So this is a bit more of a technical thread.
1. The Warden (active processs scanning)
So World of Warcraft has this pretty invasive software called The Warden. In simple terms, it scans your active processes for various things that would indicate that you are running some form of cheating/hacking software. This software that has been the subject of scrutiny for a while to determine whether or not it breaks any laws due to the potentially sensitive nature of the information it could stumble upon.
2. Project 1999 Anti-Cheat
Basically the same thing as The Warden, except it could be construed as a little more deceptive. It doesn't work as a separate process, and is instead a repurposed DLL that serves roughly the same function. The level of invasiveness here is kind of unknown, but the assumption is that it is equal to or more invasive than The Warden.
3. Packet verification/memory address detection
This is actually two different forms of detection but I'll merge then into one point as it is how most of SOE/DBG games monitor their cheating. They have precautions built into the client/server to look for real-time alteration of specific memory values that could influence your game. For instance, in the event of speed hacking, most people will use a deductive process with a program called CheatEngine to locate and alter the memory value that stores your run speed. Generally this value would be compared against what the server considers "natural" and if it turns out to not meet the given parameters, it likely notifies the GMs to observe the player or something to see if they are actually hacking or if it's a false positive. False positives are pretty common here.
----------------------------------------------------------------------------------
So now that I've covered that bit, I'll move on to the second part of my post.
----------------------------------------------------------------------------------
ShowEQ is a program that works by sniffing packets directly from your network adapter. It honestly bypasses the EQ client itself completely, and for that reason, it is literally undetectable without using a form of anti-cheat that sniffs processes or something along those lines.
MacroQuest2 (MQ2) is a program that is a lot more invasive with the client in that it injects directly into the game to gain access/control over a much more broad spectrum of information. This program is actually super detectable and SOE/DBG themselves have admitted that the usage of it is so rampant that it isn't worth the time and money to prevent. It would lead to a detection war where neither party would win. In a virtual stalemate, DBG have stopped policing anything except the most overt abuses of MQ2 on the live servers. The lead developer of MQ2 agreed to disable MQ2 on Phinigel and in exchange, DBG wouldn't punish people who use the more "vanilla" or basic forms of MQ2. No speed hacking, no warping, etc.
----------------------------------------------------------------------------------
This has gone on way longer than I originally intended, but I thought it was necessary to try to give some information/background information so more people can participate in the discussion.
This thread is mostly directed at the devs. I'm aware that it would be silly to just come out and say that we will have specific types of cheat detection but, are you going to make an effort to prevent this kind of stuff? Even in Vanguard, speed hacking and no-clip were pretty prevalent. Not extremely prevalent, but pretty prevalent.
This is a good informative post Liav, and this topic interests me a lot, I have researched anti-cheats quite a bit as games like CSGO which use the VAC system still have trouble detecting cheaters/hackers which is also the case for many MMORPG's, so it is interesting to see how each type of system works and what the pros/cons are for them.
I have gone ahead and moved it to Off-Topic, though, as it isn't related to General Pantheon discussion.
Oh okay, it got moved. For some reason I thought it was deleted.
Thanks. Basically I'm just kind of worried about it considering than even a game with a lower player turnout like Vanguard ended up having some speed hacking and no-clip type stuff happening. Any form of anti-cheat really is a double edged sword, especially if there is future legal precedent against process monitoring spyware sponsored by the companies in question.
I also found this interesting and well written.
I was wondering, would any one of these methods of detection slow down the game due to using up resources more than another?
Waaay back in the day, I remember some buddies of mine (lol, Buddy story) said that they could capture the information that was being sent to a video card and use that to make semi educated guesses as to what to "enhance" to get a desired effect. I imagined it as something like pokeing somebody's brain until they raised their hand.
I lose interest in a game full of cheaters because it feels like it just cheapens what I have accomplished in the game.
Skycaster said:I also found this interesting and well written.
I was wondering, would any one of these methods of detection slow down the game due to using up resources more than another?
Waaay back in the day, I remember some buddies of mine (lol, Buddy story) said that they could capture the information that was being sent to a video card and use that to make semi educated guesses as to what to "enhance" to get a desired effect. I imagined it as something like pokeing somebody's brain until they raised their hand.
