Payl Anti Cheat (PAC)

[payl]

Yesterday i talked with jitspoe about approving PAC, he told he have nothing against it. Generally saying it is up to tournament organisators if they want to use PAC or not. If you want PAC to be used on your tournament, feel free to send me PM about it. So for now i want to officially notice that PAC is ready. Therefore...

Payl Anti Cheat 0.9.2

What are requirements for PAC?
-Windows XP,Vista or Seven (XP SP3 only is supported, but might run on all versions).
-hardware DEP supported also by OS (should be okay on all new computers) - if you have problems with PAC saying that it haven't detected DEP, contact me. Be sure to give me computer informations.
-Internet connection (0.5Mib is okay i think).
-Some free space on disc where PAC and paintball is installed (5mb for PAC and 10mb for paintball should be okay).
-No Cheats, rootkits or hacks (defined below).
-Paintball with build defined by organisators.

Matching with PAC
1.Download PAC, unpack if needed and run it
2.Fill in paintball directory (if isn't proper one), your name (dplogin name), Dplogin ID (you can see it in your dplogin profile), and matchcode. Matchcode should be provided before tournament start, and you should share it only with your team.
3.Make sure that you have no cheats active, no other copies of paintball running and your antivirus won't threat PAC as virus/dangerous program. Then tick agreement.
4.Click Start and paintball should run.
5.Check on PAC informations if everything gone ok. If it's okay Status should be as following: PAC installed successfully, you might start gaming.
6.Enter match server with PAC-loaded paintball.
7.When you are done, close paintball.
8.PAC should say "PAC ended communication". You might then turn off PAC window. If it doesn't show up, wait a while and you might get "PAC client disconnected." - if it's green, it should also be okay.
9.Wait for results Be sure that you don't delete actest.txt file that was generated during match (in paintball directory). It might be needed to verify informations (And yes, it's encrypted, so don't think that modifying it will result in no detection).

How to not get banned by PAC?
Generally, any legit user, shouldn't have problems, but due to different definition of cheating in Paintball builtin anticheat, i should redefine it for PAC, and also define some additional informations:
-Cheat is modification (of any kind) that gives you advantage over other players, and isn't allowed by it's creator (Jitspoe).
-Rootkit is any system that tries to hide cheat or any other thing that modify paintball or PAC behavior.
-Hack is program that try to prevent PAC from working, modify PAC behavior or monitor PAC activity (activity doesn't include tools provided with original OS [So doesn't include mods]). So this include debuggers, packet sniffers or any other kind of stuff like that.
If cheat, rootkit or hack will be found by PAC active while playing tournament, you might get reported to me. Then i will review it, and if i will think this might be due to cheat, hack or rootkit, i'll contact Jitspoe or any committee member. Also i might contact you to give me some informations (or files), to be sure that it's unallowed by PAC. If you reject to share those informations or i will be sure that you cheated OR you were trying to fool me/PAC other way then you might get:
-Banned from PAC login system (so you won't be able to use PAC again).
-Kicked out from tournament that you were in OR your whole team might get kicked.
-Banned from Paintball (this is up to Jitspoe and/or committee - i'll provide needed logs).

So where's download?
I don't provide download, because i don't need anyone trying to crack PAC. Download will be provided for teams playing in PAC protected tournaments. Also i might give it to tournament players before they have to use, so they can see if everything is working okay.

What about Linux users or computers that don't have DEP or other requirement?
They should think about moving to PC that support PAC.
If it's impossible they should contact me and/or tournament organisators for possible workarounds.

What about antivirus software?
Generally antiviruses shouldn't detect anything suspicious in PAC, but if it does warn in any way, be sure that it won't prevent PAC from working during match (or modify PAC environment). You might need to disable antivirus or even delete it (i wasn't creating it, that isn't my fault it's so stupid). Also you might tell creators of this antivirus they should stop marking everything other than helloworld as virus.


*I reserve right to modify PAC rules at any moment, without any warning.

*If moderators think it fit more to development, feel free to move it.

Edit: Added image for GUI.

Questions? Problems? Ask below

[Gamabunta]

Nobody is going to be banned solely basing on your detection. Just sayin'.

[payl]

Nobody is going to be banned solely basing on your detection. Just sayin'.

You'll never know. I don't expect anyone to try to cheat with PAC, but well, might happen.
Jitspoe saw parts of PAC source, so i think that those should be reliable for him. But of course, i don't expect to anyone get globally banned because of just PAC detection. But this might also help Jitspoe improving his anticheat, early detection of cheat being developed etc.

