Slashdot Mirror
QuakeForge And QuakeWorld Forever Merge
knghtbrd writes: "QuakeForge and QuakeWorld Forever, two of the largest projects based on Id Software's GPL'd Quake source, are teaming up to bring the world what we believe is the best Quake1 engine on the planet. The result for die-hard Quake players? QWF's cryptographic cheat prevention (which stop speed cheaters and auto-aimers cold) combined with QF's support for a zillion different operating systems. Here's a look at what can be expected along with press release. "
Wasn't it qwforever that had the story posted a while back about GPL violation (If not them, then who?)? What ever happened with that, does anybody know?
Communication is only possible between equals
> I was an avid Quaker (CTF) that stopped playing when cheating became more common than not
:) I still play Mega TF. I quit CTF because of that stupid grapple-person-2-death bug.
Hey, some of us never stopped
Thunderwalker was a cool mod too.
As far as I know the exectuables and the qwprogs.dat progs.dat files are free software / open source but I think that the "registered" pak files are commercial and not availible freely. Please correct me if I'm wrong.
http://www.quakesrc.org/security.txt : By Ender
- Issue: Client verification.
- Issue: Piggybacking.
- Solution: Checksum'ed Packets
- Issue: All of the above fail, thanks to the use of a few dozen crays..
Conclusion:QuakeWorld Forever uses a NetTrek style system of blessed binarys. That is, every official binary released by QuakeWorld Forever has embedded (in the most obscured way possible) a key. This symmetrical cipher is then used to encrypt, using GnuPG, the standard QuakeWorld connection challenge. If the server can decrypt and verify the challenge, the client is considered legit. A key generator is also provided for others to create their own binarys, for private games (eg, Clan or large LAN games). A CRC check of the binary is also employed, as the lightest possible security.
The first versions of the QWF software did use the above method, and for a time it worked. Due to some slackness with debug code and misuse of mallocs, one person DID suceed in extracting the key. However, a majority of cheats simply allowed the true client to connect, then after the initial connect verified the client proceeded to steal it's network connection to transmit altered data.
The current solution we are working towards is attached a integer hash of the packet data to each movement packet. However this is also subject to being faked. So, we employ Hack #1: At every client->server connection, whether a level change or initial connection, the server sends the client a unique random session key. This session key is then used to encrypt every packet, and the hash we transmit is the hash of this one packet. Because the key is per-session it is a fairly weak key for speed reasons, unlike the long challenge-key.
Actually, in truth, it is also possible that the server administrator might want other unverified clients to connect, for various reasons. One of the major disadvantages of the symmetrical cipher we use is that each server must have the same key as the client. Ergo, a new build of the server will require a new build of the client. This is why we intend to move towards a public key system once the merge with QuakeForge is complete. But to solve this problem, our next release will also include other anti-cheat methods designed by other engines. Most cheats current around are a simple case of the client lying to the server. Things such as speed-cheating can easily be fixed by simple sanity checks. The other cause of cheating is bugs, such as the timing bugs. Now, every piece of software has bugs, but any bug should eventually be fixed.
Between our blessed binary system, and simple sanity checking and bugfixes, OpenSource security methods are a viable alternative to closed source, as long as the SERVER is trusted. And we truely hope noone is lame enough to create a hacked server solely for the purpose of allowing themselves to win... Also new technology such as working bot detection methods will become avaliable and also have a place in such software.
Nothing exceeds the bounds of imagination.
(Added note: The reason for the long delay in public key systems can best be described by penpen, one of the people who wrote the majority of the security code:
We decided to use gnupg in our client. This was to save time and to make sure that it's actually as secure as it can be. The problem with this is that gnupg code is not written well for use as a library. This causes many problems. The most noticable are the fact we found it impossible to run things like RSA and ELGAMMAL pke algorithms. The gnupg people are apparently working on the gnupg to actually produce an Encryption library. Maybe once this is done the use of such algorithms will become a reality. Also we didn't use RSA because of the current patent on RSA in the US.)
Yes, I forgot my slashdot password...
== Ender, QuakeWorld Forever developer
Quake Standards Group President.
www.quakesrc.org
All files (exept for the work being done for the merge: it isn't ready yet) can be had from our downloads page. This includes the olde QuakeForge 0.1.1 release (source only), current CVS source snapshots, and Win32 binaries (both VC++ and Borland C++ 5.0 (?), but the latter is offsite). Anon Cvs accass can be had with:v sroot/quake login v sroot/quake co quakeforge
cvs -d:pserver:anonymous@cvs.quake.sourceforge.net:/c
no password
cvs -d:pserver:anonymous@cvs.quake.sourceforge.net:/c
As to cheat protection: Quakeforge currently has a speed cheat protection mechanism, and QWF has cryptographic protection (I don't know the link, sorry), that we will be ported to QF during the merge. I'm not sure how QWF implements it (though I believe it involves blessed binaries), but I do know that the exchanging of a secret that becomes part of the checksummed packet (but never transmitted) in a manner similar to APOP was discussed. With just this combination, almost all cheats will be rendered difficult if not impossible.
Some interesting features in that have been implemented in Quakeforge are the ability to separate out the game data directories and your game save directories which also results in being able to run the game from any directory once it's configured correctly, native ALSA 0.5.x sound support (Linux), lot's of GL eye candy, the speed cheat fix and lots and lots of bug fixes to both quakeworld and the original single player game.
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
Sounds great! I hope the same thing happens to the Quake engine that has been happening to the Doom engine lately.
Anyone know if that annoying bug in GLQuake has been fixed, where whenever something happens to your status bar, the numbers quickly flip back and forth between the old value and the new value? Is it just me? That bug pretty much stopped me from playing GLQuake any more. Anyone else know what I'm talking about?
Yes, that document refers to the current system in QWF. The new asymettric system is planned, but not yet implemented.
Jules
-- Any sufficiently advanced technology is indistinguishable from a perl script.
If a client is ever discovered to be cheating, it's key is revoked. The downside of this is that if one person manages to hack a client to cheat, everybody must get a new binary, otherwise they will not be able to play once the old key is revoked. So, though not bullet proof, hacked binaries are considered in the plan.
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
EXCELLENT NEWS!
(PS: Shameless plug for Ground Control, yes, but it's _THE_ game to come out this summer ... )
it's in my head
drool.
Off Topic: I put more than one dot on the above line and I get "ascii art, how attractive, not here" WTF?! and we're bitching about Microsoft asking us to censor people. Please.
How we know is more important than what we know.
I do not repeat do not want to play quake unless i can use iddqd!! And what happens to Stef of Userfriendly fame My skill level is about the same
**Life is too short to be serious**
Far as I know there is no build for win32. Plus you can't get a binary release (or at least a non-quake-fanatic like me can't find it). Someone prove me wrong here, on both counts if possible.
How we know is more important than what we know.
So a beefed up QuakeWorld CTF something would be great! I hadn't looked into neither QuakeForge nor QuakeWorld Forever until I saw this news ...
(I have however discussed how to prevent cheating via cryptography in sci.crypt, but that's beside the point :)
it's in my head
Try to keep up eh?
How we know is more important than what we know.
OffTopic:While certainly off-topic, I whole heartedly agree. I'm trying to get ahold of the script now to help write an alternative - if you are a PERL hacker, PLEASE email me! Bitchslaping trolls is one thing, bitchslaping people who moderate "poorly" (and only in Rob's judgement) is abusive.
OnTopic: If Quake 1 is now free software / open source, can it just be compiled for Win32, or does not still need the CD? I'd love to play it ( now that I have a machine capible of doing so) but am not much of a hacker - more of a good all around geek, but not a programmer really. How do I get the source, and how do I compile it? I'd like directions for both Win32, and Linux (Slackware 7.0).
Hey Rob, Thanks for that tarball!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
Right on. Of all the 3D shooters, I think the original Quake still holds the most charm to it. If you're looking for pure deathmatch, sans frills, Quake is it. From what I understand this'll mean I'm one step closer to the Win98 purge.
DM3 == perfection.
-- The unsig...
Anyone have any technical details of the anti-cheat technology? I dug through the link and couldn't find anything (the link that promised "more details" didn't deliver).
--
Sometimes it's best to just let stupid people be stupid.
what you mean with "Q III not fast enough". Hmmm. Sounds to me like you have some hardware problems. Or your drivers just refuse to work properly. Or... I cant think of anything else even thie two reasons are just unbelieveale and completeley impossible... not fast enough... no... Okay, I also love the original Quake version, although I must admit that I also used the one and other cheat to finish it back in... a few years ago. But dont take me wrong: Multiplayers just dont cheat... Their skills develop directly propotional to the time they waste in front of their monitors. Thats my theory. I must be a special case. Just not talented I suppose :-)
Always run = ON
The source is found on quakeforge.net, or you can use their CVS. Of course, the merged tree talked about in the press release hasn't happened yet.
As for CDs:
No, you don't need a CD. However, you will need the shareware PAK file until openquartz ( on sourceforge) finishes its planned complete replacement. No, there's not much going on on the website, but the mailing list is active.
Jules
-- Any sufficiently advanced technology is indistinguishable from a perl script.
I'm working on adding data support|conversion for the QF engine right now - Q2 models are working fine in my uncommited QF patch and I got TR meshes ( what an evil model format TR has ) almost working - Soon we'll have skeletal modeling support too if I can get the stupid TR bones right.
- Mongoose
http://www.quakeforge.net
The project is probably a bigger undertaking than QuakeForge itself, and really needs more talented people so it can really take off.
yer.. he should have slapped yoda upside the head. "Say 'too old' again you fucking muppet! I double dog dare you to say 'too old' again" as he shoves a gun down his throught.
How we know is more important than what we know.
Oddly, reading through the description of the Encryption it seems that the plan is to use Twofish rather than a public key method. This may just be development lag (that URL points to beta code, I believe). There are good reasons for using assymetric rather than symmetric cryptography; I won't go into them here, however, since they're a little off-topic. Interested parties can mail me if they want to discuss the issues in more depth.
Ray Jones