[Mod] anticheat [anticheat]

User avatar
ManElevation
Member
 
Posts: 896
Joined: Tue Aug 02, 2016 22:04
Location: Madrid,Spain
GitHub: ManElevation
IRC: ManElevation
In-game: ManElevation
 

usename
Member
 
Posts: 45
Joined: Tue Jul 18, 2017 21:01

.

by usename » Tue Aug 22, 2017 12:55

.
Last edited by usename on Fri Aug 03, 2018 02:22, edited 2 times in total.
 

User avatar
Linuxdirk
Member
 
Posts: 2227
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: anticheat

by Linuxdirk » Tue Aug 22, 2017 12:59

sofar wrote:There are no violations of copyright, GPL or otherwise in this mod.

Except in the repository where it only states it is GPL but the sources are missing.
 

User avatar
azekill_DIABLO
Member
 
Posts: 7489
Joined: Wed Oct 29, 2014 20:05
Location: OMICRON
GitHub: azekillDIABLO
In-game: azekill_DIABLO

Re: anticheat

by azekill_DIABLO » Tue Aug 22, 2017 13:01

you mean the source link is missing from his post? i see no problem with this mod.
 

User avatar
Linuxdirk
Member
 
Posts: 2227
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: anticheat

by Linuxdirk » Tue Aug 22, 2017 13:29

azekill_DIABLO wrote:you mean the source link is missing from his post? i see no problem with this mod.

You mean the added "obfuscated" Lua source that was added two days ago and was just pushed to the repository?
 

usename
Member
 
Posts: 45
Joined: Tue Jul 18, 2017 21:01

.

by usename » Tue Aug 22, 2017 14:01

.
Last edited by usename on Fri Aug 03, 2018 02:22, edited 1 time in total.
 

User avatar
Linuxdirk
Member
 
Posts: 2227
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: anticheat

by Linuxdirk » Tue Aug 22, 2017 14:08

usename wrote:didn't even notice the lua was obfuscated.

It uses unnecessary "unnamed" (i.e. numbered) variables and a shitton of goto-like comments. I don't even care how that is parsed. OP just gives a shit on FLOSS.

Edit: I beautified the blob. It doesn't get better. 20 levels deep nesting. This is not open-source, this is bullshit. And stuff is named somefunc4, and unknown25, or var_1_2.y.

This is just a big "fuck you" in the face of anyone in the community.
Last edited by Linuxdirk on Tue Aug 22, 2017 14:17, edited 1 time in total.
 

User avatar
rnd
Member
 
Posts: 220
Joined: Sun Dec 28, 2014 12:24
GitHub: ac-minetest
IRC: ac_minetest
In-game: rnd

Re: anticheat

by rnd » Tue Aug 22, 2017 14:15

We all know whats the "idea" with this "uncomfortable to read source" - stop beating around the bush.
I just wont make it easy for wannabe cheaters - end of story.

Also im not attacking anyone - you are, cause you want me to make it easy for you and i wont.
Maybe thats just how i like to program, using function someFunc0(INPUT_VAR_0_). I like that style :) If thats too hard for you dont bother then... If you check my other mods you will notice normal style. This is just for this particular mod.
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT
 

User avatar
Linuxdirk
Member
 
Posts: 2227
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: anticheat

by Linuxdirk » Tue Aug 22, 2017 14:19

rnd wrote:I just wont make it easy for wannabe cheaters - end of story.

You won't get any acceptance with this anywhere - end of story.

rnd wrote:Maybe thats just how i like to program, using function

No you don't. And anyone including you knows that. You intentionally released an obfuscated version of the code you created the binary from and not the actual code.

This potentially malicious bullshit should be taken off the forums. No-one can verify or confirm what you do in that binary blob.
 

User avatar
rnd
Member
 
Posts: 220
Joined: Sun Dec 28, 2014 12:24
GitHub: ac-minetest
IRC: ac_minetest
In-game: rnd

Re: anticheat

by rnd » Tue Aug 22, 2017 14:44

This potentially malicious bullshit should be taken off the forum. No-one can verify or confirm what you do in that binary blob.


You can verify what is used quite easily from looking at the "source", for example you can clearly see what "outside functions" are used:
local var_0_1 = minetest.get_node(var_0_2)

Other functions are:
minetest.get_node, minetest.find_nodes_in_area, minetest.get_player_privs, minetest.line_of_sight
Do explain how this is "potentially malicious bs" or do you just like to spread "fake news"?
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT
 

User avatar
Linuxdirk
Member
 
Posts: 2227
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: anticheat

by Linuxdirk » Tue Aug 22, 2017 16:03

rnd wrote:Do explain how this is "potentially malicious bs" or do you just like to spread "fake news"?

