Announcement

Collapse
No announcement yet.

NHK anti-cheat mutator [IMPORTANT UPDATE]

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    NHK anti-cheat mutator [IMPORTANT UPDATE]

    Important Update:

    The Clanbase decided to NOT use the NHK anti-cheat software anymore.
    view announcement
    Originally posted by vega
    AntiCheat News

    After a lot of discussions the ClanBase C&A department has decided to NOT support the NHK anticheat tool anymore.

    If you are currently serving a ban based on the above mentioned anticheat, you can appeal so you will be unbanned as soon as possible.
    In the name of Donzi I ask you to update all the threads out there.
    (raw translation of Donzi's post in the UTzone thread)
    Originally posted by Donzi
    Dear community,

    Thank you for your support!
    There were plenty of threads, not just here [at UTzone.de] but also on English community boards, clan boards, etc..

    I ask you to stop any boycott of the Clanbase and to close all the threads.
    Our success proves that you can't do everything to us, the community.

    [...]
    Donzi will be unbanned. The UTzone clan will play at the Clanbase cups again.



    THANK YOU UT2004 COMMUNITY!


    ______________ ______________ ______________ ______________ ______________ ______________ ______________ ______________
    ______________ ______________ ______________ ______________ ______________ ______________ ______________ ______________


    For those of you who did not hear of NHK yet:
    • An anti-cheat software/mutator called NudeHaxKiller (shortform: NHK) has been discovered some time ago.
    • The Clanbase used this software since min. two years and neither has it been mentioned in the rules nor anywhere else! It was approved by the Clanbase-ACT.
    • NHK is also in use on [ST2] servers - also since min. two years.

    __________________

    Here are some information about NHK

    What is NHK?
    • NHK has been made by the clan [ST2] (Sanctuary*Tigers), [ST2]DavVador coded it.
    • As previously mentioned it's an anti-cheat software/mutator

    What does NHK do?
    • It scans your whole HDD, your USB devices and your network! Everything that is suspicious for this software will be noted in a log the NHK admins have access to. [UPDATE] Now the logs are encrypted. If a log leaks, others will not be able to decypher the names of the files and its paths.
    • NHK creates a list that contains all your Windows usernames on the server.
    • Unknown keybinds in the User.ini will be added to the log on the server.
    • NHK does not only search for UT2004 cheats but also for other cheats like CoD4 cheats.
    • NHK searches for the UT3 directory. However, it is 100% not clear why it does this. It might be that it searches for unknown and suspicious files there too.
    • Even spectators will be scanned when they join the server. [UPDATE]
      However, now an agreement has been added and you can leave the server without being scanned

    What can NHK admins do?
    • NHK admins are determined via a configurable GUID list. There are no admin logins with a password, the admins have always full rights and no player can check this.
    • NHK admins can use console commands on any client. This way they can "manipulate" the game of any player. The player might have problems to join Anti-TCC servers after such an "attack".

    How can I identify a server that runs NHK?
    • NHK is not listed as a mutator [UPDATE] The NHK mutator has been updated and is now listed as a mutator.
    • NHK does not ask you before it starts to scan your PC. [UPDATE] Apparently a "message of the day" has been added that contains the "rules" a link to the "rules" ("if you stay on the server you get scanned") and you have some time to leave before it starts to scan you. However, it still does not ask you like Anti TCC does. If you notice such a m.o.t.d. with a link on a server without Anti TCC I recommend to immediately leave the server. [UPDATE] Now an agreement has been added: You can agree and join the server, the mutator will scan you then. If you disagree, you will disconnect from the server and the mutator won't do anything.
    • You cannot see that NHK scans you in the console (unlike in Anti TCC).
    • A scan can be about 30 seconds up to 2 minutes long. While it scans your PC you will encounter very strong lags. You cannot compare those to the lags that Anti TCC causes while scanning.

    __________________

    An example of what NHK can do is the following situation:

    Donzi, an admin at UTzone, serves the community since 2003. He adds cheats to the Anti TCC blacklist and exchanges the updated list with other admins.

    One day he got a mail by {FA2K}-dm. It had an attachment with a cheat that was at first quite unknown and Donzi should add it to the blacklist.
    After he added the cheat to the blacklist he forgot to remove the files from his network HDD.

