This wiki is archived and useful information is being migrated to the main bzflag.org website

Difference between revisions of "Known Cheats"

From BZFlagWiki
Jump to: navigation, search
(copy KnownCheats from old wiki)
 
m (Link to roadmap for future changes not 3.0 specific page.)
 
(49 intermediate revisions by 29 users not shown)
Line 1: Line 1:
Cheats performed on BZFlag are usually made by modifying your client. A great deal of power is invested in the client program, and therefore the client may cheat in every way from creating invincible tanks, to invisibility, to super killing. If you have seen any cheats, have performed them yourself, or have noticed a hole in the source, please add it here.
+
Cheats performed on BZFlag are usually made by modifying your client. A great deal of power is invested in the client program, and therefore the client may cheat in every way from creating invincible tanks, to invisibility, to super killing. If you have seen any cheats, have performed them yourself, or have noticed a hole in the source, please add it here. Preventions for many of these cheats are on the [[Development RoadMap]]
  
== List of Known Cheats ==
+
== Warning ==
A cheater may:
+
Do not use a modified client on a public server. If you are found to be using a cheat client, you will likely be banned from multiple servers and could quickly find yourself with nowhere to play.  Cheating in BZflag is not the same as using a cheat code in a PlayStation game. See also the ''Notes on "CHEAT" servers'' at the bottom of the [[BZFlag_README | README]], which forbid the hosting of a "cheat" server. A copy of the README is included with the source code and is displayed when you install a pre-compiled copy of the game.
  
    * fly without Wings.
+
== Blatant Cheats ==
    * shoot teammates without blowing them up.
+
The following cheats are considered "blatant" cheats because they are usually apparent, even to new players.
    * spawn with a flag (usually Guided Missile or Genocide, but can be anything).
+
 
    * get any flag on demand (people get the exact flag they need to escape from you!).
+
NOTE: Some of these cheats may be prevented or already fixed in certain versions of BZFlag.
    * respond differently to gravity.
+
 
    * move at a different rate (usually faster).
+
A cheater may:
    * shoot bullets that travel at a different rate (usually faster).
+
* shooting shots with vertical velocity while no vertical velocity is allowed on the map
    * hold multiple flags (such as shockwave, cloak, and stealth).
+
* making it seem like a teammate keeps killing another player
    * fire multiple shots (i.e. firing spreads of shots at once).
+
* fly without Wings.
    * cover the field with SW blasts.
+
* steal from or give flags to other players.
    * not respond to bad flags.
+
* give flags to observers.
    * move and pickup flags while paused.
+
* rapidly pickup and drop every flag on the map, as if a flag reset were performed.
    * shoot other tanks while paused.
+
* spawn with a flag (usually Guided Missile or Genocide, but can be anything).
    * instantaneous travel to a new location.
+
* be immune to the effects of bad flags.
    * lock on to other players with flags other than Guided Missile (or no flag at all).
+
* grab a new flag when passing through a teleporter (when no flag exists).
    * grab a new flag when passing through a teleporter (when no flag exists).
+
* move, pickup flags, or shoot other tanks while paused.
    * double jump.
+
* move through buildings without Oscillation Overthruster ("wall walking").
    * shoot bullets which cannot be seen on radar or in the HUD.
+
* move backwards through buildings with the Oscillation Overthruster.
    * cause the bullets of other tanks to explode prematurely.
+
* drive outside of the playing area.
    * be completely invincible.
+
* jump back briefly to avoid a bullet then return to where you were ("network jitter").
    * be partially invincible, repelling everything but some particular flags (often SW is chosen).
+
* double jump.
    * drive outside of the playing area.
+
* move vertically on a map very quickly or higher than settings would normally allow.
    * produce abnormally large shockwave blasts.
+
* instantaneous travel to a new location.
    * "drag 'n drop", moving from any location to any other at any speed.
+
* jump and land at a pre-determined set of coordinates (i.e. the center of a team pad).
    * be zoned, but yet still shoot tanks that are not zoned.
+
* shoot teammates without blowing them up.
    * instantly kill everyone else. :-/
+
* shoot bullets that travel at a different rate (usually faster).
    * move backwards through buildings with the Oscillation Overthruster.
+
* shoot bullets that travel at impossible linear paths (i.e. downwards, sideways).
    * produce abnormally long laser blasts (in terms of length and time).
+
* shoot bullets from any side of their tank.
    * move through buildings without Oscillation Overthruster.
+
* fire multiple shots simultaneously, often in spreads & separate impossible paths.
    * jump back briefly to avoid a bullet then return to where you were ("network jitter").
+
* shoot bullets which cannot be seen on radar or in the HUD.
    * promote themselves to server administrator and give large bans and kicks.
+
* cause himself to be shot by any other player, even if no shots were fired or the player hasn't spawned (AKA "TK Cheat").
    * be completely invisible (or faded) without cloaking.
+
* produce abnormally long laser blasts (in terms of length and time).
    * change variables without polling succesfully or being an admin
+
* be zoned, but yet still shoot tanks that are not zoned.
 +
* become instantly unzoned.
 +
* not lose flags when paused.
 +
* cause the bullets of other tanks to explode prematurely.
 +
* lock onto stealthed players while using Guided Missile.
 +
* produce abnormally large, small, or frequent shockwave blasts.
 +
* produce shockwaves at several locations simultaneously.
 +
* respond differently to gravity.
 +
* move at a different rate (usually faster).
 +
* instantly self-destruct.
 +
* be completely invincible to shots ("god mode").
 +
* be invincible while on auto-pilot.
 +
* be partially invincible, repelling everything but some particular flags (often SW or SR are chosen).
 +
* instantly kill everyone else.
 +
* spawn without delay or very rapid respawns (Has been fixed in 2.0.11).
 +
* be joined as an observer, but playing with a visible, invincible tank
 +
* be able to strafe or slide left or right
 +
* send chat messages that appear to have come from another player
  