[eXitus]

Biggest problems:
- only one paintball installation allowed
- no Linux version (wtf?)
- some antivirus programs will definitely block it. Do you really expect people to turn off their virus protection ?

I don't think PAC will be used until these issues are fixed. At least I won't use it / won't be able to use it.

[payl]

Biggest problems:
1.only one paintball installation allowed
2.no Linux version (wtf?)
3.some antivirus programs will definitely block it. Do you really expect people to turn off their virus protection ?

I don't think PAC will be used until these issues are fixed. At least I won't use it / won't be able to use it.

1.You cannot run multiple instances at same time. Multiple installations are allowed, but you might need to change proposed path.
2.Yeah, no linux version. Linux is totally different, And PAC rely on many tricks used (this is also why some antiviruses might report it as a cheat).
3.Already seen some antiviruses blocking it. For now i know that Avast doesn't block it. Well, if your antivirus doesn't support exceptions, it's not my fault. Being just scared about virus everywhere is stupid... Anyway i might provide VirusTotal scan result if you are unsure (already tested it before, some antiviruses reported as suspicious).

[eXitus]

3.Make sure that you have no cheats active, no other copies of paintball

You should change that sentence then, it really sounded like you couldn't use PAC when you have multiple installations.
If you want PAC to be used in tournaments, a Linux version will be necessary. Excluding Linux users from tournaments (or just telling them to use Windows) is complete nonsense.

[payl]

You should change that sentence then, it really sounded like you couldn't use PAC when you have multiple installations.
If you want PAC to be used in tournaments, a Linux version will be necessary. Excluding Linux users from tournaments (or just telling them to use Windows) is complete nonsense.

Yeah, Fixed.
I don't plan to make Linux version for now. Someone who is better at linux might do it anyway (because i have no experience nor knowledge how to make good anticheat there).
And yes, i forgot that Linux users are just too good to use Windows even if that isn't big problem. So i personally propose just dropping linux version support. This is my opinion on that matter.
I bet no one from matching scene use linux and have no windows they can use for match. So i bet that won't be bigger problem.

Also, this was discussed before. I don't think that we have to discuss about it again. I already told you that i don't plan PAC4linux for now. This isn't probably going to change in future.
So what i propose? Something like:
1.You use linux? Bad, get windows
2.Can't get windows? Use other computer with windows then?
3.Don't have computer with windows? Then wow, you must be living in such a poor country as Poland have to publish demo (for example, this will be up to tourney organisators).

[pvtjimmy]

3.Already seen some antiviruses blocking it. For now i know that Avast doesn't block it. Well, if your antivirus doesn't support exceptions, it's not my fault.

Have anti-virus software, be banned from DP2.

Like seriously Payl, how can you expect anyone to use a software that requires to turn off your anti-virus software?!

[blaa]

 I have ran quite a few tournaments in the past and I can not remember a single time something like this would have been needed. Sorry brother.

[payl]

Like seriously Payl, how can you expect anyone to use a software that requires to turn off your anti-virus software?!

Yeah, never turn your antivirus off, this is gonna kill you... Amen.
There are smart antiviruses that doesn't scream about it, and there are stupid antiviruses that block for trying to use anything other than 'writeln'.

I have ran quite a few tournaments in the past and I can not remember a single time something like this would have been needed. Sorry brother.

Isn't needed doesn't mean isn't helpful. I personally think that would be useful, especially in paid contests. If everyone think that jitspoe anticheat give any protection against cheats... okok, but you might be surprised... Maybe i'll write some easy PoC cheat which is undetectable by pball anticheat (while PAC detect it easily)... We will see in future.
I wrote PAC because i'm scared how jitspoe anticheat is awful (as far as i know), well doesn't look like anyone other think same, but well, i already got alternative anyway.

[T3RR0R15T]

Which data will it send/receive to/from your server?
Can you post a demo log file?
What happens if something got detected?
You wrote that i'm not allowed to have debuggers and packet sniffers on my pc. Do you mean all or some special programs? What about microsoft visual c++, ethereal, winbspc?

[payl]

1.Which data will it send/receive to/from your server?
2.Can you post a demo log file?
3.What happens if something got detected?
4.You wrote that i'm not allowed to have debuggers and packet sniffers on my pc. Do you mean all or some special programs? What about microsoft visual c++, ethereal, winbspc?

1.Send: Logs, version etc.
Receive: Result of operation, update if needed, address of logserver (if i want to use faster server because of my one is free=slow).
2.I think i can...

