kindzhon 发表于 2005-5-11 10:14:45

[原版译文] Cheating-Death反作弊插件介绍及其原理阐述

说明:这是一篇译自Cheating-Death官方网站的文章。文中以生动浅显的语言讲解了作弊软件和反作弊软件,特别是C-D的工作原理,值得一读。



Cheating-Death为何卓然不同?

  Cheating-Death(以下简称C-D)和其他反作弊软件的主要不同之处在于它不是靠侦测已知作弊软件的特征,而是尝试让作弊不那么有效,并防止作弊者获取信息来防止作弊。在大多数情况下,作弊因此被阻止。




侦测作弊的观念
  侦测作弊听起来简单――如果你注意到某人正在作弊,那么就把他踢出去。问题在于没有一种普遍的,可靠的方法去把作弊软件和别的正常的软件区分开。因此,反作弊软件被迫以已知作弊软件的特征为线索搜寻作弊者。服务器端的反作弊软件正是这样工作:一旦发现某个作弊软件,就把它的使用者踢掉。
  此方法的问题在于作弊软件的作者很容易就可以修改他们的作品,使其变得不一样。同样,如何编写自己的作弊器的信息很多,所以新作弊软件层出不穷。要与之对抗,反作弊软件采用更新已知作弊软件列表的方法。当一个新作弊器公布后,列表立即更新。现在服务器端的反作弊软件使用不间断更新的作弊器列表,发现一个,踢掉一个。
  可见,这并不是一个特别好的方法。事实上,这方法相当不可靠,因为它需要一个重要的条件为补充――惩罚。通常的惩罚是在服务器上禁止某玩家。言外之意是即或无法抓住所有作弊的人,你至少能阻止以往作弊的人进入服务器。这也能告诫试图作弊的人。现在反作弊软件拥有不断更新的作弊软件列表和作弊者名单,一旦发现有作弊器或有过去曾作弊的人存在,它就踢掉他。
  你或许认为这的确可行,但事实上不太有效。问题在于如果你在一个服务器上禁止了某人,他们只需进入另外的服务器即可。目前有一些全球作弊者数据库正在运作,其中一个甚至整合进了反作弊软件。然而,许多问题出现了:这样做合法吗?数据库由谁维护?作弊者的名字在数据库中保留多久?如果某人没有作弊却被放进数据库,怎么办?如果你不知情但你的孩子或朋友在你的机子上尝试作弊器,怎么办?反作弊软件出错导致错误的侦测怎么办?如果一个服务器要禁止某人,而另一个却不希望如此,怎么办?谁将负责判断这一切的一切?
  所有这些问题都对作弊者数据库的功能性和公平性提出了质疑:可能出错的地方很多,维护也很消耗精力。综上所述,侦测作弊的概念瑕疵百出,必须更新。
 



 《半条命》如何工作
  那么如何不侦测作弊软件的特征就能阻止作弊?要明白这点,必须首先了解一些《半条命》(以下简称HL――译者)多人游戏运作的原理。当你玩HL的时候,你的电脑成为一个客户端(Client)。客户端负责收集你的键盘和鼠标指令,并绘在屏幕上。客户端和服务器相连。服务器注意所有客户端的状态。它发给客户端信息,告诉它每个人在哪里,在做什么。
  客户端由两部分组成,引擎和客户端MOD。引擎处理和服务器的连接,在屏幕上绘图,并获取键盘和鼠标输入的信息。MOD部分处理和你玩的某个特定游戏相关的事情。每个游戏都有自己的MOD。如果你装了HL和CS,那么就会有一个HL的MOD,还有一个CS的MOD。但是只会有一个引擎。所有的MOD都使用相同的引擎。
  引擎和MOD互动使你机子上的游戏顺利运行。大多数作弊软件的原理是他们把自己楔入引擎和MOD之间。引擎和作弊器“对话”,作弊器再把信息传递给MOD。同样,MOD和作弊器“对话”,作弊器再传给引擎。引擎和MOD仍然相关联,表面上看一切都好,其实两者实际上在通过作弊软件“交流”。这些作弊软件通常被叫做“客户端钩子”(”clienthooks”)。
  既然作弊软件栖身于引擎和MOD之间,它可以做它想做的任何事情。常见的事情是在屏幕上画出额外的信息,或是让你瞄得更准。但是它同样可以让你像个白痴一样转着圈跑,丢掉你的武器,或者自杀。完全取决于作弊软件的作者想做什么。
  另外一种正在变得流行的做法是把作弊软件伪装成3D驱动程序(OpenGL或D3D)。当游戏引擎以为一切正常时,作弊程序正分析渲染数据,然后再把它传给真正的驱动程序。(它把自己“裹wraps”在真正的驱动程序外围。)虽然作弊器用此方法得到的信息不如直接介入引擎和MOD之间获得的信息多,但是也足够分析出正被绘制的任何目标的位置。同传送鼠标和键盘事件的程序连接起来,此类作弊软件也能有很高的效率。他们更难被阻挡,因为介入引擎和驱动程序之间的途径比介入引擎和MOD之间要多得多。这些作弊软件通常被称为“包装工”(“Wrapper”)。