I lose interest in a game full of cheaters because it feels like it just cheapens what I have accomplished in the game.
There is a performance cost to virtually every form of cheat detection available, yeah. I would say it is generally negligible with modern computing power, but I do remember recently reading about some game (Blade & Soul maybe?) that had anti-cheat software that would really screw things up.
Dark Age of Camelot had at one point encrypted their packets to obfsucate the data relating to enemy positions, and this effectively broke the DAoCSkilla Radar for quite a while. However, there was a massive server performance hit than ended up rendering the game unplayable at times, so they stopped using encryption. Radar is now freely available for people to use in DAoC as long as you aren't extremely overt with it. They mostly monitor player behavior directly via reports to ban people for radar use now. As expected, dozens or hundreds of players fall through the cracks by being intelligent enough to use the information radar provides without using it in a very obvious manner.
Something like The Warden though? There is a performance cost but it's probably negligible. It can also be circumvented by altering the cheating software to avoid matching up with The Warden's database. I'm not 100% sure what methods they use in The Warden to run comparisons, but I imagine it's something like Windows Defender. There are known behaviors (modifying memory in RAM, which would never naturally occur without user intervention), DLL injection (oh hey, MacroQuest2), having run speed that is outside of the normal parameters (290% is the highest naturally occurring run speed in our game, but this guy is running at 700%). Either way, it is constantly running checks on all of your active processes to see if you're doing anything unnatural
TL;DR: I got long winded again. There is a performance cost on both the user AND server end depending on the method used. Sometimes it's negligible, sometimes it's game breaking.
Some things could also be checked from the "outside" (meaning, not by the game server directly). As an example, an external process that periodically reads the database and checks how much gold characters have: If a player gains money much quicker than others this could raise some flag for GMs to inspect that player. The advantage of such external inspections is that they don't affect the server's performance much, and that you can keep the server code and inspection code separate.
Any system like this is a leapfrog scenario:
Create a system of protection...cheaters find a way around it.....updatye to a newer system.....cheaters find a way around it
Look at common things like automobile radar detectors: X-band was invented, then after a while x-band detectors made, so they upgraded to Y-band, then after a while xy detectors made, then K band, etc.
Look at designer drugs: a drug chemical is outlawed, then a designer variant is invented, then that is outlawed, then a variant of the variant is developed.
My point is this - whatever you do has to be upgradeable. Whatever anti-cheat you come up with now will be trivial to outwit eventually. The only alternative, really, is encryption. The trick might be in figuring out a way to handle encryption in real time without performance degradation.
It is tough on the Devs too, the more secure and thorough the anti-cheat needs to be, the more intrusive it needs to be and then there is all kinds of privacy issues which a lot of companies do not want to risk breaching, therefore, they tolerate some cheats more than others, not because they want too but because it could hurt them quite badly if they went after them too hard.
It really does suck, I would prefer a more intrusive method via installing software on my PC to allow the game to be more thorough in detecting cheating software but many do not want that but still cry foul over hacks and cheaters and so the vicious circle continues, usually with some half-measures to stop the obvious hacks/cheaters while the more complicated and technical ones go undetected unless physically seen in-game.
Yeah, that's basically the highlight of the issue as Kilsin said.
Invasive software requires a certain level of trust with the devs. I mean, VR really has nothing to gain by snooping my personal information. Things like the NSA and such have really made people paranoid about that though, so they freak out at the very aspect. Honestly, in a game with millions of players like WOW, it isn't that much of a stretch of the imagination that The Warden would have some more malicious intent.
I think one thing Pantheon has going for it is that being a niche game, the proportion of players who would cheat/hack the client are probably small. WOW is a huge game with millions of players, and no amount of staff could reasonably police a game like that, so more invasive measures had to be taken.
In a smaller game like Pantheon, I think half measures (if used well) could go a long way. For instance, EQ's client offsets get scrambled every patch day which requires someone to spend a few hours or so using CheatEngine to update the MacroQuest2 client to read from the correct memory addresses. Unfortunately they don't patch very often, so you can go several months using the same MQ2 build. However, if a new PROTF.exe were pushed every week with a mandatory server restart, it could go a decent ways toward preventing things like that.