    Some time later he had a conversation with [ST2]DavVador (an admin) about NHK.
    This is the conversation:
    [22:27] ([ST2]DavVador) any mounted partition on the computer
    [22:32] ([ST2]DavVador) so people dont have any informations while being scanned
    [22:32] ([ST2]DavVador) except their computer is lagging like hell
    [22:34] ([ST2]DavVador) as i said to death, i would really appreciate if it stays as secret as possible
    [22:40] (Donzi|UTzone) without an agree we cant scan the complete hdd, agaionst the law
    [22:40] ([ST2]DavVador) yeah i know
    [22:41] ([ST2]DavVador) if you wanna experience the lag and see the kind of motd we use
    [22:43] (Donzi|UTzone) ok,but, i test some hax, because to write them into my blacklist. so, i hope it doenst find anything ^^
    [22:44] ([ST2]DavVador) we'll see ^^
    Donzi joined the server. It was not a real match, just a demonstration of NHK.
    Not a single shot has been fired and no other player was on the server (except for [ST2]DavVador of course). The reason for the connection was the functionality and the spreading of the mutator.

    The mutator found the *.dll and *.exe files, created a log and DavVador sent it to the Clanbase - without Donzi's knowledge!

    After this conversation between the two admins the Clanbase banned Donzi for using cheats although this has not been an official match or a match at all. As a reason it has been said that he was banned for traces of cheats and that he became better in the last time. However, he had a bad stroke of fate and did not want to think about what happened recently so he played UT2004 more often and of course he improved his skills. His ban is not justified.

    [UPDATE] Donzi will be unbanned. The UTzone clan will play at the Clanbase cups again.

    Special thanks to the following people:
    • Donzi - Thank you for being our guinea pig. I feel sorry for you but thanks to you we all know about NHK and how to identify it.
    • Wormbo - Also a big thank you to you for taking a look at this mutator and for providing all the useful information about its functionality and the possibilities the admins have.

    __________________

    One last thing:

    Using a game as a backdoor to access someone's PC - does not matter for what reason - is a violation of privacy, thus it is illegal!

    __________________
    source:
    This article at www.UTzone.de, a German UT fansite.

    By the way, seems like RuinatioN is the one that wanted Donzi to get banned.

    __________________

    PS: If I have missed any important information or something is not clear, please contact me and I'll add it to this post.

    #2
    Before you try: NHK is protected by an activation key that needs to be set in your server configuration. No point trying to get it from the cache after connecting to a server running it.
    Not the mutator sent logs to CB, but DavVador aka. NudeGirl (the author of NHK) did because he didn't trust Donzi after seeing those logs. I guess that's the kind of paranoia you get from hunting cheaters for too long. (I should know.)

    Comment


      #3
      Someone needs to post this warning to BUF and other Unreal community forums so that others will know about it.

      Comment


        #4
        Posted it on Titan and Omni.

        Comment


          #5
          How can we prevent it running/block it from running? I don't care if it stops me from joining servers with it active.

          What it's reported here as doing does sound illegal, not just unethical.

          Comment


            #6
            I wouldn't simply not join any server without Anti-TCC, already because of the potential cheaters.

            Comment


              #7
              Then you just get the c++ hook'd cheaters and not the uscript cheaters....

              Comment


                #8
                Updated the first post.
                Also it seems that a motd is in use that is being displayed when you enter the server. It displays the "rules" and a link to a site where you can read the "rules". However, I recommend to disconnect from the server if you read this motd. You have some time left to do so but if you do not disconnect it just starts the scan.

                Comment


                  #9
                  Seems i need to clarify a few things as i read more and more false things everywhere (including CB, unrealnorth, utzone and this forums).

                  First about the "illegal part" people are complaining about :
                  When you join a server running this anticheat you had a motd giving a link to rules and telling if you dont agree with it you should leave. Then you had about 15s to leave ut and check them if you want. Isnt it enough for pressing escape and quit ? I guess most people playing an FPS can do that within 15s.
                  Now the server displays ingame directly the rules and still gives you more than 15s to quit before starting.
                  Rules are those ones, on my servers at least :
                  By joining any of our private or public servers you implicitly accept and allow any of our mutators to run,
                  being any kind of modification of the game, including any anticheat system which needs to scan your computer
                  or take some screenshots and may log your IP, GUID, names, game informations and any suspicious files or activity.

