|Original author(s)||Tony Ray|
|Developer(s)||Even Balance, Inc|
|Operating system||Microsoft Windows, GNU/Linux, Mac|
PunkBuster is a computer program that is designed to detect software used for cheating in online games. It does this by scanning the memory contents of the local machine. A computer identified as using cheats may be banned from connecting to protected servers. The aim of the program is to isolate cheaters and prevent them from disrupting legitimate games. PunkBuster is developed and published by Even Balance, Inc.
The first beta of PunkBuster was announced on September 21, 2000 for Half-Life. Valve Software was at the time fighting a hard battle against cheating, which had been going on since the release of the game. The first game in which PunkBuster was integrated was id Software's Return to Castle Wolfenstein.
- Real-time scanning of memory, by placing a PunkBuster Client on players' computers searching for known hacks/cheats using a built-in database.
- Throttled two-tiered background auto-update system using multiple Internet Master Servers to provide end-user security ensuring that no false or corrupted updates can be installed on players' computers.
- Frequent status reports are sent to the PunkBuster Server by all players. When necessary, the PunkBuster Server raises a violation which (depending upon settings) will cause the offending player to be removed from the game and all other players to be informed of the violation.
- PunkBuster Admins can also manually remove players from the game for a specified number of minutes or permanently ban if desired.
- PunkBuster Servers can optionally be configured to randomly check player settings looking for known exploits of the game engine.
- PunkBuster Servers can be configured to instruct clients to calculate partial MD5 hashes of files inside the game installation directory. The results are compared against a set configuration and differences logged, and optionally, the client removed from the server.
- PunkBuster Admins can request actual screenshot samples from specific players and/or can configure the PB Server to randomly grab screenshot samples from players during gameplay. However, it is possible for a game hack to block screenshots (producing a cropped screenshot) or remove all visual features of a hack (cleaning the screenshot) to remain undetected, leaving the effectiveness of this feature diminished.
- An optional "bad name" facility is provided so that PunkBuster Admins can prevent players from using offensive player names containing unwanted profanity or racial slurs.
- Search functions are provided for PunkBuster Admins who wish to search player's keybindings and scripts for anything that may be known to exploit the game.
- The PunkBuster Player Power facility can be configured to allow players to self-administer game servers when the Server Administrator is not present entirely without the need for passwords, in which the players can call votes to have a player removed from the server for a certain amount of time.
- PunkBuster Servers have an optional built-in mini HTTP web server interface that allows the game server to be remotely administered via a web browser from anywhere over the Internet.
- PunkBuster Admins can stream their server logs in real time to another location.
- PunkBuster has initiated Punkbuster Hardware Bans, that bans hardware components upon detection of cheats that disrupt or circumvent PunkBuster's normal operation. These bans mean permanently banning players whose HD id matches the blacklist at Evenbalance. The cheater will have to buy new hardware to be able to play again.
Some games (like Crysis or Bioshock 2) do not have a 64-bit version of PunkBuster. For this reason, 64 bit clients will not be able to play in PunkBuster enabled servers, unless they run the 32-bit client of the game.
PunkBuster does not allow Windows users without administrative accounts to connect to any games. Upon connecting to a game, the user will be immediately kicked for having insufficient OS privileges. Starting with PB client v1.700, a Windows service with full administrative rights is used in complement with the ingame PunkBuster client, allowing updates without user rights elevation. However, some games might still require administrative rights before PunkBuster will function correctly.
Global GUID bans and Hardware bans
PunkBuster uses a system called 'global banning'. Either the GUID (generated from the CD key) or parts of the computer's hardware are banned from PunkBuster-enabled servers. Most attempts at cheating will only receive a detection warning, but cheats that interfere with PunkBuster's software itself could lock out the GUID of the offending system and disable access to all PunkBuster enabled servers for that particular game. Particularly severe instances of cheating may lock the offending computer out of all PunkBuster-protected games.
As of June 30, 2004, Even Balance has used unique hardware identifiers to permanently ban players who attempt to interfere with PunkBuster's normal operation (which is, itself, a violation of the PunkBuster EULA). Even Balance uses a 128-bit private one-way hash so that no serial number information for individual computers can be obtained from a hardware GUID.
As with previous PunkBuster GUID bans, hardware GUID lockouts are permanent.. Even Balance http://www.evenbalance.com/index.php?page=announce04.php. Retrieved 2014-03-02. Missing or empty
|title= (help)</ref> Even Balance has not disclosed what hardware PunkBuster looks for when issuing a ban, but close examination of the software has indicated that the GUID may be based on the serial numbers of scanned hard-drives.