 
== Subtle Cheats ==
 
== Subtle Cheats ==
All the cheats listed above are "blatant" cheats in that they are easy to spot. There is a whole class of "subtle cheats" which are nearly impossible to spot. I'm documenting these cheats on the [[Subtle_Cheats]] page. - His Blind Ambition
+
'''Subtle cheats''' are modifications to the BZFlag client that give the user an unfair advantage.  Unlike the obvious "blatant" cheats, these modifications are often difficult to detect by other players. These modifications often involve small changes to existing source code, and will make their users appear luckier, more intuitive, or more accurate shooters, giving them a slight edge.
 +
 
 +
Some of these cheats may be detected by examining long-term player statistics. For example, if a specific player picks up a certain superflag 80% of the time over an extended period, on a map where flag positions are completely randomized, then there is strong reason to suspect the player of using a flag identification cheat.  
 +
 
 +
The following is a list of known subtle cheats:
 +
 
 +
[[Image:Bzfi0002.png|thumb|A screenshot taken on a typical cheat client. Various modifications and enhancements are visible.]]
 +
[[Image:Coo.png|thumb|A screenshot taken on cheat client.]]
 +
 
 +
;FlagColoring
 +
:Flags are given unique colors (or some other identifying feature - colors are simplest). This can be applied to some, or all flags. For example, bad flags are brown, Shock Wave is cyan, Stealth is orange, Guided Missile is pink, etc. This allows the user to avoid bad flags, spot good flags from across the map, and tell what flags other players are carrying or picking up much more easily.
 +
 
 +
;RadarPath
 +
:The player can see bullet trajectories at an extended length, making shots easier to avoid, or aiding with targeting. The latter function is used mostly on ricochet maps.
 +
 
 +
;StealthDetect
 +
:The player can see stealthed tanks on the radar. Often times the cheater's client will flash the stealthed tank on the cheater's radar. This allows a cheater to know that he shouldn't be able to know that tanks position and allow him to "play dumb".
  
