Re: [hlds_linux] Catching hackers with screenshots - Revisited
On Fri, 2002-08-16 at 11:23, dJeyL wrote: > because of lag, different for any player, and different between players and > spectators ; don't expect to ever get two identical screenshots > Which was my point. If a client was to disable OGC and take a screenshot, the second the original screenshot was taken, would make the entire screenshotting process pointless. Which is why I believe a client image, and a server logged checksum for the image would be the only effective way you can ensure you are recieving a valid unedited file. But again I guess they could simply build a 'hack' for that process too. > cheers, > -- djeyl > > - Original Message - > From: "Jeremy Brooking" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, August 16, 2002 1:17 AM > Subject: Re: [hlds_linux] Catching hackers with screenshots - Revisited > > > > On Fri, 2002-08-16 at 11:11, Steve Cody wrote: > > > I think you guys are misunderstanding me Here's what I'm talking > about. > > > > > > If you think someone is cheating, then you follow them in first person > > > spectator mode. Execute the admin_ss (modified) command to cause the > player > > > to execute the snapshot command. It also causes your own computer (the > > > admin) to execute the snapshot command so you have your own copy of the > view > > > the player SHOULD have been seeing. I'm not talking about having the > server > > > do anything but send the commands to the appropriate clients. > > > > > > Steve > > > > Have you ever done this? My tests when doing this have shown me there > > subtle differences between the 2 images. The same kind of differences > > which could be achieved by a 'on screenshot('disable ogc;screenshot')' > > plugin for OGC. > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
because of lag, different for any player, and different between players and spectators ; don't expect to ever get two identical screenshots cheers, -- djeyl - Original Message - From: "Jeremy Brooking" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 16, 2002 1:17 AM Subject: Re: [hlds_linux] Catching hackers with screenshots - Revisited > On Fri, 2002-08-16 at 11:11, Steve Cody wrote: > > I think you guys are misunderstanding me Here's what I'm talking about. > > > > If you think someone is cheating, then you follow them in first person > > spectator mode. Execute the admin_ss (modified) command to cause the player > > to execute the snapshot command. It also causes your own computer (the > > admin) to execute the snapshot command so you have your own copy of the view > > the player SHOULD have been seeing. I'm not talking about having the server > > do anything but send the commands to the appropriate clients. > > > > Steve > > Have you ever done this? My tests when doing this have shown me there > subtle differences between the 2 images. The same kind of differences > which could be achieved by a 'on screenshot('disable ogc;screenshot')' > plugin for OGC. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
On Fri, 2002-08-16 at 11:11, Steve Cody wrote: > I think you guys are misunderstanding me Here's what I'm talking about. > > If you think someone is cheating, then you follow them in first person > spectator mode. Execute the admin_ss (modified) command to cause the player > to execute the snapshot command. It also causes your own computer (the > admin) to execute the snapshot command so you have your own copy of the view > the player SHOULD have been seeing. I'm not talking about having the server > do anything but send the commands to the appropriate clients. > > Steve Have you ever done this? My tests when doing this have shown me there subtle differences between the 2 images. The same kind of differences which could be achieved by a 'on screenshot('disable ogc;screenshot')' plugin for OGC. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
On Fri, 2002-08-16 at 10:44, [EFR]The HEAD wrote: > you send me an image with your stats open.. the actual time (displayed with > tsay) and my admin messages... and dont forget the right map... and my > screenshot i have for comparison.. > and the checksum.. how do you get that ? the screenshot is done before the > file excists and therefore you cannot have it in the screenshot... > > HEAD Mind showing me where i said "Place the checksum in the image" Oh I didnt. And if you have followed the previous thread on this, I was the one who mentioned this issue. What I was saying was logging the checksum somewhere, and yes this can be done. HL engine dumps images, checksums image and sends checksum info to server, for the server to log. > > At 09:40 16.08.02 +1200, you wrote: > >On Fri, 2002-08-16 at 08:06, James Clark wrote: > > > > > > That would be easy to bypass for hax0rs... then someone finds a way to > > > exploit halflifes mail sending feature and uses all of us gamers as open > > > relays :/ > > > > > > -James. > > > >Creating cancer to cure a cold. > > > >This screenshot stuff has been gone over on here before, and unless you > >can somehow record the checksum of the image when taken, any fool with > >psp can easily edit the images before sending them to you. > > > > > >___ > >To unsubscribe, edit your list preferences, or view the list archives, > >please visit: > >http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
