Post ATGg3mRjWIxhLfGP7w by bgolus@mastodon.gamedev.place
(DIR) More posts by bgolus@mastodon.gamedev.place
(DIR) Post #ATGg3X7KVsjDo2bOk4 by bgolus@mastodon.gamedev.place
2023-03-04T07:29:34Z
0 likes, 0 repeats
The Tarkov cheat video is an interesting expose on the problem that exists for all multiplayer games right now, and has been a problem for over a decade now.With rare exception, you should assume every game you're playing online has someone cheating in it. And I'm not talking just Tarkov matches._Every_Game_The sophistication of cheats is crazy too, and big business. Authors of cheats can be making as much or more than devs do.https://www.youtube.com/watch?v=p5LfGcDB7Ek
(DIR) Post #ATGg3YEoLYJ5HX6t2e by bgolus@mastodon.gamedev.place
2023-03-04T07:30:15Z
0 likes, 1 repeats
It's a really frustrating battle between making multiplayer games that are responsive and fun to play and games that are secure. There's kind of no way to do both really well, because responsive games have to let the client do more, which opens the door for cheating.An obvious "solution" is to validate what the client does on the server, and of course most of the time game servers are doing just that. But there's only so much validation you can do before you start slowing down the server.
(DIR) Post #ATGg3cpTHC0ZWOIDjs by bgolus@mastodon.gamedev.place
2023-03-04T07:30:51Z
0 likes, 0 repeats
Here's some basic real examples of how game hacks have worked:An PvP MMORPG had large areas that were supposed to be safe zones specific factions. The idea was if you were the correct faction, you could escape to your area and the enemy players couldn't follow.
(DIR) Post #ATGg3eopsWgjh00k1g by bgolus@mastodon.gamedev.place
2023-03-04T07:31:04Z
0 likes, 0 repeats
But ... the collision was all done client side. So some players figured out they could just delete that collision from the map files. And then they would follow enemy players into the safe zones, kill them, and then run out before server mods showed up.
(DIR) Post #ATGg3glid5NpjuZHRg by bgolus@mastodon.gamedev.place
2023-03-04T07:31:25Z
0 likes, 0 repeats
That went on for _years_, before they finally added checksums to validate client data.Similar stuff happened in WoW PvP years later, with people deleting collision from the gates, or changing certain flowers to be stair models so they could get into the play area sooner.Those are obvious fairly simple cheats as cheats go.What about issues like the ones shown off in the above video? Seeing other players through walls.
(DIR) Post #ATGg3iWY6SRBBRUC4u by bgolus@mastodon.gamedev.place
2023-03-04T07:31:52Z
0 likes, 0 repeats
Usually these work by having code that can read the game's memory, and having someone reverse engineer where things like player skeletons are being calculated. Then you know where other players are. Done.But lets say your game has gotten really good at randomizing where that data is, or implementing ways to prevent game memory being accessed. Games have been doing that for years, and yet cheaters still have found ways around that.
(DIR) Post #ATGg3kOT9TA8yxillI by bgolus@mastodon.gamedev.place
2023-03-04T07:32:12Z
0 likes, 0 repeats
For example, some cheat programs insert themselves into the D3D or OpenGL rendering API. Then they look at draw calls of meshes with a certain number of vertices, or with specific color textures, and voila, you know where other players are again.But what if your game is on console, and that console hasn't been jailbroken yet? You can't run arbitrary code on the consoles to look at memory, or rendering API calls. So what can cheaters do?
(DIR) Post #ATGg3mRjWIxhLfGP7w by bgolus@mastodon.gamedev.place
2023-03-04T07:32:35Z
0 likes, 0 repeats
Well, console games often trust the client 100%. And this is bad, because then what they're really trusting is that the network data they're receiving is truthful.So cheaters would have a computer sit between the console and the internet, and watch the data being sent.
(DIR) Post #ATGg3oCYzg12nCBJlA by bgolus@mastodon.gamedev.place
2023-03-04T07:32:50Z
0 likes, 0 repeats
More than one console multiplayer game had radars that showed where all other players were, or instant head shot keys. There were some infamous hacks where as soon as you joined a game you would be headshot, and shot again as soon as you spawned.
(DIR) Post #ATGg3q0EIVL2NWQUoS by bgolus@mastodon.gamedev.place
2023-03-04T07:32:53Z
0 likes, 0 repeats
Those were accomplished by someone reverse engineering the network data and figuring out what to send the server to say "I headshot this player". And because console games often trust the client 100%, it would kill that person no matter where they were on the map.
(DIR) Post #ATGg3rf28HZVWMWb3I by bgolus@mastodon.gamedev.place
2023-03-04T07:33:12Z
0 likes, 0 repeats
Again, putting more detection and trusting the client less can stop or at least reduce a lot of these kinds of cheats. As can making sure you limit how much data you send other clients. But as I said, that can get expensive quick. Servers cost money.The more the server has to do per player, the fewer players that server can support. So it's always a balancing act between how much cheat prevention to implement on the server, and keeping the game profitable.
(DIR) Post #ATGg3u2VHzXAtjWMue by bgolus@mastodon.gamedev.place
2023-03-04T07:33:30Z
0 likes, 0 repeats
The crazy thing is we're finally getting to a point where it seems almost viable to just run the "client" in the cloud and make cheating impossible! Certainly there were games for Stadia that intended to do just that!But we're also to a point where computer vision has gotten good enough that aim bots can be written that run purely externally via a web cam pointed at a screen, and sitting inline with the mouse to spoof hardware inputs. So even fully cloud based games aren't immune.