Automation and Scripting - An investigation into further abuses of BGS and Powerplay

Old news. These tools were all being talked about way back at the 'git gud while using G1 mats for G5 boosts' was a thing. Nothing was done then, doubtful it will change. To do so, would require a rewrite of the net architecture.
Yeah, I want to push back on the notion that the sorta-P2P architecture E: D uses somehow makes it impossible to police client hacks. It would be one thing if the game were truly decentralized, but in fact every client has to check in with Frontier's servers with some frequency. We don't know exactly what data is being exchanged beyond the transactions we know about, but it's well established that if your network link goes down, the game will stop working within at most tens of seconds. So even if FDev don't want to use memory protection techniques (and they shouldn't, those techniques are both intrusive and rather brittle), it's possible to do quite a bit of behavioral policing of the clients.

For instance, we know the client periodically sends the detailed state of the ship (that's how your progress is saved) - by pairing this with reports on actions taken it's possible to detect a wide variety of memory injection exploits, because either the ship is in an impossible state (e.g. shields or weapons too strong), or the actions reported are inconsistent with the reported state (e.g. more damage done than possible for number of shots fired). For extra policing, it is of course possible to build this logic into the clients as well, so if an unmodified client sees suspicious data coming from another client in its instance, it can flag FDev's servers to take a closer look. It's also possible that FDev are doing all of this already, because none of this would be user-visible, although it would be odd if they could detect these injection hacks but refused to act on them.

The attacks that are truly difficult to defend against are wallhacks and such, that don't change any actions, but only give the user more information than they are supposed to have. But E: D isn't an FPS, so I don't think those are nearly as potent here, and don't seem to be what folks here are complaining about.

Though I do care, the reasons given in the video of why I should care aren't compelling reasons. What if I don't care about the BGS? It's not the players who need to care. It's FDev who needs to care.

Why did this suddenly become important if it's been happening for a year? Why all the call to arms now?
Who knows? Why does meme X trend today, but meme Y tomorrow? I do feel like there's been an uptick in people complaining about hackers across the gaming universe lately, so possibly we're just tapping into a larger perturbation in the gestalt right now.
 
Yeah, I want to push back on the notion that the sorta-P2P architecture E: D uses somehow makes it impossible to police client hacks. It would be one thing if the game were truly decentralized, but in fact every client has to check in with Frontier's servers with some frequency. We don't know exactly what data is being exchanged beyond the transactions we know about, but it's well established that if your network link goes down, the game will stop working within at most tens of seconds. So even if FDev don't want to use memory protection techniques (and they shouldn't, those techniques are both intrusive and rather brittle), it's possible to do quite a bit of behavioral policing of the clients.

For instance, we know the client periodically sends the detailed state of the ship (that's how your progress is saved) - by pairing this with reports on actions taken it's possible to detect a wide variety of memory injection exploits, because either the ship is in an impossible state (e.g. shields or weapons too strong), or the actions reported are inconsistent with the reported state (e.g. more damage done than possible for number of shots fired). For extra policing, it is of course possible to build this logic into the clients as well, so if an unmodified client sees suspicious data coming from another client in its instance, it can flag FDev's servers to take a closer look. It's also possible that FDev are doing all of this already, because none of this would be user-visible, although it would be odd if they could detect these injection hacks but refused to act on them.

The attacks that are truly difficult to defend against are wallhacks and such, that don't change any actions, but only give the user more information than they are supposed to have. But E: D isn't an FPS, so I don't think those are nearly as potent here, and don't seem to be what folks here are complaining about.



Who knows? Why does meme X trend today, but meme Y tomorrow? I do feel like there's been an uptick in people complaining about hackers across the gaming universe lately, so possibly we're just tapping into a larger perturbation in the gestalt right now.
Well there's a lot of assumption going on there :)

Let's take you example of ship-state being checked.. If we assume an online count of say 100000 players, that;s 100000 extra bits of information firstly being passed across the wires, and more importantly, 100000 extra checks required for every change the player makes. It is just not feasible to expect such 'policing'.

I am absolutely all for ridding the game of bots or hacks, but it has to be done transparently and efficiently. And my biggest problem is this;

To date, FDev have shown themselves to be entirely incompetent when it comes to software releases, bug fixing and indeed, community relations.

And to cap all this off, I remember a video a year or so ago, where some FDev techie was telling us they were already tracking ship states and shields etc. Looks like he was A: Lying, B: it doesn't work, C: they can't be bottomed fixing it, D: it's not happening.

As for the recent YouTube video, posting such a video and then pointing players to other sources only goes to raise awareness that there may be bots and exploits freely available, when the majority didn't know or were less inclined. It's a bit like posting a video of a hack to an ATM machine. Saying it's bad to use, but go here to get it.

I know I certainly went and checked to see how easily they were available after watching the Video.
 
Yeah, I want to push back on the notion that the sorta-P2P architecture E: D uses somehow makes it impossible to police client hacks. It would be one thing if the game were truly decentralized, but in fact every client has to check in with Frontier's servers with some frequency. We don't know exactly what data is being exchanged beyond the transactions we know about, but it's well established that if your network link goes down, the game will stop working within at most tens of seconds. So even if FDev don't want to use memory protection techniques (and they shouldn't, those techniques are both intrusive and rather brittle), it's possible to do quite a bit of behavioral policing of the clients.

