that this is by far one of the best ways to deter hackers from having a crack at cheating your map. Obfuscation makes no attempt to hide the fact that code and saving methods are exposed, but rather makes the code so hard to read and understand that most people deem it not worth the effort.
I have no experience in map making, but I don't see it being too hard to paste your scripts into any old text obfuscator, replacing all the non syntax keywords with random gibberish. Just be sure to keep a readable copy on hand for yourself to work with. =p
Please note: if you decide to do go part way with obfuscation like SotIS (only obfuscates certain code), it is much better to obfuscate your global variables and method names rather than the internal workings of the methods (SotIS fell into this trap). It makes it much harder to tell what variable needs to be changed to cheat a certain stat.
Include Libraries
I only found out how troublesome this was due to me hacking the Zerg Hunter RPG: Betrayl map. This method makes use of the Locked map option that blizzard gives to map makers. When a map is published as locked, the map is split into 2 files which are stored separately in the Battle Net Cache. 1 part stores all the dependencies and natives, while the other part stores your map's custom galaxy script etc. The dependency file can't be scanned by s2ma manager currently, as it isn't a true map file.
If you put your bank sensitive code into a library, it will be stored in the dependency file which is very hard to find. Hackers will have to either create a custom mpq scanner application to trawl through the cache and merge the 2 files together (what I did), or they have to manually click through the hundreds of folders in the cache to find the right file (a massive pain! xD).
The Best Method of All
Very simply... don't save anything =p
Thats all I got for now! Hope this helps you guys =D
What about cyclic arithmetic checks? I plan to use something similar for my map, but I'm unsure how easy they will be to break due to, well, lack of experience in breaking stuff.
For example, say I wanted to save a hero's level. Let's say he's level 3.
I'd store 3 variables. When put into a formula (let's just say a+b-c), they end up with the hero level.
As an example, a=4, b=6, c=7. 4+6-7=3.
The numbers would be much larger, 32-256 characters long. If the numbers don't add up to a viable integer (ie they add up to 3.1 or somesuch), the stat is ignored.
How secure is this? I know it wouldn't be perfect, but I'm curious how you'd deal with this. Of course, there'd be 20-30 stats, so 100 or so jumbled number strings.
Lol I did some obfuscation with Death Haven. It was so confusing though that even I had trouble reading it after I made it. Ultimately we do need server banks. Make the bank files use up our extra map space or w/e; i'll take anything at this point.
But I agree with your last point... kinda screwed for RPGs but we don't really have power to protect yet.
This sounds like a case of no. 2. If any random person can just copy your script, replace your hero level etc with static values and generate a code, then it's pretty ineffective if a person wants to hack it. I really have to take a first hand look to judge though. Overall, I still recommend using one of the other 3 methods, signature protection being the easiest to implement.
Thats y u keep an unobfuscated copy on hand =p Server sided banks will be the ultimate solution indeed. If that does happen, hackers will have to either make trainers specifically for each map or breakpoint the banksave code in assembly and manually change values that way. Both ways aren't really worth the effort, so it'll be a win for you guys.
I had never had the time to really look into this but I had presumed that it was a combination of the Bank Values + Authors Account + Players Account. It makes sense that the text, unit values are not used.
Process of elimination; When copying a bank file between user accounts, only part of the bank file, if at all will work. When creating your own bank file with the same details, the signature doesn't match. Yet making multiple maps and bank files the signatures will match, so it is not the map ID or anything like that. Bank values change, thus the signature changes.
That is pretty much what I had worked out, but had never gone beyond that due to a lack of time.
Custom Encryption should be used IMO, will it stop the map from being hacked? Of course not, but it will stop 99% of kiddies twiddling in your bank files.
This is just common sense, when I uploaded the beta of Phant3m, I renamed all my variables (global/local), functions and triggers to random characters. This was for nothing more than to make the code unreadable enough that 99% of the people would just give up.
Include Multiple Libaries over Multiple Mods (if you have them) for dealing with encryption or anything else you wanna keep pseudo-secret ... muahaha ... I am a dick.
