Hardware based signatures.

The short and sweet to this is as follows: Each machine that attempts to log in to official servers has a unique ID generated based off of their pc's hardware. Mainly the really expensive components are used to seed the algorithm used to generate the ID: graphics board, CPU, HDD, and north bridge chipset - all of them have unique hardware ID's already so lets use them for something. When a player has been found cheating - instead of banning a serial number you ban the hardware signature. In essence you just banned their entire computer from multiplayer. Unless they are willing to pay hella cash to buy brand new components - I can't see a way for this to get circumvented. You can also take it one step further and create a global database of hardware sigs for all EA published titles - get caught cheating in one game and you loose access to online play for all titles you own or will buy - forever. Even better create a multi-publisher alliance that share banned HardwareID's - that way loosers loose the ability to play any game from a member publisher online in any capacity.The anti cheat measures implemented so far are pathetic pandering at best and totally useless at worse. Cheaters are sub human scum and need to be treated as such. Unless EA is more interested in repeat business from scum bags than it is in creating a fair environment and level playing field. The consequences need to be ratcheted up to the point where your either a sadist or totally insane to even consider cheating.

Money svcking corporate companies will never do such a thing.If they ban the hardware that means even if that guy purchases another copy, he still won't be able to play online.Actually he won't be able to play any EA online games beocz his hardware is banned.And corporate companies would never want to lose potential buyers.SO FLOP IDEA.

This can happen with or without support or permission from EA. I guess its more of a "Hey, this would work great. Prove your not a bunch of profit whores guys because I am coding this with or without your permission" I already started work on the algorithm to generate ID's. Server side coding will be a bit more interesting. Quick show of hands: who would opt into playing on servers using a HID database to keep known cheaters off? The client coding is such that it will work for literally any game without exception. Again, server side might get a bit interesting. in essence I see this working kind of like a password protected servers, instead of a password the server asks for your HID and then runs a CRC check to ensure its genuine before allowing a connection. Cheating is to the point where playing online is getting to be a bit of a joke. Cheating killed the multiplayer in crysis and crysis 2 is starting to die. If the companies are not willing to do anything then I am.

Oh my. You are so good and don't have your own corporation or business yet? Or that's why you don't have corporation or business yet?

Don't you think that such a huge game corporation thought about that?
That's so naive, not good(business) idea of all I heard. That's also ruining the confidential policy as this tool will gather up all ID's of the computer hardware.
Also why this method don't implemented in other games? Maybe it's not as good as you describing it, after all?
Really! If it's so good why in the hell there are no such method in other games? There must be some real and big disadvantages.
Really! Why are you writing only about advantages and don't even say the word about disadvantages?
I will not use something that is non officially supported by Crytek in my legit copy of the game.
Don't get me wrong. And forgive me if I said something nasty. But I said what I said(K.O.).

Unique information is not transmitted about your system, just the unique ID generated by components. Here is a big secret buddy - your getting hardware finger printed all the time without realizing it right now. Its common practice. Just about every high-end software package uses machine fingerprinting techniques. FFS - smart phones use it, in fact every cell phone made since 1996 uses it for network registration. Its a fact of life. Publishers won't and have not used it on games since they could care less about cheaters. I'm just trying to give server operators and users the option to play in an environment where cheating is very unlikely to occur. I could care less about your typically russian paranoia - the project is open source. I doubt you understand C++ but the code will be open for anyone who wants it to look at it. sourceforge page is done and Ill have beta clients up in 3 weeks.

Also, why would I want my own business? I make more in one week than most folks make in a year. I'm perfectly happy where I'm at. Ill give you a hint - I'm a programmer for a financial services company and I am a lead on the inhouse algorithmic trading software. There is only a handful of us out there. Read the WSJ, I show up in a few articles.

Also, why would I want my own business? I make more in one week than you will make in a year. I'm perfectly happy where I'm at. Ill give you a hint - I'm a programmer for a financial services company and I am a lead on the inhouse algorithmic trading software. There is only a handful of us out there. Read the WSJ, I show up in a few articles. If your going to attempt to insult someone about their job make sure its warranted.

