search

surepy / tf2_bot_detector

A handy little tool to gather, keep track and automatically votekick bots and bad actors in Team Fortress 2.
MIT License
60 stars 7 forks source link

"Suspicious profile picture" hash-checking #33

Open bigfinfrank opened 4 months ago

bigfinfrank commented 4 months ago

A clear and concise description of what the problem is.

The recent improvements bot hosters have implemented are making it more and more difficult to spot bots, but there's a few exploitable consistencies they have that we can use to detect them. Notably, some bots (Mechniator bots are an easy one to point at) use the same few profile pictures for all (or at least a sizable number) of their bot accounts.

Describe the solution you'd like

Since TF2BD already fetches profile pictures to be displayed in the TF2BD GUI, it shouldn't be that much more intensive to run a hash check against all the profile pictures as people join a match and then warn the TFBD user that they're potentially a bot.

This does have a small chance of false positives if someone happens to be using the same profile picture (based on some reverse image searching, I don't think this will be very common, however), it might be best to implement this functionality in the UI as a little badge in the TF2BD player list similar to how VAC/Game/Community server bans currently appear. Alternatively a new "mark as" category might be a viable option if you'd rather keep the badges purely ban-related.

I'd also like to mention it'd be very nice to have a toggleable option to automatically save the hash as known-suspicious when someone is manually marked as a Cheater.

Describe alternatives you've considered

Manually hovering across the list of players when joining a match to see if there's any accounts with bot-used profile pictures.

Additional context

There isn't really anything else that couldn't be included in the other fields, if you have an questions or need any clarifications I'm happy to oblige.

surepy commented 4 months ago

hmmmmmm I might be reading this wrong but this feature already exists since when pazer first released tf2bd in 1.0

you use avatar_match in rules.json (or rules.(any).json), here's an example

https://github.com/surepy/tf2_bot_detector/blob/cb519c0c88d3b059cad2a9aacedc2a08f1cc9eec/staging/cfg/rules.official.json#L563-L577

here's the format for rules, its just not documented at all lol... https://github.com/surepy/tf2_bot_detector/blob/master/schemas/v3/rules.schema.json

Automatic marks will be filled in reasons column as [auto] automatically marked: (Attribute) | reason: (Rule Description) or you can have it as transient mark.

I'd also like to mention it'd be very nice to have a toggleable option to automatically save the hash as known-suspicious when someone is manually marked as a Cheater.

Maybe "Copy Profile Picture Hash" isn't a bad idea, I'll think about it.

bigfinfrank commented 4 months ago

Yep that's what I was talking about, I didn't know it was already included. Do you happen to know what type of hash it is? SHA-1?

surepy commented 4 months ago

Do you happen to know what type of hash it is? SHA-1?

sha-1 generated from steam’s servers. Check the profile picture urls.