QuakeForge And QuakeWorld Forever Merge

knghtbrd writes: "QuakeForge and QuakeWorld Forever, two of the largest projects based on Id Software's GPL'd Quake source, are teaming up to bring the world what we believe is the best Quake1 engine on the planet. The result for die-hard Quake players? QWF's cryptographic cheat prevention (which stop speed cheaters and auto-aimers cold) combined with QF's support for a zillion different operating systems. Here's a look at what can be expected along with press release. "

GPL

[DanMcS]

Wasn't it qwforever that had the story posted a while back about GPL violation (If not them, then who?)? What ever happened with that, does anybody know?

Re:WOW!

[UnknownSoldier]

> I was an avid Quaker (CTF) that stopped playing when cheating became more common than not

Hey, some of us never stopped :) I still play Mega TF. I quit CTF because of that stupid grapple-person-2-death bug.

Thunderwalker was a cool mod too.

Re:Please: Stop the Bitchslapping

[Hellmongr]

As far as I know the exectuables and the qwprogs.dat progs.dat files are free software / open source but I think that the "registered" pak files are commercial and not availible freely. Please correct me if I'm wrong.

Some details on QWF's encryption..

[Anonymous Coward]

QuakeWorld Forever's anti-cheat procedures, draft
http://www.quakesrc.org/security.txt : By Ender

• Issue: Client verification.
  
  QuakeWorld Forever uses a NetTrek style system of blessed binarys. That is, every official binary released by QuakeWorld Forever has embedded (in the most obscured way possible) a key. This symmetrical cipher is then used to encrypt, using GnuPG, the standard QuakeWorld connection challenge. If the server can decrypt and verify the challenge, the client is considered legit. A key generator is also provided for others to create their own binarys, for private games (eg, Clan or large LAN games). A CRC check of the binary is also employed, as the lightest possible security.
  
• Issue: Piggybacking.
  
  The first versions of the QWF software did use the above method, and for a time it worked. Due to some slackness with debug code and misuse of mallocs, one person DID suceed in extracting the key. However, a majority of cheats simply allowed the true client to connect, then after the initial connect verified the client proceeded to steal it's network connection to transmit altered data.
• Solution: Checksum'ed Packets
  
  The current solution we are working towards is attached a integer hash of the packet data to each movement packet. However this is also subject to being faked. So, we employ Hack #1: At every client->server connection, whether a level change or initial connection, the server sends the client a unique random session key. This session key is then used to encrypt every packet, and the hash we transmit is the hash of this one packet. Because the key is per-session it is a fairly weak key for speed reasons, unlike the long challenge-key.
  
• Issue: All of the above fail, thanks to the use of a few dozen crays..
  
  Actually, in truth, it is also possible that the server administrator might want other unverified clients to connect, for various reasons. One of the major disadvantages of the symmetrical cipher we use is that each server must have the same key as the client. Ergo, a new build of the server will require a new build of the client. This is why we intend to move towards a public key system once the merge with QuakeForge is complete. But to solve this problem, our next release will also include other anti-cheat methods designed by other engines. Most cheats current around are a simple case of the client lying to the server. Things such as speed-cheating can easily be fixed by simple sanity checks. The other cause of cheating is bugs, such as the timing bugs. Now, every piece of software has bugs, but any bug should eventually be fixed.

Conclusion:
Between our blessed binary system, and simple sanity checking and bugfixes, OpenSource security methods are a viable alternative to closed source, as long as the SERVER is trusted. And we truely hope noone is lame enough to create a hacked server solely for the purpose of allowing themselves to win... Also new technology such as working bot detection methods will become avaliable and also have a place in such software.
Nothing exceeds the bounds of imagination.

(Added note: The reason for the long delay in public key systems can best be described by penpen, one of the people who wrote the majority of the security code:

We decided to use gnupg in our client. This was to save time and to make sure that it's actually as secure as it can be. The problem with this is that gnupg code is not written well for use as a library. This causes many problems. The most noticable are the fact we found it impossible to run things like RSA and ELGAMMAL pke algorithms. The gnupg people are apparently working on the gnupg to actually produce an Encryption library. Maybe once this is done the use of such algorithms will become a reality. Also we didn't use RSA because of the current patent on RSA in the US.)
Yes, I forgot my slashdot password...

== Ender, QuakeWorld Forever developer
Quake Standards Group President.
www.quakesrc.org // www.qwforever.com

Some general answers

[Bill Currie]

First: I'm one of the quakeforge developers (taniwha), so this is basicly from the horse's mouth:), though I will probably miss a lot :/.