Take SHA256 sum from binary. Compile the source, take SHA256 sum from compiled source. If it differs the original binary was compiled from a different source if compiler version and parameters are identical.

Provide your compiler version and parameters so people can verify that the binary was created from the obfuscated source you provided.

As long as this does not happen it's potentially malicious.
 

User avatar
rnd
Member
 
Posts: 220
Joined: Sun Dec 28, 2014 12:24
GitHub: ac-minetest
IRC: ac_minetest
In-game: rnd

Re: anticheat

by rnd » Tue Aug 22, 2017 16:33

I used my source and dump(function) to get bytecode. No external functions are hidden - try it yourself on your examples and then use decompiler - you will see ALL external functions that you used.

Now you can verify that no bad functions are used with decompiler but you cant see easily what i am doing INTERNALLY using safe functions. Good? Go read how decompiler works - it doesnt hide
external functions that were used.

As for why i did this - i dont like cheaters poking and analyzing code easily and finding weaknesses how they can avoid checks. I would be prepared to work on this with someone else but that should obviously be someone trusted - he would also get full original source. If you can write "open" anticheat that cant be exploited easily and works great - good for you. If you cant - its time to play hide and seek - cheaters dont play "fair" either.
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT
 

User avatar
Linuxdirk
Member
 
Posts: 2227
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: anticheat

by Linuxdirk » Tue Aug 22, 2017 16:51

rnd wrote:but that should obviously be someone trusted - he would also get full original source.

Trust is a weakness. Security is about integrity and authenticity. You should not build security on trust - it WILL fail sooner or later. This applies your security through obscurity here, too.

So again: what are the exact steps you performed to generate the binary file from the source (include the names and versions of all involved software)? Only with this it is possible to verify your statement.

rnd wrote:If you can write "open" anticheat that cant be exploited easily and works great - good for you. If you cant - its time to play hide and seek - cheaters dont play "fair" either.

There are several open source security-related tools that are widely used and that are not exploited all the time. So it IS possible.
 

User avatar
azekill_DIABLO
Member
 
Posts: 7489
Joined: Wed Oct 29, 2014 20:05
Location: OMICRON
GitHub: azekillDIABLO
In-game: azekill_DIABLO

Re: anticheat

by azekill_DIABLO » Tue Aug 22, 2017 17:01

this is strange to have so much security actually... It's just an open source mod (or is it supposed too)... You must accept that someone will fork you, as it's totally legit.
 

User avatar
rnd
Member
 
Posts: 220
Joined: Sun Dec 28, 2014 12:24
GitHub: ac-minetest
IRC: ac_minetest
In-game: rnd

Re: anticheat

by rnd » Tue Aug 22, 2017 18:31

Trust is a weakness. Security is about integrity and authenticity. You should not build security on trust - it WILL fail sooner or later. This applies your security through obscurity here, too.

How do you know that minetest client game you are using right now isnt collecting some data on your computer? Did you check every line of code or do you just "trust" :)
I hope you are not using stuff like M$ Windows or proprietary mobile phones cause talk about "integrity and authenticity" is then meaningless https://en.wikipedia.org/wiki/Criticism_of_Microsoft

So again: what are the exact steps you performed to generate the binary file from the source (include the names and versions of all involved software)?


I used string.dump (function) http://www.lua.org/manual/5.1/manual.html and function was
given by my original source code.

Only with this it is possible to verify your statement.

It is also possible to verify with decompiler of your choice which will show all code/external functions that are used - did you do that?

There are several open source security-related tools that are widely used and that are not exploited all the time. So it IS possible.


Im sure there are - like you have cryptography open source systems that we "trust"(tm) are not exploited (https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Backdoors :) ) But can you be more "specific" - also it should be related to detecting anticheats in minetest & should work better than this one.

About over reacting - i only over react if people dont do their homework and say stuff without basis/references.
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT
 

sofar
Developer
 
Posts: 2086
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: anticheat

by sofar » Tue Aug 22, 2017 18:33

Linuxdirk wrote:
sofar wrote:There are no violations of copyright, GPL or otherwise in this mod.

Except in the repository where it only states it is GPL but the sources are missing.


If you actually read what I wrote, you would understand that there is no GPL violation in this case.
 

sofar
Developer
 
Posts: 2086
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: anticheat

by sofar » Tue Aug 22, 2017 18:37

usename wrote:Also, obfuscatedcode == closedsource.


