A weird encounter, may have been a hack but definatly an expliot if not.....
- Thread starter lonewarrior
- Start date
I expect they haven't tried yet. I'm just saying that despite P2P, ED could keep making changes message protocols, encryption, data structures, or whatever is needed to break the current version of the cheat tools. And that making the changes should be much easier than analysing and adapting to them.
I had a cartridge for my C64 called "The Final Cartridge" that helped you with hacks, slowing down the whole computer etc. There's something fundamentally more sad about people who want to cheat multiplayer games though. It was purely a techincal excercise when you were playing alone, you didn't interfere with anyone else's enjoyment.
The difference between working out how to break a single player game and how to break a multiplayer game is like the difference between "enjoying some special websites" in the privacy of your own home or enjoying the same websites while sitting in Starbucks. One of these activities shows a serious lack of empathy for others, the other is just a bit sad.
"Script kiddies" defines the people who "make" hacks/cracks/whatever using premade programs without actually doing any work themselves. It does not matter at all what exactly they are doing. It's an all-encompassing insult
They're doing plenty of work in that thread. Go look it up.
Out of idle curiosity I googled about cheats.
Oh. My. God.
I assumed everything was validated by a central server somehow.
There is absolutely no point playing in Open at all now is there?
ED has become a single-player game for me now
One of the '84s
I think most things people are seeing are just dodgy network updates. I wouldnt get too paranoid. There are some pretty obvious fake "hacking" utilities out there - this one is particularly funny ...
View attachment 12531
Rest assured that anyone stupid enough to download and install it isnt going to be the one doing the hacking.
I'm not sure it would be so easy to counter on the client side.
Having read this thread I'm now definite the ship I encountered was cheating, but I must have written the CMDR name wrong. I couldn't find them in the 'friends' list in game. The ship was a Cobra that could one-shot my maxed out Cobra with beam lasers. Plasma or railguns I might believe, but not lasers.
Which raises two issues - can the CMDR name be changed client side? And how do you go about blocking a CMDR?
I think FD might need to look at server side sanity checks on ship load outs, would need to be random to spot cheats.
I would say I saw the first suspect behavior on the weekend of the 25th Jan, and rate of this behavior as escalated since then.
I might change to a cheaper ship for a while, and fly around with a hold full of rates to see what I can drag up.
Having read this thread I'm now definite the ship I encountered was cheating, but I must have written the CMDR name wrong. I couldn't find them in the 'friends' list in game. The ship was a Cobra that could one-shot my maxed out Cobra with beam lasers. Plasma or railguns I might believe, but not lasers.
Which raises two issues - can the CMDR name be changed client side? And how do you go about blocking a CMDR?
I think FD might need to look at server side sanity checks on ship load outs, would need to be random to spot cheats.
I would say I saw the first suspect behavior on the weekend of the 25th Jan, and rate of this behavior as escalated since then.
I might change to a cheaper ship for a while, and fly around with a hold full of rates to see what I can drag up.
I don't believe this is the one that is currently being used. And yeah that does look pretty epic fail.
It's possible for lag to make a volley of dumbfires seem like 1 hit. I've been hit with dumbfire spam that looked like I've only been hit with one shot.
That's why you need integrity checks. Check that the data in memory matches to the CRC calculated at the last "official" update. Then every now and them and in random places check that the data in memory matches to the data on the server. And of course first of all check the program itself to ensure it has not been tampered with to disable the checks
It's pretty easy to get around integrity checks on the software: when the server asks for a CRC (or other integrity check) of the executable just give the CRC for the unmodified executable. Even something more sophisticated such as making the client run code downloaded from the server to do the integrity check can be fooled using virtual machine techniques. There is really no way a server can trust the integrity of software running on a client. Which leads to the conclusion that the only way to prevent cheating is to do everything on the server and even that can't prevent aim-bots and the like.
actually it looks like real time memory content modification
Yup, if this is a hack, then I will be off until its plugged.
I cant and wont play with cheaters.
Yep, its not the guy speed hacking thats the problem, or taking no damage, its the guy who just gets an edge and you can't prove it.
I'd refrained from googling hacks for ED just because I don't want the dream to die, but I'm sure it is already dead. I'm going to guess way to much is clientside, and when that happens, hacks happen.
The best you're going to get is that you might not know about it down the road. But it will still be there. It's really unfortunate but that's just the way things are.
It's cheat engine, a very popular tool among script kiddie "hackers". While it's not trivial to detect this tool it's certainly doable. Install ED on a machine with cheat engine = permaban. Solved.
Defeating real hackers is a different story, but it probably takes a much more popular game for actual talented hackers to even take notice.
Memory data can be checked too.
Making tampering "impossible" is probably impossible itself, but you just need to make it not worth the effort. This isn't military code after all.
Wait a minute, they're only using CheatEngine?! Like Action Replay and stuff back in the Amiga days and you used it when you were bored out of your mind of the singleplayer games and wanted to have some god mode fun?
Gee, am I glad we have this always-online peer2peer game!
Gee, am I glad we have this always-online peer2peer game!
Online casinos especially rely on everything being server double-checked, and nothing is "hidden" at the client end before it is used. Every time you turn a card, spin a wheel or roll a die, it happens on the server and is fed to the client. The client only passes commands, not instructional data back to the server. ED cannot use this client/server model, so the best they can probably manage is to dynamically CRC the data concerned with the instance within the client, or to have non-identical copies in two memory locations (for example, one might be a "rough guide", e.g. just the MSBs of the health data offset by a random amount every "n" time frames, so that a sudden change to the "real" health via an external application like CE would cause an integrity failure against the check value which would be unchanged. Something like the SSL clock system. In a fast-paced game like ED, you couldn't rely on using server-side integrity checks for combat in quite the same way I think) Of course, how do you deal with that, other than reporting the user automagically and logging them off from the instance?