However, that only goes so far, like you said. Packet sniffing applications like ShowEQ don't rely on that at all, but it's hard to tell exactly how much effort a competent developer is going to put into cheating in PROTF.
You know one of the big motivators in cheating is real money transactions.
I think the website was called EQplayer.com where folks could auction there characters for a lot of money. I had a friend-of-a-friend who was buying/selling characters on there for between $400 and $1400. That kind of was a "flash in the pan" and didn't last long but the rabidity was surprising.
The more insidious problem was gold farmers - shutting them down was very hard, especially when they were overseas and their job (to feed their family) was selling gold. They didn't really care about some rules in some game in some other country and they could just keep making disposable accounts.
Perhaps a more rigorous account verification process so gold farmers can't be using disposable accounts.
Started to dig into this a liitle more. Here is a good article of the basics and how Warden works and how to get around it. https://hackmag.com/uncategorized/deceiving-blizzard-warden/
Sometimes you have to go toth ehackers to see what they have listed. Kind of scary and sort of arrogant that they will post stuff like this. Now not only the core code monitoring you ahve to monitor the monitoring software.
Being a systems engineer myself this stuff in very interesting and creates some discussion on how to check for and at least try to slow/stop this type of activity. It's not realistic until technology gets better but one can dream right?
Great discussion!!!
Ox
X
fazool said:You know one of the big motivators in cheating is real money transactions.
I think the website was called EQplayer.com where folks could auction there characters for a lot of money. I had a friend-of-a-friend who was buying/selling characters on there for between $400 and $1400. That kind of was a "flash in the pan" and didn't last long but the rabidity was surprising.
The more insidious problem was gold farmers - shutting them down was very hard, especially when they were overseas and their job (to feed their family) was selling gold. They didn't really care about some rules in some game in some other country and they could just keep making disposable accounts.
Perhaps a more rigorous account verification process so gold farmers can't be using disposable accounts.
Ehhhhh, to an extent.
Virtually everyone who raids in top 10 guilds in EQ uses MacroQuest2 for performance reasons, not really RMT related. I've used every cheat program on earth without RMT in mind. :p
Redguides still has people selling EQ accounts for several hundred dollars. It never really stopped, it just migrated. Playerauctions is also still alive and well.
Only thing I can contribute is I dont want to see too little security, but too much is even worse. I remember this one time in XI where SE decided to get cleaver and came up with a new anti-RMT program. The plan was to utilize certain algorithms in the game to ban RMTs. The first thing it found was a "safe" method RMTs were using to grow things in their garden and then sell them to an NPC for a fairly high price (at least for something NPCd.) The problem was this ws common knowledge for gardeners in general (not just RMTs) and the system was set up to auto-ban players. So a bunch of people got on that day (thousands I believe) to find themselves worngfully banned. Which turned into a complete cluster@#$*. And took quite a while to resolve and involved much butt-hurt and plenty of "We are so sorry, tears from from SE".
Amsai said:Only thing I can contribute is I dont want to see too little security, but too much is even worse. I remember this one time in XI where SE decided to get cleaver and came up with a new anti-RMT program. The plan was to utilize certain algorithms in the game to ban RMTs. The first thing it found was a "safe" method RMTs were using to grow things in their garden and then sell them to an NPC for a fairly high price (at least for something NPCd.) The problem was this ws common knowledge for gardeners in general (not just RMTs) and the system was set up to auto-ban players. So a bunch of people got on that day (thousands I believe) to find themselves worngfully banned. Which turned into a complete cluster@#$*. And took quite a while to resolve and involved much butt-hurt and plenty of "We are so sorry, tears from from SE".
Pretty hilarious, same thing happened in DAoC. People started getting suspended/banned for buying plat, so the plat sellers started selling mansion deeds.
The thing about housing deeds in DAoC is that they can be bought and resold to a merchant for 100% of their value, so when you would buy 100p you'd simply be traded 4 mansion deeds. While this should have been pretty easy to catch on to, they sorta just threw in the towel and said "screw it, let people buy plat".
