Please fix the Alt F4 exploit

Status
Thread Closed: Not open for further replies.

WalterHWhite

WalterHWhite
I've been pointed to a thread (not on here) showing people have already reverse engineered various things in memory and can tweak them to give invulnerability, infinite ammo, the works. Even to ships they don't own. They'll just keep hammering at it as they do and map out what each bit of memory holds and what each function does. It seems the only failsafe there is a checksum that'll occasionally get sent to FD's server. They could potentially get banned from open play if they're not careful about it, but it seems it'd be trivial for them to have a workaround and provide the required checksum.

Which is fine if you're not really a PvPer, or if you're generally not that bothered. If you're interested in the well-being of the game or you come across someone who's tweaked their mechanics then you might take a different view.

[Reasons] why they chose P2P, I don't think it's a huge deal for them to have more centralisation to the game.
 

Drakkir

Drakkir
WalterHWhite said:
I've been pointed to a thread (not on here) showing people have already reverse engineered various things in memory and can tweak them to give invulnerability, infinite ammo, the works. Even to ships they don't own. They'll just keep hammering at it as they do and map out what each bit of memory holds and what each function does. It seems the only failsafe there is a checksum that'll occasionally get sent to FD's server. They could potentially get banned from open play if they're not careful about it, but it seems it'd be trivial for them to have a workaround and provide the required checksum.

Which is fine if you're not really a PvPer, or if you're generally not that bothered. If you're interested in the well-being of the game or you come across someone who's tweaked their mechanics then you might take a different view.

[Reasons] why they chose P2P, I don't think it's a huge deal for them to have more centralisation to the game.
Click to expand...

Yeah, everything you just said, the main arguments against using p2p... However would probably be easier for them to incorporate something like punkbuster or such to make sure no 3rd party programs are injecting data into the stream. And I say that simply for the fact they could buy punkbuster and incorporate it or any other anti-cheat software to keep those kinds of hacks from happening. RATHER than building an anti-cheat app of their own from the ground up (Lots O Work...).
Checksum wouldn't work, as the "3rd party programs" could figure out what algorithym they are using and emulate that, would require an anti-cheat programming congruently to the game application and scan for any other programming attempting to modify the running games assets on the fly.
 
Last edited:

Dogoncrook

D
kurush said:
I second this, can't wait until the people claiming the game is dead on arrival head the other way. They seem to be rather thick though and keep asking for things that are technically nonsense :)

No, that particular griefer seems to have *some* clue, may be my effort is not wasted :) The best of trolling - trolling with hard cold facts :) Reality is rather good at that :)
EDIT: no, apparently not.
Click to expand...

Well I play in open but not really PvP. My one and only cmdr kill as widely regarded to be the biggest greifer in beta, but you keep patting yourself on the back and fight the good fight lol.
 

Asp Explorer

Asp Explorer
The problem with using Punkbuster and equivalents is that they are very imprecise.

People used to lulzban other players by putting certain strings into web pages and persuade others to click them. Of course, as that string now existed in RAM, Punkbuster threw a fit and instabanned.

They have gotten better, but still not quite there.
 

Drakkir

Drakkir
Asp Explorer said:
The problem with using Punkbuster and equivalents is that they are very imprecise.

People used to lulzban other players by putting certain strings into web pages and persuade others to click them. Of course, as that string now existed in RAM, Punkbuster threw a fit and instabanned.

They have gotten better, but still not quite there.
Click to expand...

True enough, but something is better than nothing for now. And I'm sure you're like myself, we don't willy nilly click links on websites.
 

Dabba

Dabba
Asp Explorer said:
There is merit in that though.

However, it's pointless trying to teach calculus to those who refuse to even acknowledge arithmetic. After all, most of the pew-pew crew can barely understand even this

tumblr_inline_ne40khMyOM1s84atw.gif
Click to expand...

Duh, the x is where you shoot.
 

kurush

kurush
Asp Explorer said:
The problem with using Punkbuster and equivalents is that they are very imprecise.
Click to expand...
It also will not save you from <--- my cat playing with cable when things get hot :) Meaning it won't become griefer paradise AKA competitive PvP anyway. Also, I think Solo players will just love it.
 

WalterHWhite

WalterHWhite
>punkbuster

I'm well out of touch with how far gamers go to lift up the hood. Still, I suppose a rising tide lifts all ships, or should have :)

Apparently they use SSL to communicate with FD though. If they were to switch it around so your SSL conversation was also proxied through your opponent and vice versa, it'd be pretty damn hard to lie.
 

