Back to Home | Counter-Strike rankings



Back to forum topics
THE CLEANER HALF-LIFE ANTICHEAT PROJECT 09:20am 01 Nov 2001
Posted by: Dragonfist
Date: 09:20am 01 Nov 2001

This message has been read 52 times.		  
Thought people might find this interesting, if it was already posted, sorry.
Here is a link to their website: http://www.thecleaners.dk/

THE CLEANER HALF-LIFE ANTICHEAT PROJECT
=======================================

Server
* fully GPL, open source
* gets signature and binary updates from master servers
* distributes updates to clients
* authenticates clients
* logs violations returned from clients
* processes screenshots returned from clients
* must be portable (win32, linux & autoconf)
* has "ring" of client public keys which are consired authentic.
This ring gets autoupdated by master servers. Client gets removed from
this ring after it has been hacked and it won't be allowed anymore.

Client
* receives signature and binary updates from server (not master!)
* uses public key crypto for verifying updates and signatures
* uses advanced signature scanning (and other methods) for cheat
detection
* reports cheats to server
* everything else but OS specific tips and tricks should be portable
code

Utilities
* system scanner and process dumping
* automatic signature creation for quick and dirty cheat
addition (5 seconds, heh, beat that). Lateron after research heuristic strings can be added).
* software used to "sign" signature and binary releases.
* master server software, used to distribute updates to servers, HTTP/FTP should do fine too :-)

PROTOCOL DESCRIPTION:

HANDSHAKE
client requests challenge

server returns random challenge number (this step is need to prevent false
IP flooding from eating up CPU, pubkey crypto is not THAT cheap)

client requests authentication with challengenumber

server generates 128 random bytes, encrypts them with one of matching
client public keys and sends them to client.

client decrypts bytes with matching secret key which is distributed around
the source in random sized byte arrays (modular algorithm). Key is handled byte
by byte. Client calculates HASH of decrypted bytes and returns it to the
server. (client denies too simple challanges)

server compares hash to hash from client to hash of original random bytes.
If hash matches, server turns on encryption (blowfish for example) using
those random bytes as session key. If hash doesn't match, client is disconnected
and "banned" for X minutes.


After this, verification (against proxy), authentication etc. can be
performed

Client
OS detection
memory scanning
hook scanning
dll scanning
file scanning

Signature scanning engine with heuristics

API tracing/rehooking

Check if loaded by OS or loaded by some other mean
Check for debuggers

Keep important parts of code ENCRYPTED in memory
(breaks win32 specs, but works nice against procdump ;-)

Don't check for all the cheats all the time. BE SNEAKY BASTARD.

Server source is FREELY availabe.

Parts of CLIENT source are availabe under special license.

Important parts (key handling, authentication, protocol,
are kept CLOSED source). Must be easily changeable and modular.

Allow small signature updates. Client verifies updates with
dev. team pkey. Updates are really small and get appended to
signatures.

Allow automatic binary updating.

Use SOURCEKEY for extra protection.


Go to the original post here :

http://forums.counter-strike.net/cgi-bin/ikonboard.cgi?s=3be0f6b06e53ffff;act=ST;f=1;t=1418


[7th@]Sn@kestyles

You need to login before you can post a reply.

  Replies author date
  THE CLEANER HALF-LIFE ANTICHEAT PROJECT   Dragonfist    09:20am 01/11/01 
  sounds promising.   [HzO]S!LV3R SuRF3R    09:41am 01/11/01 
  sounds promising.   [HzO]S!LV3R SuRF3R    09:41am 01/11/01