r1ch.net forums
* Home Help Search Login Register
r1ch.net  |  r1ch.net stuff  |  Anticheat  |  Topic: Anticheat and Linux i386
Pages: 1 2 [3] 4  All
Print
Author Topic: Anticheat and Linux i386  (Read 76540 times)
dioxine
Guest
« Reply #30 on: March 03, 2007, 05:03:11 pm »

Quote from: R1CH
No, since Linux is fundamentally impossible to verify as a trusted environment. You have many hundreds of distributions, each with different binaries depending on CPU type and then of course the thousands of users who build things themselves from source. When you can't even trust that the kernel is legit, trying to create an anticheat solution off such a shaky foundation is pointless. Not to mention binary incompatibility that still plagues Linux.

So how come Punkbuster runs on Linux?

What I don't understand is that potential players are locked out although there are already very few players. Don't you think it would be beneficial not to lock out players on non-windows platforms?
And yes, I know that anticheat isn't mandatory but, for example, the regularly populated Gloom servers have it enabled. I used to play lots of Gloom on Linux but now I can't anymore. cry
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #31 on: March 03, 2007, 05:09:55 pm »

Because they are being paid millions of dollars by games developers and can afford to hire people with expertise in that kind of thing. I'm making nothing and don't have any expertise with Linux from an anticheat standpoint.

If you want to play Gloom on Linux, most servers don't force anticheat and even if they do you can arrange to set up an exception with the admin.
Logged
dioxine
Guest
« Reply #32 on: March 03, 2007, 05:32:43 pm »

Wow, very quick reply!
Well thanks for the hint. I'll try that.
Logged
looker
Guest
« Reply #33 on: March 07, 2007, 02:24:49 pm »

... can i arrange with any of you, so i could play ctf on acmectf? i'm useing slackware linux, 2.6.19, x86...
i can provide any info you need : rolleyes

so many linux users, and all must be disappointed... btw... we run deathmatch and duel servers (with good enought connection), however no ctf servers. if anyone can help me to get into acmeftp, without anticheat (since i get kick off, just couse it doesn't work), contact me at mclooker@yahoo.com

or if you know any other ctf servers, that doesn't require stuff, notice me pleace smiley cya
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #34 on: March 07, 2007, 04:53:32 pm »

Try contacting an admin on www.wormlair.com for AcmeCTF.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #35 on: April 18, 2007, 11:02:39 pm »

Longer version for those who keep on asking:

The main problem is that there is no inherent security on Linux like there is with Windows. With Windows, I can assume with some relatively high degree of probability that if I ask the kernel to do x, it does x. With Linux, since the kernel is all open source, it's impossible to make this assertion as a cheater can simply edit the kernel in a few lines of code to ignore certain things or prevent things (cheats) showing up to certain API calls.

Checking for cheats becomes nearly impossible too as there are hundreds or thousands of different distributions out there, each with their own libGL.so (or whatever), not to mention the thousands or millions of users who build their own stuff from source code (Gentoo and other such distributions), making binary authenticity impossible.

Granted, on Linux there probably aren't nearly as many cheats as there are for Windows, but the ones that are out there or that are made will be nigh impossible to detect reliably. Hell, even verifying the user is running a legitimate client becomes hard as many users can't use pre-compiled binaries and require a binary built from source which will be different on every users machine. Even video drivers change from one tiny kernel revision to another, and are often open source, so any kind of white-listing is again impossible.

Overcoming all of these problems, not to mention creating an ELF code packer / protector from scratch to actually protect a theoretical anticheat.so, is simply far too much work for me as an individual. I've only been able to do anticheat for Windows because I've been working with Windows for many years and know how all the internals work regarding the PE format, memory protection, kernel, Win32 API, etc. I don't even know the basic knowledge of Linux specific platform APIs, let alone the kernel or executable formats. It just isn't something I can feasibly see happening.
Logged
Ratti
Guest
« Reply #36 on: June 17, 2007, 02:18:41 pm »

You say anticheat for linux would be more insecure but as I see it, that's quite the opposite.  The privacy disclaimer on anticheat pretty much tells you it has unrestricted access to any specific files on your computer/processes/window names etc.  Since linux has an actual WORKING chmod permissions system, the user can make it impossible for anticheat to access or alter sensitive/personal data.  All versions of windows have NO such system.  Restricting anticheat to your quake2 folder would not keep it from working properly. It would simply allow a user to block programs from accessing data they have no business looking at.  R1Q2, dedicated, etc are all linux compatable.  I find it very convienent that anticheat forces a user to use a win32 platform. 

