PunkBuster

PunkBuster
Original author(s)	Tony Ray
Developer(s)	Even Balance, Inc
Initial release	2000;24 years ago
Operating system	Microsoft Windows, Linux, Mac OS
Type	Anti-cheat software
Website	evenbalance.com

Last updated February 29, 2024

PunkBuster is a computer program that is designed to detect software used for cheating in online games. It does this by scanning the memory contents of the local machine. A computer identified as using cheats may be banned from connecting to protected servers. The aim of the program is to isolate cheaters and prevent them from disrupting legitimate games. PunkBuster is developed and published by Even Balance, Inc.

History

Tony Ray founded Even Balance to develop PunkBuster after his experience with cheaters on Team Fortress Classic .^[1]

The first beta of PunkBuster was announced on September 21, 2000, for Half-Life . Valve was at the time fighting a hard battle against cheating, which had been going on since the release of the game. The first game in which PunkBuster was integrated was id Software's Return to Castle Wolfenstein .

Features

Published features

Real-time scanning of memory, by placing a PunkBuster Client on players' computers searching for known hacks/cheats using a built-in database.
Throttled two-tiered background auto-update system using multiple Internet Master Servers to provide end-user security ensuring that no false or corrupted updates can be installed on players' computers.
Frequent status reports are sent to the PunkBuster Server by all players. When necessary, the PunkBuster Server raises a violation which (depending upon settings) will cause the offending player to be removed from the game and all other players to be informed of the violation.
PunkBuster Admins can also manually remove players from the game for a specified number of minutes or permanently ban if desired.
PunkBuster Servers can optionally be configured to randomly check player settings looking for known exploits of the game engine.
PunkBuster Servers can be configured to instruct clients to calculate partial MD5 hashes of files inside the game installation directory. The results are compared against a set configuration and differences logged, and optionally, the client removed from the server.
PunkBuster Admins can request actual screenshot samples from specific players and/or can configure the PB Server to randomly grab screenshot samples from players during gameplay. However, it is possible for a game hack to block screenshots (producing a cropped screenshot) or remove all visual features of a hack (cleaning the screenshot) to remain undetected, leaving the effectiveness of this feature diminished.
An optional "bad name" facility is provided so that PunkBuster Admins can prevent players from using offensive player names containing unwanted profanity or slurs.
Search functions are provided for PunkBuster Admins who wish to search player's keybindings and scripts for anything that may be known to exploit the game.
The PunkBuster Player Power facility can be configured to allow players to self-administer game servers when the Server Administrator is not present entirely without the need for passwords, in which the players can call votes to have a player removed from the server for a certain amount of time.
PunkBuster Servers have an optional built-in mini HTTP web server interface that allows the game server to be remotely administered via a web browser from anywhere over the Internet.
PunkBuster Admins can stream their server logs in real time to another location.
PunkBuster has initiated Punkbuster Hardware Bans, that bans hardware components upon detection of cheats that disrupt or circumvent PunkBuster's normal operation. These bans mean permanently banning players whose HD id matches the blacklist at Evenbalance.

Incompatibilities

Some games (like Crysis or BioShock 2 ) do not have a 64-bit version of PunkBuster. For this reason, 64 bit clients will not be able to play in PunkBuster enabled servers unless they run the 32-bit client of the game.

PunkBuster does not allow Windows users without administrative accounts to connect to any games. Upon connecting to a game, the user will be immediately kicked for having insufficient OS privileges. Starting with PB client v1.700, a Windows service with full administrative rights is used in complement with the ingame PunkBuster client, allowing updates without user rights elevation. However, some games might still require administrative rights before PunkBuster will function correctly.^[2]

Enforcement

Global GUID bans and Hardware bans

PunkBuster uses a system called 'global banning'. Either the GUID (generated from the CD key ^[3]) or parts of the computer's hardware are banned from PunkBuster-enabled servers. Most attempts at cheating will only receive a detection warning, but cheats that interfere with PunkBuster's software itself could lock out the GUID of the offending system and disable access to all PunkBuster enabled servers for that particular game. Particularly severe instances of cheating may lock the offending computer out of all PunkBuster-protected games.^[4]

As of June 30, 2004, Even Balance has used unique hardware identifiers to permanently ban players who attempt to interfere with PunkBuster's normal operation (which is, itself, a violation of the PunkBuster EULA). Even Balance uses a 128-bit private one-way hash so that no serial number information for individual computers can be obtained from a hardware GUID.^[3]

As with previous PunkBuster GUID bans, hardware GUID lockouts are permanent.^[5] Even Balance has not disclosed what hardware PunkBuster looks for when issuing a ban, but close examination of the software has indicated that the GUID may be based on the serial numbers of scanned hard-drives. As with many bans based on information from the user's system, hardware GUID bans can be spoofed.

