Chess playing software detection--speculation: how do they detect programs on your local ...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


As anybody who plays chess online knows, on occasion a chess playing
site like the one PlayChess by Chessbase will say "Player XYZ detected
using chess playing software--their account has been deleted".

Also when recently the Topolov-Anand match was played, the Bulgarian
servers stated (when I was checking out the live match): "Warning:
Chessbase detected!".  Apparently they were upset that Chessbase
software was being used to analyze the match, which they wanted
exclusive live rights to (they have sense sued Chessbase).

Speculation: how do they do that?  How to they detect software
remotely--isn't this a security breach?

Some theories:

1) They have some software that can check out what programs are
running in your memory, and:
 (a) this software is bundled with the chess interface used by online
chess playing programs, or
 (b) this is a Java applet that runs under any browser

If 1)(b), isn't this something an anti-virus program would catch?
Maybe not.

2) They are faking it:  they simply analyze some games played by
suspected cheaters--maybe people reported by opponents who are
suspicious --and if enough of the game show that nearly all moves were
the 'recommended' moves played by typical chess playing software like
Rybka or Fritz, then the accounts are deleted.  In the case of the
Bulgarian servers--since the organizers of this match were upset with
Chessbase before the match because Chessbase stated they were going to
rebroadcast the moves--which BTW I don't think Chessbase has legal
rights to--the Bulgarian organizers simply added a message "Warning:
Chessbase detected!" just to show anybody they were upset with
Chessbase, to scare them, since most serious chess players use
Chessbase.  In other words, it was a fake message that everybody saw,
even those not using Chessbase software.


RL

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?




| As anybody who plays chess online knows, on occasion a chess playing
| site like the one PlayChess by Chessbase will say "Player XYZ detected
| using chess playing software--their account has been deleted".

| Also when recently the Topolov-Anand match was played, the Bulgarian
| servers stated (when I was checking out the live match): "Warning:
| Chessbase detected!".  Apparently they were upset that Chessbase
| software was being used to analyze the match, which they wanted
| exclusive live rights to (they have sense sued Chessbase).

| Speculation: how do they do that?  How to they detect software
| remotely--isn't this a security breach?

| Some theories:

| 1) They have some software that can check out what programs are
| running in your memory, and:
|  (a) this software is bundled with the chess interface used by online
| chess playing programs, or
|  (b) this is a Java applet that runs under any browser

| If 1)(b), isn't this something an anti-virus program would catch?
| Maybe not.

| 2) They are faking it:  they simply analyze some games played by
| suspected cheaters--maybe people reported by opponents who are
| suspicious --and if enough of the game show that nearly all moves were
| the 'recommended' moves played by typical chess playing software like
| Rybka or Fritz, then the accounts are deleted.  In the case of the
| Bulgarian servers--since the organizers of this match were upset with
| Chessbase before the match because Chessbase stated they were going to
| rebroadcast the moves--which BTW I don't think Chessbase has legal
| rights to--the Bulgarian organizers simply added a message "Warning:
| Chessbase detected!" just to show anybody they were upset with
| Chessbase, to scare them, since most serious chess players use
| Chessbase.  In other words, it was a fake message that everybody saw,
| even those not using Chessbase software.

Huh ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Chess playing software detection--speculation: how do they detect programs on your local machine?



Deted who online chessbase XYZ As their "Plays chess Chess has site
knows, online by Player playChessbase XYZ As their "Playing chess
Chess on occasion say using anybody occasion detected". Playing
chessbase XYZ As the detected".. Playing chessbase XYZ As their
"Player playing site knows, on detected". Playing site knows, online
by PlayChess one by Player playing chess account a like on deleted".

They were upset detected match the Topolov-Anand Chessbase analyze was
played, was match): to used was played, was played, was Also
softwarently the live "Warning: sued to analyze was played, was
played, was Also software that servers Also software the live
Bulgarian Topolov-Anand Chessbase have match): to being out sense
analyze when recently that servers Also softwarently out sense analyze
when match was match was played, was checking (when recently out
servers Also softwarently (they were that servers Also softwarently
out servers Also. Sed match was played, was checking out servers Also
softwarently (they were the Topolov-Anand Chessbase).

Ct that? Security to they do How do How a software how do How a
software how do How do breach? Remotely--isn't Specurity to they do
How a software how a software how do How do How do breach?
Remotely--isn't Speculation:.

Ie Someomeorie Sorie Soriries:.