All files (exept for the work being done for the merge: it isn't ready yet) can be had from our downloads page [sourceforge.net]. This includes the olde QuakeForge 0.1.1 release (source only), current CVS source snapshots, and Win32 binaries (both VC++ and Borland C++ 5.0 (?), but the latter is offsite). Anon Cvs accass can be had with:
cvs -d:pserver:anonymous@cvs.quake.sourceforge.net:/cv sroot/quake login
no password
cvs -d:pserver:anonymous@cvs.quake.sourceforge.net:/cv sroot/quake co quakeforge

As to cheat protection: Quakeforge currently has a speed cheat protection mechanism [sourceforge.net], and QWF has cryptographic protection (I don't know the link, sorry), that we will be ported to QF during the merge. I'm not sure how QWF implements it (though I believe it involves blessed binaries), but I do know that the exchanging of a secret that becomes part of the checksummed packet (but never transmitted) in a manner similar to APOP was discussed. With just this combination, almost all cheats will be rendered difficult if not impossible.

Some interesting features in that have been implemented in Quakeforge are the ability to separate out the game data directories and your game save directories which also results in being able to run the game from any directory once it's configured correctly, native ALSA 0.5.x sound support (Linux), lot's of GL eye candy, the speed cheat fix and lots and lots of bug fixes to both quakeworld and the original single player game.

Great! Old bugs fixed?

[blackwizard]

Sounds great! I hope the same thing happens to the Quake engine that has been happening to the Doom engine lately.

Anyone know if that annoying bug in GLQuake has been fixed, where whenever something happens to your status bar, the numbers quickly flip back and forth between the old value and the new value? Is it just me? That bug pretty much stopped me from playing GLQuake any more. Anyone else know what I'm talking about?

Re:Never impossible

[Jules Bean]

Yes, that document refers to the current system in QWF. The new asymettric system is planned, but not yet implemented.

Jules

Re:Never impossible

[Bill Currie]

True, but the plan is to use public key crypto with the secret key scattered randomly through the client (and server, I suppose) such that two builds from the same source will result in different binaries (even with the same key set) and the public key, well, public. I believe stenography (sp?) will be used to help hid the key as well I'm not certain, but I think QWF has managed to make the key hiding secure. As I said, I don't know the details.

If a client is ever discovered to be cheating, it's key is revoked. The downside of this is that if one person manages to hack a client to cheat, everybody must get a new binary, otherwise they will not be able to play once the old key is revoked. So, though not bullet proof, hacked binaries are considered in the plan.

WOW!

[Troed]

Next to Ground Control [groundcontrol1.com] this will surely become my #1 game! I was an avid Quaker (CTF) that stopped playing when cheating became more common than not, and when Quake 2 (sucked) and Quake 3 (not fast enough) came out ...

EXCELLENT NEWS!

(PS: Shameless plug for Ground Control, yes, but it's _THE_ game to come out this summer ... )

cryptographic cheat prevention

[QuantumG]

drool.

Off Topic: I put more than one dot on the above line and I get "ascii art, how attractive, not here" WTF?! and we're bitching about Microsoft asking us to censor people. Please.

What's the fun?

[ghoul]

I do not repeat do not want to play quake unless i can use iddqd!! And what happens to Stef of Userfriendly [userfriendly.org] fame My skill level is about the same

Re:Please: Stop the Bitchslapping

[QuantumG]

Far as I know there is no build for win32. Plus you can't get a binary release (or at least a non-quake-fanatic like me can't find it). Someone prove me wrong here, on both counts if possible.

Re:Just wondered

[Troed]

Hehe, sorry :) What I mean is that the _gameplay_ isn't fast enough! Quake 2 played _slow_ (rockets etc), and I had my hopes up for Quake 3 but it just didn't cut it ...

So a beefed up QuakeWorld CTF something would be great! I hadn't looked into neither QuakeForge nor QuakeWorld Forever until I saw this news ...

(I have however discussed how to prevent cheating via cryptography in sci.crypt, but that's beside the point :)

Re:Please: Stop the Bitchslapping

[QuantumG]

Try to keep up eh?

Please: Stop the Bitchslapping

[Vladinator]

OffTopic:While certainly off-topic, I whole heartedly agree. I'm trying to get ahold of the script now to help write an alternative - if you are a PERL hacker, PLEASE email me! Bitchslaping trolls is one thing, bitchslaping people who moderate "poorly" (and only in Rob's judgement) is abusive.

OnTopic: If Quake 1 is now free software / open source, can it just be compiled for Win32, or does not still need the CD? I'd love to play it ( now that I have a machine capible of doing so) but am not much of a hacker - more of a good all around geek, but not a programmer really. How do I get the source, and how do I compile it? I'd like directions for both Win32, and Linux (Slackware 7.0).

Hey Rob, Thanks for that tarball!

Ducking is for WIMPS!

[Simon Carr]

Right on. Of all the 3D shooters, I think the original Quake still holds the most charm to it. If you're looking for pure deathmatch, sans frills, Quake is it. From what I understand this'll mean I'm one step closer to the Win98 purge.

DM3 == perfection.

Ant-cheat tech

[Reality Master 101]

Anyone have any technical details of the anti-cheat technology? I dug through the link and couldn't find anything (the link that promised "more details" didn't deliver).

--

Re:Please: Stop the Bitchslapping

[Vladinator]

Okay, then can it be compiled for Linux? Where do I get the source? Does it still need to have a CD to play?

Hey Rob, Thanks for that tarball!

Re:Ducking is for WIMPS!