Code: [Select]

<SEND TIME == PAC VER == IP>
null==code==PAC v.0.7.4
null==code==SafeHash hash1 ::: hash2
null==code==Win 6.1
Check begin.
send_system==code== A=B - Kernel Panic!
<NEXT SEND TIME == PAC VER == IP>
and so on...
This is generally how it looks, i removed hash which follow every line.
SafeHash is my version of HardwareID.

3.It's only send to logserver, where i can take look and determine if something is wrong (i'll probably use applications that will look for anomalies and i'll next review those stranger reports).

4.You are allowed to have those, you aren't allowed to run them while PAC is active. Generally IDE's aren't detected as anything, while debuggers they use might be detected, so at best don't debug while PAC is running. Anyway, i won't threat running debuggers really seriously, until those aren't trying to debug PAC. Special caution is needed with SoftICE, because it's driver mode debugger and as far as i know it is allways active, so PAC might report it.

[pvtjimmy]

Just wondering, can we test your software anywhere or do we have to wait for some official tournament that wants to follow your rules?

I do not organize tournaments myself, but I can imagine no-one will try a tournament with PAC activated unless it has been tested intensively.

[payl]

Just wondering, can we test your software anywhere or do we have to wait for some official tournament that wants to follow your rules?
I do not organize tournaments myself, but I can imagine no-one will try a tournament with PAC activated unless it has been tested intensively.

For now there aren't any possibilities to test PAC for you, but i'm open for ideas. Generally speaking, obvious problem for now, is that when you all download PAC i have mass of logs, and you nor me know which log say what.
For now i'm sure when i'll make final version for some tournament, i'll first send it to Jitspoe.
There are also some people that i already proposed to test PAC, some of them agreed, so they know how it looks for user. I also checked their logs for false positives, and made minor fixes to detection.
I think i'll make another closed test soon, so if you hang on IRC you might get chosen...

Anyway, pvtjimmy, you said you won't disable your antivirus, and your antivirus complained last time probably because of dll injection. This is basic phase of loading PAC into paintball (so 4/5 risk scale lol). I recommend switching to antivirus which doesn't fool you that dll injection is serious danger.
(added) but i don't get why you post about letting people test it, while you yourself refused to test it.

[pvtjimmy]

For now there aren't any possibilities to test PAC for you, but i'm open for ideas. Generally speaking, obvious problem for now, is that when you all download PAC i have mass of logs, and you nor me know which log say what.
...
Anyway, pvtjimmy, you said you won't disable your antivirus, and your antivirus complained last time probably because of dll injection. This is basic phase of loading PAC into paintball (so 4/5 risk scale lol). I recommend switching to antivirus which doesn't fool you that dll injection is serious danger.

(added) but i don't get why you post about letting people test it, while you yourself refused to test it.

Sorry to say, but this is reverse logic to me. How are we supposed to give you feedback on something we can not see or test? As I have nothing better to say, I'd suggest you work on the logs. This seems to be causing problems to you and I hope that if you succeed to improve your detections, more people will use it.

As for the last accusation you make, I can only say that you obviously misunderstood me. At the time you asked me for feedback, you were still in a testing phase to see if stuff works. With my feedback that my anti-virus software does not allow PAC to run, I hoped you would work on this. Now you are suggesting to disable my current anti-virus software, or installing some other. I think this is rather avoiding a problem than actually offering a solution and I can not support this attitude.

Anyway, my offer to help still stands. However, I hope that you will actually work on the feedback you get, and won't just offer alternatives to avoid the existing problems.

[payl]

Sorry to say, but this is reverse logic to me. How are we supposed to give you feedback on something we can not see or test? As I have nothing better to say, I'd suggest you work on the logs. This seems to be causing problems to you and I hope that if you succeed to improve your detections, more people will use it.

I personally think that logs are working fine, but PAC isn't made for being able to handle so many clients overall. So publishing it for free tests would be bad choice i think. This is simply not what PAC is designed for (for now, because i gone to making it into tournament client). I might do testing with some people which are reliable, and thats what i'm doing generally. But i don't like idea with publishing download, as this would cause some problems. But i can understand that everyone want to see how it looks. I'll think about publishing some of next major updates (but this might take some time, because my TODO list is long and i have heavy week in school).

As for the last accusation you make, I can only say that you obviously misunderstood me. At the time you asked me for feedback, you were still in a testing phase to see if stuff works. With my feedback that my anti-virus software does not allow PAC to run, I hoped you would work on this. Now you are suggesting to disable my current anti-virus software, or installing some other. I think this is rather avoiding a problem than actually offering a solution and I can not support this attitude.