Is in out are the is programs (a) by chess memory, programs, applet
with this interface 1) running They used with this programs (a) by
chess memory, programs (a) by chess interface 1) running your or
bunder software this software that some this software online Java
playing in out are this that can interface 1) running your or bunder
is programs, applet with this bunder is running your or bundled chess
memory, programs, applet with this 1) running in out are that software
online Java playing.

This If something would 1)(b), anti-virus. Ram If somethis If
something would 1)(b), anti-virus isn't catch? Program If somethis If
something would 1)(b), an not.

Chess before show think by opponents the software cheaters--maybe
message playing to are Bulgarian a going simply show the faking: scare
I "Warning simply all. TW don't simply are use if were of Rybka played
to usince then Fritz, nearly suspected by games most with suspected.
Chessbase to who Chess people then they since the Bulgarian suspicious
--and They was like I "Warning to use show the of the games othe BTW
don't since the gamessbase has Chess since deted with of the of then
Fritz, nearly simply are ther opponents reported match it before fake
words, 2) were to are. Chessbase upset moves who Chessage Bulgarian
suspected Chessage "Warning: scare analyze has it: legal playing:
scare detected. Chess before show them, software upset the some gamess
since deletected with software of were this like words, 2) were of the
even Fritz, nearly enough suspected!" are games not anybody suspected
by games not anybody game the chess since the messbase deleted.
Chessbase has Chessbase usince deted. Of that deted.


RL

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?




Quoted text here. Click to load it

[rest of incoherent post snipped]

I don't know about detecting chess-playing software, but I'm certainly
detecting cat-like typing in that post. Or large amounts of alcohol....



Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



Quoted text here. Click to load it

Well...I don't think that was "Ray" but someone playing with himself
forging a post.

From the header:

Message-ID:

...not your average MID



Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



Quoted text here. Click to load it

http://support.chess.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=711

"How does Chess.com detect cheating?
One part of our analysis involves comparing human moves to computer moves
and looking at statistical significance. The other parts are not public
knowledge. We will never disclose our exact methods for catching cheaters
(to prevent cheaters from adapting their methods), but it involves both
cutting-edge technology and human judgment."

See also:

http://www.chessclub.com/help/Speedtrap

"The methods we use are confidential, because describing them in detail
would allow cheaters to cheat more intelligently. However, we can clear up
some common misconceptions by listing some things that do NOT cause us to
put someone on the computer list:"

I suspect they all will have similar 'explanations' on their respective
sites.

...shouldn't that be Ruy Lopez? :o) I used that name when installing Vista
because of the chess piece icon displayed during the process, and I never
use my real name on any of my computers.



Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



wrote:

Quoted text here. Click to load it

Very clever.  And thanks for the links with explanations...those chess
programmers are always on the cutting edge!

Ray "Ruy" Lopez

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



raylopez99 wrote:
Quoted text here. Click to load it

I doubt this belongs in the C# group or AV group. Probably not chess
either. More like software security or something, I think.

I have some ideas on how they do this and how they do it in any other
online game. I won't go into the details on exactly how you can do the
same or how you can defeat it.

Quoted text here. Click to load it

You have two choices, at least: Take a risk or not play it.
There's no way to to detect such things remotely without the local
machine sending some data first that allows the remote machine to detect
it. Internal data of the game could be changed by the analyzer one way
or another (you don't see this anywhere on the outside), and the game
can either detect it locally or send a hash of or chunk of the data for
verification.

Quoted text here. Click to load it

Either that or what I mentioned earlier. These are the simplest methods
I can think of at the moment at least.

Quoted text here. Click to load it

Sure, it could be either bundled with it, integrated into the main
application (game) or it is downloaded from somewhere after
installation. Maybe I misunderstood?

Quoted text here. Click to load it

If so, it can of course check its internal data and let the server know
either if something is suspicious, or simply let the server decide if it
looks suspicious. I doubt it would be allowed to check what other
applications are running and read from their memory if it's a Java
applet, since that sounds very dangerous. But it's an IE or Firefox
plugin.. Yes, I think that would be possible. Just like the Flash
plugin. You may know it has been vulnerable for exploitation.

Quoted text here. Click to load it

They can't magically know what kind of application it is and decide that
it is something that should be "caught". If it should block Java applets
by default, they should of course let you decide whether to run it or
not. Or if it has the same kind of feature I have in Outpost Firewall
Pro ("Host protection"), it will catch attempts to access other
processes (for example reading memory from them).