== Other Experiences ==
+
;CloakDetect
I compiled such that I see players ip numbers. I saw a tank that did not display an ip It also did not display what flag it had, and if you right clicked on it it did not say the player or flag. GM could lock on the tank, but far on the left of the screen it would say in red Locked o . . . the rest was off the screen. (possibly due to non-printable characters in the username)
+
:The player can see cloaked tanks on the field. Often times the cheater's client will show cloaked tanks as zoned tanks (as if holding the PZ flag).
  
It is also possible to change the size of the tank making it almost impossible to hit except with GM or SW.
+
;DisableBadFlags
 +
:Bad flags whose effects are invisible to other players are disabled from affecting the tank.
  
Ignoring death - changing != Shield to == Shield
+
;NoGenocide
 +
:A teammate is  impervious to Genocide.
  
I can't prove it, but I'm pretty sure I've seen some people reload faster than the standard reload time. For example, on a two-shot server, I'll shoot two shots, then the enemy will shoot two, then before I've reloaded, they've shot again. WHAT?
+
;FunnyBullet
 +
:Various cheats that affect the manner in which bullets are fired are possible. The simplest is to increase bullet velocity.  Other cheats include launching multiple bullets in different directions and giving bullets a vertical slope. Many of these cheats are less subtle, and discussed above.
  
Pretty often you have these "instant-pause" cheaters. They're in a bad situation and -zing- in the next moment they're in pause mode. Sweet.
+
;SkinnyTank
 +
:Normally, if your aim is a little bit off, you can still kill a tank. When this cheat is in effect, other players have to aim more accurately to kill the user.
  
I once saw a tank which shoots in 8 different directions around . . . this tank also seemed immortal. . . .
+
;ImprovedConsole
 +
:The player's console provides more information than is normal. It's debatable whether this should be considered a cheat or not, but players with better consoles will have a slight advantage.
  
A tank that can do several things at the same time, such as shooting a gm and a regular shot and a shockwave surounded it.
+
;GuidedMissileWontUnlock
 +
:When the user is killed, his guided missiles remain locked on their targets. This is harder to detect than a Guided Missile being able to lock onto stealthed players, which is discussed above.
  
I saw a tank with shots dragging behind it in a line like some mines. . . .
+
;Guided Laser
 +
:A player can lock-on with the laser flag as if it were Guided Missile. Can fire in all directions, regardless of VerticalVelocity server settings
  
I've been attacked by guided "guided missiles" when having stealth flag
+
[[Image:Bzfi0001.png|thumb|A hacked client equipped with the ProgressiveIdentify cheat. One flag has been identified so far.]]
  
Killing a tank then they respawn behind you in perfect position every time.
+
;BulletFreeZone
 +
:Any player in the game can cause anyone else's bullets to explode prematurely (if their client is hacked). Here are a few possible effects:
 +
:# A victim (or victims) will not be able to fire his weapon (bullets will explode shortly after leaving the muzzle). Others can't tell who is causing this.
 +
:# Bullets will explode before hitting a cheater, as if the cheater has a forcefield.
 +
:# Bullets will explode before hitting a "victim" who is not the cheater, creating the impression that the victim has a forcefield and is cheating. Or the cheater could create the impression that a whole group of tanks are cheating.
 +
:# Bullets will not be allowed to enter a "bullet-free zone" (such as a building or platform).  
  
ok, letsgo
+
;TinyCloak
 +
:The cheater's tank is modified to be smaller and harder to hit, but only when carrying the Cloaking flag.  Making a tank this hard to hit would be a blatant cheat if the tank wasn't cloaked.
  
For the future: Some very inflexible ways to prevent cheating include MD5 checks.
+
;ProgressiveIdentify
 +
:A variation of the FlagColoring cheat. The client holds the identity of each flag in memory whenever it is picked up by any player and displays the flag type on the cheater's HUD.
  
If you release pre-compiled binaries for several platforms (which you should always), then you could send the MD5 of the current binary being used to the server for verification. There can then be servers for "verified" non-cheaters to play on, and also separate "non-verified" servers for folks who have compiled their own code.
 
