Anticheat software that violates the GPL


#1

Hello good people!
(post heavily modified to remove all links to the GPL violating project, please release the source code to your work -ZJS/TimeDoctor)
For the last 5 months I have been working on anticheat system for q3/ioq3 and now it’s time to share it with you :slight_smile:

short description:

  • it is integrated with game
  • scans game memory for cheats and modifications
  • lets you see other players using it
  • auto updates
  • It also has server ‘plugin’ so the server can force players to use it in order to play

If I made you intrested please read full description here
And a few links:

  • my project site, where you can get Q3 1.32c / ioquake 1.36 client with PS
  • user manual

Some info about me can be found here:

Test server: (Freezetag) (will let play clients without anticheat but will notify them)

Feel free to ask questions if something is not clear for you


#2

I’m glad someone is working on anti-cheat, but it typically is impossible to implement in any kind of useful manner with free or open source software. I haven’t had a chance to check out your specific implementation beyond the website, but it seems worth discussing a few things:

  1. Is the client, or any part of it, closed-source? If it is, you cannot distribute it publicly as doing so would violate the GPL.
  2. Is this really based on our 1.36 from 2009 and id’s 1.32c? I would also not recommend distributing any version of Quake 3 besides ioquake3’s latest git as there are numerous security vulnerabilities we have patched in the preceding 12 years. I know some people will only ever be interested in a version of 1.32c as id made it, but those people just don’t understand the security issues present in that client or aren’t concerned by them yet. Malicious servers and clients can do incredibly bad things with old versions of the code.
  3. Please don’t list ioquake3 as a “partner,” it’s up to you if you want to give ioquake3 credit, but it wouldn’t be appropriate to imply that there is a relationship between the projects.

Best of luck with your project!


#3
  1. Whole anti-cheat code is closed-source. By the name “client” I mean .exe which is forced to load my .dll (Import Address Table modification). Isn’t UrbanTerror violating the GPL? I think they are based on quake3 and they are not open-source (but maybe I’m wrong).
  2. Hmm I think it is - my bad! But I recently clicked Download menu on https://ioquake3.org and got windows x86 build and I thought it is the newest one (maybe you should consider site update so players could more easily get newest test builds). I’ll update it to the newest after my vacation. I know 1.32c has security holes but as you said there are people who don’t want to change it.
  3. removed

Thanks for your feedback


#4

Yes, and now PureSkill is most likely doing so as well. This is the problem with anticheating software. Unfortunately I must remove the links to your project in your post as we can definitely not condone or ever work with a closed source anticheating project that violates the GPL. I’m not a lawyer, but that would be my understanding of the situation. I encourage you to seek legal counsel regarding your project and otherwise shut it down or stop distributing binaries until you can comply with the GPL.

Please read this page for a better understanding of what compliance means: http://gpl-violations.org/faq/sourcecode-faq/

I know this really stinks, to work on a project for five months and have this be the result, but these are the terms that the quake 3 source code is licensed under.


#7

My impression is that the anti-cheat software verifies the client game’s memory but would be vulnerable to a man in the middle attack since the game server connection is not encrypted. I think this would allow creating aimbots and wallhacks via a separate modified client that is intercepting the game connection.


#8

I’m not using game connection to send any data. All anticheat related traffic is properly encrypted and MITM attack won’t work here.


#9

Here is the full text of the GPL version 2, which you very much must comply with by releasing the code to the client or immediately stop distributing your modified quake 3 clients. Please feel free to ask any questions here or e-mail me directly zachary@ioquake.org


#10

@duch because you appear to have no intention of complying with the GPL I have suspended you from this forum. I would be very happy if you changed your mind and decided to comply, and would love to work with you if you decide to do so. You can e-mail me if you decide to comply with the GPL and I will reinstate your account.