For instance, we know the client periodically sends the detailed state of the ship (that's how your progress is saved) - by pairing this with reports on actions taken it's possible to detect a wide variety of memory injection exploits, because either the ship is in an impossible state (e.g. shields or weapons too strong), or the actions reported are inconsistent with the reported state (e.g. more damage done than possible for number of shots fired). For extra policing, it is of course possible to build this logic into the clients as well, so if an unmodified client sees suspicious data coming from another client in its instance, it can flag FDev's servers to take a closer look. It's also possible that FDev are doing all of this already, because none of this would be user-visible, although it would be odd if they could detect these injection hacks but refused to act on them.

The attacks that are truly difficult to defend against are wallhacks and such, that don't change any actions, but only give the user more information than they are supposed to have. But E: D isn't an FPS, so I don't think those are nearly as potent here, and don't seem to be what folks here are complaining about.



Who knows? Why does meme X trend today, but meme Y tomorrow? I do feel like there's been an uptick in people complaining about hackers across the gaming universe lately, so possibly we're just tapping into a larger perturbation in the gestalt right now.
I don't think it's as simple as the meme X trend analogy. It think it's much more acute.

You could build a library from all the " ----> Solo" comments directed at people who raised this issue over the past year. Suddenly it's front and center. It's hard to win hearts and minds when much of the community has given a cold shoulder to people who complained about it before.
 
For instance, we know the client periodically sends the detailed state of the ship (that's how your progress is saved) - by pairing this with reports on actions taken it's possible to detect a wide variety of memory injection exploits, because either the ship is in an impossible state (e.g. shields or weapons too strong), or the actions reported are inconsistent with the reported state (e.g. more damage done than possible for number of shots fired).
It might not work in the long run, since an easy way around it by the hacker/cheater is to make the game report "nice" data so the server is fooled.

For extra policing, it is of course possible to build this logic into the clients as well, so if an unmodified client sees suspicious data coming from another client in its instance, it can flag FDev's servers to take a closer look. It's also possible that FDev are doing all of this already, because none of this would be user-visible, although it would be odd if they could detect these injection hacks but refused to act on them.
That's the only way that could probably work. The victim (so to speak) has to discover it and automatically report it. Wouldn't stop cheating in Solo though.
 
Last edited:
You could always track data for all players for a time (shield strength, dmg outputs, travel distances and speed etc.) Then perform a relatively easy statistical analysis to find the clear outliers. That would be a first clean up (Shadow ban, or reset the account should be well deserved... ). Of course not every cheater will be caught as the more careful ones would try to mask their stats by keeping them reasonably close to normal values and if the number of people cheating this way is large, then statistically they would not be outliers.

Then again travelling distance and insta jump, should be caught as a clear outlier as someone that instajumps should be fairly obvious if travel distance from star in a certain amount of time can be tracked. Hard to think anyone uses insta jump once in a while or only 10% of the time for example. Shield strength, damage, agility, maybe not as easy.



SO, to FD project/product managers:

These things are those that are worth an investment in dev time, just put a 2-3 devs on it. You pushed most good features for after 2020. How will the game survive until then (and I m guessing late 2020...) is beyond me, if its current state is not even maintained. Yes, I do consider fixing vulnerabilities in the product to be proper maintenance, imagine that... Even if the game is so easy to cheat for years, now it's widely known, (I m glad I was not aware of the extent of cheating until now, ignorance, bliss and all that jazz) and any feeling of realism/immersion or whatever, is ruined for most.

When a company does not at least act on such issues, it results in a game that we feel is abandoned and investing time in it is simply not worth it. Assign resources on this issue. Show you care for the player experience. You have a core of dedicated community that like the game with all its quirks, but this is not a simple quirk. No one expects a game that is uncheatable, but put the effort to improve the situation. Communicate what will be done about it, do some damage control. Seeing no action or response on this, is simply disheartening.

Unless you genuinely believe there is no damage done by this. In that case at least be frank about it. I can hear something like "We have some diminished player count but that at the normal attrition rate we always had at this time of year, nothing shows the cheating uproar affected us. So, we can't really spare workforce for this, sorry." Not gonna make me happy, but at least it is a response.
 
I must admit I like the idea of your client silently flagging "impossible behavior" in others to FD when it happens in your instance. If nobody sees a cheat happening, then really the only person the player is cheating is themselves. (yeah, I know, BGS, PP, yadda yadda yadda.... but theres really no difference to YOUR gameplay if its a bot working against you in another instance or a bunch of honest players)

I think using all other clients to detect and police cheaters is a good and resilient way to go. It's something I've suggested in the past. However, if FD do decide to implement it, I expect to hear nothing about it at all. Were I in charge at FD I would indeed implement it and I'd say precisely NOTHING. Let the buggers wonder how the heck I caught 'em when I ban 'em.
 
I must admit I like the idea of your client silently flagging "impossible behavior" in others to FD when it happens in your instance. If nobody sees a cheat happening, then really the only person the player is cheating is themselves. (yeah, I know, BGS, PP, yadda yadda yadda.... but theres really no difference to YOUR gameplay if its a bot working against you in another instance or a bunch of honest players)

I think using all other clients to detect and police cheaters is a good and resilient way to go. It's something I've suggested in the past. However, if FD do decide to implement it, I expect to hear nothing about it at all. Were I in charge at FD I would indeed implement it and I'd say precisely NOTHING. Let the buggers wonder how the heck I caught 'em when I ban 'em.
Yea - wrong. Cheaters hurt everyone, solo or different instance.

You personally may not care, but there are plenty of folks who tend BGS like a garden (the freaks).
 
Top Bottom