防止作弊
  有两个基本的问题需要解决。第一个是引擎提供给MOD有关其他玩家位置的详细数据。第二是必须和引擎绘图的做法一致。
  MOD确实不需要知道玩家的确切位置。它仅仅需要知道一个玩家大概在什么位置。为了有效瞄准,作弊软件需要知道玩家的准确位置。如果引擎并不告诉MOD玩家的准确位置,而是只告诉大概的位置,自动瞄准将会失效。
第二个问题是要和引擎绘图的方法一致。它由后向前绘图。比如,如果一个玩家站在墙后,引擎先画出玩家,然后画出前面的墙。通常情况下,这样做效果很不错。问题出在如果一个作弊器已经使墙变得透明,你将能看见透明强后面的玩家。这种形式的作弊叫“穿墙”(wallhacking)。如果引擎不画出不可见的玩家,那么透视将失效――使用穿墙程序得到的只是一堵堵透明的墙而已。




  Cheating-Death如何工作
  C-D的工作方式是把自己楔入引擎和作弊软件之间。这正是C-D和别的反作弊软件的不同之处。它不会在游戏外运行,而是介入到游戏内部。以下是C-D的做法:
  如果C-D侦测到某玩家对你不可见,它会把这个玩家的位置“挪”到你背后。这样做的好处在于:首先,它使“穿墙”失效。即使你让墙变得透明,也无法看见其后的敌人,直到敌人的某部分在屏幕上为可见。
  第二,它使雷达和ESP方块作弊失效。ESP方块画在玩家顶部,会透过墙显示。如果一个玩家蹲在墙的另一面,玩家的位置将会在墙上用ESP方块标记出来。即使你看不见玩家,ESP方块也能给你他们的准确位置。
  C-D通过使MOD掌握的玩家位置信息不精确,从而毁掉ESP,自动瞄准或其他类似作弊功能。它并不影响“碰面判定”(collision detection),因为这是由引擎完成的,而引擎仍掌握精确数据。
  最后,C-D监控一些引擎的数据中常被作弊软件介入修改的地方。如果C-D发现某处被改动,它会断开玩家的连接。这样做使作弊器无法获得它们需要的关键数据,并使得它们不得不改变获取信息的途径――它们将无法简单地使自己看起来正常就能骗取数据,而不得不寻求更困难的方法。




客户端的解决方案
  我们意识到我们无法阻止破解者破解C-D。运行在客户端的任何东西都有可能被破解。我们最新版本的C-D最终也将被破解,况且编写作弊软件的人非常聪明。然而当它被破解时,我们将改变行事方法并发布新版本C-D。




其他优点
下面是C-D的一些别的优点:
  无干扰。C-D非常“安静”。它不会在屏幕上写字或是发出声音干扰你。
  无网络问题。C-D不建立任何网络连接,而是使用HL内建的信息传递系统为自己的客户端/服务器端沟通服务。你无需重新配置防火墙或路由器就能使用C-D。如果HL在网络上工作正常,则C-D也能正常工作。
不会拖网速。C-D几乎不会占用带宽,它的数据包很小(22字节)并且几分钟才发送一次。
  不需更新作弊软件列表。因为C-D的目标在于阻止某种作弊方法而不是某特定作弊软件,所以它没有一个需频繁更新的作弊软件列表。
  没有不公平的ban(被服务器禁止)。当你被强行断开连接后,只有你和你的良心知道原因所在。服务器管理员并不知道你为何断开,因此也不会禁止你连接。我们愿意看到:关掉作弊软件后,每个人都有回来公平游戏的权利。
  没有不断的下载。你只需下载一次,自动升级程序会使你保持最新。
  升级及时。当我们意识到C-D已被破解,我们将公布新的版本。目前新作弊软件和新C-D发布的平均时间为72小时(随作弊软件更新而定)。

金闪闪 发表于 2005-5-11 10:32:01

不错的言论,很值得学习。
从3个层次分析了作弊器的原理,以及反作弊器的机理。

都需要强大的CPU处理能力。

nd5 发表于 2005-5-11 12:25:19

当你被强行断开连接后,只有你和你的良心知道原因所在。服务器管理员并不知道你为何断开,因此也不会禁止你连接。我们愿意看到:关掉作弊软件后,每个人都有回来公平游戏的权利。