I think you guys are misunderstanding me Here's what I'm talking about. If you think someone is cheating, then you follow them in first person spectator mode. Execute the admin_ss (modified) command to cause the player to execute the snapshot command. It also causes your own computer (the admin) to execute the snapshot command so you have your own copy of the view the player SHOULD have been seeing. I'm not talking about having the server do anything but send the commands to the appropriate clients. Steve - Original Message - From: "Andrew A. Chen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 15, 2002 6:44 PM Subject: Re: [hlds_linux] Catching hackers with screenshots - Revisited > Where is the "screenshot [you] have for comparison"? The one you took > while first-personing him? If you mean one from the server, you're > expecting the server to be rendering the screen for every player? That's > completely unrealistic. > > --- > Andrew A. Chen > Divo Networks > > On Fri, 16 Aug 2002, [EFR]The HEAD wrote: > > > you send me an image with your stats open.. the actual time (displayed with > > tsay) and my admin messages... and dont forget the right map... and my > > screenshot i have for comparison.. > > and the checksum.. how do you get that ? the screenshot is done before the > > file excists and therefore you cannot have it in the screenshot... > > > > HEAD > > > > At 09:40 16.08.02 +1200, you wrote: > > >On Fri, 2002-08-16 at 08:06, James Clark wrote: > > > > > > > > That would be easy to bypass for hax0rs... then someone finds a way to > > > > exploit halflifes mail sending feature and uses all of us gamers as open > > > > relays :/ > > > > > > > > -James. > > > > > >Creating cancer to cure a cold. > > > > > >This screenshot stuff has been gone over on here before, and unless you > > >can somehow record the checksum of the image when taken, any fool with > > >psp can easily edit the images before sending them to you. > > > > > > > > >___ > > >To unsubscribe, edit your list preferences, or view the list archives, > > >please visit: > > >http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > ___ > > To unsubscribe, edit your list preferences, or view the list archives, please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Catching hackers with screenshots - Revisited
Whoops, I meant to say hl not hlds. I want this to be done on the client side. But I do see where they could still just hook that call too. Hmm. >> This all sounds feasible to me. Valve, get ahold of some open source jpg compression source and some MD5 hashing source, and add the code to the hlds to make a screenshot, compress it, hash it, store the MD5 hash in a server file MD5.log "L081502 - Player:123456 - hfds87hdfiuh78hdfkjh987". Then change the 'upload' command in the hlds to allow for uploading of the screenshot. Then the server admin can just open the cstrike dir, read the MD5.log, hash and open the screenshot. Tada! Why wouldn't this work? PrivateRyan / Brad Schulteis http://www.therealaod.com/ http://www.nospeedname.com/ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
Where is the "screenshot [you] have for comparison"? The one you took while first-personing him? If you mean one from the server, you're expecting the server to be rendering the screen for every player? That's completely unrealistic. --- Andrew A. Chen Divo Networks On Fri, 16 Aug 2002, [EFR]The HEAD wrote: > you send me an image with your stats open.. the actual time (displayed with > tsay) and my admin messages... and dont forget the right map... and my > screenshot i have for comparison.. > and the checksum.. how do you get that ? the screenshot is done before the > file excists and therefore you cannot have it in the screenshot... > > HEAD > > At 09:40 16.08.02 +1200, you wrote: > >On Fri, 2002-08-16 at 08:06, James Clark wrote: > > > > > > That would be easy to bypass for hax0rs... then someone finds a way to > > > exploit halflifes mail sending feature and uses all of us gamers as open > > > relays :/ > > > > > > -James. > > > >Creating cancer to cure a cold. > > > >This screenshot stuff has been gone over on here before, and unless you > >can somehow record the checksum of the image when taken, any fool with > >psp can easily edit the images before sending them to you. > > > > > >___ > >To unsubscribe, edit your list preferences, or view the list archives, > >please visit: > >http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
you send me an image with your stats open.. the actual time (displayed with tsay) and my admin messages... and dont forget the right map... and my screenshot i have for comparison.. and the checksum.. how do you get that ? the screenshot is done before the file excists and therefore you cannot have it in the screenshot... HEAD At 09:40 16.08.02 +1200, you wrote: >On Fri, 2002-08-16 at 08:06, James Clark wrote: > > > > That would be easy to bypass for hax0rs... then someone finds a way to > > exploit halflifes mail sending feature and uses all of us gamers as open > > relays :/ > > > > -James. > >Creating cancer to cure a cold. > >This screenshot stuff has been gone over on here before, and unless you >can somehow record the checksum of the image when taken, any fool with >psp can easily edit the images before sending them to you. > > >___ >To unsubscribe, edit your list preferences, or view the list archives, >please visit: >http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
