Anti cheat system

ET Pro Documentation Project

Moderators: Forum moderators, developers, ET Pro Documentation

User avatar
bani
Site Admin
Posts: 2780
Joined: Sun Jul 21, 2002 3:58 am
Contact:

Anti cheat system

Post by bani »

ET Pro integrates a new anti cheat system. At the moment it is intended to complement (not replace) PB for cheat detection. ET Pro looks for things PB cannot, and PB looks for things ET Pro cannot.

Controlling the anticheat system
b_anticheat controls the anticheat system. The possible settings are:
0 - disabled. ET Pro does not report cheaters at all.
1 - enabled (default). Normal sensitivity. ET Pro reports known cheats from the database and known cheat techniques as cheaters.
2 - Increased sensitivity (not recommended). Includes checks which are likely to cause false positives.
3 - Extreme sensitivity (absolutely not recommended). Only absolutely clean windows systems are allowed. Absolutely clean windows sytems are very rare though, so lots of players will be reported as cheaters.

Logs
If a cheater is found, they are reported to players on the server and in the logs.

If the word CHEATING is in RED, ET Pro has detected the player is absolutely using a known public cheat. It is safe to kick/ban these players. You will also see something like this in your logs:

21:58.11 etpro IAC: 1 [JiuJitsu^7] [304DADA5916CE3A8E8B6966AB772D142A7578C3D] [^1CHEATER^7 win32]
21:58.11 etpro IAC: HWe8auebgXt69-IaJ3TkljBwH7j8FlvEnJDUk1AUNMZgdOZ0WyyL2n
zx-z0phDJQFvXU74+rqeXadpIWgp822butKGwycggXnA-B9I4Sw9AqGuorR7Mwz+Rt45
tyMwxunGdEe0V8MGTzqM4IKm8mPt-6LlY6YaRvyDdOrqyaiInYX2Zeq8k2BI0mufHztkIU
CiSvtNQwtZFTjSCe6VKHKkbV8UUTKT-0PW5Oa1Y81cRdIBqkRQ

This is encrypted information which allows ET Pro developers to positively identify which specific cheat the player was using, if needed. The ET Pro developers do not generally need such logs reported to them.

The following only applies if b_anticheat is set to 1:

If the word CHEATING is in YELLOW, ET Pro has detected the player has software which does exactly the same thing cheats do. There are two possibilities: they are using software which causes false positives (FRAPS, atitool), or they are using a private/non-public cheat. Users who get false positives should read this thread to resolve them.

If an admin suspects a player in YELLOW is using a new undetected cheat, you may forward your logs to us for inspection. You will see something like this in your logs:

10:58.03 etpro IAC: 0 [^7[^3AV^7]^2Ikkyo^7^7] [5C650F40214398C58AE5ECDFADBC8D1AB6BFDD89] [^3CHEATER^7 win32]
10:58.03 etpro IAC: 5F+yE+tIboJD0TcZW+V3BrfKONQYxCEkmUGp4XWCRamupExR
cKGVjS31kmClRCWY0+d+0ugxz-X+9u1IHnispm3MGCt6QFlgVHuK41D3188DvPUY5i1
7LXNclCEYwQxs3rZLkCnXew3McNthKA8ASo4yyhbU6OALVV3az+dyEVAvB1NEudU
YoYJoEXFKFEbJSRt+3Rw4atWM8NO7yQbULkFrT1MjPjKzULVr2CiXcy+6YP6rDTXcWg

This encrypted information allows ET Pro developers to determine if the player was really cheating with a new cheat, or if it is a false positive caused by external programs.

Players who are reported as yellow CHEATER who are unable to resolve their problems by following these instructions should post a bug report in this forum.

You may see "strange logs" like the following:

09:20.10 etpro IAC: 0 [^7de^2A^7D ai^2M^7] [556B00DCB87C92A03784A7C558C5BFCA3238B1FF] [??? win32]
09:20.10 etpro IAC:MsCWa5viR4imLMGpS6W7gpMa1OgM-bSPmI69cE-z+nL2xQgc8t7
b6TdkwOfiDBG5llCaW4MuWrQr8VSBxSt+pqJVvJFkR29ppgerMLqGmCh0+bsf5w+m23
Wj-diM68xx4kVc+BDX1ZEMTsMYTccaSXKyNzkKZT1wx9rAWG5plv96QsrieIXY+3LpSK
xuuanLPixzpARZOv5VH6rZFY0LhvdvA3vVQwSynTKkOIW3XLmrmt3LNOWpO3RmTR3
uR87OFCCh38ws3S76cfmG

This does not mean the player is cheating, it simply means there is something unusual about their system that may be of interest to ET Pro developers. You should not forward these logs unless you suspect a player is cheating or unless ET Pro developers specifically request them from you.