这段话十分的感人

BoeZombie 发表于 2005-5-11 14:38:07

DT又多了一编好文章 ^^

BoeZombie 发表于 2005-5-11 14:58:07

建议单独开辟反作弊研究板块,因为CSCZ服务器专区帖子流量较大,而且反作弊是个很重要的领域,建议给反作弊研究一块独立的板子。 这样更能显得整齐、专注!

kindzhon 发表于 2005-5-11 16:46:10

支持楼上的。。

楼下的接着支持。。呵呵。。

baiqiqpl 发表于 2005-5-11 17:00:59

经典文章。。多看几次

kindzhon 发表于 2005-5-11 17:11:04

最可悲的是:这个帖子是我在一个作弊论坛上找来的。。唉。。

我们的学习精神还不如作弊程序制造者。。

z81 发表于 2005-5-12 09:35:44

看看原版的
Summary

Cheating-Death (C-D) is an anti-cheat system which includes both a server and client. Unlike HLGuard, which is a server-side only anti-cheat, C-D offers more protection by blocking the cheats themselves before the player joins the server.

While in optional mode, players are checked for a running C-D client and will rename the player if they don't have C-D currently installed and running. For optimal protection against cheaters, servers can be configured to only allow players running the C-D client.

Unfortunately, the C-D anti-cheat system is incompatible with VAC secured MODs. As of v2.2.0, C-D can work with VAC supported MODs as long as VAC is disabled. Otherwise, C-D will shutdown if VAC is detected.


Overview

The main difference between Cheating-Death (C-D) and the other anti-cheating packages available is that it does not have cheat specific detection methods. Instead, it tries to make cheats less effective, and to prevent cheats from getting information. In most cases this leads to cheats simply not working.


The Concept of Cheat Detection

The idea behind cheat detection sounds great -- if you notice someone using a cheat, then kick them out of the game. The problem lies in that there is no generic, reliable way to distinguish between a piece of cheat software and another normal piece of software. Because of this, cheat detection software is forced to look for specific cheats. The cheat detection software stands guard over your server, looking for specific cheats. When it finds one, it can kick the player using it.

The problem with looking for specific cheats is that it is easy for cheat makers to modify their cheats and make them look different. Also, there is a lot of information available on how to make your own cheat, so new cheats are made frequently. To combat this problem, cheat detection software created a way to update its list of known cheats. When a cheat is released to the general public, it is added to the list of cheats to look for. Now the cheat detection software stands guard over your server with its constantly updated list of cheats. When it finds one, it can kick the player using it.

As it turns out, this is not a very good method. In fact, cheat detection is so unreliable that it needs to something else to make up for this -- punishment. Punishment usually takes the form of banning someone from the server. The idea behind punishment is that even though you cannot catch all cheaters, you can at least keep people who have cheated in the past off of the server. It also discourages people from trying cheating. Now the cheat detection software stands guard over your server with its list of cheats and its list of cheaters who are not allowed to play on this particular server. When it finds a player who is using a cheat or who has used a cheat in the past, it kicks that player.

You would think this would work, but as it turns out, it is not very effective. The problem is that if you ban someone from one server, they just go play on another one. There are currently several global cheater databases running, one of these is even integrated into cheat detection software. However this raises many questions about the legitimacy and maintenance of such a database. How long do people stay in the database? What happens if someone is placed in the database, but didn't cheat? What happens if your children or friends try out a cheat on your computer without your permission? What if a bug in the cheat detection software causes a false detection? What if one server wants someone banned, but another server doesn't? Who will judge all these matters?

All of these questions raise serious doubts about both the fairness and the functionality of such a database of cheaters, the scope for error is great, as is the amount of maintenance required. All this work is required to patch up the failures of the flawed concept of cheat detection.


How Half-Life Works

So how do you stop cheating without cheat specific detection? To understand this, you first need to know a little bit about how multiplayer Half-Life works. When you play Half-Life, your computer is known as a client. The client is responsible for getting your keyboard and mouse commands, and drawing on the screen. The client connects itself to a server. The server keeps track of all the clients. It sends the clients information about where everyone is and what they are doing.

Now the client is composed of two parts, the engine and the client MOD. The engine handles communicating with the server, drawing on the screen, and getting keyboard and mouse input. The MOD handles anything specifically related to the game you are playing. There will be one MOD for each game on your machine. If you have installed Half-Life and Counter-Strike, there will be a MOD for Half-Life and another MOD for Counter-Strike. But there is only one engine. All MODs use the same engine.

The engine and the MOD interact with each other to make the game run on your machine. The way most cheats work is that they wedge themselves in between the engine and the MOD. Now the engine talks to the cheat, and the cheat relays it on to the MOD. And the MOD talks to the cheat, and the cheat relays it on to the engine. As far as the engine and the MOD are concerned, everything is working fine. They have no idea that they are actually communicating through the cheat. These cheats are usually called "clienthooks".