Heh. I haven't finished hacking it as such. The sheer amount of effort you put into it is really reflected by the seemingly endless types of items and stats that you're saving.. I got tired of reading your banksave script (Your library is 18k lines omfg =.='...), so I'm leaving the code generation to anyone who wants to actually cheat it that badly.. I'm just offering to help with signature protection now instead..
Lol, just thinking of obfuscation makes my head hurt. Fortunately I dont need it, since my map doesnt save anything :D. Would be pretty awesome if Blizzard took the time to add some proper security mechanisms.
EDIT:
I vote sticky to. The people that save stuff in their maps probably will find this thread very useful.
I usually rename all variables to stuff like I1I1I1 / 1II1I1 / 1I1I1I , O0O0O0 / OO00O0 / 0O0O0 , eEeEeE / EeEeeE , UVUVVUVU / WUVUW and follow that pattern.
When you open my code and you see all variables look mostly the same, your head explodes.
Also, I use redundant variables randomly around, even storing pointless stuff.
Haven't obfuscated anything for SC2 yet, but I too think bank encryption is the best anyway :). I would love to protect terrain too, but well :S.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
Recently, due to combination of hitting a wall in reversing sc2 internals for a bot api (think bwapi), and real life stresses, I have turned my sights on an easier project which I can release to the hack leeching community on d3scene: cheating custom maps.
I would like to give the community a quick overview of the anti cheating protection I have encountered so far, and tips on what works and what doesn't.
Bank Signature
Despite me having replicated the signature generation code, this method I deem to be pretty secure. It allows you to save your variables without any custom made encryption scheme and still be safe from tampering by 99% of the community. The signature is generated using a combination of the bank values, player account number, and author account number. It is vital that you note that only the primitives are encrypted(ie. int, fixed, string, bool). Objects such as Text, Unit, etc are not used in the signature generation.
Custom Encryption Scheme
While I'm not aiming to deter people from learning and playing around with encryption, it is important for you to know that any moderately skilled programmer/hacker can simply open your galaxy script and copy&paste all your methods into C# to duplicate your code. The 2 languages are so similar that only a few minor things have to be tweaked, mainly the string manipulations. I don't recommend putting a lot of time into this method due to how simply it can be hacked. A much better option would be the bank signature.
Obfuscation
Of all the maps I've looked at, only the SotIS map has attempted to obfuscate their code. I want to stress that this is by far one of the best ways to deter hackers from having a crack at cheating your map. Obfuscation makes no attempt to hide the fact that code and saving methods are exposed, but rather makes the code so hard to read and understand that most people deem it not worth the effort. I have no experience in map making, but I don't see it being too hard to paste your scripts into any old text obfuscator, replacing all the non syntax keywords with random gibberish. Just be sure to keep a readable copy on hand for yourself to work with. =p
Please note: if you decide to do go part way with obfuscation like SotIS (only obfuscates certain code), it is much better to obfuscate your global variables and method names rather than the internal workings of the methods (SotIS fell into this trap). It makes it much harder to tell what variable needs to be changed to cheat a certain stat.
Include Libraries
I only found out how troublesome this was due to me hacking the Zerg Hunter RPG: Betrayl map. This method makes use of the Locked map option that blizzard gives to map makers. When a map is published as locked, the map is split into 2 files which are stored separately in the Battle Net Cache. 1 part stores all the dependencies and natives, while the other part stores your map's custom galaxy script etc. The dependency file can't be scanned by s2ma manager currently, as it isn't a true map file.
If you put your bank sensitive code into a library, it will be stored in the dependency file which is very hard to find. Hackers will have to either create a custom mpq scanner application to trawl through the cache and merge the 2 files together (what I did), or they have to manually click through the hundreds of folders in the cache to find the right file (a massive pain! xD).
The Best Method of All
Very simply... don't save anything =p
Thats all I got for now! Hope this helps you guys =D
Thanks for pointing those out
sticky please
What about cyclic arithmetic checks? I plan to use something similar for my map, but I'm unsure how easy they will be to break due to, well, lack of experience in breaking stuff.