If you want it. Do it if it will be source where all can observe it's code and what it's doing for real. I apologizing about being in emotions. I'm decoding to you what I tried to say about it: Then more will be product sold, then more they will get the money. Is that clear? Think yes.
I'm really glad that you are programmer in big company and really glad for you that you are fine there. ^_^ really...
I'm not angry, just seeing no point in such measurement of protection.
Sorry if I'm said really something wrong. Just eat, and calmed down a little. (problems with good friend)
But the main question what I wanted to hear is a disadvantages of this system? And they must be, they even may be big, and there even may be not one disadvantage. There are no systems with only advantages. You as programmer must know that.

The biggest disadvantage I can see right now would be if manufacturers ships motherboards with identical MAC addresses or cpu vendors mess up their cpuid schema. Intel has done this before - twice that I am aware of. It is rare though. On the server end - only banned ID's are logged. Everyone else's ID's get tossed after the CRC and ban list check. It is statistically possible that a cheater and a non cheater have the exact same ID - but its in the billions to 1 range. This operates as a simple check when attempting to connect to a server. It will be developed as a background process for windows - my target memory footprint is less than 10k. Nothing is game specific. If you want to log in to a protected server then your ID get requested, your machine sends it, if its not faked or banned then you are allowed to connect. I apologize for getting overly heated and edited my post. It was very rude of me.

Bad Idea, you do know that people do get false banned for having FPS overlays or any overlays for that matter. I've read something about that on MW2, people got banned for having FPS counters. Hell, Punkbuster kicks me out of BF2 if I have an overlay of Teamspeak. And then, ofc, there are the Admins that may abuse this power. It is a good idea for a company that can moderate this, but not for the people. False bans do happen :/

Sounds like a good idea but how hard would it be for someone to spoof a UID.

The biggest disadvantage I can see right now would be if manufacturers ships motherboards with identical MAC addresses or cpu vendors mess up their cpuid schema. Intel has done this before - twice that I am aware of. It is rare though. On the server end - only banned ID's are logged. Everyone else's ID's get tossed after the CRC and ban list check. It is statistically possible that a cheater and a non cheater have the exact same ID - but its in the billions to 1 range. This operates as a simple check when attempting to connect to a server. It will be developed as a background process for windows - my target memory footprint is less than 10k. Nothing is game specific. If you want to log in to a protected server then your ID get requested, your machine sends it, if its not faked or banned then you are allowed to connect. I apologize for getting overly heated and edited my post. It was very rude of me.
Also edited mine a little.
If there's a way that a cheater and a non cheater have the exact same ID - but its in the billions to 1 range that's better. On that way they may create a ban-appeal form for non-cheaters. If non-cheater will be banned then he may get unban. This is better then when it's billions to 1 range then seeking old cheaters with a new Ac.

But this protection is a serious method. If non-cheater will not get unban. He will need to change his hardware, that is more expensive instead of buying a new game. That's rare thing. But this can be also. Mistakes can be everywhere, even in judgment.

And also human aspect. The one who has power for banning can use it not wisely. And can Use it in they're own means. Like banning someone that they don't like. And that makes "But this protection is a serious method. If non-cheater will not get unban. He will need to change his hardware, that is more expensive instead of buying a new game." in lesser various happening range that can participate, such cases of changing something.

Saying simple...If non-cheater will get ban and don't get unban he can only say bye bye to game. The meaning for such "mistakes" is bigger than for others. Cause this will be a fatal mistake for customer that not cheater.

@jac75 the ID is generated by polling manufacture coded ID's on selected components. Your network card, Cpu, Gpu ...all have unique ID's that can't get spoofed if you poll them correctly. Modified values are stored in the registry. Im not done working out the entire algorithm but there are ways of knowing if someone just went and changed 1 component to try and get a new ID assigned. Kind of like being able to still ID a fingerprint if part of it is missing. Nothing is ever foolproof. The goal though, is to make life a living hell for those who cheat by making the workarounds to the system untenable. In essence it should push cheaters out to unprotected servers. If someone is willing to change their mobo, gpu, cpu, and HDD everytime they get caught cheating - there is nothing anyone can do about that. I am willing to wager that 99.9% of cheaters will just jump onto unprotected servers making the chances of running in to them on protected servers minimal.