Likewise, simply because an encrypted debug follows a player's log does not mean they are cheating:

21:24.58 etpro IAC: 3 [^7|^0NE^7|R^5a^di^4n^7-^d42^7^7] [BD0875F42CB16B337A0EDC85F6BA03155665AEFF] [clean linux]
21:24.58 etpro IAC: vZHbY0m5i8DJ-my5FxRp1+I9Drj8cuVMAowAoX6XwWKaCh2h3lH
oCVTAgHsngeSrITZQWoFsJRGSjyAqsw9SxirdsZmoR7vLeTJYgk2t35ROlMyxgk+yd1nFq
HKfdE5sn5oE5tQQ-YTEJl7KIWHyG8ODeK+aLbR4NGIvgdWbVrllMEWFL3d99cgej+a+e
MKJIQYEbJB2LVh-MGxmXFovazupjtPGSydBnlCtWG6FWvLrd50tgO6gY2atXLaJfW-b-a
iw1Q5bcZMuZZ8yDHGDdFVoeobI2vw8qsZG-bXlINVVpNhIbNaenba6mvo

In this case it is simply logging information so that the ET Pro developers know the anticheat system is functioning correctly. Please do not forward these logs unless specifically requested.

Keeping up to date
As new cheats are found, they will be added to ET Pro's anticheat database, and database updates will be posted in the ET News forum.

Admins can download these database updates and install them at their leisure to keep up to date.

Autokicking
The cvar b_cheatkicktime controls what is done when a cheater is detected. If it is -1 (default), nothing is done besides reporting to the console and logs. Any other value will kick the player for the specified number of minutes (eg 0 = kick for 0 minutes, 10 = kick for 10 minutes).
WiLZy
Posts: 29
Joined: Mon Sep 15, 2003 4:29 am
Location: My PC

Post by WiLZy »

in wich log is this nfo saved? etconsole.log, games.log ?
Best Regards
User avatar
Deus
Posts: 1053
Joined: Fri Mar 12, 2004 2:24 am
Location: Germany
Contact:

Post by Deus »

Example.cfg wrote:// b_cheatlog - defines the name of a separate log for the anti-cheat system
// when set to an empty string, the anti-cheat system uses the main system
// log file
// default: ""
set b_cheatlog "etpro_cheats.log"
SpankD
Posts: 1
Joined: Sat May 15, 2004 6:41 am

Hey check this out

Post by SpankD »

Prob something I did in a configuration file
New Linux server with ET Pro installed
Ive been playing ET casually for 4-5 months now and I have never been kicked for cheating nor kicked for that matte r(except idling).
As said before I just installed etpro on the server and dont know if I botched the settings.
I run a linux client with the latest ET patch.
heres the log lol banned from my own server :P
09:37.38 etpro IAC: 4 [[cRm]SpankDMonkey^7] [6B7F1DE3A0F05F4A573A888EC7F93B2075B58077] [^3CHEATER^7 linux]
09:37.38 etpro IAC: -8hCR3iwUFer5CI2aft31r2-JGuARExNLju+M5C9CwBHpEHwIHoA60GP9SV0KdrTYv7htA8+a-l9RDho4onmoq1UonSpg4PqTApDv5zf3Ke0117HJx-YHd5tU616PjrFVbJShIbRQyXw3ZH38KvqQzl4LrMJpixyJrijrZqyEDUSdqX9bd99l7QG+sj8HBWkM3aW685124sFzY3dHF8DF7uXWqFJJu0LUu+UJ0Ypn6YITT6Bq2jnQJZkKbSXCHwL7AhnkcaI11K8vAXV3M+0cSSkZLJbGQlWZGlz2hV5b5QiNFA4+4pMGgGvE6GuhHrL1di45cffoHLy3OuIvlDk3XL1LpEGXz-t8lcjGjUSd2S7HSH7zUObG0srEjGoDPZMDZEtjckk9G+85XvvhCpF2HsT0i0SOrEmeNH+Zl8rEKAMlbN0HSvJ3sfXXCNawCsF6oUjZN2xfSLuRud-ndFXEUvVhBd8v4NUOhf4Ha6Z0PfArEmrfgMdkZnOKyGUhKA9OEg9DTMOsI3fak+M62w+1K3jcg2n5XbFN+Cy+3-g6ZatCDg9RwWMfyBmrYjtQDlx

Im running a pure linux client no win running under wine or winex I have pristine opengl lins which as I said function perfect everywhere else but my server lol. Id like to turn this added cheat detection on but not if I cant play.
User avatar
SnowWhite
Posts: 22
Joined: Wed Dec 08, 2004 7:15 am
Location: Sweden

teamspeak=false positiv?

Post by SnowWhite »

I recently noticed, when I use teamspeak, etpro shows my client is [??? linux]. Without teamspeak it shows [clean linux].

This is my system:
AMD Athlon(TM) XP 1800+ AuthenticAMD
Gentoo Linux 1.4 3.2.3-r1
Kernel 2.6.9-gentoo-r4,
libc 2.3.2
KDE 3.2

I use standard ET linux client. It is clean, except I had to change start script to make ET use artsdps for play with teamspeak, otherwise it's no sound in ET.

I don't know which version of etpro started to report me, because I didn't check this before. Some server admin asked a while ago why I had [??? linux], but I didn't know, because I understood that it was related to teamspeak only now. I said I wasn't cheating, but he didn't believe me. Ok, who cares, just some public serv. :)

And (before someone says it) no I can't stop using teamspeak. I need it for clanwars. But it can be a big problem some day if the other clan looks at /cheaters and think that maybe everyone on my clan uses aimbots. Then it's no so OK, and I care!

Can someone please help me fix this?
User avatar
bani
Site Admin
Posts: 2780
Joined: Sun Jul 21, 2002 3:58 am
Contact:

Post by bani »

get the output of /cheaters for your client and post it, eg /cheaters <clientnum> when you are connected to the server.
User avatar
SnowWhite
Posts: 22
Joined: Wed Dec 08, 2004 7:15 am
Location: Sweden

Post by SnowWhite »

Ok, I did this on my own local host server:

]/cheaters
etpro anticheat database revision 2004-11-22 07Z
0 [^wwhite^7] [F482363D2DD9CB81E16757BA94845080175CD58C] [??? linux]
]/cheaters 0
etpro anticheat database revision 2004-11-22 07Z
^3WARNING^7: Server improperly installed! Multiple client .pk3 versions installed on server! Please notify administrator.
]/cheaters clientnum 0
etpro anticheat database revision 2004-11-22 07Z
0 [^wwhite^7] [F482363D2DD9CB81E16757BA94845080175CD58C] [??? linux]


As you see I typed /cheaters 0, but it gave no output, so I tried a different ways. All same output. Hope this helps.
User avatar
gotenks
Posts: 3465
Joined: Fri Nov 15, 2002 4:12 pm
Location: out of my mind
Contact:

Post by gotenks »

it was confused because you had multiple etpro pk3's in the etpro directory, remove all but 3.1.9's pk3 then try it again
My Website
Image
After a night of binge drinking:
=FF=im2good4u wrote:WTF wanst i on top ?
User avatar
SnowWhite
Posts: 22
Joined: Wed Dec 08, 2004 7:15 am
Location: Sweden

Post by SnowWhite »

gotenks wrote:it was confused because you had multiple etpro pk3's in the etpro directory, remove all but 3.1.9's pk3 then try it again
Sorry, I don't think you are correct. It says [clean linux] when TS is not running. If your guess was true then I would have [??? linux] without TS, too. And also, this happened first when I was playing on some public server that was properly installed.

Oh, I just realize that maybe it's a problem with KDE's arts, not with TS. When that admin asked me about "??? linux" before, TS wasn't running, only XMMS mp3 player. And I run ET with artsdsp to have mp3 and game sound at the same time.
User avatar
bani
Site Admin
Posts: 2780
Joined: Sun Jul 21, 2002 3:58 am
Contact:

Post by bani »

arts causes problems with linux anticheat becayse of the library preloading arts does.
nihilist
Posts: 30
Joined: Sun Nov 28, 2004 1:52 pm

Post by nihilist »

SnowWhite wrote:Sorry, I don't think you are correct.
gotenks was helping you with the issue of your "local host server" not returning you /cheaters output, not with the state of said output.
User avatar
gotenks
Posts: 3465
Joined: Fri Nov 15, 2002 4:12 pm
Location: out of my mind
Contact:

Post by gotenks »

SnowWhite wrote:]/cheaters 0
etpro anticheat database revision 2004-11-22 07Z
^3WARNING^7: Server improperly installed! Multiple client .pk3 versions installed on server! Please notify administrator.
that is what i was refering to... if you clear out your other one's you'll get a correct iac feedback
My Website
Image
After a night of binge drinking:
=FF=im2good4u wrote:WTF wanst i on top ?
User avatar
SnowWhite
Posts: 22
Joined: Wed Dec 08, 2004 7:15 am
Location: Sweden

Post by SnowWhite »

nihilist wrote:gotenks was helping you with the issue of your "local host server" not returning you /cheaters output, not with the state of said output.
oh ok, sorry, I missunderstood. I'm tired and my english is not very good even normally :oops: so, thanks to you all for the answers :)

Now I done what gotenks suggested, only left etpro 3.1.9, and the message about bad server install stopped appearing. but "/cheaters 0" still returns nothing, and just "/cheaters" returns what I posted before.

maybe it doesn't matter now, anyway. If I understand you correct bani, arts is known problem? In that case, will you guys fix it in following versions?
User avatar
gotenks
Posts: 3465
Joined: Fri Nov 15, 2002 4:12 pm
Location: out of my mind
Contact:

Post by gotenks »

there are many different versions of arts (iirc) and bani doesn't have them all to get the info from
My Website
Image
After a night of binge drinking:
=FF=im2good4u wrote:WTF wanst i on top ?
kriterium
Posts: 3
Joined: Mon Nov 03, 2003 10:35 am

Re: Anti cheat system

Post by kriterium »

Hello :)
bani wrote: [304DADA5916CE3A8E8B6966AB772D142A7578C3D]
Can 2 computers have the same GUID :?:
Post Reply