                  So by joining the servers and staying there you definitely allow us to scan your computer and i dont see what's illegal if you agree with this.
                  If you wanna talk about illegal scans, then i highly invite you to complain about any server running antitcc without agreement text, because it will also scan your private datas located in UT or the prefetch folder.

                  2nd point, it isnt related to CB at all, that's why it doesnt appear in any rules, but CB validated this anticheat system, so bans can be submitted with logs made by the system.

                  3rd point, your private data wont run away in the nature...
                  Only suspicious files maybe logged and they wont be sent automatically to any Admin neither to CB. It just creates a log on the server running it, like antitcc does.
                  It doesnt read your files (no i'm not interested in what you do in your life, neither interested into getting your bank number or anything), it doesnt send them to some odd mysterious place, it just logs the name of suspicious things it finds.

                  4th no ban will be issued automatically.
                  It wont ban you because you have a file call mycheat.exe or any cheat name inside.
                  As i said before, it will only log those files as suspicious, then admins of the server will decide what to do about this concerning a local ban and then if submited to CB, CB ACT may decide about a CB ban aswell or not.
                  About Donzi, the logs havent been send automatically to any CB admin it was my own fault, i'm sorry about that and i've been discussing it with him. But again i read false informations, Donzi isnt banned from CB atm and i'm not sure this will happen. So stop spreading lies.


                  5th The security issue about the remote command is now fully removed, even if it shouldnt have been possible to use it by anyone else.


                  6th I dont see the relation between this anticheat system and a rootkit... if you wanna show me ?
                  Or maybe every recent anticheat like ESL wire or Universal AntiCheat are rootkit aswell as they scan a few things outside your game directory ?
                  Stop being stupid or blind !
                  Cheats using .u files to put in the system directory are no more used since years.
                  Now cheats are .exe or .dll you can launch from anywhere on your computer.
                  So if you dont accept to be scanned (and i repeat it doesnt do it without warning you) and wanna keep playing with a lot of cheaters, its ok for me, do what you want, but on my servers, as a server admin, i try to limit the number of them as much as possible in order everyone can play a fair game.


                  If you have more questions and i'm sure you have, i may answer a few of them as far as it doesnt concern too much the way it works as it would be helping cheaters too much.

                  Comment


                    #10
                    Originally posted by DavVador View Post
                    By joining any of our private or public servers you implicitly accept and allow any of our mutators to run,
                    being any kind of modification of the game, including any anticheat system which needs to scan your computer
                    or take some screenshots and may log your IP, GUID, names, game informations and any suspicious files or activity.
                    How are you paying attention to the 'noobs' here? I am sure 90% of the 'noobs' will not be able to clearly see a MOTD, and in my opinion a MOTD is displayed too short to warn a client for some unknown whole-pc scanner. I don't think it is reliable for a huge AntiCheat system to start scanning with just a very little warning, besides, if anyone figures out how to use it (which is possible (everything is possible, EVERYTHING)) and won't put it in the MOTD, how are we still warned here? It's your 'software', I recommend making a GUI.

                    Originally posted by DavVador View Post
                    [...] 3rd point, your private data wont run away in the nature...
                    Only suspicious files maybe logged and they wont be sent automatically to any Admin neither to CB. It just creates a log on the server running it, like antitcc does.
                    It doesnt read your files (no i'm not interested in what you do in your life, neither interested into getting your bank number or anything), it doesnt send them to some odd mysterious place, it just logs the name of suspicious things it finds.
                    Our data is maybe sent away safe, but how are WE sure the place where every information is kept is protected good? How should WE ever feel comfortable about that?

                    Originally posted by DavVador View Post
                    [...] So if you dont accept to be scanned (and i repeat it doesnt do it without warning you) and wanna keep playing with a lot of cheaters, its ok for me, do what you want, but on my servers, as a server admin, i try to limit the number of them as much as possible in order everyone can play a fair game.
                    Wait what, wasn't Gugi's ScreenShotSender good enough? Maximal botters can do is disconnect before it takes a screenshot. I am sure people would feel way more comfortable when there were just some clientside screenshots instead of something unknown suddenly scanning your whole pc and even more with the littlest warning possible.

                    I understand what you're wanting, but at least keep it reliable for the clients and the 'noobs'.