False positives

During the period of October 30 to November 6, 2013, Punkbuster was falsely banning Battlefield 4 users with the error "(Gamehack #89265)". As of November 8, 2013 the issue has been resolved by Even Balance inc. and all Punkbuster bans resulting from this error have been resolved and officially deemed a false-positive.

"We have confirmed that Violation #89265 may be triggered by non-cheat software. This Violation code has been removed from our master servers and we encourage server admins to give the benefit of the doubt to players who raised this code over the past few days."^[6]

Attacks on PunkBuster

PunkBuster usually searches for known cheat program signatures as opposed to relying on a heuristic approach.^[7] On March 23, 2008, hackers published and implemented a proof of concept exploit of PunkBuster's indiscriminate memory scanning. Because PunkBuster scans all of a machine's virtual memory, malicious users were able to cause mass false positives by transmitting text fragments from known cheat programs onto a high population IRC channel. When PunkBuster detected the text within user's IRC client text buffers, the users were banned.^[8] On March 25, 2008, Even Balance confirmed the existence of this exploit.^[8]

Related Research Articles

A web server is computer software and underlying hardware that accepts requests via HTTP or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiates communication by making a request for a web page or other resource using HTTP, and the server responds with the content of that resource or an error message. A web server can also accept and store resources sent from the user agent if configured to do so.

<span class="mw-page-title-main">Server (computing)</span> Computer to access a central resource or service on a network

In computing, a server is a piece of computer hardware or software that provides functionality for other programs or devices, called "clients". This architecture is called the client–server model. Servers can provide various functionalities, often called "services", such as sharing data or resources among multiple clients or performing computations for a client. A single server can serve multiple clients, and a single client can use multiple servers. A client process may run on the same device or may connect over a network to a server on a different device. Typical servers are database servers, file servers, mail servers, print servers, web servers, game servers, and application servers.

Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.

<i>Uplink</i> (video game) 2001 video game

Uplink is a simulation video game released in 2001 by the British company Introversion Software. The player takes charge of a freelance computer hacker in a fictional futuristic 2010, and must break into foreign computers, complete contracts and purchase new hardware to hack into increasingly harder computer systems.

A product key, also known as a software key, serial key or activation key, is a specific software-based key for a computer program. It certifies that the copy of the program is original.

<span class="mw-page-title-main">Cheating in online games</span> Practice of subverting video game rules or mechanics to gain an unfair advantage

On online games, cheating subverts the rules or mechanics of the games to gain an unfair advantage over other players, generally with the use of third-party software. What constitutes cheating is dependent on the game in question, its rules, and consensus opinion as to whether a particular activity is considered to be cheating.

A diskless node is a workstation or personal computer without disk drives, which employs network booting to load its operating system from a server.

Valve Anti-Cheat (VAC) is an anti-cheat tool developed by Valve as a component of the Steam platform, first released with Counter-Strike in 2002.

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Desktop virtualization is a software technology that separates the desktop environment and associated application software from the physical client device that is used to access it.

EA is a digital distribution platform for Microsoft Windows and macOS, developed by Electronic Arts for purchasing and playing video games.

Cheating in video games involves a video game player using various methods to create an advantage beyond normal gameplay, usually in order to make the game easier. Cheats may be activated from within the game itself, or created by third-party software or hardware. They can also be realized by exploiting software bugs; this may or may not be considered cheating based on whether the bug is considered common knowledge.

A home server is a computing server located in a private computing residence providing services to other devices inside or outside the household through a home network or the Internet. Such services may include file and printer serving, media center serving, home automation control, web serving, web caching, file sharing and synchronization, video surveillance and digital video recorder, calendar and contact sharing and synchronization, account authentication, and backup services.