[LionMan]

Games are very important in the computing world! Why do you think we have all these high-end video cards and 3D accelerators? For scientific imaging? No . . . If you need to render something scientific, I doubt you need it in real time. You can leave something rendering at night, whereas for 3D games you NEED real time 3D acceleration. Games really set hardware standards for the computer industry, so lighten up.

Just wondered

[DirtyHarry]

what you mean with "Q III not fast enough". Hmmm. Sounds to me like you have some hardware problems. Or your drivers just refuse to work properly. Or... I cant think of anything else even thie two reasons are just unbelieveale and completeley impossible... not fast enough... no... Okay, I also love the original Quake version, although I must admit that I also used the one and other cheat to finish it back in... a few years ago. But dont take me wrong: Multiplayers just dont cheat... Their skills develop directly propotional to the time they waste in front of their monitors. Thats my theory. I must be a special case. Just not talented I suppose :-)

Re:GPL

[Jules Bean]

You're thinking of quakelives.

Last I heard, Carmack had a gentle go at them. I don't know how it resolved in the end. Best to draw a veil, IMO, and concentrate attention on the really cool stuff coming out of quakefore, qwf, QER (here [planetquake.com]) etc.

Jules

Re:Please: Stop the Bitchslapping

[Vladinator]

So then how does one play the game then? Is the multiplayer feature not available?

Hey Rob, Thanks for that tarball!

Re:Please: Stop the Bitchslapping

[QuantumG]

Yep.. you sure can compile it for linux. I think you can even get binaries for linux and no, you don't need a CD. Where can you get the source, beats the hell out of me. Try one of the links in the story.

Where to get stuff

[Jules Bean]

The source is found on quakeforge.net, or you can use their CVS. Of course, the merged tree talked about in the press release hasn't happened yet.

As for CDs:

No, you don't need a CD. However, you will need the shareware PAK file until openquartz ( on sourceforge [sourceforge.net]) finishes its planned complete replacement. No, there's not much going on on the website, but the mailing list is active.

Jules

Re:Great! Old bugs fixed?

[Zoid]

gl_triplebuffer 1

That will fix it. It occurs on newer GL drivers that support triple buffer. GLQuake was only written during double buffering days, it only draw the status bar twice (leaving an old image in the third buffer).

/// Zoid.

Re:Ant-cheat tech

[Anonymous Coward]

A little bit of info on the cheat protection that has been implemented in QuakeForge can be found at http://www.quakeforge.net/speed_cheat.php [quakeforge.net] theoddone33

QF will have Tomb Raider and Quake2 data support

[Mongoose]

I'm working on adding data support|conversion for the QF engine right now - Q2 models are working fine in my uncommited QF patch and I got TR meshes ( what an evil model format TR has ) almost working - Soon we'll have skeletal modeling support too if I can get the stupid TR bones right.

- Mongoose

http://www.quakeforge.net

Need to make our own game data

[knghtbrd]

The engine is GPL'd, but we still need to come up with our own GPL'd game data. In order to make this possible, John was nice enough to release the Quake1 tools and QuakeC code under the GPL. This means all we need are graphics, sounds, models, maps, etc. Email or ICQ me (67962016) if you're interested, I'll get you in touch with people planning to do exactly that.

The project is probably a bigger undertaking than QuakeForge itself, and really needs more talented people so it can really take off.

Re:Ducking is for WIMPS!

[LionMan]

"... like 10,000 "transactions" per _second_."

Transactions? Who said anything about transactions? What was the last time that you saw a scientist, say, doing a presentation, and he/she needed to RENDER something during his/her presentation? "But what about calculating the results of hypothetically an asteroid impact?" you might say. Yes, the processing power you need, but not necessarily the displaying power. Displaying is usually a very slow process compared to calculating, so for real-time 3D games, hardware is based upon the games' requirements.

Re:Ducking is for WIMPS!

[Yarn]

LionMan's right, we have one of the most powerful university computers in the UK, and it just outputs text from its calculations.

Eyecandy isnt important while you're analysing your data.

You plot the graphs later :)

Re:Trollin for gay rights

[QuantumG]

yer.. he should have slapped yoda upside the head. "Say 'too old' again you fucking muppet! I double dog dare you to say 'too old' again" as he shoves a gun down his throught.

Re:Never impossible

[eval]

The netrek community uses the same method of blessing (public/private RSA keys (with permission from RSA)). I believe the first successful hack after blessing was implemented was less than a month later, but it required a kernel modification on the client's machine, and a patch to make it much harder was suggested (I don't know if it was ever deployed).

Oddly, reading through the description [qwforever.com] of the Encryption it seems that the plan is to use Twofish rather than a public key method. This may just be development lag (that URL points to beta code, I believe). There are good reasons for using assymetric rather than symmetric cryptography; I won't go into them here, however, since they're a little off-topic. Interested parties can mail me if they want to discuss the issues in more depth.

Ray Jones

Re:Ant-cheat tech

[Bill Currie]

oi, watcha doin postin anonymously, theoddone33? :)

taniwha - QF developer (as is theoddone33)