                    Comment


                      #11
                      And why caring so much about hiding your tool if it doesn't do us any harm according to you?
                      Where does that fit with your statement
                      [22:34] ([ST2]DavVador) as i said to death, i would really appreciate if it stays as secret as possible
                      and the fact that it doesn't appear in the mutator list?

                      Anti-TCC clearly states in the server information that it runs there, which version is used and so on.

                      Comment


                        #12
                        Originally posted by Crusha K. Rool View Post
                        And why caring so much about hiding your tool if it doesn't do us any harm according to you?
                        Where does that fit with your statement
                        The more an anticheat is used and known, the more cheaters will try to bypass it, that's all.

                        Originally posted by Crusha K. Rool View Post
                        and the fact that it doesn't appear in the mutator list?
                        This is just pure invention of the one who said that.
                        Many wrong things have been said about it.

                        Comment


                          #13
                          Originally posted by Infernus. View Post
                          How are you paying attention to the 'noobs' here? I am sure 90% of the 'noobs' will not be able to clearly see a MOTD, and in my opinion a MOTD is displayed too short to warn a client for some unknown whole-pc scanner. I don't think it is reliable for a huge AntiCheat system to start scanning with just a very little warning, besides, if anyone figures out how to use it (which is possible (everything is possible, EVERYTHING)) and won't put it in the MOTD, how are we still warned here? It's your 'software', I recommend making a GUI.
                          Since a little while, the anticheat displays the rules in the chat box with a delay between each line and you can't miss it.
                          Even if you manage to miss it, F2 will show it again.

                          Originally posted by Infernus. View Post
                          Our data is maybe sent away safe, but how are WE sure the place where every information is kept is protected good? How should WE ever feel comfortable about that?
                          I know you cant, as you cant be sure what any mutator really do, being anticheats or not.
                          Only suspicious files (i mean names only) + Ip + guid are logged, none of your private data.


                          Originally posted by Infernus. View Post
                          Wait what, wasn't Gugi's ScreenShotSender good enough? Maximal botters can do is disconnect before it takes a screenshot. I am sure people would feel way more comfortable when there were just some clientside screenshots instead of something unknown suddenly scanning your whole pc and even more with the littlest warning possible.
                          Screenshot sender has been bypassed long time ago and if you dont use radar, screenshot sender wont show you any other kind of cheats.


                          Originally posted by Infernus. View Post
                          I understand what you're wanting, but at least keep it reliable for the clients and the 'noobs'.
                          I try to make it as clear as possible.

                          Comment


                            #14
                            What about adding a GUI? I bet 40% of all insultations will be subdued if you'd have this. TCP has a server with an AntiCheat scanning out of your UT2004 folder, but they warn you for this, and ever heard anyone moaning about their AntiCheat? No.

                            Comment


                              #15
                              The fact that you can send data without the user knowing it is troubling by itself. Even if this anticheat in particular is not doing that, the danger of a mutator created specifically for data mining still exists. I'm actually surprised it allows you to do things like that, actually, because it would be logical to restrict the game's access to anything but the loaded files in memory.

                              But thinking globally, every anticheat is a breach of privacy in one form or another. It's quite like DRM - nobody likes it, but for some reason people deem it necessary. The question is why you need those things anyway. At least this invasive. Protecting the whole server is important, of course, since nobody likes it crashing and such, but worrying about things like aimbots and radars? If people are convinced the player is cheating, you always have the kick vote. You could even integrate a kind of "scan vote" into it, so when a player is about to be kicked, it is scanned and it proceeds to kick you if it finds something. That way logging in would be faster, less bandwidth would be consumed and innocent people who are like me - like to use and create things like announcer packs and editing their UPL files so bots would have realistic species assigned to them offline - wouldn't be kicked for absolutely no reason. As for bans, don't forget the innocence presumption - it is always better to have more cheaters than ban innocent players for something they haven't done. If someone is cheating and doesn't get banned, he is likely to cheat again and again, and then you are likely to see a pattern. A few more cheats are not going to destroy anything if the result is the same, but if it's an innocent player that was falsely accused, and he gets banned, the damage is hardly repairable since their respectability goes down by quite a lot, even if the players gets unbanned in the long run. Not to mention all the time the player would spend arguing with others instead of actually playing the game itself.

                              Comment

                              Working...
                              X