Anti Cheat

[xezon]

We need to figure out strategies to combat cheating.

Strategy 1

Perhaps we can mutate p2p network communications, random generators and seeds in a way so that only executables signed by the same private token are compatible. Ideally the mutation complexity would be large enough so that an attacker cannot easily swap this code in the compiled file. Mutations can be force inlined, to spread them out further across the code. Ideally hooks are all code bits that access some network or logic related inputs that need not be of a specific value.

With such a mutation in place, a publisher should be able to create an executable that is multiplayer incompatible with the executable of another publisher, even if they both owned the exact same source code.

Edit: Can likely be defeated

Strategy 2

Make Replay logging richer:

• Save Camera and Mouse movement, Key presses and Chats in Multiplayer Replay #208

[jmarshall23]

There is nothing you can do with a open source exe that would be worth while as a anti cheat.

[seacat17]

I mean... Instead you could send the data from server in a way that will make cheating useless. Like, what can you do with cheats in properly built RTS? Money? Impossible, it's server-side. Remove the fog of war? Useless, the server won't send enemy's units' positions unless they're within your view radius. Speedhacks? The server will tell you to screw off because of desync.

It's not an FPS where you need to aim and shoot in a right way. Here all you need is intel and quick thinking.

[xezon]

So for Strategy 1 I think the natural attack vector would be:

1. make diff of the to-be-attacked executable with the attacker signed executable of the same code
2. apply edits to to-be-attacked source code that matches the to-be-attacked executable
3. make signed attacker executable
4. apply diff to the attacker executable

Not very promising...

[vnvx]

I mean... Instead you could send the data from server in a way that will make cheating useless. Like, what can you do with cheats in properly built RTS? Money? Impossible, it's server-side. Remove the fog of war? Useless, the server won't send enemy's units' positions unless they're within your view radius. Speedhacks? The server will tell you to screw off because of desync.

It's not an FPS where you need to aim and shoot in a right way. Here all you need is intel and quick thinking.

This is a peer-to-peer game. Writing a fully functional server and integrating it with the current code is hard and time-consuming work. It can surely be done, but it will take a long time.

The question is:

Should we prioritize making the current P2P system work with a basic anti-cheat system and focus on the server in version 2.0.0 of the game, or should we concentrate on the server right now and not waste time on the old approach?

[seacat17]

Well... You know how OpenRA works... And people on Steam complain about the lack of an official server...

[augustresende]

https://github.com/AlSch092/UltimateAntiCheat

I think it's worth checking

[seacat17]

I like this one. Seems like a good FOSS AC.

[jmarshall23]

I've written a lot of these(anti cheat/anti copy tech), best case scenario it usually prevents people from hacking the game for about a month(4 to 10 weeks on average) then cheats are usually available, and thats in closed source denuvo based projects. These are fun to work on but usually don't yield anything of value in the long run
.

[DevGeniusCode]

Several similar discussions
https://opensource.stackexchange.com/questions/4449/how-can-cheating-be-prevented-in-a-floss-multiplayer-game
https://forums.wesnoth.org/viewtopic.php?t=14865
https://www.gamedev.net/forums/topic/368086-open-source-and-anti-cheat/
https://forum.freegamedev.net/viewtopic.php?f=3&t=4388

[undead2146]

Here’s my two cents on this topic.

Zero hour is a community driven game, with a lot of the active playerbase across different platforms being acquainted with each other.

In this regard the community itself is the biggest anti cheat, whereby bad actors are gonna be either anonymous or known cheaters.

If we give the community the tools to deal with bad actors then cheating itself would be less of an issue.

Wether it be detecting cheaters(gentool), exposing them, or barring them from playing with people in the community.

Currently most games are played on Radmin and GameRanger where it’s more obvious to exclude people you don’t want to play with.

This however only tackles the anti-cheat in terms of people gaining an unfair advantage, there could also be malicious actor who’d take advantage of potential serieus game vulnerabilities that can do more damage than just a bad match.

[Chikinsupu]

I second this. There is a lot of talk about all sorts of anti-cheat solutions right now, but in my honest opinion it's kind of overrated at the moment. It's not like we are serving tens/hundreds of thousands of people, so i would assume that the actual amount of bad actors is quite small, especially with manually created lobbies like undead said.

That being said, i still think that some kind of anti-cheat measures are still important especially for cases like online tournaments with a price pool or when it comes to malicious attacks and exploits. But i don't think that we have to implement some crazy anti cheat system for that. The exploits and vulnerabilities of course should be fixed, that is a no-brainer.

So yes, we should of course implement anti-cheat solutions, but i don't think that the priority is that high, imho

[lostsquirrel1]

Tarnished Knight here, you can prevent most forms of cheating by moving game state and verification into sync'ed code - this requires a review of the current network commands. If done properly, game state cheating will force a CRC mismatch. Map hacking is perhaps something to tackle as a separate issue.

[CarlosR759]

I think the anticheat is going to depend also if the cross platform support is going to be only by wine ussage or native usage of linux and mac, and also bsd probably. Maybe the simplest approach is to go for wine 100% all in, Since you can use Lutris in linux and create the yaml file for quick installation for non tech savy people, probably the same you can do it in mac with crossover. I still have the generals and zero hours cd, and I played in Linux with the first version of the game without patches applied, it works fine, and also I think works better than windows because I believe it's using the dot net library for the time of the game release.