@unit_test_01 Exactly. There has to be a method to ensuring that the banhammer is used properly. I really do like the system MS uses for XBoxLive to ban cheaters accounts. Checks and balances. Right now I am just focused on the technical aspect of creating bomb proof ID generation. Its a single piece to the larger puzzle of stopping cheaters. It is a possibility that by using heuristic techniques to anolyze suspected cheaters process stacks, one could quite accurately determine if someone was cheating. Again this is speculative. Your observations about vindictive server admins has already forced me to make structural changes to the system for determining appropriate actions. I'm splitting the cheaterDB in 3 parts: server specific(you have a dike sysadmin who bans you. while you appeal the ban you are restricted from playing on only that server. If it is determined that the admin was just being a dike - their servers get dropped and your ban is dropped), game specific(you are found to have cheated after the review process is complete and that the ban is justified. you get a 2 month game specific ban on all participating servers. If you get caught cheating again after the ban - and its verified - your done permanently with the game. Also, get caught cheating- after review- in a different game while your on suspension from another and you get perma banned from both) Global (two legit game bans land you here. Get totally banned from 2 games and your done. once here there is no way back. your hardware is no longer valid for play on any members servers regardless of games.) By doing this its gives someone a chance to be an idiot without sever consequence right off the bat. Some people really are idiots and just want to try something out like a wall hack because they saw it on youtube. As far as a review process is concerned I would like to keep the specific admins out of it beyond the initial filling - have reviews completed by nonvested community advocates or something.

@unit_test_01

This is along the lines of what I thinking for grabbing manufacturer burned MAC from an ethernet card. Not exact and very likely to change but its along the lines im using to reason this out.The MAC is just 1 variable in the algorithm. When the algorithm is done ill post it.
Edit: uses Iphlpapi.lib -this is preliminary. THe specific code below is from ravenspoint's method for polling mac addresses. Im working on what to do with the data once I have, not how I get it. for now I need strings to throw at my algorithm for testing.

string GetMac()
{
char data[4096];
ZeroMemory( data, 4096 );
unsigned long len = 4000;
PIP_ADAPTER_INFO pinfo = ( PIP_ADAPTER_INFO ) data;
char sbuf[20];
string sret;

DWORD ret = GetAdaptersInfo( pinfo, &len );
if( ret != ERROR_SUCCESS )
return string("**ERROR**");

for(int k = 0; k < 5; k++ ) {
sprintf(sbuf,"%02X-",pinfo->Address[k]);
sret += sbuf;
}
sprintf(sbuf,"%02X",pinfo->Address[5]);
sret += sbuf;

return( sret );
}

I think it is a very unique idea and i applaud your skills and dedication to it.
but there are certain very real issues that will hinder the reality of this idea.
#1 publishers will never collaborate on ANYTHING so the idea of global ban across all online games are...too good to be true.
#2 whatever you do, when you collect any information of the client, you have to let them know via EULA and privacy policy and they have to agree to it. again, another obstacle to realistic implementation and getting agreement from the publisher.
#3 added complexities/components increase the chance for bugs and errors.

of course i do support your attempt at improving the online gaming experience and punish those who choose to ruin it for others, but there are too much obstacles. by the way, this idea kinda resembles a DRM scheme.

Not too hard to code if you have access to the source code which accesses the api for rendering. Since you don't work for Crytek that may be hard unless you can find somewhere up the layer that already generates that code for you. Windows already has a hardware GUID but this is based off of multiple components what you would really need is a multiple hardware GUID and individual component GUID. Sure there are ways around this but if you could implement it either in the game source or one level up in the API you could potentially do this. I don't think you'll see companies doing it for entire platforms any time soon. Maybe on a game by game basis. You could spoof this information sure but if you ty it in at either of those two layers you could make sure that the hardware doing the rendering is also what the GUID's are based off of. People could still spoof this by for example running a virtual OS or using a software layer in between but there are always performance penalties in that type of conversion. I say good luck to you sir I wish you all the best