This is completely nonsense. Obfuscation just makes it harder to read, it doesn't just magically cross a threshold where it becomes closed source. No open source license is incompatible with code obfuscation either.
 

usename
Member
 
Posts: 45
Joined: Tue Jul 18, 2017 21:01

.

by usename » Tue Aug 22, 2017 19:21

.
Last edited by usename on Fri Aug 03, 2018 02:21, edited 1 time in total.
 

sofar
Developer
 
Posts: 2086
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: anticheat

by sofar » Tue Aug 22, 2017 19:43

Naj wrote:If you go that way then any binary could be considered as a valid source code (after all, it's just more complicated to understand than the written source code).


No, that's an unfair comparison. Compiling != obfuscation. Compiling removes entire high level concepts like how memory is allocated and exchanges it for the most efficient way for a processor to do this. Code obfuscation doesn't do any of those things.

Naj wrote:I disagree, and so do many open source definitions. Of course open source implies that the code is readable and not obfuscated.


Please cite sources where open source definitions claim they are incompatible with the widely used open source licenses. While there may be plenty of people complaining about obfuscation (don't get me wrong, I don't like it either) it doesn't constitute an attack or an incompatibility with open source principles. Ultimately, obfuscated (open or not) source code will be untangled and the ideas and methods are widely accessible to someone with enough time. It's certainly not the best way to do open source, but there are worse ways, and sometimes this may work for someone better than not at all.
 

User avatar
Linuxdirk
Member
 
Posts: 2227
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: anticheat

by Linuxdirk » Tue Aug 22, 2017 20:04

rnd wrote:How do you know that minetest client game you are using right now isnt collecting some data on your computer? Did you check every line of code or do you just "trust" :)

I do up to a certain extend, yes.

rnd wrote:I hope you are not using stuff like M$ Windows or proprietary mobile phones cause talk about "integrity and authenticity" is then meaningless

Nickname related ... duh.

rnd wrote:I used string.dump (function) http://www.lua.org/manual/5.1/manual.html and function was given by my original source code.

Can’t reproduce. Sources differ. -> potentially malicious.
 

sofar
Developer
 
Posts: 2086
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: anticheat

by sofar » Tue Aug 22, 2017 20:13

Naj wrote:About open source and obfuscation, it is clearly stated here : https://opensource.org/osd-annotated


But that's the OSI's version of what "open source" means, and sure, OSI approved open source licenses are "better" than non-OSI approved licenses, but it means little on a larger scale, just look at the amount of licenses that exist that are NOT OSI approved:

https://spdx.org/licenses/

Please note that the **entire** range of CC-* licenses is not OSI approved. Would you claim to say that software covered under the CC-* set of licenses is therefore not "open source" either? How about the WTFPL? Not OSI approved either. Oops?

What you are saying is that you are unwilling to say that anything that is not "open source in the most pure and free versions of open source" is, according to you, not "open source". But that's simply not reality.
 

User avatar
Linuxdirk
Member
 
Posts: 2227
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: anticheat

by Linuxdirk » Tue Aug 22, 2017 20:19

sofar wrote:How about the WTFPL? Not OSI approved either. Oops?

WTFPL basically is putting your work into public domain which is not valid in most countries outside the United States and therefore should be avoided.

Same with unported CC versions: Those are not fully legal.
Last edited by Linuxdirk on Wed Aug 23, 2017 09:00, edited 1 time in total.
 

User avatar
azekill_DIABLO
Member
 
Posts: 7489
Joined: Wed Oct 29, 2014 20:05
Location: OMICRON
GitHub: azekillDIABLO
In-game: azekill_DIABLO

Re: anticheat

by azekill_DIABLO » Wed Aug 23, 2017 06:47

rnd wrote:Did you check every line of code


I did check the code and used a special firewall, minetest has no problem about security.
 

User avatar
ManElevation
Member
 
Posts: 896
Joined: Tue Aug 02, 2016 22:04
Location: Madrid,Spain
GitHub: ManElevation
IRC: ManElevation
In-game: ManElevation

Re: anticheat

by ManElevation » Wed Aug 23, 2017 21:24

azekill_DIABLO wrote:
rnd wrote:Did you check every line of code


I did check the code and used a special firewall, minetest has no problem about security.

Fk the segurity, sorry I'm Spanish :D
 

User avatar
azekill_DIABLO
Member
 
Posts: 7489
Joined: Wed Oct 29, 2014 20:05
Location: OMICRON
GitHub: azekillDIABLO
In-game: azekill_DIABLO
 

PreviousNext

Return to WIP Mods



Who is online

Users browsing this forum: MyordasMineTest and 3 guests