GregorClegane
   |
Posted - 2011.04.06 06:27:00 -
[1]
@CCP Sreegs: Just two matters.
1. Could you confirm that you are aware of what a widespread bot maker said? It may help your team.
 Quote:
Here's what I see happening, initially CCP will detect bots by behavior. It's probably how they caught the <removed>, <removed> bot users. Since neither of those two actually change anything within EVE.
After most of them are caught, I see CCP going for the 'injectors'.
You have two flavors, you have the Python injectors (<removed>) and you have the 'process' injectors (<removed> and <removed>). Both are easy to stop but I see the python injectors easier to stop then <removed>/ <removed>. For the Python Injectors you could easily just remove the PyRun_ functions completely, with no way of them to actually inject Python, it'll end pretty damn fast for them.
To disable <removed>/ <removed>in the same way would mean that they'd have to remove the other python functions as well, and those are most likely used by their interal C/C++ functions as well. So that's not really possible. A 'quick' solution would be to mask those functions by using an obfuscator, but that wouldn't stop <removed>(it would stop me, because I'd be too bored to keep searching for the required functions).
Once you're done with the obfuscation path, you'd add checks to the Python functions to detect unauthorized usage. This step would have to be done after the obfuscation, otherwise it would be too easy to crack.
Possible ways of detecting unauthorized usage would be to send the call-stack to the server (for both the c/c++ functions as for the python functions!), this was done by the Blizzard-Warden and while not impossible, very hard to circumvent. The way to circumvent this would be by modifying the code, however if you then have a separate thread/function/whatever to check for code modifications then it suddenly becomes a factor 10 harder.
Once your done with that, here's another simple step. Obfuscate your Python code already, but not in the traditional way. Randomize your byte code! Yes, you have the source for both the Python compiles as you do for the Python runtime. Every patch you change this bytecode and RE'ing the python code has become near impossible.
After that you've pretty much stopped <removed> and <removed>or made their life very hard.
And CCP, at least give me some credit if you decide to implement some of my idea's ;) Even if it's just by a private email which you can easily deny exists. (and yes I know your most likely reading this!)
2. 3 Strikes Policy:
I guess you have already indirectly answered this but... Are you stating that people who have been botting for months/years taking an unfair advantage over legit pilots will just get two warnings before their accounts are permanently banned?
So... all the 'smart' botters will just get away withouth any real punishment if they stop botting after the 1st/2nd strike?
From my point of view Zero Tolerance is the way to go, the 3 strikes policy is telling me that CCP doesn't want to risk their income punishing cheaters since they are aware about how widespread cheating behaviour it is nowadays.
I know corpmates that use bots and haven't even get the 1st warning yet. |