I got wrongfully punished from DBG on TLP.
There was some big exploit and folks who made any transaction with anyone who made any transaction (in a certain zone during a certain day) with anyone who made any transaction with anyone who was linked to the exploit got suspended.
I logged on to find myself rolled back three days. I petitioned and listed evidence that I was somewhere else (I even had a GM conversation I think during the time). I lost three days of hardcore progress. They promised to look into it and never did. I got forum suspended for discussing punishment in public.
Then I was in Qeynos at a merchant and *FOUND* how to reproduce the plat dupe bug totally by accident at a vendor (crashed while trade window was open. I quickly posted anote to the devs telling them "as a show of sincerity" I helped them reproduce the unreproducable exploit.
They permanently banned my account from the forums for promoting plat dupe exploits.
I lost my F-ing mind!
To this day, one of my two accounts is still permabanned.
Liav said:Oh okay, it got moved. For some reason I thought it was deleted.
Thanks. Basically I'm just kind of worried about it considering than even a game with a lower player turnout like Vanguard ended up having some speed hacking and no-clip type stuff happening. Any form of anti-cheat really is a double edged sword, especially if there is future legal precedent against process monitoring spyware sponsored by the companies in question.
Great Opening post..!
This is a discussion that is important to me. I see this as thee epitomy of what will eventually make/move us into new mmorpg 2.0 era, which rests upon having a new modern 2.0 eula...!!
These new era of true MMORPGs have to portray themselves for what they are... allowing another a character in a living breathing movie-world. ...& to have a role & a character within the world of Terminus... you will have to sign an agreement.. to the rules of which your character & PLAYERs are governed and are (now) responsible for. Additionally, Players may be monitered. (root kits?).
Thus... giving much more control to Visionary Realms (& other Developers) on shutting down bots, farmers, hackers, cheaters, etc. And giving Game Masters more authority/legality to deal with such offenders nearly instantly. Zap gone!
I have many solutions to such problems, but not willing to discuss this on this sub-forum. (But the simple answer is.. risk vs reward.).
Every MMO already has an EULA you have to "agree" to in order to play. It's not a legally binding document and I don't believe there are any laws that could reasonably be used to litigate someone for cheating in a video game.
Pantheon isn't anything transcendent. It's software with code that can be exploited just like any other software. Cheating can't be prevented entirely, only mostly or partially.
While I like your attitude I don't really see what you're getting at.
Liav said:Every MMO already has an EULA you have to "agree" to in order to play. It's not a legally binding document and I don't believe there are any laws that could reasonably be used to litigate someone for cheating in a video game....
Agreed, but I don't think that's the intent. The real value of a game EULA is to protect the company when they enforce rules. Instead of a game company suing a player for cheating it's more to stop the player from suing the company. If a player gets banned, it prevents them from suing the company for recompense and damages.
Liav said:Every MMO already has an EULA you have to "agree" to in order to play. It's not a legally binding document and I don't believe there are any laws that could reasonably be used to litigate someone for cheating in a video game.
Pantheon isn't anything transcendent. It's software with code that can be exploited just like any other software. Cheating can't be prevented entirely, only mostly or partially.
- What is an EULA 2.0?
- What is an MMORPG 2.0?
- What power do you want GMs to have and who gives them this power? SCOTUS?
While I like your attitude I don't really see what you're getting at.
Doesnt matter what the EULA says it can not be used to break any sort of law. nor can it be used in Litigation. EULA is an honor system document that is all.
EVE does a great job with cheaters I feel but I do not know what they use. While allowing the Warden could be something in the EULA if it was found to break a law the EULA wouldnt cover VRI. I would be fine with something like the Warden if I knew exactly what it was feeding back and I would take VRI word at what is being reported. Encrpytion can have an adverse effect even with a powerful machine.
Mod Edit: Removed first sentence as there is no need for personal attacks. Next time the entire post will be removed as this will not be tolerated going forward.
I think the best way to stop many of the problems with Cheating in MMO's is to do it as much as possible like these guys show at 9 min 15 secs.
https://www.youtube.com/watch?v=jo4unYGQGB0