The most solid anti maphack i've heard (i THINK it was...) is apos' method.

He could describe it better than me, but this isn't the first topic about this, so I'm sure it can be found.

Brb looking for it.

You mean this?

Anyway, it's possible to detect which keys are pressed, if we can set that a sequence such as /drop will result in a desync. It isn't too hard actually, we simply have to detect when the player keys enter, and set a switch:

Keystroke(Current Player, Enter);
Set Switch(1, Set)

Switch(1, Set)
Keystroke(Current Player, Not /);
---
Clear switch 1.

Switch(1, Set)
Keystroke(Current Player, /);
---
Set Switch(2, Set)

etc...

Only use a counting method local to the player.

Post has been edited 1 time(s), last time on Aug 30 2011, 12:42 am by Sacrieur.

Yeah, theoretically. Trigger cycles are approximately 12 cycles/second, though, so if someone was pressing and releasing a key faster than 1/12 of a second (not uncommon), it would fail to pick up the entire sequence. It's better than nothing, I suppose.

Your example using switches would work just fine. I explained why this works in this post. It's also the reason as we discussed earlier why it is impossible to send a message to other players when a hacker is detected through display text messages.

Apos' method is essentially the selection detection idea, but with units that cover the entire map, basically forcing the player to select one of the units if they're going to maphack.

Well, it's not quite that easy...for example, suppose the user types the following:
"/r Don't really know :-p"
A common enough thing to say, yes? But your method will identify him as a drophacker, because he typed /, then d, then r, then o, then p.

In order to avoid this, you need additional triggers to reset the counting method when any other key is pressed...but that, in addition to being rather impractical, gives the hacker plenty of possible ways to bypass the detection.

I was looking at the discussion apos was explaining. I didnt quite understand what he did exactly. Did he just put disabled starports over a vital area in the game so only hackers would be able to click on them and crash?

Yeah, that was implied but never elaborated on. The reset idea was there from the beginning (not /). I suppose the only way to bypass it is type it is type faster than 12 keystrokes/s.

With the reset included, typing another letter in the middle of the command and then deleting it (i.e. a typo, intentional or unintentional) would also allow the detection to be bypassed.

You would have to include Backspace and go back one switch.
You would have to include a second Enter and clear all switches.

However I am concerned about how most people who drophack have the version which Pauses the game. When Paused a trigger wont fire.

Yes, basically. Only hackers would be able to see the Starports; other players wouldn't notice a thing. When they click on a Starport, selection detection kicks in and you can drop the player from the game.

ANYWAY

I decided to do a bit of testing and found some addresses that seem to only be modified when certain hacks are injected into SC. Here they are:


(All addresses above appear to have the value 0 when hacks are not injected).

So what does this mean? Well, for the address 0x0008CC10, it appears that injecting various hacks causes the value to change from 0 to 576520. So if the hacker is using Epicsauce and/or Oblivion and/or the plain Drophack injection, this address will detect them of hacking (P.S.: Epicsauce and Oblivion are unstable and often crash SC if you try running them together, but I did it anyway to verify the value doesn't change from the combination). I'm theorizing that this address is related to custom commands (i.e. typing "/drop X" to drop a player), but this is just a guess. Regardless, the EPD should work just fine to prevent hackers of any sort. If your interest is to only prevent Drophackers, and you don't care if the player has Oblivion or Epicsauce, you can use address 0x0008A990, which seems to be only affected when Drophack is injected. Now, I only tested combinations between these three hacks, and other hacks may change the values of some or all of the addresses listed above. If you want to play a more aggressive/risky card, you can use "At Least 1" instead of the exact value, since these addresses seem to only be changed from 0 when something is injected into SC. While it is not necessarily safe to assume these values will always be 0 for non-hackers, it seemed to be the case in my experiment.

TL;DR: Add this trigger to your map and it should protect against the most popular hacks out there (the defeat action will cause desynchronization, so even if they have a stay-alive hack, they'll drop from the other players immediately):




Post has been edited 1 time(s), last time on Aug 30 2011, 3:15 am by Roy.

holy cow, you need to be rewarded like OVER NINE THOUSAND minerals o.O

It goes without saying that since he published those here (and people will want to use them), that they are much more likely to be patched, finding your own values (thus making the values exclusive to your map) is most effective (I believe Roy also wrote a short guide for doing this in another thread).