  
Couldn't a client just hand a preset string and not it's actual md5 hash? or is there some nifty ways around this? TimRiker has not found one, so this will not be implemented.
+
In addition to the above subtle cheats, a cheater may:
 +
* have a wider than normal field of vision (e.g. 120 degrees)
 +
* have Guided Missles modified to not lock onto team mates
 +
* modify the turn rate of his Guided Missles
 +
* modify the way his targets are selected for Guided Missle lock
 +
* have an indicator showing when an opponent is in reloading mode
 +
* modify his client string
 +
* automatically self-destruct if a geno bullet comes too close to him
 +
* see the screen and radar when paused
 +
* be able to see who locked on them with a Guided Missle
 +
* have radar or different radar settings independent of server radar settings
 +
* have lines on the radar showing which way each tank is facing
 +
* see burrowed tanks as regular tanks on the radar
 +
* have no limits imposed upon the radar "/set _radarLimit 0 or Burrow do not affect the radar"
 +
* have shots by a zoned tank not show up on radar
 +
* make slight turns when falling
 +
* have different binocular zoom settings
 +
* fire with no delay after stealing, or steal from far away, a flag using thief
 +
* have an indicator showing how many wing jumps are left
 +
* see invisible bullets on radar
 +
* see opponent's team color despite opponent having masquerade flag
 +
* have an auto-aiming ability that lines up on other tanks to fire upon
 +
* be able to enable auto-pilot on non-auto-pilot maps
 +
* be able to enable/disable/enable auto-pilot without delay
 +
* be able to enable auto-pilot without notifying the server/other players
 +
* be able to pause instantly in mid-air
  
What we need to do is get a full server state and let the server decide who is cheating. Remember, we can't trust the client! How about partial server state, where the server uses periodic sanity checks: ie, player 1 just jumped, does it land where I expect it to? Hey, player 2 just shot 50 rounds/sec!, etc.
+
== Other Malicious Activities ==
 +
The following is a list of malicious activities that cheaters might also engage in:
  
Server-side state checking might cause too much load for the server; how about state checking in the clients? Ie. every client checks the actions of all other tanks that are around, so in the end every tank's action is checked by one or several other tanks for illegal moves.
+
* attempt to guess or "crack" the server or map's password.
 +
* the use of "Bots" or "Drones" to lag a server by sending large amounts of data or using client commands rapidly
 +
* the use of "Bots" or "Drones" to deny a poll or create and complete a poll in the favor of the cheater
 +
* the use of thousands of private messages to "ddos" certain players, so their client just halts
 +
* the use of a bunch of registered bot callsigns to start and win polls (usually to ban players)
  
Well, MD5 checksums aren't that bad an idea. Everytime you "make" BZFlag (which will work for compiling from source or using binaries), a collection of MD5's could be made of all the C++ files and their headers. These could then be combined into a single string. The date of the compilation is already recorded, and could be encrypted along side the MD5 (although not part of it). The server would then compare the MD5 (sent immediately on join) with the server's own MD5 made when it was "make"d. The server can then identify a false client by comparing the encrypted compilation date to the date of client compilation which is public. A client which did not match would NOT be booted, or be prevented from joining, but would be seen as a non-standard, modified, or outdated client. Just a thought. - Happy Tanker
+
[[Category:Gameplay]]
 +
[[Category:Server]]
 +
[[Category:Server Security]]

Latest revision as of 22:56, 9 February 2013

Cheats performed on BZFlag are usually made by modifying your client. A great deal of power is invested in the client program, and therefore the client may cheat in every way from creating invincible tanks, to invisibility, to super killing. If you have seen any cheats, have performed them yourself, or have noticed a hole in the source, please add it here. Preventions for many of these cheats are on the Development RoadMap

Warning[edit]

Do not use a modified client on a public server. If you are found to be using a cheat client, you will likely be banned from multiple servers and could quickly find yourself with nowhere to play. Cheating in BZflag is not the same as using a cheat code in a PlayStation game. See also the Notes on "CHEAT" servers at the bottom of the README, which forbid the hosting of a "cheat" server. A copy of the README is included with the source code and is displayed when you install a pre-compiled copy of the game.