Now that the cheat is in between the engine and the MOD, it can do just about anything. Some of the more popular things to do are to draw extra information on the screen and to correct your aim. But it could also make you run around like an idiot, drop all your weapons, and kill yourself. It is all up to the maker of the cheat.

Another method that has been gaining popularity lately is to make the cheat look like a 3D driver (OpenGL or Direct3D). While the engine thinks everything is as normal, the cheat analyzes rendering data before relaying it to the real driver. (It "wraps" itself around the driver.) While the cheat gets less information than intercepting the engine to MOD interface, it can still figure out the position of any entity that is being drawn. Combined with sending mouse and keyboard events, these cheats can be very effective too. They are also harder to block, because there are far more possible ways to intercept the engine to driver interface than engine to MOD interface. These cheats are usually called "wrappers".


Preventing Cheating

There are really two fundamental problems that need to be overcome. The first is that the engine provides the MOD with detailed information about where the other players are located. The second has to do with the way the engine draws.

MODs really do not need to know the exact location of a player. They only need to know approximately where a player is located. To be effective at aiming, cheats need to know the exact location of a player. If the engine would not tell the MOD exactly where a player is located, but approximately were a player is located, automatic aiming would be ineffective.

The second problem is in the way the engine creates a picture. It starts at the back and works its way forward. If there is a player standing behind a wall, the engine draws the player first and then draws the wall over the player. Normally, this works great. The problem occurs when a cheat has made the walls transparent. With transparent walls, you would be able to see the player through the wall. This form of cheating is known as wallhacking. If the engine would not draw non-visible players, wallhacking would not work. All you would get out of using a wallhacking cheat is transparent walls.


How Cheating-Death Works

Cheating-Death works by wedging itself in between the engine and the cheat. This is what makes C-D different than most anti-cheat software. It does not run as a separate program outside of the game, but is actually loaded into the game. Here is what C-D does:

If C-D detects that you cannot see a player, it will move that player's location behind you. This does several things. First, it makes wallhacks less effective. Even if you have transparent walls, you cannot see enemies behind them, until at least part of the enemy is visible on the screen.
Second, it makes radars and ESP boxes less effective. ESP boxes are boxes drawn on top of players, these boxes will show up through walls. If a player is crouching on the other side of a wall, a box will be drawn on the wall right where the player is crouching. Even though you cannot see the player, the ESP box gives you their exact position.

Furthermore, C-D gives the MOD inaccurate information about players' positions. This will ruin ESP, aimbot and other features common in cheats. It will not affect collision detection, because that is done by the engine, which still has accurate information.

Finally, C-D monitors places commonly used by cheats to intercept data from the engine. If Cheating-Death notices that one of these locations has been modified, it disconnects the player. This deprives the cheats of the information they need in order to function, and forces them to change the way they get information which is quite hard, instead of just making themselves look different which is relatively easy.


Client Side Solutions

We realise that in the end we cannot stop hackers with enough motivation from hacking C-D. Everything that runs on the client side can be hacked. Like everything, eventually our latest version of C-D will get hacked, and it is important to remember that cheat makers are very smart. However when it does get hacked, we will change the way we do things and release a new version. Give them something new to hack on.


Other Benefits of Cheating-Death

Here are some other benefits of CD:

No spam. C-D is very quiet. It does not distract you by writing to the screen or saying things.


No network problems. C-D does not open any network connections. Instead it uses Half-Life's built-in messaging system for its client/server communications. You do not have to worry about reconfiguring your firewall or router to use C-D. If Half-Life works on your network, then C-D works on it too.


No lag. C-D does not use up your bandwidth by sending a lot of information on the network. C-D's challenge packet is very small (22 bytes) and is only sent every few minutes.


No list of cheats to update. Since C-D only aims to block certain cheating methods instead of specific cheats, it does not have a list of known cheats that needs to be frequently updated.


No unfair bans. When you get disconnected from a server with a violation, the reason for being disconnected is between you and your conscience. The server admin does not know why you disconnected and therefore cannot ban you. We like to think that everyone is welcome to come back and play fair with cheats turned off.


No constant downloading. You only have to download C-D once, the auto-update feature keeps you up to date.


Frequent updates. If we become aware of cheats that get past C-D, we will release a new version. The average time between cheat release and C-D release is currently 72 hours, but may vary depending on the cheat.

As you now know, Cheating-Death is very different that most other anti-cheating programs. Its main focus has been to make the game more enjoyable, without a lot of hassle. We hope we have been successful.

xiaolysh 发表于 2005-5-12 11:05:57

楼主的英语水平不错,,,,,翻译得如此准确!!!!谢谢!
页: [1] 2 3 4 5
查看完整版本: [color=red][b][原版译文] Cheating-Death反作弊插件介绍及其原理阐述[/b][/color]