So probably if you want some kernel level anti cheat, maybe the quickest path is going full wine, but that probably it's going to let some people outside of playing the game because they are not tech savy enough. Also with this approach you are denying the possibility to have a package of the game in Linux distros like openRA in the future and in homebrew I guess (Not a mac user).

I think that the server approach can let you have more security in some scenarios, but also you can implement the possibility of banning IP addresses that are cheaters and hackers. So in that case you can also ban vpn usage and TOR/I2P relay IPs by default in the server. You can have in the game the option for launching p2p game matches, but also the server option. So in the end you can create a general server that's is not going to have by default any kind of cheating and hacking behavior so newer players don't quit the game by cheater usage. But also you can have the legacy feature of p2p and the option to have a custom server. The custom server could be use maybe for pro players that want to have the minimum latency possible. The custom server and p2p options could have vpn support by default.

[tintinhamans]

With CGNAT becoming more and more widespread, I think IP bans are becoming a bit untenable.

Re: wine; I believe that people are already looking at true native builds for 'nix platforms, making wine potentially unnecessary in the future.

[CarlosR759]

I think the solution is to have account banning for the central server in the future and not for ip address because of residential ip and CGNAT as you said. But in that server also we can made the config to block access from well know vpn addresses and relays from Tor and i2p exit nodes, and also apply this config when you are creating the user login account in the webpage. In that case you can avoid many cheaters and hackers that could just start to create accounts every single time and change the ip address when they get banned. That with a strong policy that with one or two hacks warnings before banning could get away many bad actors for people that just want to play nice.

I also think and dream with *nix native support, but if in the project we are going to build an anti cheater that could work in the kernel level, that at least you need to be compatible with 3 operative systems. Since the mac os kernel I guess is close source, maybe that is going to be hard to implement well. So I believe that a nice roadmap could be fixing zero hour and granting Linux/macOS support with wine first, but codding the anti cheat in mind that also needs to be compatible with other kernels in the future. As probably you may know, the Linux kernel in current version does come with many bugs, for example there is a bug with amd gpus right now that sometimes freeze the image of the screen for a couple of seconds (even in LTS sometimes), other times the system just breaks something after a patch. So another suggestion is to suggest the players to play with the Linux-LTS version instead of the latest one, that also will be more comfy for players and developers. So a little disclaimer saying we only support Linux-LTS version but if you want to try latest or zen version you can but it's not going to have direct support for the developers.

So that's my humble opinion.

[lostsquirrel1]

Kernel-anticheat is great way to get players to hate the project. In-game cheats can be defeated by fixing the security flaws in the game's network protocol such that any attempt to modify the game will result in mismatch rather than all the clients happily accepting the Insecure Direct Object Reference.

Map hacks are a lesser issue, but if the protocol is extended such that the clients report mouse position and camera position - you'll be collecting the data needed to analyse whether someone is cheating. Maybe you'd be able to run it through some AI to flag possible cheating? If the cheater attempts to hide their camera and mouse positions then I think they will have a near impossible task to make the result convincing (i.e. it has to look natural and line up with commands issued.)

If a relay server is used as suggested in https://github.com/TheSuperHackers/GeneralsGameCode/issues/2497, then you also have a system that can allow easy spectating. So you can use spectators to help look for cheaters - especially if you give them the option to follow a player's camera.

[CarlosR759]

Hey many thanks for the reply. I'm not a game dev but know some stuff, and also trying to help in this project.

I read your post in #369 and thank you so much for your help in understanding the code. Many years waiting to see how the anticheat of this game works to be honest.

I'm not sure if with the current zh anti cheat you can fetch the game data from the match without being detected. Since you are not altering the users command stack of the game, therefore maybe you can launch the game with some cpu cores (In case of multi core supported being added) and with another core you could simple see the income of players, units positions and building being in construction. What do you think about that scenario ? Someone can have two screens to see the match and also see the information in parallel, or just use window mode if the display is big enough.

I remember back in the ea server days that someone hack my match and suddenly a lot of planes appear from nothing and destroy my base. I assuming that now the main issue is the corrupted map. Maybe the another player have one version of the map that I don't have and the game just download the map for me, but initially the map of the game came with all that airplanes available by default for the other player. I remember checking the match to see how they came with many airplanes, If I'm not remembering wrong, they just appear from nothing, so maybe I don't know how the player make the map starts with the airplanes being camouflaged, and suddenly appear, that's how I remember it. Maybe the camouflage part I can have a false memory in my head, but the airplanes surely 100% appears with some hack.

So I understand that the kernel anticheat maybe is not the best solution, since we can use the features from the game and fix it to work with current hardware and software. But if you can start with maps that came with all of that, maybe another approach is to have in a main server (not necessarily a relay one, and also I can't see the link you send me :C ) a database with all the maps hash that we know are without any malicious activity. So we can make a check function to detect before a multiplayer match begins to check if the map is a healthy one, and if it's not then send a warning or just close the match. I think that could solve the map issue without getting into kernel level and getting the development more hard to do it in cross platform support. What do you think ?