Cheating in Elite Dangerous

Status
Thread Closed: Not open for further replies.
It is a game. Who cares if someone is cheating and get your first tag exploration... Seriously, people need to breath big time and do stuff IRL.
Clearly there are people that do care. I care. Whether enough care to make a difference has yet to be established.
 
We hope you understand that we are not able to share the details of the action actively being taken, or the steps we have in place to tackle the use of these tools, as we do not wish those engaging with this sort of behaviour to circumvent the controls we have in place.
Hello,

I fully understand that but I'd like to share some of my experience working on anti cheat measures in an open world game that I believe have a few things in common with ED, in particular reliance on peer to peer networking and giving a lot of authority to clients.

In the first installment of the franchise, we used what I'd call a "whack a mole" approach to anticheat.
We'd procure cheating tools that were sold for our games, figured out how they worked (most were standalone trainers built with cheateengine and I made a small tool to extract the .CENGINE file from them which I could then open in cheateengine. I could figure exactly which piece of code they were patching and in which way they changed it), and then figured how to prevent them from working anymore

We had an arsenal of tricks at our disposal, one of them was to wrap some values in such a way that they were crudely encrypted in memory, so that finding them with things like cheateengine wouldn't work. We did other things such as randomizing the location of pointers to singletons to try and defeat some tricks used to locate variables on the heap (that didn't have fixed addresses) by following pointers from static variables (which are at fixed addresses).

This approach was time consuming and not very effective. We'd spend days of work to analyze and block some cheats, it then took weeks for the patch to go live, and then only days again for cheaters to find new ways of cheating.

As you probably found out, just like we did, there isn't any way to prevent a process with sufficient privilege to read and write the memory of another process.

The only real way to block this is to proactively monitor other processes running on the computer to detect those getting a handle on your process. It's fraught with many pitfalls though, as many things have legitimate reasons to do so (drivers, overlays, antivirus software, etc), and cheating code could also be injected into such a legitimate process and work from there to avoid detection.

So, In the sequel of that game, we went for a completely different approach: we used a third party solution. We chose battlEye, and it works splendidly (It's certainly not the only viable solution, I'm not a BE sales rep). We have seemingly no cheating going on other than players exploiting bugs, which we can just fix.

Of course the downside is that these turnkey solutions are expensive. But if you are serious about cheating, you need to weight that cost against trying to develop anticheat solutions yourselves, especially considering that the whack a mole approach doesn't really work and that developing a solution similar to battlEye that monitors processes for suspicious activity towards ED, without creating problems for non cheaters, is really really hard.
 
Hello,

I fully understand that but I'd like to share some of my experience working on anti cheat measures in an open world game that I believe have a few things in common with ED, in particular reliance on peer to peer networking and giving a lot of authority to clients.

In the first installment of the franchise, we used what I'd call a "whack a mole" approach to anticheat.
We'd procure cheating tools that were sold for our games, figured out how they worked (most were standalone trainers built with cheateengine and I made a small tool to extract the .CENGINE file from them which I could then open in cheateengine. I could figure exactly which piece of code they were patching and in which way they changed it), and then figured how to prevent them from working anymore

We had an arsenal of tricks at our disposal, one of them was to wrap some values in such a way that they were crudely encrypted in memory, so that finding them with things like cheateengine wouldn't work. We did other things such as randomizing the location of pointers to singletons to try and defeat some tricks used to locate variables on the heap (that didn't have fixed addresses) by following pointers from static variables (which are at fixed addresses).

This approach was time consuming and not very effective. We'd spend days of work to analyze and block some cheats, it then took weeks for the patch to go live, and then only days again for cheaters to find new ways of cheating.

As you probably found out, just like we did, there isn't any way to prevent a process with sufficient privilege to read and write the memory of another process.

The only real way to block this is to proactively monitor other processes running on the computer to detect those getting a handle on your process. It's fraught with many pitfalls though, as many things have legitimate reasons to do so (drivers, overlays, antivirus software, etc), and cheating code could also be injected into such a legitimate process and work from there to avoid detection.

So, In the sequel of that game, we went for a completely different approach: we used a third party solution. We chose battlEye, and it works splendidly (It's certainly not the only viable solution, I'm not a BE sales rep). We have seemingly no cheating going on other than players exploiting bugs, which we can just fix.

Of course the downside is that these turnkey solutions are expensive. But if you are serious about cheating, you need to weight that cost against trying to develop anticheat solutions yourselves, especially considering that the whack a mole approach doesn't really work and that developing a solution similar to battlEye that monitors processes for suspicious activity towards ED, without creating problems for non cheaters, is really really hard.
I had a similar train of though but their might be some obstacles to overcome if they go that route:

1. You state you introduced BE in a sequel, but one "problem" I could see is whether FDEV can introduce the requirement of anticheat software for a game that has been released for several years without getting major backlash?
2. In every game that uses BE that I know of (I only really know a few select ones), you can actually refuse to install BE and connect to BattleEye free servers (with the risk of running into cheaters of course) or play in single player without BE. How would this work in Elite Dangerous?
 
