pouët.net

Go to bottom

Anti-cheat software engineers wanted

category: code [glöplog]
Hi all!

DICE are looking for some badass lowlevel programmers who want to do anti-cheat work. Are you interested in living in Stockholm and working with me and the rest of the crew and improving the online experience in the Battlefield series?

If you are fly with OllyDbg / IDA Pro, know your way around the Windows kernel, can spot dodgy practices hidden deep within the bowels of massive C++ codebases, and want to evangelize security-aware development practices to the rest of the games team, then this might be the gig for you.

The original job ad is available here.

Comments? Questions? Ask them here, or contact me directly at <mikael dot kalms at dice dot se>.

added on the 2012-02-07 09:37:31 by Kalms Kalms
http://www.youtube.com/watch?v=dAOvNRA3G7c
added on the 2012-02-07 11:14:36 by 4kum4 4kum4
Yup. Which is one of the arguments for why we should staff up and put in a more serious effort against cheating in the game.
added on the 2012-02-07 11:28:43 by Kalms Kalms
compared to mw3 bf3 is like 100% safe & hackfree ;) - i love it..
added on the 2012-02-07 11:33:37 by 4kum4 4kum4
Taking the fun out of wireshark :(
added on the 2012-02-07 12:11:17 by xernobyl xernobyl
god all I see is people stabbing and shooting each other....
added on the 2012-02-07 12:14:10 by Navis Navis
Navis: Well, that's just because this is montage of kills. I really hope that this game is a bit more than that. Or at least the amount of killing is not as huge as on that video.

(never played that game)
added on the 2012-02-07 12:19:07 by Tomoya Tomoya
What the hell were you expecting from a game called Battlefield? :D
added on the 2012-02-07 12:51:10 by Gargaj Gargaj
Quote:
I really hope that this game is a bit more than that.
It really, really is :)
added on the 2012-02-07 12:54:47 by ferris ferris
Quote:
What the hell were you expecting from a game called Battlefield? :D

I dunno... bunnies and flowers? :)
added on the 2012-02-07 13:16:51 by Tomoya Tomoya
you mean t-rexes and teddybears!
added on the 2012-02-07 13:55:21 by maali maali
IDA Pro <3 :)
added on the 2012-02-07 16:22:21 by raer raer
if( crc(collision_check_and_stuff_routs) != VALID_ID )
{
if( (gui_items_disable_counter--) < 0)
disable_gui_items();
}

that's what at least Dragonflight on Atari ST did in some very strange way.

added on the 2012-02-07 17:58:07 by lsl lsl
Does this mean there will be a new TBL demo again? Amigaaaaa!!!! :)
added on the 2012-02-07 18:13:40 by magic magic
lsl: That's kindergarten stuff, all of that in BF3 (I suppose) is done server-side with client-side prediction, everything is safe and validated. The actual trickery comes from the client knowing data the player shouldn't know, like positions of the enemy on the map - it's a fairly tactical shooter, and seeing the enemy before they do you is important. If you can modify the client (or hook) in a way that the enemies have big yellow rings around them, you basically won the match before it started. Consider also stuff like automatic aiming and firing (i.e. the client calculates line-of-sight to the hitbox with the biggest damage and fires the appopriate weapon as soon as an enemy is visible) and you're basically playing with a bot.

Plus add to the mix that this stuff isn't done with patching anymore, they simply route out function calls in memory (the very same way .kkapture does) and trick the game into thinking it's completely legit. As far as I know, most of the protection against this is done via the game constantly checking other processes and looking for footprints of detouring. (I've done something similar for our game, which resulted in a hilarious little episode where the engine refused to run, because it thought .kkapture was a cheat app.)
added on the 2012-02-07 18:16:37 by Gargaj Gargaj
i'll just leave it here: http://graphics.stanford.edu/~mdfisher/GameAIs.html
added on the 2012-02-07 18:44:50 by provod provod
so it was that much "kindergarten stuff" that no one managed to crack that game until 2006 ?
Come on...
added on the 2012-02-07 18:45:45 by lsl lsl
how'd you void the trickery to let clients know what they shouldn't? simulate all clients on the server and only send the clients data they should see. there're costs on it.

dunno much about trampolines but how'd you hook a client to calc los if the engine itself is a closed and verified code and the only valid input should be buttons?!
added on the 2012-02-07 18:52:40 by yumeji yumeji
The engine itself might be closed but you can usually expect the codebase to be too large and complex to be 100% verified. So there are weak areas there, which are impossible to see by running the game normally, but can be exploited.

Then you have the inherent latency of the Internet. Sometimes you do want to send more information down to the client than you ideally should, in order to allow the client to run a low-latency simulation of the local world. Imagine for instance if the server did visibility tests, and only sent location informations about players to those which are able to see them (according to the server's world simulation state). What happens when a client turns around quickly? Will that client have to wait for the server to realize that the client has turned around, before the client receives info about the players that came into view? Or is that too game-breaking?
There is a large number of tradeoffs there that are about masking networking lag, where improving the player experience requires the client to know a bit more than it ideally should.
added on the 2012-02-07 19:11:01 by Kalms Kalms
lsl: i dont know how old the game is, but i suppose at the time it was a tough cookie (given the devenvironments at the time) and then at some point some people stopped caring? it's not like people constantly tried to crack it for 15 years.

yumeji: example - i hook all d3d calls and render all objects that use the skinning shader without the z-buffer and with a large glow -> all human characters are easily visible through objects.
added on the 2012-02-07 19:12:16 by Gargaj Gargaj
Quote:
What happens when a client turns around quickly? Will that client have to wait for the server to realize that the client has turned around, before the client receives info about the players that came into view?

Also known as the "All Points Bulletin server-side vehicle simulation" syndrome :)
added on the 2012-02-07 19:15:28 by Gargaj Gargaj
[qoute]example - i hook all d3d calls and render all objects that use the skinning shader without the z-buffer and with a large glow -> all human characters are easily visible through objects.[/quote]

yeh. I get this. but that's something you could trap cause the call destination isn't the same anymore if you inject detours. you could even hash the whole d3d.dll to verify an injection. but sure it's a bit costly to do lots of times in a game.

and about that turn around thing: this is what I meant with costs. you'd need a fast responding system which is not necesarily available.
added on the 2012-02-07 19:56:46 by yumeji yumeji
or you just go for console only and get rid of all cheaters.. which kind of suck too..
added on the 2012-02-07 20:04:41 by v3nom v3nom
I don't know what DICE are thinking, wanting to hire actual experts, when they can get advice like this for free on Pouet!
added on the 2012-02-07 21:15:19 by gasman gasman

login

Go to top