Thread Rating:
  • 4 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Some server-side anticheat
#1
This is a list of all anticheat measures I could find in the code the 3rd of February leak. Note that AC means anticheat, and AC SEARCH means peppy's control panel for finding cheaters.
You can also get tracked; I have not included this.
Thanks to osutakswag in this post for some of these.

----- SHOWING UP IN AC SEARCH -----
For reference, see adm-bamen2.php

RECENT: When below rank 50k and one of the 200k latest players, have a ranked score/playcount ratio of 10 or more
IPREF: When IP-banned on this IP.
WEATHER: Be reported (either manually, by a user, or automatically, by anticheat), have blacklisted
PLAYCOUNT: Have more than 500 plays in the last 24 hours. This is likely sorted descending, so peppy can see who submitted the most plays.
HASH: Have had a blacklisted process at least once.
---------------

----- AUTOBAN -----
For reference, see osu-submit-modular.php. Runs SQL "CALL user_ban($userId)"

- SCORESUBMIT: More than 12 scores in 2 minutes and have 1600 plays in the last 24h.
- SCORESUBMIT: Process list (sent with every score) is smaller than 30 characters
- SCORESUBMIT: Process list does not contain all whitelisted words (at time of leak (03/02/2016), only the osu! process)
---------------

----- RESTRICTION -----
For reference, see osu-submit-modular.php. Function is setOsuAccountRestrictions()

- SCORESUBMIT: Submit more than 16 scores in 2 minutes
- SCORESUBMIT: When account age is lower than 2 days (48h), having a rankedscore/playcount ratio of 800+. Standard only.
- SCORESUBMIT: When account age is lower than 1 week (7d), submitting a score from a pc with banned hardware values.
- SCORESUBMIT: When gained pp from a score is larger than account age in seconds devided by 2160. Standard only. (rough calculation, 40pp/day, below 40pp does not count)
- SCORESUBMIT: When gaining 1500pp from a score
- SCORESUBMIT: When Gaining atleast a 80pp score, and getting 1.5x your pp. Standard and CtB only.
- SCORESUBMIT: On beatmaps with 10000+ plays, when account age is less than 10 days, or newish account*, getting a top50 score. Standard only. Does not count for maps that are part of montly charts. For FDFD and Big Black, account age needs to be 100 days.
- SCORESUBMIT: When having less than 50 playcount, enter top 5000 players.
- SCORESUBMIT: Have a blacklisted item in your process list 3 times.

--------------

----- FLAGGING -----
For reference, see osu-submit-modular.php. Function is addOps(), or add to SQL table osu_private.user_reports
These usually send a message to peppy's Slack.

- REGISTER: Attempt to register from banned ip
- REGISTER: Register too many times (needs verification on amount, see /pages/register.php)
- REGISTER: Activate account within 10 seconds
- SCORESUBMIT: Submit more than 12 scores in 2 minutes
- SCORESUBMIT: Submit a score which says you're supporter, while you're not.
- SCORESUBMIT: Submit a score without being logged in to bancho. Only on pass.
- SCORESUBMIT: Submit a score on a client that has never logged in to bancho before.
- SCORESUBMIT: Submit a score from a non-verified pc (new account security).
- SCORESUBMIT: Using different hardware values within 1 hour after account creation.
- SCORESUBMIT: When IP-banned but not restricted
- SCORESUBMIT: When account is newish* and totalscore/playcount ratio is 5 million or more. (when you get more than 5mil score per play on average)
- SCORESUBMIT: When Gaining atleast 80 ranks, and halving your rank. Taiko and Mania only.
- SCORESUBMIT: When account is newish*, enter top 100 players.
- SCORESUBMIT: New highscore on beatmap with 5000+ playcount by you, but not a pass.
- SCORESUBMIT: Blacklisted item in your process list.
- SCORESUBMIT: Replay size is less than 256 bytes
- SCORESUBMITTRACKING: when being tracked by peppy and reaching a certain criteria (needs verification, add what actually gets tracked, see osu-submit-modular.php like 380)
---------------

----- MISCELLANEOUS -----

- When AQN files are present in the appdata folder, you will get flagged (osu-osz2-getscores.php)
- When reported by 8 users in the last hour, restrict and mail peppy.
---------------

*An acount is new-ish if one of the following is true:
1. Account is 3 days old or less.
2. Playcount is lower than 100.
3. Previous rank is equal or high than #1,000 and the account has less than 50 playcount in the past 3 months.
Reply
#2
damn these are some good finds fam
busdriver
Reply
#3
Ok all are added I think. Might sort this all later, but not now.
Reply
#4
Got ben to move back this to free forum
bump
Reply
#5
Always sharp as a knife. Props for this.
Reply
#6
I think "rank 100- on a map, on a new account" is for standard only since it is very possible for a newbie to get ~#40 in taiko and some mania players comes from other mania games. Learning curve only applies on standard I guess.

Maybe "Top 50 rank on a map when age is less than 10 days" also.
[Image: sig.php?colour=hexff93db&uname=BakaChoco...r&xpbarhex]

Code:
morgna: aren't u the guy on aqn lol
nibsaretasty: "I don't use any cheat so I can't provide much tips on how to play."
BakaChocolate: shhhhh.....

Reply
#7
(05-12-2016, 02:21 AM)BakaChocolate Wrote: I think "rank 100- on a map, on a new account" is for standard only since it is very possible for a newbie to get ~#40 in taiko and some mania players comes from other mania games. Learning curve only applies on standard I guess.

Maybe "Top 50 rank on a map when age is less than 10 days" also.

It only applies for standard.
Reply
#8
"Paid for supporter or something by a blacklisted user,"
A couple questions here:
1. What constitutes a 'blacklisted user?' Is it the same as restricted?
2. Does this mean if a blacklisted user were to purchase supporter and give it to someone, would that person become restricted?
3. Is a blacklisted user an actual user account or is it a paypal name?
Reply
#9
(05-12-2016, 09:57 AM)Mayushii Wrote: "Paid for supporter or something by a blacklisted user,"
A couple questions here:
1. What constitutes a 'blacklisted user?' Is it the same as restricted?
2. Does this mean if a blacklisted user were to purchase supporter and give it to someone, would that person become restricted?
3. Is a blacklisted user an actual user account or is it a paypal name?

Blacklisted user means an user fucked up really bad 'payment-wise' and peppy blacklisted their paypal email.
They won't get RESTRICTED, but peppy will INSTANTLY know that the said blacklisted person bought something.
Paypal email.
Reply
#10
Really good job Smile

Have a nice day!
[Image: 1460561562-tumblr-nobyakygth1uvoytko2-500.gif]

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)