There isn't anything i can do about it in fact. There are even antiviruses that call jitspoe anticheat a virus, while i'm trying to tell all of you, that jitspoe anticheat isn't really good. It only use basic methods of checking, i go further and included many tricks to make hackers surprised. That seems to also surprise antiviruses. I was in fact kind of shocked that your antivirus blocked PAC just because it tried to inject dll into firstly created process. I have no idea, what can i do. Injecting dll is most obvious way, and i  thought like "i don't want to do anything suspicious, so let's use basic methods" - and bam, your antivirus came... I can use some more tricky ways, but i think that if i would design antivirus, i would prevent suspicious method, not those well known and widely used. But well, those antivirus companies are trying to tell that they know better, nothing i can do about it.

Anyway, my offer to help still stands. However, I hope that you will actually work on the feedback you get, and won't just offer alternatives to avoid the existing problems.

I can only offer alternatives to overreacting antivirus software, nothing other i can do. I went for non-modifying method of installing PAC, there isn't anything better as far as i see. And well, stupid antiviruses gonna stay stupid and block me again for something stupid. It's better to remove those IMO btw. If you have Se7en or Vista, i think Avast is enough (at least for me it is). But it's not like i'm forcing you to change antivirus, but well, PAC won't support antiviruses that prevent dll injection in near future. Maybe if it will come out that more antiviruses block it, i'll search for other solution. But again, those antiviruses are stupid.

Anway i'm not sure if i still want your help. At first you are trying to help me, and next you trying to troll me. I don't see what's your point. You have to choose if you are trying to help me, being neutral or trying to stop me from doing it. Decide, and follow your decision. I don't like people which are at first nice and then rude and then nice again.

[T3RR0R15T]

Does it have a function to save a log file with everything it send, receive and show as status on the client pc? If not, this is a feature vote for it (don't need to be enabled by default)

There are even antiviruses that call jitspoe anticheat a virus, while i'm trying to tell all of you, that jitspoe anticheat isn't really good.

I don't think that jitspoe can't make a better anti-cheat as it is now. I think he has the same problem with antiviruses like you. If he make the detection more intensive, the game may be blocked by a virus scanner. That's the worst thing that can happen. If it's a bug in the antivirus or not doesn't matter. The people talk about a virus in paintball. That's the end of this game. So, for public games / downloads it's better to have a very high compatibility to antiviruses as have a perfect cheat detection.

You have to choose if you are trying to help me, being neutral or trying to stop me from doing it.

So "neutral" is allowed now

[payl]

Does it have a function to save a log file with everything it send, receive and show as status on the client pc? If not, this is a feature vote for it (don't need to be enabled by default)

For status - no/yes. It saves data that might let me guess what showed up on InjEnv client. But i'm unable to save everything, or i might add that functionality in InjEnv, this is good solution i think.
For receive - no. It's handled by Injector, Injector doesn't provide any logs. And i don't think it's needed, eventual problems with login/authorization are reported with popup message by InjEnv client.
For send - yes. it's encrypted log that is allways active (actest.txt). PAC make this log itself, it contain some more advanced output than online log (only for debugging purpose - and i don't think that i'll give uncrypting utility to anyone).
Well, option to disable might be hard to do, as PAC start this log even before it connect to InjEnv controller. But in some end versions i might add option to disable it.
Terrorist, if you are worried about privacy, i can say there isn't anything more fancy than some paths to files, hashes, number of something or eventually like 20 bytes from memory (no, not your credit card number). But i can't provide you logs, those contain informations what it found all over your computer, and therefore shows what PAC scan what doesn't. Superman seen like 10 messages of earlier version and he already know way too much

I don't think that jitspoe can't make a better anti-cheat as it is now. I think he has the same problem with antiviruses like you. If he make the detection more intensive, the game may be blocked by a virus scanner. That's the worst thing that can happen. If it's a bug in the antivirus or not doesn't matter. The people talk about a virus in paintball. That's the end of this game. So, for public games / downloads it's better to have a very high compatibility to antiviruses as have a perfect cheat detection.

Well, while jitspoe wouldn't have to use dll injector, this is still partialy true. Also jitspoe provide Linux anticheat, while PAC depend on Windows features.

So "neutral" is allowed now

It was allways allowed, if you stay quiet. But some people speak on almost every thread. So i'm not sure if it's possible for everyone to stay neutral.

[jitspoe]

I have a feeling that it's the encryption, not the injection, causing the antivirus false positives.  I had similar problems and just gave up on it.

[Rick]

Does this program check if you're using the right name? Or can I just use Gamabunta's name and use ma hacks?