Blatant Cheats[edit]

The following cheats are considered "blatant" cheats because they are usually apparent, even to new players.

NOTE: Some of these cheats may be prevented or already fixed in certain versions of BZFlag.

A cheater may:

  • shooting shots with vertical velocity while no vertical velocity is allowed on the map
  • making it seem like a teammate keeps killing another player
  • fly without Wings.
  • steal from or give flags to other players.
  • give flags to observers.
  • rapidly pickup and drop every flag on the map, as if a flag reset were performed.
  • spawn with a flag (usually Guided Missile or Genocide, but can be anything).
  • be immune to the effects of bad flags.
  • grab a new flag when passing through a teleporter (when no flag exists).
  • move, pickup flags, or shoot other tanks while paused.
  • move through buildings without Oscillation Overthruster ("wall walking").
  • move backwards through buildings with the Oscillation Overthruster.
  • drive outside of the playing area.
  • jump back briefly to avoid a bullet then return to where you were ("network jitter").
  • double jump.
  • move vertically on a map very quickly or higher than settings would normally allow.
  • instantaneous travel to a new location.
  • jump and land at a pre-determined set of coordinates (i.e. the center of a team pad).
  • shoot teammates without blowing them up.
  • shoot bullets that travel at a different rate (usually faster).
  • shoot bullets that travel at impossible linear paths (i.e. downwards, sideways).
  • shoot bullets from any side of their tank.
  • fire multiple shots simultaneously, often in spreads & separate impossible paths.
  • shoot bullets which cannot be seen on radar or in the HUD.
  • cause himself to be shot by any other player, even if no shots were fired or the player hasn't spawned (AKA "TK Cheat").
  • produce abnormally long laser blasts (in terms of length and time).
  • be zoned, but yet still shoot tanks that are not zoned.
  • become instantly unzoned.
  • not lose flags when paused.
  • cause the bullets of other tanks to explode prematurely.
  • lock onto stealthed players while using Guided Missile.
  • produce abnormally large, small, or frequent shockwave blasts.
  • produce shockwaves at several locations simultaneously.
  • respond differently to gravity.
  • move at a different rate (usually faster).
  • instantly self-destruct.
  • be completely invincible to shots ("god mode").
  • be invincible while on auto-pilot.
  • be partially invincible, repelling everything but some particular flags (often SW or SR are chosen).
  • instantly kill everyone else.
  • spawn without delay or very rapid respawns (Has been fixed in 2.0.11).
  • be joined as an observer, but playing with a visible, invincible tank
  • be able to strafe or slide left or right
  • send chat messages that appear to have come from another player

Subtle Cheats[edit]

Subtle cheats are modifications to the BZFlag client that give the user an unfair advantage. Unlike the obvious "blatant" cheats, these modifications are often difficult to detect by other players. These modifications often involve small changes to existing source code, and will make their users appear luckier, more intuitive, or more accurate shooters, giving them a slight edge.

Some of these cheats may be detected by examining long-term player statistics. For example, if a specific player picks up a certain superflag 80% of the time over an extended period, on a map where flag positions are completely randomized, then there is strong reason to suspect the player of using a flag identification cheat.

The following is a list of known subtle cheats:

A screenshot taken on a typical cheat client. Various modifications and enhancements are visible.
A screenshot taken on cheat client.
FlagColoring
Flags are given unique colors (or some other identifying feature - colors are simplest). This can be applied to some, or all flags. For example, bad flags are brown, Shock Wave is cyan, Stealth is orange, Guided Missile is pink, etc. This allows the user to avoid bad flags, spot good flags from across the map, and tell what flags other players are carrying or picking up much more easily.
RadarPath
The player can see bullet trajectories at an extended length, making shots easier to avoid, or aiding with targeting. The latter function is used mostly on ricochet maps.
StealthDetect
The player can see stealthed tanks on the radar. Often times the cheater's client will flash the stealthed tank on the cheater's radar. This allows a cheater to know that he shouldn't be able to know that tanks position and allow him to "play dumb".
CloakDetect
The player can see cloaked tanks on the field. Often times the cheater's client will show cloaked tanks as zoned tanks (as if holding the PZ flag).
DisableBadFlags
Bad flags whose effects are invisible to other players are disabled from affecting the tank.
NoGenocide
A teammate is impervious to Genocide.
FunnyBullet
Various cheats that affect the manner in which bullets are fired are possible. The simplest is to increase bullet velocity. Other cheats include launching multiple bullets in different directions and giving bullets a vertical slope. Many of these cheats are less subtle, and discussed above.
SkinnyTank
Normally, if your aim is a little bit off, you can still kill a tank. When this cheat is in effect, other players have to aim more accurately to kill the user.
ImprovedConsole
The player's console provides more information than is normal. It's debatable whether this should be considered a cheat or not, but players with better consoles will have a slight advantage.
GuidedMissileWontUnlock
When the user is killed, his guided missiles remain locked on their targets. This is harder to detect than a Guided Missile being able to lock onto stealthed players, which is discussed above.
Guided Laser
A player can lock-on with the laser flag as if it were Guided Missile. Can fire in all directions, regardless of VerticalVelocity server settings
A hacked client equipped with the ProgressiveIdentify cheat. One flag has been identified so far.
BulletFreeZone
Any player in the game can cause anyone else's bullets to explode prematurely (if their client is hacked). Here are a few possible effects:
  1. A victim (or victims) will not be able to fire his weapon (bullets will explode shortly after leaving the muzzle). Others can't tell who is causing this.
  2. Bullets will explode before hitting a cheater, as if the cheater has a forcefield.
  3. Bullets will explode before hitting a "victim" who is not the cheater, creating the impression that the victim has a forcefield and is cheating. Or the cheater could create the impression that a whole group of tanks are cheating.
  4. Bullets will not be allowed to enter a "bullet-free zone" (such as a building or platform).
TinyCloak
The cheater's tank is modified to be smaller and harder to hit, but only when carrying the Cloaking flag. Making a tank this hard to hit would be a blatant cheat if the tank wasn't cloaked.
ProgressiveIdentify
A variation of the FlagColoring cheat. The client holds the identity of each flag in memory whenever it is picked up by any player and displays the flag type on the cheater's HUD.


In addition to the above subtle cheats, a cheater may:

  • have a wider than normal field of vision (e.g. 120 degrees)
  • have Guided Missles modified to not lock onto team mates
  • modify the turn rate of his Guided Missles
  • modify the way his targets are selected for Guided Missle lock
  • have an indicator showing when an opponent is in reloading mode
  • modify his client string
  • automatically self-destruct if a geno bullet comes too close to him
  • see the screen and radar when paused
  • be able to see who locked on them with a Guided Missle
  • have radar or different radar settings independent of server radar settings
  • have lines on the radar showing which way each tank is facing
  • see burrowed tanks as regular tanks on the radar
  • have no limits imposed upon the radar "/set _radarLimit 0 or Burrow do not affect the radar"
  • have shots by a zoned tank not show up on radar
  • make slight turns when falling
  • have different binocular zoom settings
  • fire with no delay after stealing, or steal from far away, a flag using thief
  • have an indicator showing how many wing jumps are left
  • see invisible bullets on radar
  • see opponent's team color despite opponent having masquerade flag
  • have an auto-aiming ability that lines up on other tanks to fire upon
  • be able to enable auto-pilot on non-auto-pilot maps
  • be able to enable/disable/enable auto-pilot without delay
  • be able to enable auto-pilot without notifying the server/other players
  • be able to pause instantly in mid-air

Other Malicious Activities[edit]

The following is a list of malicious activities that cheaters might also engage in:

  • attempt to guess or "crack" the server or map's password.
  • the use of "Bots" or "Drones" to lag a server by sending large amounts of data or using client commands rapidly
  • the use of "Bots" or "Drones" to deny a poll or create and complete a poll in the favor of the cheater
  • the use of thousands of private messages to "ddos" certain players, so their client just halts
  • the use of a bunch of registered bot callsigns to start and win polls (usually to ban players)