For example, say I wanted to save a hero's level. Let's say he's level 3.
I'd store 3 variables. When put into a formula (let's just say a+b-c), they end up with the hero level.
As an example, a=4, b=6, c=7. 4+6-7=3.
The numbers would be much larger, 32-256 characters long. If the numbers don't add up to a viable integer (ie they add up to 3.1 or somesuch), the stat is ignored.
How secure is this? I know it wouldn't be perfect, but I'm curious how you'd deal with this. Of course, there'd be 20-30 stats, so 100 or so jumbled number strings.
@Kalafina: Go
Lol I did some obfuscation with Death Haven. It was so confusing though that even I had trouble reading it after I made it. Ultimately we do need server banks. Make the bank files use up our extra map space or w/e; i'll take anything at this point.
But I agree with your last point... kinda screwed for RPGs but we don't really have power to protect yet.
@sigmapl: Go
I'm glad it helped ^_^
@Eiviyn: Go
This sounds like a case of no. 2. If any random person can just copy your script, replace your hero level etc with static values and generate a code, then it's pretty ineffective if a person wants to hack it. I really have to take a first hand look to judge though. Overall, I still recommend using one of the other 3 methods, signature protection being the easiest to implement.
@OneTwoSC: Go
Thats y u keep an unobfuscated copy on hand =p Server sided banks will be the ultimate solution indeed. If that does happen, hackers will have to either make trainers specifically for each map or breakpoint the banksave code in assembly and manually change values that way. Both ways aren't really worth the effort, so it'll be a win for you guys.
@OneTwoSC: Go
Ya... your backup bank in death haven makes it a little easy to get 650,000 kills or whatever. :P
You hacked ZHRPG >_>
At least it was for the greater good, haha.
I had never had the time to really look into this but I had presumed that it was a combination of the Bank Values + Authors Account + Players Account. It makes sense that the text, unit values are not used.
Process of elimination; When copying a bank file between user accounts, only part of the bank file, if at all will work. When creating your own bank file with the same details, the signature doesn't match. Yet making multiple maps and bank files the signatures will match, so it is not the map ID or anything like that. Bank values change, thus the signature changes.
That is pretty much what I had worked out, but had never gone beyond that due to a lack of time.
Custom Encryption should be used IMO, will it stop the map from being hacked? Of course not, but it will stop 99% of kiddies twiddling in your bank files.
This is just common sense, when I uploaded the beta of Phant3m, I renamed all my variables (global/local), functions and triggers to random characters. This was for nothing more than to make the code unreadable enough that 99% of the people would just give up.
Include Multiple Libaries over Multiple Mods (if you have them) for dealing with encryption or anything else you wanna keep pseudo-secret ... muahaha ... I am a dick.
@Zantai: Go
Heh. I haven't finished hacking it as such. The sheer amount of effort you put into it is really reflected by the seemingly endless types of items and stats that you're saving.. I got tired of reading your banksave script (Your library is 18k lines omfg =.='...), so I'm leaving the code generation to anyone who wants to actually cheat it that badly.. I'm just offering to help with signature protection now instead..
Lol :P
<3
@Kalafina: Go
Lol, just thinking of obfuscation makes my head hurt. Fortunately I dont need it, since my map doesnt save anything :D. Would be pretty awesome if Blizzard took the time to add some proper security mechanisms.
EDIT:
I vote sticky to. The people that save stuff in their maps probably will find this thread very useful.
I usually rename all variables to stuff like I1I1I1 / 1II1I1 / 1I1I1I , O0O0O0 / OO00O0 / 0O0O0 , eEeEeE / EeEeeE , UVUVVUVU / WUVUW and follow that pattern.
When you open my code and you see all variables look mostly the same, your head explodes.
Also, I use redundant variables randomly around, even storing pointless stuff.
Haven't obfuscated anything for SC2 yet, but I too think bank encryption is the best anyway :). I would love to protect terrain too, but well :S.