Unique Machine Identifier

[lozatto]

Technical Proposal: Persistent Hardware Identification System (HWID) v2

Overview

The goal is to implement a robust Hardware ID (HWID) system for Counter-Strike 1.6 by extending the NextClient (Client-side) and NextClientServerApi (Server-side). This ensures a player’s identity is tied to their physical machine, effectively preventing identity spoofing, bypassing bans via IP/SteamID rotation, and improving community integrity.

1. Client-Side Collection (NextClient)

Objective: Generate a unique, anonymized, and highly resilient hardware fingerprint.

• Mechanism: A multi-path collection strategy (v2) to ensure reliability even if WMI is disabled:
  • Primary (Win8+): Motherboard UUID + MSFT_Disk Serial (Boot disk specific).
  • Secondary (Vista/7): Win32_DiskDrive cross-referenced with logical boot drive.
  • Fallback (Bare Metal): Direct IOCTL_STORAGE_QUERY_PROPERTY calls to bypass WMI corruption.
  • Persistence: Persistent registry-based seed in HKCU\Software\NextClient if all hardware probes fail.
• Privacy & Security: Raw identifiers are concatenated and hashed via SHA-256 (64 hex chars). Raw data never leaves the client machine.

// Example: Implementation in src/client/hwid_collector.cpp
namespace hwid {
    std::string Collect() {
        // Combines Motherboard UUID and Boot Disk Serial
        std::string seed1 = CollectMotherboardUUID(); 
        std::string seed2 = CollectBootDiskSerial();
        
        // Final anonymized fingerprint
        return Utils::Sha256(seed1 + "|" + seed2);
    }
}

2. Synchronization (NCLM Protocol)

Objective: Securely transmit the HWID during the initial connection handshake.

• Protocol Modification: Define a new message opcode in src/common/nclm_proto.h:
  • NCLM_C2S_HARDWARE_ID: Sent immediately after the version check and before entering the game.
• Data Integrity: The server enforces a "First-Packet-Only" rule per session. Any subsequent HWID packets are ignored to prevent mid-game spoofing via memory manipulation.

3. Session Management (Server Module)

Objective: Bind the HWID to the active player session for lookups.

• Logic:
  1. The server handles the NCLM_C2S_HARDWARE_ID opcode within nclm_server.cpp.
  2. The 64-character hash is stored in the CPlayer object inside player_manager.cpp.
  3. The ID is indexed, allowing for efficient blacklisting or identity verification independent of SteamID or IP address.

4. AMX Mod X Interface (API Layer)

Objective: Expose the HWID to Pawn scripts (e.g., Zombie Plague, Anti-Cheat, or Rank systems).

• Native Implementation: Adds ncl_get_hardware_id to the NextClient API.

// Native: ncl_get_hardware_id(id, buffer[], len)
static cell AMX_NATIVE_CALL ncl_get_hardware_id(AMX *amx, cell *params) {
    int index = params[1];
    CPlayer* player = g_PlayerManager.GetPlayer(index);
    if (player && player->IsHWIDReady()) {
        return set_amxstring(amx, params[2], player->GetHWID().c_str(), params[3]);
    }
    return 0;
}

Expected Repository Structure

Client Repository (nextclient)

src/
├── client/
│   ├── hwid_collector.cpp      <-- v2 Collection logic (WMI/IOCTL/Registry)
│   ├── hwid_collector.h        <-- Public API (Collect, IsReady, Reset)
│   └── nclm_client.cpp         <-- Handshake packet integration
└── common/
    └── nclm_proto.h            <-- New NCLM_C2S_HARDWARE_ID opcode

Server Repository (NextClientServerApi)

src/
├── server/
│   ├── amxx_api.cpp            <-- AMXX Native registration
│   ├── nclm_server.cpp         <-- Handling HWID incoming packets
│   └── player_manager.cpp      <-- HWID session storage in CPlayer
├── amx/
│   └── nextclient.inc          <-- AMXX include: native ncl_get_hardware_id

Reference: Resolves architectural requirements for advanced ban management and identity validation. Fixes Issue #100.