During the period of 30 October to the 6th of November 2013 Punkbuster was falsely banning Battlefield 4 users with the error "(Gamehack #89265)" As of November 8, 2013 the issue has been resolved by Evenbalance inc. and all Punkbuster bans resulting from this error have been resolved and officially deemed a false-positive.
- "We have confirmed that Violation #89265 may be triggered by non-cheat software. This Violation code has been removed from our master servers and we encourage server admins to give the benefit of the doubt to players who raised this code over the past few days."
As of November 21, hundreds of Battlefield Players have been banned for violation "(Gamehack #81518)" Even though most players affected have denounced this as being a false-positive, it will most likely not be revoked. In most cases this has to do with the program Cheat Engine. In order to trigger this violation you do not have to have Cheat Engine running, but simply have to have it installed. Although Cheat Engine is only a memory editor/debugger, it is considered a hacking tool by PunkBuster and many others. As of 12-19-2013 there has been no update on this violation and whether or not it is false-positive, but mostly it is not and the bans created by it will remain.
Attacks on PunkBuster
PunkBuster usually searches for known cheat program signatures as opposed to relying on a heuristic approach. On March 23, 2008, hackers published and implemented a proof of concept exploit of PunkBuster's indiscriminate memory scanning. Because PunkBuster scans all of a machine's virtual memory, malicious users were able to cause mass false positives by transmitting text fragments from known cheat programs onto a high population IRC channel. When PunkBuster detected the text within user's IRC client text buffers, the users were banned. On March 25, 2008, Even Balance confirmed the existence of this exploit.
Games using PunkBuster
- APB: Reloaded
- Assassin's Creed: Brotherhood
- Assassin's Creed: Revelations
- Assassin's Creed III
- Assassin's Creed IV: Black Flag
- America's Army
- Battlefield 2
- Battlefield 2142
- Battlefield 1942
- Battlefield 3
- Battlefield 4
- Battlefield: Bad Company 2
- Battlefield Heroes
- Battlefield Play4Free
- Battlefield Vietnam
- Blacklight: Retribution
- Call of Duty 4: Modern Warfare 
- Call of Duty: World at War
- Crysis Wars
- Enemy Territory: Quake Wars
- Far Cry 2
- Far Cry 3
- F.E.A.R. Perseus Mandate
- Frontlines: Fuel of War
- Ghost Recon Online
- Infestation: Survivor Stories
- Medal of Honor: Airborne
- Medal of Honor (2010)
- Medal of Honor: Warfighter
- Need for Speed: ProStreet
- Need for Speed: Undercover
- Need for Speed: World
- Quake 4
- Urban Terror
- Red Orchestra 2: Heroes of Stalingrad
- Soldier of Fortune II: Double Helix
- Tom Clancy's Rainbow Six: Lockdown
- Tom Clancy's Rainbow Six: Vegas
- Tom Clancy's Rainbow Six: Vegas 2
- Tom Clancy's Ghost Recon: Future Soldier
- Tom Clancy's Ghost Recon Online
- Wolfenstein (2009)
- Slagle, Matt (2002-12-09). "Cheats Could Ruin Online Gaming". CBS News. Retrieved 2008-04-01.
- "Frequently Asked Questions about PunkBuster Services". Even Balance. 2008-07-23. Retrieved 2008-07-23.
- "Frequently Asked Questions about PunkBuster". Even Balance. Retrieved 2014-03-02.
- "Support MD5Tool". Even Balance. Retrieved 2014-03-02.
- "Frequently Asked Questions about PunkBuster". Even Balance. Retrieved 2014-03-02.
- PunkBuster Online Countermeasures/News (2013-11-8) PunkBuster Online Countermeasures. Even Balance. Retrieved 12-19-2013
- "Gaming Ethics: Part 3 of 3".
- "netCoders vs. PunkBuster".
- PunkBuster (2011-01-14). "PunkBuster Announcements". Even Balance. Retrieved 2011-04-04.
- PunkBuster (2011-08-23). "PunkBuster Announcements". Even Balance. Retrieved 2011-08-24.
- PunkBuster (2013-09-27). "PunkBuster Announcements". Even Balance. Retrieved 2013-09-27.
- PunkBuster (2008-07-22). "PunkBuster Announcements". Even Balance. Retrieved 2008-10-05.
- PunkBuster (2006-09-12). "PunkBuster Announcements". Even Balance. Retrieved 2006-09-18.
- PunkBuster (2008-08-04). "PunkBuster Announcements". Even Balance. Retrieved 2008-08-14.