First of all, this post isn't seeking any sort of technical help. It's just something that I've been thinking about regarding the new cheat detection.

At first I was excited about the inclusion of third party software detection and the suspensions, mostly for the Red99 implications. As I stated in another thread, this is a huge boon for Red99 only IF a loophole isn't found. Unfortunately there are two:

ShowEQ vs. MySEQ. The third party software detection can detect MySEQ but not ShowEQ. What this means is, the convenient Windows-based version of MySEQ which absolutely anyone who can install P99 could use, is detectable by eqgame.dll. However, the Linux based ShowEQ is not.

Problem: Those who are able to run ShowEQ on a Linux box have just been given an advantage with this recent hack detection.

The second and largest issue is that players are already altering the eqgame.dll file to disable the third party software detection. I'm sure the implications of this are obvious. Say you have 3 random competing guilds on Red99. GuildA has a member with enough tech savvy (ie. Tyen/Salty) to alter the eqgame.dll and then redistribute it to anyone in their guild. This gives a large advantage to one single guild as they are now able to run MQ2 / MySEQ without automatic detection.

This is the double edged sword of cracking down on those using cheat software. It's obviously ideal if you can come up with a system that protects everyone. Unfortunately, when systems are implemented "half-assed" it only shifts the advantage around to those who know how to cheat the system. This can actually have a larger negative impact than not implementing the detection in the first place. 15% of your serverbase with the advantage of third party software is not really preferable to say 75% of your serverbase with third party software.

I'm not really suggesting anything, just providing food for thought and incentive to somehow combat those that are altering the eqgame.dll file. As far as combating ShowEQ, I have no idea.

GuildA has a member with enough tech savvy (ie. Tyen/Salty)

You lost validity there.

Furthermore, if any changes were to be discussed about modifying things like that, they wouldn't be discussed in public.

First of all, this post isn't seeking any sort of technical help. It's just something that I've been thinking about regarding the new cheat detection.

At first I was excited about the inclusion of third party software detection and the suspensions, mostly for the Red99 implications. As I stated in another thread, this is a huge boon for Red99 only IF a loophole isn't found. Unfortunately there are two:

ShowEQ vs. MySEQ. The third party software detection can detect MySEQ but not ShowEQ. What this means is, the convenient Windows-based version of MySEQ which absolutely anyone who can install P99 could use, is detectable by eqgame.dll. However, the Linux based ShowEQ is not.

Problem: Those who are able to run ShowEQ on a Linux box have just been given an advantage with this recent hack detection.

The second and largest issue is that players are already altering the eqgame.dll file to disable the third party software detection. I'm sure the implications of this are obvious. Say you have 3 random competing guilds on Red99. GuildA has a member with enough tech savvy (ie. Tyen/Salty) to alter the eqgame.dll and then redistribute it to anyone in their guild. This gives a large advantage to one single guild as they are now able to run MQ2 / MySEQ without automatic detection.

This is the double edged sword of cracking down on those using cheat software. It's obviously ideal if you can come up with a system that protects everyone. Unfortunately, when systems are implemented "half-assed" it only shifts the advantage around to those who know how to cheat the system. This can actually have a larger negative impact than not implementing the detection in the first place. 15% of your serverbase with the advantage of third party software is not really preferable to say 75% of your serverbase with third party software.

I'm not really suggesting anything, just providing food for thought and incentive to somehow combat those that are altering the eqgame.dll file. As far as combating ShowEQ, I have no idea.

...and now that you've opened your mouth about running the hacks from an Linux setup even more people are going to try it. Good job, Mardur, stupid as usual.

I was more making reference to the whole mailing copies of MQ2 to his guild thing, which easily could be repeated with a version of the eqgame.dll with the TPS detection removed.

As for your second comment, I don't really understand. I realize nothing is going to be talked about publicly about the hack detection. That's obvious.

Essentially the point of this post is that a priority should be placed on 100% effectively coming up with a way to combat altering of the eqgame.dll file. Because otherwise you're just going to end up with people redistributing the file amongst their friends / guilds, or selling it for offline currency.

...and now that you've opened your mouth about running the hacks from an Linux setup even more people are going to try it. Good job, Mardur, stupid as usual.

I'd be surprised if there was even 1 person thwarted in their MySEQ use who will now seek out and set up a secondary Linux box just for ackin. Especially considering it's been mentioned several times all over this forum and others including FoH that the Linux version only functions as a packet sniffer and does not inject itself, therefore making it undetectable.

Also this has been common knowledge for like a decade.

Undetectable physically.

Not undetectable.

Ask that dude in fear what an imaginary draco pop makes retards do.

Right, "automatically detectable." You can catch anything, but it takes GM time/effort.

If its impossible to detect, try it and see what happens. I think you are fishing with no real absolute knowledge on the subject. In fact, after the devs new banning rules for this server I believe people will try, we will see if cheating continues unabated or not. I really do not understand how arrogant fucksticks bother playing a game if all they are going to do is cheat. I'm seeing alot of banning in the near future. I would also like to point out that your "Technical Issue" you are presenting is not appropriate for this thread.

You lost validity there.

Furthermore, if any changes were to be discussed about modifying things like that, they wouldn't be discussed in public.

Funny how salty knows about every single exploit and cheat just by actually reading things people post.

http://www.project1999.org/forums/showthread.php?t=46971

Big salty isn't top expert, he just has more pals than you, and knows how to read.


Take this thread, combine it with Abacab's post in the Orsk thread.

You got yourself knowledge~


The title of this thread constitutes as a work-around. Funny to me that it is so over your head you're oblivious.

Ah, yeah.

I already knew people were distributing "cleaned" dlls. Hence this post. Didn't realize DIY instructions were already posted on this very forum. :)

But the point of this thread isn't to give people a work around the detection. It's to bring attention to the fact that there are work arounds and hopefully this is kept in mind for Red99.

/popcorn

All aboard the failboat. You can still log on if you're running mq2. You can still log on if you edit your dll. You're flagged either way. It's your account. If you think something this simple wasn't thought of, you deserve the ban you earn yourself.

Cheers.

Just store a checksum of the dlls and compare them? Boom, any alterations to files are flagged.

Just store a checksum of the dlls and compare them? Boom, any alterations to files are flagged.

Bingo! Only thing in this thread that has made any semblance of sense.


Really guys, do you think they would be leaving these threads up for people to read if they were concerned about them allowing work-arounds for their detection?

If I knew people were going to try cheating again simply on the whim of what someone posted on the forums, and I knew I would still detect them, why remove the posts? Leave them up and send the bans flying imho.