Players who spoof names in the lobby are not detected by the BWHF database

[GoogleCodeExporter]

What steps will reproduce the problem?
A known hacker uses a spoof utility to change his name in the game lobby. 
The spoofed name is not present in the BWHF directory, so the hacker is 
not detected using the "print screen" Player Checker feature.

What is the expected output? What do you see instead?
Suggested solution: In conjuntion with the Player Checker feature, enable 
an automatic "/whois" command for all player names in the lobby. If the 
returned value from Bnet does not equal the game name, initiate a message 
to the BWHF host: "Spoof at slot x" (i.e. Player x is in Brood War USA-2, 
but game name is 3v3@BGH Cable").

What version of the product are you using? On what operating system?
3.00 2010-01-14, Windows XP

Please provide any additional information below.

Original issue reported on code.google.com by tanaka....@gmail.com on 31 Jan 2010 at 12:32

[GoogleCodeExporter]

Executing /whois commands in the lobby would require to write Starcraft's 
memory, which 
would break Blizzards terms of use. Currently the Agent is legit.

Moreover executing several /whois commands would get the player flooded out 
from 
battle.net. Chaoslauncher had this feature which caused the players to flooded 
out 
frequently.

This feature will probably not be implemented.

Original comment by icz...@gmail.com on 31 Jan 2010 at 12:45

[GoogleCodeExporter]

I see, that's too bad.  I assumed a /whois-like feature was possible since you
figured out a way to legitimately parse player stats in v3.00's new "player 
alert
level" feature.

Original comment by tanaka....@gmail.com on 31 Jan 2010 at 7:21

[GoogleCodeExporter]

The Player record check operates on the BWHF database, that's why I could do it 
in a 
legit way.

Original comment by icz...@gmail.com on 31 Jan 2010 at 7:59

[GoogleCodeExporter]

Hello, I wasn't exactly sure where to comment on this, but, my name on 
starcraft is
MissMayI. Out of nowhere I was reported on one count of hacking. It says that 
I'm a
possible hacker, yet I've never been proved to hack. I went to look up the 
details on
the game, and it didn't say exactly what hack I was supposively using, so I ask 
alot
of people about it and they told me to come report it to you and that maybe I 
was
spoofed. So I don't know if you can help me on that, or clarify what kind of 3rd
party software I was supposively using at the time.

Once again, thanks a bunch, if you can help me with that, it would be nice, if 
not I
would understand that you're a pretty busy person. lol 

Original comment by isosneak...@live.com on 3 Feb 2010 at 3:26

[GoogleCodeExporter]

I'll look into it.

Original comment by icz...@gmail.com on 3 Feb 2010 at 6:23

[GoogleCodeExporter]

Hi. First of all, thanks a lot for the key. I was wondering over exactly this 
issue 
and luckily found it here. What I am worried about is, if some player spoofs a 
legit 
account and bwhf detects the hacks (in the game), will it still report the 
legit 
account(after the game)? This would mean a number of legit accounts being 
reported 
if they are being spoofed.

Please correct me if I am wrong or if there's some solution. The only solution 
I see 
is manually checking all players by /whois before I can game.

And thanks a ton for taking out the time for making such a great & neat program 
and 
using GPL for it!

Original comment by jag...@gmail.com on 26 Feb 2010 at 7:36

[GoogleCodeExporter]

Spoofing is an issue. Players should issue /whois commands, and if a name still 
gets in 
the database, I'm here to help.

Original comment by icz...@gmail.com on 26 Feb 2010 at 8:35

[GoogleCodeExporter]

Is there a way to get BWHF to work with StealthBot, in that it inputs the 
/whois 
commands into the bots queue for checking? Obviously, if you do the check 
multiple 
times, it should be smart enough not to /whois the same name repeatedly in the 
same 
game. Something that would go along the lines of..

You enter a game called '4v4 Hunters'
Three people are already there
You check for hackers, its clear, and BWHF automatically sends a /whois to the 
queue 
of your bot
In conjunction with a script that could be written - Which I'm sure I can get 
one 
written up, the bot will send you a message either saying 'clean' or giving a 
list of 
all names found as spoofers.
If the name has and uppercase i or lowercase L, it will check both instances of 
the 
name for spoofing.
Also, in the event the hacker is spoofing a name that is already online, the 
command 
should be smart enough to read the game lobby's game title, and recognize if a 
response to a /whois does not put the player in the game.
Then, when others join, you use the command again, and the bot will only /whois 
the 
new players - Possibly making use of the game title to recognise the game is 
still 
the same. Once the title changes, the 'log' of checked names resets, and all 
names 
will be checked for spoofs again.

In short..

1.) You enter a game titled '4v4 Hunters'
2.) You use the PRT Scrn button to check for hackers
3.) BWHF checks for hackers, and sends a queue to StealthBot to check for spoofs
4.) If no spoofers are detected, it will send you a message saying 'Clean'
5.) If a spoofer is detected, say, somebody named 'Koolaid64' it will list the 
spoofed usernames.
6.) If you use the function again in the same game, it will only check for 
spoofs 
among people that have joined since your last check.

This will probably require some collaberation with Stealthbot.net, but it could 
provide a good way to check for spoofers automatically, without having to type 
it out 
or flood yourself.

A quick fix to this could also be for BWHF to automatically put a series of 
/whois 
commands in the text box where it displays status, where you can copy+paste 
directly 
into your bot to put the commands in your queue - Though this would require 
alt+tabbing or using windowed sc.

Original comment by Sierra.K...@gmail.com on 2 Mar 2010 at 3:44

[GoogleCodeExporter]

Also: http://www.stealthbot.net/forum/index.php?/topic/3259-a-script-to-run-in-
conjuction-with-bwhf/

I've made the request for a script to go along with this.

Original comment by Sierra.K...@gmail.com on 2 Mar 2010 at 3:54

[GoogleCodeExporter]

I have thought about it myself, but it wouldn't be so great.

First, if a game has long name, it not even displayed. Only as much as can be 
displayed. If the title does not contain spaces and the title is long, there 
won't 
even be a game name displayed.

Gateway setting is another con. If the user set the wrong gateway, it will 
probably 
alert everyone as spoof.

Also one bot couldn't handle the traffic: to prevent flooding out, it would 
have big 
delay.

Original comment by icz...@gmail.com on 2 Mar 2010 at 7:07