<span class="mw-page-title-main">BOINC client–server technology</span> BOINC volunteer computing client–server structure

BOINC client–server technology refers to the model under which BOINC works. The BOINC framework consists of two layers which operate under the client–server architecture. Once the BOINC software is installed in a machine, the server starts sending tasks to the client. The operations are performed client-side and the results are uploaded to the server-side.

This page is a comparison of notable remote desktop software available for various platforms.

Peer-to-peer file sharing (P2P) systems like Gnutella, KaZaA, and eDonkey/eMule, have become extremely popular in recent years, with the estimated user population in the millions. An academic research paper analyzed Gnutella and eMule protocols and found weaknesses in the protocol; many of the issues found in these networks are fundamental and probably common on other P2P networks. Users of file sharing networks, such as eMule and Gnutella, are subject to monitoring of their activity. Clients may be tracked by IP address, DNS name, software version they use, files they share, queries they initiate, and queries they answer to. Clients may also share their private files to the network without notice due to inappropriate settings.

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

In computing, virtualization or virtualisation in British English is the act of creating a virtual version of something at the same abstraction level, including virtual computer hardware platforms, storage devices, and computer network resources.

Brian Clough's Football Fortunes is a video game featuring Brian Clough, released in 1987 for the Amiga, Amstrad CPC, Amstrad PCW, Atari 8-bit, Atari ST, BBC Micro, Commodore 16, Commodore Plus/4, Commodore 64, DOS, Acorn Electron, MSX and ZX Spectrum.

Computers can be classified, or typed, in many ways. Some common classifications of computers are given below.

References

↑ Slagle, Matt (December 9, 2002). "Cheats Could Ruin Online Gaming". CBS News . Retrieved April 1, 2008.
↑ "Frequently Asked Questions about PunkBuster Services". Even Balance. July 23, 2008. Retrieved July 23, 2008.
1 2 "Frequently Asked Questions about PunkBuster". Even Balance. Retrieved March 2, 2014.
↑ "Support MD5Tool". Even Balance. Retrieved March 2, 2014.
↑ "Announcements". Even Balance. June 30, 2004. Archived from the original on June 20, 2015. Retrieved March 2, 2014.
↑ PunkBuster Online Countermeasures/News (November 8, 2013) PunkBuster Online Countermeasures. Even Balance. Retrieved December 19, 2013
↑ "Gaming Ethics: Part 3 of 3". Archived from the original on March 22, 2016.
1 2 "netCoders vs. PunkBuster". Archived from the original on June 18, 2016.
↑ PunkBuster (August 23, 2011). "PunkBuster Announcements". Even Balance. Retrieved August 24, 2011.
↑ PunkBuster (September 27, 2013). "PunkBuster Announcements". Even Balance. Retrieved September 27, 2013.
↑ PunkBuster (July 22, 2008). "PunkBuster Announcements". Even Balance. Retrieved October 5, 2008.

External links

Official website

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Slagle, Matt (December 9, 2002). "Cheats Could Ruin Online Gaming". CBS News . Retrieved April 1, 2008.

[2] "Frequently Asked Questions about PunkBuster Services". Even Balance. July 23, 2008. Retrieved July 23, 2008.

[Even_Balance-3] 1 2 "Frequently Asked Questions about PunkBuster". Even Balance. Retrieved March 2, 2014.

[4] "Support MD5Tool". Even Balance. Retrieved March 2, 2014.

[5] "Announcements". Even Balance. June 30, 2004. Archived from the original on June 20, 2015. Retrieved March 2, 2014.

[6] PunkBuster Online Countermeasures/News (November 8, 2013) PunkBuster Online Countermeasures. Even Balance. Retrieved December 19, 2013

[bashandslash-7] "Gaming Ethics: Part 3 of 3". Archived from the original on March 22, 2016.

[netcoders-8] 1 2 "netCoders vs. PunkBuster". Archived from the original on June 18, 2016.

[9] PunkBuster (August 23, 2011). "PunkBuster Announcements". Even Balance. Retrieved August 24, 2011.

[10] PunkBuster (September 27, 2013). "PunkBuster Announcements". Even Balance. Retrieved September 27, 2013.

[11] PunkBuster (July 22, 2008). "PunkBuster Announcements". Even Balance. Retrieved October 5, 2008.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]