I had a similar train of though but their might be some obstacles to overcome if they go that route:

1. You state you introduced BE in a sequel, but one "problem" I could see is whether FDEV can introduce the requirement of anticheat software for a game that has been released for several years without getting major backlash?
That's indeed a good question. There is always the potential that it could create incompatibilities with some systems.

2. In every game that uses BE that I know of (I only really know a few select ones), you can actually refuse to install BE and connect to BattleEye free servers (with the risk of running into cheaters of course) or play in single player without BE. How would this work in Elite Dangerous?
You can make it mandatory, it is in our game.
 
The Commander blockading Dead Mans Slot has been permanently banned to Solo
Good? The one guy who was willing to risk an account to make a point gets the ban, meanwhile who knows what is happening with the people who are cheating just to cheat, rather than to try to expose cheaters. I don't suppose there could be a better outcome since they obviously couldn't just let the action itself go unpunished, even though the motive was pure. But really I am not left with any confidence that other less-public cheaters are being held accountable.
 
lol - a whole day of people asking why the streamer hadn't been banned, how dare fdev not ban them, they were obviously cheating!

And when they get banned: How dare fdev ban them! They were doing the work of the righteous!

This place, reptilian brain in full effect 🤦‍♀️
 
The banning was a given. But just pushing the (trash) account (without question) to a shadowban is shoveling it under the carpet. The better approach would be for Frontier to work with the CMDR to see if they could learn something.

If this is Frontier's idea of "doing something", then they missed the mark.

Cheating is against the rules and we take reports of cheating very seriously. Since there is no reliable method in-game for players to determine another player is cheating, we ask the cheaters to self-report either by blocking mail slots of stations in busy systems or by they themselves logging an Exploit/Abuse ticket at support.frontier.co.uk. Thanks in advance for your cooperation.
 
Last edited:
sure he was banned, he knew it would happen,
he has already been gifted a new account and he will get help for him to unlock engineers and such,
he was sick of running into arsehats using these cheats, i myself have reported many commanders for blatant cheating in ax conflict zone's (god mode)
the thing is frontier totally missed the point on why it was done ,and if you think he was right or not makes no difference , at least he laid it all on the line to say hey look frontier i'm sick of running into cmdr's like this do something,or give a clear indication of what is being done to combat this .
instead we have a copy paste answer that is vague at very best,
 
There is some incorrect information in this thread - that is that these types of cheats have been around being 6 months.

I can tell you that these types of cheats have been around since well before Horizons - the damage modifiers, shield modifiers, no FSD cooldown, omni-scan, no energy draw from weapons (infinite weapons cap), no heat, unlimited jump range.... etc. all of it has been around for YEARS.

I tried pre-horizons (2015) to draw attention to it, spied on the website/forums that it came from - provided direct links to incriminating evidence, provided links to download the software and other info to FDev. They responded back in 2015 with the same type of canned response and added that they are well of aware of said software and website(s) and that they are working with their 'cheat' team again it.

Well, I followed said forum for awhile and with each release FDev would add something that they could catch some users, but the developer always updated it; seemingly catching any new checks. People would donate accounts to the developer for testing in case he got banned. After awhile I got sick of thinking they could fix the root problem (P2P with no central validation server) as I saw every update where new checks would be defused by the developer of the tool. From the screenshots I've seen of said tool, this is the same cheat that has been around for all these YEARS, not months.
 
Last edited:
lol - a whole day of people asking why the streamer hadn't been banned, how dare fdev not ban them, they were obviously cheating!

And when they get banned: How dare fdev ban them! They were doing the work of the righteous!

This place, reptilian brain in full effect 🤦‍♀️
I think the problem is Fdev will refuse to act until pushed by the community, then will often punish only those that push the issue. I would bet money that no one else has been banned for cheating.

I mean in a recent stream the moderator were banning anyone from chat who even mentioned combat logging. This gives the impression devs has zero respect for their own game or concern about cheating.
 
the issue was raised on the livestream today ,however when they did address the elephant in the room it was just a redirection to the forum statement .
 
We chose battlEye, and it works splendidly
happy to hear that. battleye was mentioned here a few days ago. given your experience, what is your broad view on an hypotetic implementation on a p2p centric architecture like ed? i would assume the only viable option to be to 'bunkerize' the clients (which is fairly aggressive, but yeah (and actually just high level guacamole! :D)), then again the little what i have read about battleye seems to point to server based control approach. maybe they can even rewrite part of stack specifically to make it possible?

this of course considering the little we actually know about this specific implementation, just what's your impression, based on what you've seen with battleye?
 
Last edited:
Status
Thread Closed: Not open for further replies.
Top Bottom