Dabba

Dabba
Just another reason this should have just been a single player offline game to begin with. Such a shame. Oh well, I wont use those type of hacks for the same reason I dont use any cheat codes, they just ruin the game to me, but other people using them wont adversely affect me. To each their own.
 

Drakkir

Drakkir
WalterHWhite said:
>punkbuster

I'm well out of touch with how far gamers go to lift up the hood. Still, I suppose a rising tide lifts all ships, or should have :)

Apparently they use SSL to communicate with FD though. If they were to switch it around so your SSL conversation was also proxied through your opponent and vice versa, it'd be pretty damn hard to lie.
Click to expand...

Yeah sucks bad, p2p falls prey to this in every game at some point. Try playing any of the COD pc titles, wallhacking, aimbots, speedhacks, etc etc list goes on.

- - - - - Additional Content Posted / Auto Merge - - - - -

extraltodeus said:
What if the computer crashes? I had once a big crash while playing and I'm happy I wasn't punished for that....
Click to expand...

In this game, you are perfectly safe if that happens...
 

Oddity

Oddity
Drakkir said:
True enough, but something is better than nothing for now. And I'm sure you're like myself, we don't willy nilly click links on websites.
Click to expand...
Should be nothing wrong following e.g. a link in a sig to a ED related site. We've probably all done that, and in that case it can be enough. Using anti-cheat software on the client's computer is a very extensive meander. It's starting a race that is hardly to win and would cost a lot of manpower to maintain. Such software needs high privileges and poses another security problem itself.

-> Moving the hosting part away from a client's machine to the service provider is the clearcut solution, instead of trying to protect processes on potentially hostile terrain. Certainly easier, might even be cheaper (not my field).

There are more reasons against client hosted instances. I for my share simply don't want every script kiddie I fly against to have my IP. The next zero-day-exploit is only a matter of time. The percentage of routers with unpatched security holes is amazingly high, often the OEM does not even provide one. Those lizard squad kids got their DDoS bandwith by taking over peoples routers.
 

Asp Explorer

Asp Explorer
Oddity said:
There are more reasons against client hosted instances. I for my share simply don't want every script kiddie I fly against to have my IP. The next zero-day-exploit is only a matter of time. The percentage of routers with unpatched security holes is amazingly high, often the OEM does not even provide one. Those lizard squad kids got their DDoS bandwith by taking over peoples routers.
Click to expand...

Indeed. I am sure many people may get an unpleasant surprise when they type their public IP address into a browser and try admin and password as credentials.

Please peeps - always change your routers password. And I don't mean your wifi password.
 

Tryst

Tryst
Drakkir said:
In this game, you are perfectly safe if that happens...
Click to expand...
That's the other side of the coin of course. Someone may be prepared to fight to the death but a crash or DC due to your ISP may be what robs them of the chance of blowing you up. A DC isn't always the fault of the player, it could be that their graphic card gave up under the load since combat can get pretty graphic intensive.
 

Distance

Distance
Tryst said:
That's the other side of the coin of course. Someone may be prepared to fight to the death but a crash or DC due to your ISP may be what robs them of the chance of blowing you up. A DC isn't always the fault of the player, it could be that their graphic card gave up under the load since combat can get pretty graphic intensive.
Click to expand...

Things like this are a rare occurrence and whilst it isn't always the fault of the player you have to err on the side of what's most likely. FD have a choice of taking a couple support tickets a day from a few players who were disconnected through bad luck against possibly 100s a day from people being cheated out of bountys by players combat logging. I know which one I'd choose and which one is most likely to get people to stop playing and suffer from weakened sales due to bad word of mouth.
 

Agony_Aunt

Agony_Aunt
People are being rather overdramatic as well regarding this whole hacking business.

The game has two things going for it which over the long run will help keep this sort of things under control.

1) Report a Player mechanism
2) The price of the game

If people want to risk their account being suspended, then they might be able to use hacks to give themselves advantages. As soon as they do though, then it leaves it open to the chance that a player will spot it. For example, they give themselves infinite shields. Player is pew-pewing with their beam lasers and its not making a dent. Player gets suspicious, starts capturing a video or taking screenshots. Reports the player. FD investigates, sees anomolies. Keeps an eye on the player. Cheating confirmed. Account suspended. Goodbye $60. I wonder how many times most people can afford to do that before they stop.
 

WalterHWhite

WalterHWhite
>overdramatic

oh, do behave :)

>report a player

Well you did say that a more central server was somehow uneconomical and would require a subscription model. You're suggesting an employee manually pores over individual tickets that merely have an accusation of cheating, written in unstructured English.

I've beaten this horse dead today. Hopefully (for me) they have a proactive approach in mind.
 
Status
Thread Closed: Not open for further replies.
Back
Top Bottom