This document analyzes the anti-cheating software PunkBuster, which is used to prevent cheating in online games. It discusses how cheating works in online games and the two main types of cheating. It then describes how PunkBuster works, including that it installs on both game servers and player computers, uses various techniques like memory scanning and digital signatures to detect cheating, and can ban cheating players from protected games. Finally, it covers some criticisms of PunkBuster, such as that it uses significant system resources and invades users' privacy through techniques like memory scanning.
This document analyzes the anti-cheating software PunkBuster, which is used to prevent cheating in online games. It discusses how cheating works in online games and the two main types of cheating. It then describes how PunkBuster works, including that it installs on both game servers and player computers, uses various techniques like memory scanning and digital signatures to detect cheating, and can ban cheating players from protected games. Finally, it covers some criticisms of PunkBuster, such as that it uses significant system resources and invades users' privacy through techniques like memory scanning.
This document analyzes the anti-cheating software PunkBuster, which is used to prevent cheating in online games. It discusses how cheating works in online games and the two main types of cheating. It then describes how PunkBuster works, including that it installs on both game servers and player computers, uses various techniques like memory scanning and digital signatures to detect cheating, and can ban cheating players from protected games. Finally, it covers some criticisms of PunkBuster, such as that it uses significant system resources and invades users' privacy through techniques like memory scanning.
David Nichols Background Online gaming has readily increased in popularity over the past decade, becoming one of the most popular forms of gaming today With this increase in popularity the need for security has grown, as the player base becomes more and more diverse Proper network security has become essential Not only to prevent cheating But also to protect users personal information Debate has risen over who should provide security Publishers, Users, or Third Parties Design Decisions When designing a online game the publishers must choose between a number of trade offs Efficiency and Accessibility vs. Security Secure private servers vs. P2P As both technological and economic have evolved so has game design Shift from privately hosted servers to public P2P models Significantly cheaper and more expandable P2P Network Design Host (client or admin) Client Client Client Client Client Client Client Client Popular Security Mechanisms Checksums Check client data for integrity via checksums Can be forged Check client data against game rules Many cheats can be sent within the rules Unique Database Structures Admins/Game Managers These security measures dont stop many types of attacks How Cheating Works Most of these cheats are based on weaknesses in the client-server model Clients and even admins cant be trusted Changes to the game code Game code generally in binary Can be decoded Data files not in binary Can change software (wallhack) or game state in memory (inf. ammo) Outside programs performing game actions Turbo function and action scripts Modify personal computers system software Change graphics driver to render all objects Packet Manipulation Change packets being sent out (aimbot) Use private data from client packets (wallhack) Delay packets (slow time or retroactively act) Two Main Types of Cheating Computer based attacks Improper Usage Aimbot Use client info to aim Modify code for dmg Artificial lag/Flood attacks Attack physical device Look-ahead Forge time stamp Physics hacking Remove collision detection Altering game elements Server override or impersonation Extrasensory perception Display client info on screen
Turbo Environmental exploits Ghosting Improper settings Scripting Collaboration PunkBuster Created and first implemented in 2000 by Tony Ray to stop cheating in Castle Wolfenstein Owned by Even Balance, Inc. Subsequently used in numerous online shooters Built around client-server model Installed on both clients and servers Constantly communicates with Even Balances master servers Designed to scan for cheating computers and then ban them from protected servers/games PunkBusters Implementation Each admin server requires its own unique directory Two main components of PunkBuster: PunkBuster Server (runs on game servers) password protected PunkBuster Client (runs on players' playing machines while they play the game) If admin PB not up-to-date all players notified If client PB not up-to-date player not allowed to join Frequent status reports (encrypted) are sent to the PunkBuster Server by all players Violations cause player to be kicked and all others notified Admins can manually kick players For a specific number of minutes or permanently Can be bypassed by altering time stamp Player power facility allows games to run without admin PunkBusters Security Features Real-time memory scanning Uses Windows API functions and heuristic searches Communicates over games internet connection To avoid firewall Uses UDP ports 24300-24399 to communicate Throttled two-tiered background auto-update system with master servers Provide end-user security Ensure no corrupted or false updates on user PC Guarantees update integrity Uses digital signatures provided by Verisign (Authenticode) Updates validated by master servers based on security info Prevents Admins from using PB to send viruses
PunkBusters Security Features Can request partial MD5 hashes of files inside the game installation directory Results compared against a default config Calculate differences and ban if necessary Admin search functions To check players key bindings and scripts for cheats Stream PB server logs to other locations Allows for the creation of universal banned lists Random player settings checks Cvar checking A number that represents game settings, must be in admins range PunkBusters Security Features User Authentication Use digital signatures Happens continuously through game (2-3 per minute minimum) Screenshot Requests Admin can request screenshot samples from players Or can be done randomly Can block screenshots (black screen) or erase visible hacking Reflected in RecentSS value, visible to all players, prevents admins from cheating Hardware bans Ban hardware components used to circumvent PB Uses hard drive ID and other undisclosed components Use multiple private one-ways hashes in order to protect the confidentiality of users serial number info Use GUID (Globally Unique Identifier) to ID users Based on game installation 128 bit one-way hash generated from CD-key Encrypted GUID bans Attacks on PunkBuster Battlefield 3 Game discontented you were kicked by PunkBuster error Attackers used GUID scanner to duplicates of users GUID Used security loophole to ban players IRC mass false positives Because PB scans all virtual memory, attackers uploaded text fragments from cheat programs on popular IRC channels PB would see malicious text in channel clients text buffers and ban them Incompatibility issues with: Steam, non-windows admins, 64-bit clients, and some Firewalls
Criticisms Heavily uses users network, causing lag Hogs bandwidth Puts heavy pressure on users PC processors Slowing down or overheating some PCs Even Balance, the company, has too much power Judge, Jury, and Executioner Permanent bans based solely on their digression, not controlled by publishers Invasion of privacy Screenshots, program lists, memory scans, hardware info, IP addresses, and other personal security info Still doesnt stop all cheating/attacks