Slashdot Mirror
Using MAC Address to Uniquely Identify Computers
An anonymous reader writes "One of Australia's gaming networks, GamesArena has recently imposed a third party program required to access their gaming servers. One of it's features is that it records your NIC's MAC address to identify your computer, and subsequently in future, ban you if you cheat/break the rules etc. The response from players is mixed. It is not open source software, nor is it optional to install. "Install it or find another server to play on". Question remains, is it going too far?"
Definitely not- unfortunately it won't work since MACs are changable.
It's all too easy. Figure out their IP, get their MAC, put it on your router, get banned, change your MAC back, enjoy your new unopposed domination.
Too many violations from that IP range? Ban the /24 it came from. Send back a "Too many cheaters from your ISP" error.
MACs are too easily changed, but then again, so are IP's. But considering most gamers have DSL with a static IP, an IP ban is a much better option.
NAT routers such as the Linksys range allow you to specify the MAC address from their web-based setup - ideal if your broadband provider insists on you registering (and limiting the number of) MAC addresses of all the machines going to connect.
I wonder what they'll do when they discover several simultaneous connections to the server (and sessions) from the same MAC?
The only thing you can accurately describe as "Scotch" is a sticky tape made by 3M. And it's
Nope, MAC addresses won't work. You'd have to have a unique number that's hard coded into something expensive. The Pentium III's CPUID feature would work. However, as much as I hate cheaters in my favorite games, I don't like an ID number open to abuse.
Quake III has recently enabled anti-cheat software called Punk Buster. It does a ban via your Quake III CD-Key, so you can't play on any Punk Buster enabled servers if you get banned. But with the game under $20 at BestBuy, I'm not sure if it will stop many of the problems.
Cthulhu Saves.
If every Ethernet card chose a MAC address completely at random, what is any given user's chance of a collision? Considering that the MAC address is only used on that particular Ethernet.
If two interfaces do choose the same MAC address, and by some freak accident happen to be on the same Ethernet, doesn't it just affect frames sent to those two interfaces? Everyone else can communicate as normal.
(In practice the new address may not be random, there may be certain digits you have to leave alone, I don't know the details.)
-- Ed Avis ed@membled.com
"The response from players is mixed. It is not open source software, nor is it optional to install."
Neither is windows for playing many of todays top-selling titles. I want an outcry here but I don't see it. Is it because software not being open source does not matter to the average user or is it because people are too ignorant to care? It is funny to see an outcry when a company tries to stop actual cheating which spoils the game for all, instead of putting energy where it matters.
It's called Windows activation.
It's solid code of honor amongst Clans not to cheat. Anybody as dedicated to playing online action games would render his pasttime pointless by cheating. And if anyone found out you've cheated your way into Ladder position you'd get an extremely hard time (on and offline).
:-)
And when you're playing on a public server, cheaters are easyly identified by playing like crap and either scoring immediate kills once they actually *do* manage to hit or by simply not throwing the towel no matter how many times you flak them at point-blank. Both area mostly less than minor drags to a skilled player and have a somewhat funny aspect to it.
I've seen entire matches in UT (1st) where cheaters we're just plain ignored because of the simply fact their skill level (not trained by playing under real conditions) rendered them something more like 'moving obstacles' rather than actuall participants.
Anyhow, some one using more subtle cheats, such as see-through textures or so, can be anoying. Then on the other hand, if you're that good to know for shure that someone is using such a cheat, you'll be playing clan games most of the time anyway. And I haven't met a single Clan player cheating yet. At least none of mentionable Clans.
BTW: I once had a cheater on my team in a pub UT CTF match. I switched sides and telefragged him 'til he gave up and disconnected. That was fun.
We suffer more in our imagination than in reality. - Seneca
Since anything that runs on a client can be compromized (there is _no_ way to make sure this doesnt happen) the only real option for games is to just send pre rendered graphical images to the client which in turn sends back the client keystrokes. this is ofcourse way too bandwidth and serverside intensive to work with current technology, imagine doing this for a MMORPG with 60k users online simultaniously :) .. and even if you use this method the cheaters can respond by writing pattern-reqognition systems which still will be able to autoaim and such (although it raises the bar considerably).
it DOES remove the threat of wallhacks and clientside radars but a good game protocol shouldnt send information about things outside of the clients vision anyway.
K
-- gunzip-howto.tar.gz
Ok, that's the dumbest thing yet... You can fake IP's, everyone knows that... But, you can also fake MAC Addresses... HEll my LinkSys Router does it, Cisco's do it, and I'm sure most other devices like that do it too..... Besides, like mentioned earlier, you can always rewrite your frame generator to spoof or report and invalid MAC, ... this is all fairly easy to do, so why waste time doing this. I have already admin'd a Counter-Strike server, if someone wants in and wants to cheat bad enough, they will do it.. PERIOD!, no matter how hard you lock it down.. so quit the whinning and get back to kicking them.!!
As stated about "changing the MAC" is really just having the OS report a different MAC than the one burned into the network card. However, is it not possible to query the physical card vs. the OS?
If they are doing it that way, then there won't be any cheating.
It is thier network, and they can take thier computers and "go home" if they wish.
In theory you are correct. In practice I have seen entire batches of $5 cards come in from some taiwainese manufacturer with the same MAC address. MAC's are also almost always changable. I can't think of the last time I had a card with a non changable MAC (it was probably a tokenring adapter) but even if it is non changable on the card it can most likely be changed through software. I believe that some linux network drivers build the entire frame in software so changing the MAC in software would change the actual ethernet fram and hence it is just the same as if you have changed it in hardware.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
So what happens if I lose to this 12-year-old-elite-gaming-phenom in a 1v1 deathmatch, get mad, social engineer his MAC address out of him, set mine to his, cheat, and get it (his MAC) banned. Who's to stop that? It's basically his word against the server logs. :-/
But the MAC-method obviously isn't a viable solution. I was actually hoping that matters would turn out better with internet console gaming, but seeing that XBoxs and PS2s can me mod-chipped I'm not setting my expectations too high.
The only solution I came up with that might work better is making the first sign-in/subscription rather hard. For example by sending each player a letter by snail-mail with their sign-in code. Thus if you get banned you need days to sign in again.
But I don't think there is a technology solution, because basically everything on a home machine can be hacked. Be it the game itself or some driver.
No thanks about drawing commercial CAs into it. If a game publisher *was* to implement such a system, they would simply make themselves a CA and distribute their CA cert with the software. They *could* go so far as including a private key with each copy of the software, but costs would skyrocket if releasing en mass. The system I would envision here is that one purchases the game, gets online, and goes to the server and registers the CD-Key in exchange for having a private key signed. The advantages would, of course, be that the authentication mechanism is not prone to theft (i.e. the server being connected to never sees your important credentials, no vulnerable information is transmitted over the wire), and could be more enforceable (coming up with a keygen is one thing, trying to fake a 4096 bit key with signed certificate is another), provided the process for getting a certificate were sufficiently rigorous.
Hell, if the game was critically dependent on online functionality, you could let the game go free on the net and just sell CD-Keys. If any small projects want to try to make it big without the potentially crippling barrier to entry into mass distributers, this would be the way I would think... Stick it on Gnutella and let people *think* it is illegal to download and its popularity could be good...
XML is like violence. If it doesn't solve the problem, use more.
At the two cable ISP's that I've had experience with, they use the MAC address to do DHCP assignemnt. So if you change your MAC you wont get an IP.
This sounds like a good application for GPG. Join a league, get your key signed, get on the "good list." Cheat (get caught cheating), and your public key is placed on the signed "bad list." Servers would "belong" to leagues by checking the league listings to authenticate users.
If you get on the bad list, you can make a new key, but you have to start from scratch paying dues or otherwise earning "member in good standing" status.
Thanks again Phil!
--- Nothing clever here: move along now...
There's a good point being made here. This move by itself might be nothing to worry about, and well within the rights of the server admins. However, it starts down a slippery slope, leaving the question of "where does it end" unanswered.
Erosion of freedoms almost always starts in little increments like this.
-- Windows is not simply installed on a computer; it is inflicted.
Further, anybody who's smart enough to figure out how to change MAC addresses can also figure out that they can assign their own static IP address from the DHCP pool and the DHCP server will often allocate around it.
Off-topic, but I used to do that when I had a cable modem. One day, however, I typo'd the ifconfig command on FreeBSD, and accidentally took over the router's IP (I mixed up my IP with the gateway IP). My phone promptly rang... they didn't much like that. Seems I took out service for the whole area, and they had to reset the router.
Good thing this was before 9/11 and all the crazy computer crime laws...
NGWave - Fast Sound Editor for Windows
It's not as difficult as you might think. It would be quite easy for a script kiddy to type "ifconfig eth0 hw ether 11:22:33:44:55:66" and many windows ethernet drivers include the option to change it in the device properties. All one has to do is open up the device settings and change the "Network Address", or Media Address, or whatever the people writing the driver want to call it. Not to mention most script kiddy would be able to google for all the above information to get around the ban. Granted this is highly dependent on your NIC and I'm sure not all of them would have one that makes it this easy, but I doubt they will give up that easily either. I don't think this would stop anyone. Well, maybe once 281,474,976,710,656 MAC addresses are banned.
"FuckStar31337 is using a wireframe hack. Press K to cast your Kick Vote."
Sure, I could get booted out of games arbitrarily by assholes, but I wouldn't want to play with said assholes, anyway. Not that I've even played a game since about 1999...
It is a source of constant amazement for what passes as news at /.
/. I stopped talking about 1995 technology in 1996.
Don't get me wrong. I love the dot but come on. Show a little integrity and don't insult your own audience's intelligence.
Oh wait. Every one fell for it! All these arguements over nic selling and mac changing and this and that. All pointless.
This issue was blown out of the water over SIX YEARS ago. When I was a fresh geek trying to get into networking everyone was going to manage on NICs. They learned quickly what a waste of time it was. This SP will learn that lesson as well. Geez look at TFC. It gives you a CD assigned ID. A little tougher to forge. But if they are gonna make you install software why not just use a GUID to generate a private key to identify the machine.
Get with it
This is off-topic, but I just have to reply to this:
None of this would be necessary if we didn't have social-engineering black-hat hackers who break every attempt at default security just for kicks. Palladium (or something else) is coming, and I blame any bad side effects I suffer on hackers, not MS.
Tell me you are kidding. Please.
Palladium is simply rediculous. There is a much better solution:
1) Write more secure software. Dont' lock my PC up because you can't produce solid, tested code that's not full of holes.
2) Educate users. If you let someone you didn't know work on your car, and they broke something major, who is at fault? Should GM ship cars with the hood welded shut?
3) Profit!
Okay, bad pun, but seriously... Palladium is just a bad, bad idea. What happens when (not if) someone breaks it? Then what?
Oh, right, hide behind more DMCA-like laws. No need to make it unbreakable, when you can just make it illegal to break (think CSS).
Microsoft seems to be acting like the RIAA. The RIAA is IMO an unnecessary middle-man, who's usefullness is proving to be less and less. So they lobby to get laws passed in order to survive. MS can't write secure software, so they want to lock us out of the PC, making it a (worse) crime to exploit it. Telco's are using old technology and want the government to bail them out.
Well guess what? If a company can't survive, or a business model proves to be no longer viable, then you lose. It isn't the government's (and thus the taxpayers') responsibility to keep a dead idea going for the benefit of some corporation.
Ah, but I'm rambling again... *sigh* I just get so frustrated with the way things are going these days (which has gotten much worse since 9/11)... my girlfriend thinks I'm a paranoid conspiracy theorist... I'm simply making observations.
NGWave - Fast Sound Editor for Windows
You can ban CD keys. Basically the only way around that is to buy a new copy of the game, which I doubt many people are willing to do.
Teh CD keys are also an effective anti-piracy measrure, and one that isn't bothersome to legit users. When you are using the game for local play, the CD key doesn't matter, it's never checked. When you play on the Internet, however, the CD key is authenticated.
When you first go to play multiplayer games, you client talks to the master server and lets it know what it's key is, the server chekcs and authenticates this against its list. Then, when you connect to a server the server checks your key, and asks the master if this is a legit key and if that key has authenticated. If not, the server refuses the connection.
Hence, you can ban a CD key, and be very certian that the person it belongs to has been completely banned. Things like key generators aren't effective because while they can know the algortihm used to make legit keys, the keyspace is huge and they have no way of knowing which are actually legit and which aren't.
So it ends up working out pretty nice for both parties. Bioware gets some copyprotection that there is actually a reason for srever owners to want to use.
Why would you bother with fiddling with your registry? Simply download DisAsm or even better IDA whcih is quite good and change the program. That's whats going to happen anyway. :) I wonder what the fuss is all about. I bet some cracker will have a menu integrated in no time, where you can select your "unique" MAC.