If it were available for linux, then of course it would put my privacy concerns to rest.  Is that going to happen?
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #37 on: June 17, 2007, 03:28:52 pm »

I'm not referring to file permissions at all, I'm referring to the ability of a player to cheat undetectably since the OpenGL system, kernel, drivers, etc are all open source and are ripe places for hacks, and given how wildly varied every Linux distribution is and the fact a lot of users build from source, it is impossible to have a checksum of known valid versions. Since there is no trust that the kernel isn't lying about certain things, the entire system becomes untrusted.
Logged
diehard
Guest
« Reply #38 on: September 05, 2007, 10:51:43 am »

im running linux too and have been that for past 6 years, and i know at least 3-4 people running linux and quake (if not q2 then q3).. im also frustrated that there is no anticheat for linux!
Logged
Triar
Member

Posts: 2


« Reply #39 on: September 17, 2007, 06:19:49 am »

Being a Windhose-user myself with a growing interest in Linux (ignore me if I'm talking ****); Would it be possible to provide a basic Linux kernel with AC build in, so it could check it for hacks? If you want to play Q2+AC you have to use this kernel on a Virtual Machine or boot from your Q2AC-partition? Is this making sense? : )
Just my 2 cents (actually just 1 cent since we're using euro's)
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #40 on: September 17, 2007, 02:50:55 pm »

No, since the kernel is licensed under the GPL, any code I add to it would also have to be GPLed. I could use modules, but then I would have to get into system call hooking and stuff and that's way beyond the scope of what I know about Linux.
Logged
Bad Sector
Guest
« Reply #41 on: November 17, 2007, 07:58:01 pm »

Since you say that you know PE and Windows internals, you understand that it's possible to make a custom PE loader under Windows and replace all calls to KERNEL32.DLL with calls to a custom "FAKEKERNEL32.DLL" which then sniffs and modifies everything you ask, making the so-reliable Windows Kernel being not so reliable any more.

Of course knowing how to do this and doing it is almost as practical and probable as random cheaters knowing how to modify their Linux kernel and doing it.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #42 on: November 17, 2007, 08:10:05 pm »

The windows kernel is ntoskrnl.exe, not kernel32.dll. It's significantly harder to mess with ntoskrnl than it is to write a modify a few lines of code in /usr/src/linux and type make.
Logged
Bad Sector
Guest
« Reply #43 on: November 18, 2007, 11:48:19 am »

Well, the thing is, Windows programs never use the API that the NT kernel exposes. Instead, for compatibility reasons, they use a "wrapper" API (what we call the Win32 API) which in turn uses the NT kernel API (which in most cases is used only by drivers). This API is not defined in ntoskrnl.exe, but in the several DLLs that are placed in System32 and existed in non-NT windows. In fact, all Windows programs dynamically link to these DLLs, not ntoskrnl.exe.

I will agree that is easier to *mess* with /usr/src/linux than write a loader that redirects calls, but messing with the kernel code is almost always a good way to drive your system unusable. Remember that not only that single application that the cheater wants to mess with exist in the userspace, but a myriad of other applications with some of them depending on the same functionality. If one is not careful, he won't go far. And except carefulnes, he also needs knowledge.

And personally i think that it's much easier for a novice programmer to figure out how to load PE files (i've found this page as the first entry just by writing PE loader in Google) than to figure out how the Linux kernel works and what they need to modify in order to do what they want. Of course they can also do an ELF loader and do the same thing in Linux, but then the "easyness" part is almost the same.

While i like open source software, i can't stand the misconception of "since the code is there, anyone can modify it". As many programmers know, this isn't true especially for large programs, like the Linux kernel. A programmer has to understand how the program (or the subsystem he wants to modify) work and figure out his way in the source code, which alone is a big task. Then he has to know what to modify and how to do it - and in the case of the kernel, this isn't an easy job, since we're talking about the most important piece of software in an operating system here (if something goes wrong, he may not only be unable to run the program he wants to mess with, but the whole operating system).

When i found a bug in the Mozillla codebase, i decided to try and fix it. Now, we're talking about more than 200MB of source code. It took me some time to figure out what to do and this with the help of other programmers from the Mozilla IRC servers. What i saw, however, is more important than this: almost nobody in there (where major Mozilla programers hang out) knew the whole codebase inside out. Which is pretty normal, i think. It's a huge amount of code smiley.

But if the actual developers of a big project cannot know exactly their source code (and this is true for the Linux kernel too), how an "outsider" can learn the code fast enough in order to make modifications like those you suggest? And even without breaking the whole thing?

So, my point is that the availability of the code doesn't automatically make a project secure or insecure because anyone can modify it. Take Firefox for example. There are much more programmers who use Firefox than the bugs in BugZilla: if each one of those programmers was able to fix a bug, then Firefox wouldn't have bugs. The reality though, is that a very small minority of them mess with the Firefox code and try to fix some bugs. The rest simply doesn't know (or doesn't care).


I'm not writing these to make you create an AntiCheat for Linux. If i would do something like that, i would also go outside and ask random people to give me food, drinks and other stuff. It doesn't work this way and i know it.

My whole reaction was on the kernel security part and only that. As for the rest, i think you've done a great contribution to the Quake2 scene by fixing bugs and providing a stable client and server.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #44 on: November 18, 2007, 02:39:27 pm »

Sure, Mozilla and the kernel are huge projects with many developers. Anticheat is not that big and has a single developer. It only takes one tiny change to cause undesired effects, maybe even == to != somewhere would be enough to throw off the detection. You're almost advocating that security through obscurity works because the project is so huge, when it can also work when the source is not available.
Logged
Pages: 1 2 [3] 4  All
Print
r1ch.net  |  r1ch.net stuff  |  Anticheat  |  Topic: Anticheat and Linux i386
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines