Client-side anticheat measures for an MMORPG

[Strong Melon]

Hello guys!

 

Ill try being as straightforward as possible and not confuse anyone.

 

Ive ran an online game for quite a few years and until last year the cheaters have pretty much stayed away. Now its becoming a huge deal and having no real knowledge in packers and software protection, Im in need of some type of a software protector / packer that would make the game "undetectable" to bots in a manner so that they wouldnt work or recognize the game. It wont matter if its in a way that new bots/cheats can be made easily. 99% of the problems would be solved if only none of the current bots/cheats wouldnt work. The game itself is just 1 executable that you start and then you login to the game from there. No external  DLLs or other files really other than the "map" file (map of the lands in-game).

 

Also, I do not have "access" to the games client / executable sources, I only have access and can modify the server-side source. The game is basically a "private" version of a commercial one.

 

I tried Themidas trial version but it didnt work either and I also tried UPX. Apparently all the cheats inject to memory / client and go from there. I was told to inject my client with a DLL file and "reallocate" memory and so forth but it is far from my reach as I dont have such skills just yet.

 

Do you guys think that theres some rather simple program that would somehow encrypt the memory and also encrypt it on the disk as well as somehow scramble the whole executable in a way that no cheat would be able to detect it?

 

Basically, is there a program that could easily defeat such simple cheats by doing something rather simple?Also, it shouldnt be one of those "packers" or so that are highly detected by Anti-viruses as nobody would download the game since it would arouse suspicion if it was flagged.

 

Thanks in advance! Ill be trying more insane stuff while Im waiting for some awesome answers.

Edited February 11, 2013 by Strong Melon

[kao]

Short answer - you can't.

Longer answer - the best you can do is to stop script kiddies who rely on ready-made bots. Either hire an experienced reverser/developer who will create a custom software from you, or talk to the guys who are making "anti-cheat systems" and persuade them to add support for your game. Few hits provided by Google (I have no experience with any of those!): http://uac.ac/ , http://www.cleandod.com.br/

[Strong Melon]

I think you misunderstood the simplicity of the game, haha, if that even matters when it comes down to bots and whatnot. Its a game from 2005 and all the "cheats" were made back then. Its complete 2D and 99% of the bots are medieval as heck.I once asked the question at another place, check what they told me: http://tpforums.org/forum/threads/5473-7-6-Client-Anti-Bot-Measures
 

To my not-so-knowledgeable ears those things sounded rather possible as they kept on suggesting that it wouldnt be hard.But yeah, whats your opinion now that you read or if you read a little from that post?

[kao]

they kept on suggesting that it wouldnt be hard.

Yes, it's not that hard for someone who knows the game and who knows what's he doing. But there are no ready-made solutions.

From that other topic I really like post #5 - it sounds reasonably easy even for intermediately skilled coder with a little knowledge of assembly.

[Departure]

Are these cheats being updated ect...?

Here is just an idea of the top of my head that would require little to no effort...

 

Lets say these cheats modifys a static address, you would have to examine the cheats to see what they actually do in memory...

Anyway you make your self a cheat to defeat the cheat, I know it may not make sense but you could write a dll that gets loaded at run time(use IIDKing to add a new section and call your dll main function when loading the game) let the dll monitor the static addresses for change of bytes, if its change then change it back or close the main application, or do what ever you feel is needed for the cheaters. very simple idea and easy to do, but it will only work on simple cheats that modify bytes at given addresses, no assembly required except to anylize the cheats to see what they are modifying. The reason I ask if these cheats get updated is because if they do it might be a waste of time as its easy to bypass, But then again it will stop them short term until you think of something or expand on the idea and make it better for detection.

 

Or maybe modifying addresses are to hard for you, then simply load your dll as I said above and find the window handles of known cheats being used by the classname, title ect.. and kill them, just use the EnumWindow function(http://msdn.microsoft.com/en-us/library/windows/desktop/ms633497) you did say these are hacks from 2005 so I would assume they haven't been update... 

Edited February 14, 2013 by ǝɹnʇɹɐdǝp

[Strong Melon]

The cheats arent being updated for the game anymore since the version Im using is from 2005 or so. And those things you said seem doable, even though now that I did some research on them they seem a bit out for reach for me but I guess I have to keep on developing my skills.  By the way, threw you a private message ɹǝʌo˥ ıɥdlǝp.

[Strong Melon]

Does anyone else have any great ideas or approaches?

[kao]

Really simple one: in tibia.exe there are 2 occurences of string "TibiaClient". Replace it with something very similar but different, say "TibiaCleint". Even such small change can break quite a few bots, like TibiaBotNG, Xenobot, BBot and most likely RedBotPro too.

Problem - it's not easy to force cheaters to use your EXE. To do that, you will need to add "launcher" or implement some of the ideas described earlier, like changing network communication. I looked in tibia.exe and it's really as simple as guys in TPForums.org suggested.

Not knowing assembly language is a poor excuse. In last 2 weeks you could have learned enough to implement these suggestions, I'm quite sure about that.

[Strong Melon]

Thanks for the response mate!First of all like you said, it is indeed a very poor excuse from me that I dont know any assembly and thus cant complete these tasks and changes myself. I cant expect to ever know anything if I say such things and never get from talking to walking. I have spent numerous hours on trying to modify Tibia.exe, though. I even tried learning some ASM on the side of that but it felt like I bit a too big of a bite and then I started trying different approaches, which obviously I shouldnt have done. The best way would have been trying to grind ASM until I can pull some good stuff up but thinking that its not the only way, I changed my approach. But my intention is to not give excuses but to have reasons as to why I cant do certain things and then making those reasons disappear so that the things I want to do can be done..What goes for forcing cheaters and basically every single person to use my modified Tibia.exe, I have found a way for that. Tibia.exe includes a "protocol" number and everytime you login to the game, it checks with the server if the protocol version matches. If it does match, you get to login. If it doesnt match, then logging in is denied and it says "You have the wrong Tibia version". Basically what I do is set some insane number such as 48541 instead of the 7600 thats the default in Tibia 7.6 and set it on the server side too so it checks for that version. What happens then is that every single other Tibia version people try logging in with gets denied, only my special client that has the weird and insane protocol number is allowed to be logged in with. Then of course "scramble" or pack the client in some way that it cant be messed with and so that people will not find out the protocol number that easily.

 

Xenobot, BBot and RedbotPro are all for the newer Tibia versions. I run a server with the version 7.6 and it is VERY oldschool, it was made back in 2005. So 96% of the bots have not been updated ever since and are most likely beatable rather easily, yet not as easily as I thought so I came to ask some help. By the way, did you take a look at the Tibia version 7.6 exe? Or was it some newer version?

 

And surely I'll be looking more into this every day until a perfect solution is found, whether its by me or someone who adviced and helped me.

 

Once again, thanks for your tips! 

Edited February 26, 2013 by Strong Melon

[kao]

Tibia.exe includes a "protocol" number and everytime you login to the game, it checks with the server if the protocol version matches. .. Basically what I do is set some insane number such as 48541 instead of the 7600

Nice and simple trick!  But that trick alone will not defeat most bots, as they rely on (your patched) Tibia client running and doing all network communication.

 

Then of course "scramble" or pack the client in some way that it cant be messed with and so that people will not find out the protocol number that easily.

They will use WireShark and sniff network traffic to the server..  So, don't waste much time on this, just enough to keep total newbies away. 

 

Xenobot, BBot and RedbotPro are all for the newer Tibia versions. I run a server with the version 7.6 and it is VERY oldschool

I'm not a digital archaeologist and don't have collection of antique bots here. I also don't care about Tibia in particular. However, the modern Tibia bots I checked are all very similar, so I'd expect that changing "TibiaClient" string should work for against old bots too.

 

did you take a look at the Tibia version 7.6 exe? Or was it some newer version?

I looked at several Tibia versions and they are very similar. Basic principles haven't changed at all.