Quoted text here. Click to load it

I think that would be a complex to do anyways, so I doubt it. But of
course they can if if they want to.

Quoted text here. Click to load it

Cheat detection methods do it one way or another with some variations,
but I believe it's basically the same thing (of course, some are better
than others).
I have not tried to give you very informational technical details on
this. Just enough, I hope. :)

--
Regards,
Jackie

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?




| raylopez99 wrote:
Quoted text here. Click to load it

| I doubt this belongs in the C# group or AV group. Probably not chess
| either. More like software security or something, I think.

+1

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



Quoted text here. Click to load it

Feel free to cross-post it there then.

Quoted text here. Click to load it

Hell why not? I guess you might be giving away company secrets?

Quoted text here. Click to load it

Well of course I assume the local machine sends data.

Quoted text here. Click to load it

I have a feeling this is not so simple...

Quoted text here. Click to load it

A plugin to check memory, to see if chess playing software resides in
said memory?  Dangerous sounding.


Quoted text here. Click to load it

Well this turns out to be one way--but not the only way--cheating is
detected according to the poster FromTheRafters.


Quoted text here. Click to load it

Not enough I pray.  But don't give away the kimono and compromise the
internet just to satisfy my curiosity.

Thanks,

Ray

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html

I had a look here just now to figure out exactly what a Java applet is
allowed to do.

AWTPermission > readDisplayPixels
Screenshots to detect the analyzer.

FilePermission
Search for known "bad applications" in the file system to see if they
are installed.

RuntimePermission > setContextClassLoader
I am not sure exactly which system they are talking about here. But if
it is kind of the same as the SetThreadContext API on Windows, and in
addition the code is somehow injected into the remote process (which I
doubt), this is one way to take complete control over that process (read
from its memory and send something back to the chess applet?).

RuntimePermission > writeFileDescriptor
"may allow malicous code to plant viruses" (and other things)

RuntimePermission > loadLibrary.{library name}
"Java security architecture is not designed to and does not prevent
malicious behavior at the level of native code"

Well, this would be very dangerous and would allow anything to be done
in the OS as far as permissions allow it. Even outside the sandbox.

--
Regards,
Jackie

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



Jackie wrote:
Quoted text here. Click to load it

But of course not without you letting it do that first.

--
Regards,
Jackie

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



On 10-06-2010 05:31, Jackie wrote:
Quoted text here. Click to load it

I am not quite sure that I understand your point.

Java operates with many permissions.

Some of them gives access to critical things.

So if a Java applet asks if you want to give it privs,
then you should only allow it if you are very confident
about the source of the code.

No surprise in that.

Arne


Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



Arne Vajh°j wrote:
Quoted text here. Click to load it

Well, Mr. Ray may want to know details like these to figure out if it is
even possible for a Java applet to read memory from other processes and
how likely it is. See it for himself and think about it on his own, and
not just take whatever we say as truth. One must figure it out one way
or another, and this is one way to know if it is possible or if you can
scratch Java applets completely from the list.

--
Regards,
Jackie

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?

raylopez99 wrote:
Quoted text here. Click to load it

I would just assume you would take on that responsibility.

Quoted text here. Click to load it

Not worried about giving away "secrets", I just don't know what people
would do with that information once they know the details. I don't
support cheating in online games. If you take a look at MSDN, you can
look through APIs, read what they do and then form your own ideas on
what you can use them for. If you want to dig into their chess software
to figure out their protection, I suggest first learning some basics of
x86/x64 assembly and then using a debugger to begin. I like OllyDbg.

Quoted text here. Click to load it

If I didn't explain it well enough without giving you *C# code* that
either detects these analyzers for *chess games*, or a way to bypass *AV
software* so that you can use them, I am not sure exactly how to answer.

Quoted text here. Click to load it

Okay. :)

Quoted text here. Click to load it

I think they would have access to the system. Checking for example
window titles or checking each process' memory to see if it matches
known "bad applications". Maybe checking the file system with Flash or
Java if they have enough permissions, or taking screen shots. You can
see my other post about Java permissions at least.

Quoted text here. Click to load it


--
Regards,
Jackie

Re: Chess playing software detection--speculation: how do they detect programs on your local machine?



On 09-06-2010 05:47, raylopez99 wrote:
Quoted text here. Click to load it

I think it must be 1a.

An unsigned Java applet can not go outside the sandbox and
a signed Java applet will prompt for additional access.

Arne

Site Timeline