Warden and Private servers.

[debofanki]

A few days ago, I noticed something interesting.
A Private Server using Warden Cheat detection, Its on Arena-Tournament.com.
Heres a link to the article:
Introducing Anticheat - Arena Tournament News

I've been looking around on the forums, and it seems to detect hacks running in the background, even when thier not active.
There also seems to be quite some people banned who claim to be innocent, so many that I believe the Anticheat isnt working correctly yet.

After some more searching I found this:
Warden - The definitive anti-cheat system (Page 1)

All checks are working: timing, page, drivers, memory, mpq and lua

It bans you for simple model edits, aswell as protected lua hacks(?)

It doesnt seem to work on MACs currently, so you should be able to hack from mac, if theres any or your smart enough to make your own

So, my question:
how does it detect cheats running in the background, even if thier not active? From what I understand, on official servers it doesnt.
And how hard would it be to bypass, will they be able to update it do detect 'new' hacks?


-debo

[Maisteri]

Well Im not an expert of these things but it should be fairly simple to bypass because you have the sourcecode of the anti-cheat program right?

[debofanki]

The server source code is availible, but not the cheat detecting client code. this is implemented into WoW.

Its using the same anticheat blizzard did when 3.3.5a was active.

I'm not an expert either, but unless theres an exploit in the server side code which will ignore the cheat checks or something similair, dont think we have much use of the source.

[myran2]

You're incorrect about the mac thing. Warden is in the mac client, too, so cheat detection will work.
Your best bet for continuing hacking on a server with Warden support would be to find a hack that wasn't detected by warden in 3.3.5a. (WoWInfinity, NoAddition, etc.)

[debofanki]

You're incorrect about the mac thing. Warden is in the mac client, too, so cheat detection will work.

The creator of the warden module hasnt implemented mac support yet, client sided warden is there too, but the server part isn't done yet from what I understand.

Your best bet for continuing hacking on a server with Warden support would be to find a hack that wasn't detected by warden in 3.3.5a. (WoWInfinity, NoAddition, etc.)

Prolly, I editted wow.exe some time ago to allow lua proteced functions, and got banned when I joined that server nearly instantly.
It still works fine on thier 2.4.3 server though

[myran2]

The warden SERVER daemon doesn't support anything besides win32. It can still detect hacks on macs, the warden daemon just can't be HOSTED on one,.

[Laniax]

I'd like to add, AT is running on Trinitycore, which have their patch for Warden under development (see topic)

Yet, as stated above, it's not finished yet. basically the warden 'server' called Deamon runs on Win only now, but since its only a server, Warden on mac clients is still working.
Furthermore, as you can see in the above link, warden is opensource, yet it includes a table in the Database with all the signatures from different cheats, currently only a few signatures have been added in the database, and therefore Warden is not detecting everything as it should yet. It's up to the server admin to fill this table with data.

Also, Warden is the ULTIMATE anti-cheat. All the current anticheat systems are SERVER SIDE, meaning they run where the server is hosted, checking if you should be able to fly in that zone etc. Yet Warden is CLIENT SIDE, it can exactly check your computer and see what processes involve with Wow.exe and can detect memory injection and the likes.

[Sychotix]

I'd like to add, AT is running on Trinitycore, which have their patch for Warden under development (see topic)

Yet, as stated above, it's not finished yet. basically the warden 'server' called Deamon runs on Win only now, but since its only a server, Warden on mac clients is still working.
Furthermore, as you can see in the above link, warden is opensource, yet it includes a table in the Database with all the signatures from different cheats, currently only a few signatures have been added in the database, and therefore Warden is not detecting everything as it should yet. It's up to the server admin to fill this table with data.

Also, Warden is the ULTIMATE anti-cheat. All the current anticheat systems are SERVER SIDE, meaning they run where the server is hosted, checking if you should be able to fly in that zone etc. Yet Warden is CLIENT SIDE, it can exactly check your computer and see what processes involve with Wow.exe and can detect memory injection and the likes.

Anything client-sided can by bypassed. Server-sided anti-hacks are superior in the fact that you cannot bypass them without using some sort of exploit.

[Ramono]

It'll easily detect the most used hacks like wowemu hacker, which I dont think has any protection at all.
This will mean at least ~80% less hackers

[DWord]

how does it detect cheats running in the background, even if thier not active? From what I understand, on official servers it doesnt.

If I'm not mistaken, Warden on retail does not currently scan a client machine for running processes/windows. It used to however, due to pertinent controversy Blizzard limited Warden scans to within the virtual address space of WoW.exe only. I believe that Warden used to work by examining the process names of all running tasks on client machines and using each one as the input of a hashing algorithm. Those hashed identifiers would then be dispatched to the server and compared with a list of hash keys corresponding to illegal programs. A match would then indicate that an illegal process was running concurrently with WoW.

I have not examined the source code of the Mangos anti-cheat mechanism but if what the arena-tournament news claims is true, then this is one approach that could be used detect running hacks even if they are inactive.

However, I personally created an account on their servers to test the validity of the statement and discovered that they apparently removed Warden checks, probably due to its current inaccuracies (at least on their 3.3.5 server). I tried actively using both cheat engine and Deathsoft's WoWEmu hacker for a good twenty minutes; neither of them resulted in a ban.