The only method I can think of right now would be to compare the hashes of players that went into a cd-key checked server and accept those hashes as legit.
Any other method would probably be too much work, but proof me wrong if you have a better way.
The current method I'm using is just checking if a hash has been used across multiple client IPs (> 3) see http://halorank.com/pirate.php. As you can see currently a 109 hashes would be banned by the system. Leaving 32k uniques hashes as legit. Also note that the Pirate population based on this system is a little over 10% of all tracked data!!
However after some research just before I started this topic I experienced my self how easy it is to change your hash.
Hence the whole reason I want some feedback to see how you guys feel about pirates.
I'm also thinking of contacting sawnose to request the list of legit hashes that gamespy uses, although i doubt I'll get them just like that.
If I did have that list I would finally be able to put an exact number on the amount of pirates we actually have playing.
Bookmarks