On the subject of detecting each letter of "/drop " if you added one to the death counter every time a correct letter is typed in succession you could track how far into "/drop " they get prior to making a typo, then add too a seperate death counter for every subsequent typo, and remove the death counters appropriately for each backspace untill they finish typing "/drop " - big fun right?

^ This of course assuming this kind of detection would be effective and lasting in the first place.

Yeah, the methodology I used can be found at the end of segment 4.1 in this post: http://www.staredit.net/304565/

A lot of these hacks haven't been updated since 2009, and I'd feel flattered if they honestly took the time to rewrite it because I publicly posted a few memory addresses that seem to work. I know a lot of hackers weren't too happy about the Drophack being leaked to the public, though, so the chances of another Drophack being patched and leaked again aren't phenomenal. That's why I posted an address specific to this hack, in the event that Oblivion and Epicsauce are updated.

Also, if the hacker knew that EUDs were in place to detect keystrokes, they could always press and release the key faster than 1/12th of a second to completely and safely bypass key press detection. They wouldn't have to worry about making purposeful typos.

Hey Roy, I just tested with Oblivion 4.0.6b and nothing happens. I'm guessing you tested with the newest Oblivion, 4.0.6f

I have attached the map so you can see if I made any errors in implementing your addresses.

I'm finding that Oblivion DLs are drying up... I'm getting corrupt .zips from gamerzneeds.net and gamethreat.net has taken down its download section completely.
Generally this is a good thing, but bad for testing antihacks.

Anyways... hate to make you do more work but the best scenario would be if you worked out the addresses for some of the older Oblivions, I think. Oblivion 4.0.2 was what I had a working antihack for back in 2009.

EDIT: PS I can attach my copy of Oblivion if you want to try it yourself just let me know. And I want to know what Oblivion you got!

Attachments:

Post has been edited 1 time(s), last time on Aug 30 2011, 4:50 am by Tank_7.

edit: so Roy, do you think zynastor is now focused on sc2? o.O

Post has been edited 3 time(s), last time on Aug 30 2011, 6:07 am by jjf28.

Actually, with my anti map hack method, something weird happens. I'm pretty sure I explained it in an other post, but I'll post it right here too.

When using Oblivion, for some reasons (According to rockz I believe, it's cause by disabled units) the game drops and crashes even before the hacker clicks on any of the hidden units. This does not happen when using Freedom, only with Oblivion. (I think that Freedom is dead though.)

Note: I don't have the map showing the anti map hack. If someone else could upload it, it would be very nice to do so.

Edit: Here it is: Apos' Marine Rush with antihack in it.

Post has been edited 2 time(s), last time on Sep 2 2011, 11:53 pm by Apos.

Sorry but that method can NEVER work.
0x0008CC10? If anything read from there it would crash my game. Nothing is statically allocated there.

You guys don't seem to understand the concept of dynamic memory. You should only reference modules that are in most cases loaded at an absolute address, like Starcraft.exe and Storm.dll. That's pretty much all you're limited to (unless you also want to include battle.snp, which means your map will only be playable on Battle.net).

Typically the address range for the Starcraft module is 0x00401000 - 0x006DD694. You should never use EUDs outside this range if at all.
DLLs usually contain an "image base" such as 0x15000000 for Storm.dll, but they do not necessarily need to be loaded at that address. It is merely a guideline. Even more uncertain are dynamic allocations, which you guys keep referencing in just about every topic about this.

Referencing a dynamic allocation is like selecting your map and pressing DELETE, confirming the dialog, then emptying your Recycle Bin.

Surely you should test it and confirm that it works before you get all excited, because...


I made a test map and this is exactly what happened.

That's interesting. I knew about dynamic allocation but never really understood it. Thanks for the clarity.

WOMM

Yeah, ignore my post. Heinermann is right.

Noooºººº°°°°····000OOOóóóÖÖÖÖòòòòöööööôôôô••••
I was so dreamy about a new era of antihacking like in early Star Quest w/ AntiHack check link

Exactly what I thought after reading this again