XIS

Welps, I looked at the logs today. I can't say anything for sure yet but it looks like XIS fishandchips *might* be running some sort of hacks. I also can't say for sure yet if it is an illegal hack, but I am going to find out so that I know for future reference anyway.

I will explain what I saw in the next post.

T

When you connect to the sniper server, in addition to UTDC running a cheat check on you, it also collects information on you about what you are running. It is this other information that will be of interest to us in this post.

Let me first give you a few examples. The first examples will be a few different DOU members (just to show that I like what I see), one of me (to show that I am different and why), and then one of the XIS guys (to show that is different and that maybe it shouldn't be).

Example 1

DarkMatteR wrote:
UTDC: Info for player: {DOU}DarkmatteR - UT: 2202MHz - Measured: 2202Mhz - Commandline: "65.99.206.30:7777" - Render: OpenGLDrv.dll / F32E11D9CF639186D1A31FF75804DF97

{dou-r}The_Jargonaut wrote:
UTDC: Info for player: {dou-r}The_Jargonaut - UT: 2992MHz - Measured: 2992Mhz - Commandline: "" - Render: OpenGLDrv.dll / 6FEB03B33335F81D6DF03502B2E13A83

Rosco wrote:
UTDC: Info for player: Rosco - UT: 1816MHz - Measured: 1816Mhz - Commandline: "" - Render: OpenGLDrv.dll / 12031672FF432601CF638EFE2E26ACD6

Example 2

Example 2 has been omitted. I thought UTDC would still give the information for me, but since it doesn't check Mac clients it omitted all of my information. It would have been similar to the above with one variable changed. Not important for this however.

Example 3

{DOU}NIGHTWALKER wrote:
UTDC: Info for player: {DOU}NIGHTWALKER - UT: 3200MHz - Measured: 3200Mhz - Commandline: "" - Render: D3DDrv.dll / AE67AF0D3369E2129A2F120074B919FA

{DOU}maurice!!! wrote:
UTDC: Info for player: {DOU}maurice!!! - UT: 1199MHz - Measured: 1199Mhz - Commandline: "" - Render: D3DDrv.dll / DD6E3692F8EAD5E1DF88716024BC25D1

{DOU}Razor wrote:
UTDC: Info for player: {DOU}Razor - UT: 2799MHz - Measured: 2799Mhz - Commandline: "" - Render: D3DDrv.dll / DD6E3692F8EAD5E1DF88716024BC25D1

Anyone see what is different yet? There is something, but they are both O.K.

Example 4

"[XiS wrote: Fish_N_Chips"]
UTDC: Info for player: [XiS]Fish_N_Chips - UT: 2204MHz - Measured: 2205Mhz - Commandline: "-exec=tweaks.ini " - Render: D3D8Drv.dll / E68AF5C7E406BAE1F01A0A011797686B

"[XiS wrote: ImmortalKing"]
UTDC: Info for player: [XiS]ImmortalKing - UT: 2394MHz - Measured: 2394Mhz - Commandline: "65.99.206.30:7777 " - Render: D3D8Drv.dll / E68AF5C7E406BAE1F01A0A011797686B

"[XiS wrote: SNiPERWOLF"]
UTDC: Info for player: [XiS]SNiPERWOLF - UT: 2392MHz - Measured: 2392Mhz - Commandline: "65.99.206.30:7777 " - Render: D3DDrv.dll / DD6E3692F8EAD5E1DF88716024BC25D1

Anyone see it yet?

Before I continue, let me first say that while I highly suspect this, I don't yet have the knowledge to call this a cheat. If it is a cheat, I *do* have the proof, I just need to make sure it is what I think it is.

O.K., class is now in session. Read the lines. The Mhz part isn't of any concern (unless they were running a speed hack and it doesn't look to be the case). The long line of characters at the end is just so that the computer can identify ech player since somputers don't speak English, so again, of no concern (unless another hack which doesn't seem to be the case since the numbers are consistant). It is the render portion of the line that we will look at.

For the first group appears as: OpenGLDrv.dll

O.K., no problem there, the players are using opengl drivers (and good for them since it is better than Direct X and open-source).

The second group appears as: D3DDrv.dll

O.K., no problems there, these are what the PC people use. Too bad no opengl.