On Fri, 2002-08-16 at 09:57, Steve Cody wrote: > Just tell them to email the images within the next 5 minutes. If they don't > get sent within that time then the player is GONE. Also, I will have an > admin screenshot to compare with I think the forgery would not go as > easy as you might think. > Only issue I can see is (and i have been using this screenshot technique for a while now) is users who are not very computer literate. "Where do I find the image?" "I dont have winzip" "How do I use winzip" "I am on a dialup, this is going to take me a while to send" and MTA delays Could all cause it to take much longer than 5 minutes for an image to get sent through. Dont think its too fair to ban a user simply because his ISP's (or your) mailserver is heavily loaded and takes longer than 5 minutes to process the email. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Catching hackers with screenshots - Revisited
On Fri, 2002-08-16 at 10:01, Brad Schulteis wrote: > This all sounds feasible to me. Valve, get ahold of some open source jpg > compression source and some MD5 hashing source, and add the code to the > hlds to make a screenshot, compress it, hash it, store the MD5 hash in a > server file MD5.log "L081502 - Player:123456 - hfds87hdfiuh78hdfkjh987". > Then change the 'upload' command in the hlds to allow for uploading of > the screenshot. Then the server admin can just open the cstrike dir, > read the MD5.log, hash and open the screenshot. Tada! Why wouldn't this > work? Thats what I said... "and unless you can somehow record the checksum of the image when taken" This sort of feature would be great. But its pointless taking the screenshot serverside, as it wouldnt show what the client is seeing. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Catching hackers with screenshots - Revisited
This all sounds feasible to me. Valve, get ahold of some open source jpg compression source and some MD5 hashing source, and add the code to the hlds to make a screenshot, compress it, hash it, store the MD5 hash in a server file MD5.log "L081502 - Player:123456 - hfds87hdfiuh78hdfkjh987". Then change the 'upload' command in the hlds to allow for uploading of the screenshot. Then the server admin can just open the cstrike dir, read the MD5.log, hash and open the screenshot. Tada! Why wouldn't this work? PrivateRyan / Brad Schulteis http://www.therealaod.com/ http://www.nospeedname.com/ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
ooops, I didn't read the entire message, sorry :/ The idea is good, but ¿do you think that cheaters will send the capture? lol and we can't judge people for not doing it... - Original Message - From: "Steve Cody" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 15, 2002 11:55 AM Subject: [hlds_linux] Catching hackers with screenshots - Revisited > Someone mentioned writing a mod to have admins take screenshots a little > while back during the long discussion. I noticed the other day that there > is already a screenshot mod on the adminmod.org site. I'm going to modify > it a bit to do the player list just before the screen shot, and possibly to > take a screenshot of the admins 1st person view right at the same time. > This would give the admin something to compare to the potential cheaters > screen that gets sent via email. > > Actually, I'd like to modify the program to do the following: > > Open the player list view (like when a player presses TAB) > Take a snapshot of the players screen (or more than one snapshot in a row) > Take a snapshot of the admins screen for comparison > Tell the player that the admin just took a screenshot. > Send the message to the player that they must email to > [EMAIL PROTECTED], possibly leave this message on their screen for > several seconds, or repeat it several times > Then send an EXIT to the client to make their counter-strike close. :) I > really like this idea here > > How does this sound? A friend was telling me that OGC 10 can be turned of > during play with just a single keystroke. I can imagine a cheater will > easily be able to hit the disable key as soon as they see the playerlist pop > on it's own. I'd like to find a better way to produce a screenshot that > cannot be easily forged. > > Steve > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Catching hackers with screenshots - Revisited
¿how do you plan to upload screenshots to the server? I think there isn't a way without a client app. - Original Message - From: "Steve Cody" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 15, 2002 11:55 AM Subject: [hlds_linux] Catching hackers with screenshots - Revisited > Someone mentioned writing a mod to have admins take screenshots a little > while back during the long discussion. I noticed the other day that there > is already a screenshot mod on the adminmod.org site. I'm going to modify > it a bit to do the player list just before the screen shot, and possibly to > take a screenshot of the admins 1st person view right at the same time. > This would give the admin something to compare to the potential cheaters > screen that gets sent via email. > > Actually, I'd like to modify the program to do the following: > > Open the player list view (like when a player presses TAB) > Take a snapshot of the players screen (or more than one snapshot in a row) > Take a snapshot of the admins screen for comparison > Tell the player that the admin just took a screenshot. > Send the message to the player that they must email to > [EMAIL PROTECTED], possibly leave this message on their screen for > several seconds, or repeat it several times > Then send an EXIT to the client to make their counter-strike close. :) I > really like this idea here > > How does this sound? A friend was telling me that OGC 10 can be turned of > during play with just a single keystroke. I can imagine a cheater will > easily be able to hit the disable key as soon as they see the playerlist pop > on it's own. I'd like to find a better way to produce a screenshot that > cannot be easily forged. > > Steve > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux