Hacking Elite Dangerous

PIXEL

PIXEL
There are a minority of backers/testers/players still able to ‘hack’ this game for advantage over others during the Alpha and Beta development of ED?

..what are Frontier Developments (FD) actively doing about it?

Just curious…

above is literal but... anyone who can get into the code of a game and change it for their benefit is a 'hacker' -


I don't play with cheats - it's very boring.
 
Last edited:

Mark Allen

Programmer- Elite: Dangerous
M
Taking note ;)

This kind of security is not a colossal priority in the earlier stages of development, though we do put effort in from the start to make sure critical things *can* be later secured as needed.

There's a number of hacks we're aware of in the live build, some of which are already addressed, some of which will be approached later on. We do keep in touch with several of the white hats who help us find the holes, and do our own work internally.


Sadly Peer-to-Peer trust is a horrendously difficult problem to solve for the moment-to-moment gameplay, we have plans that we think will help the game a lot though. Any details I'm afraid I can't comment on!
 

Asp Explorer

Asp Explorer
Oooh a dev!

Would you be able to comment on at least cursory obfuscation or encryption of client-side network details?

At the moment it's trivially easy to do nasty things to people, can this at least be made a bit harder?

Thanks muchly!
 

PIXEL

PIXEL
Mark Allen said:
Taking note ;)

This kind of security is not a colossal priority in the earlier stages of development, though we do put effort in from the start to make sure critical things *can* be later secured as needed.

There's a number of hacks we're aware of in the live build, some of which are already addressed, some of which will be approached later on. We do keep in touch with several of the white hats who help us find the holes, and do our own work internally.


Sadly Peer-to-Peer trust is a horrendously difficult problem to solve for the moment-to-moment gameplay, we have plans that we think will help the game a lot though. Any details I'm afraid I can't comment on!
Click to expand...

Thanks Mark

Let's hope the 'white hats' are as brilliant as you could wish for..maybe reward em' for their honesty (-:

I'd like FD to be more communicative and transparent about its quest to 'deal' with 'interferons' while (Elite Dangerous) ED develops - maybe it could encourage more 'white hats' to come forward to help?

P
 
Last edited:

Mobius

Mobius
the white hat im aware of is a pretty nice guy, he also told me a funny story about a group of players who have been pushing their TeamSpeak channels were greifing other players out side a station, he was in a hacked Sidewinder and took out 4 anacondas while he was listening to them on their teamspeak channel.

one of them said "lets report him for hacking" while one other told them to be quiet about it as their anaconda's where gained by hacking.

its nice to know that these white hats are helping by reporting the hacks aswell as defending those who don't use hacks.
 

Seonid

Seonid
Mark Allen said:
This kind of security is not a colossal priority in the earlier stages of development, though we do put effort in from the start to make sure critical things *can* be later secured as needed.
Click to expand...

Doing application tests in the DEV environment is a pain as it's really a moving target and the current implementation of [something] may be totally different when it's punted into PROD. Personally I will be doing nasty things to the game but only after all the measures are in place. Yes, I will still privately and silently notify FD.
 

EidLeWeise

EidLeWeise
Asp Explorer said:
Oooh a dev!

Would you be able to comment on at least cursory obfuscation or encryption of client-side network details?

At the moment it's trivially easy to do nasty things to people, can this at least be made a bit harder?

Thanks muchly!
Click to expand...

I'm NOT a white hat hacker, but I do know that Frontier are now changing the memory address of some of the client's internal variables there by making things like cheat engine next to impossible.

From what little I've heard about at all the communication between client and server (and I guess client to client) is encrypted however of course anything that can be encrypted can (theoretically) be decrypted.

The final thing I want to say is that it is, will be and always shall be impossible for any company to beat the hackers nor should they enter into a full scale war with them. (Basically there are more hackers than suitable devs and the hackers work a tad more unsociable hours!) They need to stop the 99% (which they're doing very actively) and work with the white hats to plug holes as they come up.

Eid
 

Patrick_68000

Patrick_68000
I hope that with the P2P, a hacker will not come hack my computer. Anyway I intend to buy a ssd reserved exclusively for ED (and Windows). All my other hard disks and SSD will be disconnected when I will play à ED. I hope also that my datas of player will be protected on the server who will be ultra secured
 

Robert Maynard

Volunteer Moderator
Robert Maynard
Mark Allen said:
Sadly Peer-to-Peer trust is a horrendously difficult problem to solve for the moment-to-moment gameplay, we have plans that we think will help the game a lot though. Any details I'm afraid I can't comment on!
Click to expand...

Good to know - best of luck with reinforcing the security aspect of P2P. :D
 

Riedquat

Riedquat
Mobius said:
the white hat im aware of is a pretty nice guy, he also told me a funny story about a group of players who have been pushing their TeamSpeak channels were greifing other players out side a station, he was in a hacked Sidewinder and took out 4 anacondas while he was listening to them on their teamspeak channel.

one of them said "lets report him for hacking" while one other told them to be quiet about it as their anaconda's where gained by hacking.

its nice to know that these white hats are helping by reporting the hacks aswell as defending those who don't use hacks.
Click to expand...

Hmmm, I have an idea of which group that would of been! ;)
 

Razorwire

Razorwire
PIXEL said:
There are a minority of backers/testers/players still able to ‘hack’ this game for advantage over others during the Alpha and Beta development of ED?

..what are Frontier Developments (FD) actively doing about it?....
Click to expand...

Minor white-hat here.

I was able to memory poke the late alpha clients for unlimited credits, unlimited ammo, massive weapon magazine sizes, and to change my bounty to whatever I wanted.
I ticketed what I found, didn't share it with other players, and only used it on NPCs. I've got a lovely screenshot of an NPC with over 100 heatseekers after him :D

FD changed how this stuff was stored in memory for Beta, in response to tickets like mine, and now I can't mess with it.

They are closing down the loopholes.
I suspect they are starting with the easy and prolific ones, like the memory poke and Cheat Engine, and working up to the rarer and more difficult hacks.
 

scrufferpops

scrufferpops
EidLeWeise said:
I'm NOT a white hat hacker, but I do know that Frontier are now changing the memory address of some of the client's internal variables there by making things like cheat engine next to impossible.

From what little I've heard about at all the communication between client and server (and I guess client to client) is encrypted however of course anything that can be encrypted can (theoretically) be decrypted.

The final thing I want to say is that it is, will be and always shall be impossible for any company to beat the hackers nor should they enter into a full scale war with them. (Basically there are more hackers than suitable devs and the hackers work a tad more unsociable hours!) They need to stop the 99% (which they're doing very actively) and work with the white hats to plug holes as they come up.

Eid
Click to expand...

Indeed, as an analogy, crime is always one step ahead of the law simply because they have the initiative. Its been this way since humans were around.
 

Aewarin Jameson

Aewarin Jameson
Asp Explorer said:
Would you be able to comment on at least cursory obfuscation or encryption of client-side network details?
Click to expand...

I can .. there's little point.

Obfuscation simply slows down the hunt for the right location to manipulate and is (IMO) worthless, and client-side encryption is pointless as you need to be able to decrypt it for in-game reasons and voila - there are the keys (no pun intended) to inject what you want. The only real way of ensuring that no one can hack your commander is to store the details server side.

This was demonstrated over the years with games like Diablo 2 : client side (offline) BNet games were a joke as everyone had a 1 hit wonder weapon and infinite armour, health, etc, whereas server side (online) BNet games were safe (which left risks to the client itself rather than the save game)


Mark Allen said:
though we do put effort in from the start to make sure critical things *can* be later secured as needed.
Click to expand...
I hope that decision pays out for you.

Mark Allen said:
Any details I'm afraid I can't comment on!
Click to expand...
Good luck.
 
You must log in or register to reply here.
Back
Top Bottom