The third group (sans one) appears as: D3D8Drv.dll

O.K., what the fuck is D3D8Drv.dll? I searched the entire logs and these 2 guys are the only players on our servers who use this render device.

Backtracking a bit, a render device is what turns the client and server data into something that the monitor can display. The computer and monitor work differently so rendering has to occur so the 2 can talk. Thats a pretty crude explaination but I hope it works.

In addition Fish N Chips is also loading a "tweaks.ini" file. There is no way to know what is in there so there isn't much we can say about it.

He is what I suspect. I believe that they are running a hacked renderer. In cool-speak language this would be called a l33t gama hax0r. In English it means that they are using a driver that will alter the way the game displays for them. So for example, if it is a really dark map, for them it will look like a bright day-time map. I don't mean just turning up the brightness thats built into the game, I mean really altering the way the game looks. So for them, darkcity becomes 24hourfitness. Then while we are all struggling to see each other while we think we are in a dark corner, they see us plain as day.

I can't say for certian yet that this is what is happening since I still need to research it, but the part in question does concern the render device they are using. So something is going on with their display of the game.

It could all be just that they have something a bit different but still fully legal. I seriously doubt it however. Even in a really dark map they were just all over the place finding everyone instantly.

I will definitely research this and update everyone as to what I find out.

If it is in fact a gamma hack, I will across the board kick people who use it. I can set UTDC to just deny access to people who have it set.

Also, if confirmed, I will alert the Fraggednation people as to whats going on. This might be why XIS is in the #1 position right now.

I almost hope I am wrong with this since I would hate to have to label the clan as cheaters, but if they are then it must be done.

More info as I get it.

Tommy

BTW, there is a UTDC 7c version

Moon wrote: BTW, there is a UTDC 7c version

UTDC won't check what I think they are doing. But thanks for letting me know, I will update the server.

T

Also, these are not linux users. Like mac clients, linux clients are not checked. Since the Mac only uses opengl, these guys are definitely on windows.

{DOU}Sherlock???

T

Some additional information thus far.

DarkMatteR too a brief look into this and saw that it is avaailable for download as an "ogengl update." I vaguely remember this from the past when I was in my old clan. Some guys found it and installed it and then immediately became much better players.

However, in scanning the server logs over the last few weeks, I see that these XIS guys without exception are the only people using it.

I am going to keep an eye out too, wondering if Duke runs it. Next time he is on the server please let me know.

T

It's a shame that we can't find out what the "-exec=tweaks.ini " is. Being a "computer dumb-ass" it was the frist thing I noticed.

Anyone know what it is 😕 ?

Just got this off of unrealadmin.org:

That's not an updated opengl driver but an optimized Direct3D driver. It is however considered legit.

What we need is for one single person to volunteer to upgrade to this driver and see what happens.

If it is legit, and does dramatically improve viewability while playing, then those who can will need to learn this and upgrade to it.

We want just one volunteer however, since we don't know whats going to happen. Someone who is a bit more computer literate (Charger is out by default).

So who is up for the challenge? I'm Mac and therefore bust on this one.

Tommy

{DOU}Charger wrote: It's a shame that we can't find out what the "-exec=tweaks.ini " is. Being a "computer dumb-ass" it was the frist thing I noticed.

Anyone know what it is 😕 ?

It's just a text file full of commands that is executed when the client loads. For all we know it could have originally been cheats.ini that he renamed tweaks.ini. I bet it contains his translocator binds a long with similar stuff that gives him an advantage. There really is no way to know except to get a copy of it and I doubt he will give it up.

T

Tommy wrote:
We want just one volunteer however, since we don't know whats going to happen. Someone who is a bit more computer literate (Charger is out by default).

Tommy

:rollinglaugh: :rollinglaugh:

Tommy wrote:
So who is up for the challenge? I'm Mac and therefore bust on this one.

Tommy

Also :rollinglaugh: :rollinglaugh:

Tommy wrote:

So who is up for the challenge? I'm Mac and therefore bust on this one.

Tommy

I'll check it out.

Tommy wrote: I bet it contains his translocator binds similar stuff that

T

I have yet to find one that works.

When they were on our server the other day (with me, Nightwalker, Razor, and Omega) Our server went down twice. And one of the maps we had been playing for atleast 15 minutes and it was fine untill they came in.