[Permabans being lifted] ZOS how are we as a community dealing with exploits/hacking?

Nifty2g

To bring people up to date
There is currently 3rd party software people are hacking ESO with on PC/MAC. Able to do everything and anything

https://www.youtube.com/watch?v=KosPhi1vchQ


Taken from: https://forums.elderscrollsonline.com/en/discussion/268253/a-few-facts-about-the-recent-ultimate-exploit-hack/p1

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

I'm quite fond of the ESO community, there are amazing people I have met on this game and plan to keep long friendship with them, however it seems as of late and repeated actions in the past, as a community as a whole the game is slowly destroying itself and finding ways to become even more toxic.

As it is against the rules to name players, we all know who they are just step foot into Cyrodill or look at your Maelstrom Arena scores, why do ZOS allow such things, why are repeated offenders allowed to keep the toxicity in the game and destroy itself. One of these players has been permanently banned before, and you allowed them to come back only to absolutely slap someone in the face who has put in the time and dedication to set themselves a goal and get #1, this applies to @andy.s and @JaceSB

Why are we as a community not allowed to name and shame those players who honestly have no right anymore to belong on this game with repeated exploiting accusations, now even worse how are we still finding ways to fill this game with poison and exploits. ZOS this is on you, you need to actually take action for once, you know who the players are, if we as a community are exploiting because of no consequences there is an issue with the way you are moderating your game. Please fix it before your community turns against you. Set an example of the exploiters/hackers.

And for those who are actually exploiting/hacking, yes this is a game, but to others it is also a hobby you are filling the community with horrible behavior and ruining a great game that is trying to get itself off the training ground and establish itself, ESO is heading in a great direction, but stuff like that is currently happening, ruins it and word gets around very quickly, people spend money on this, invest hours and hours of their time into it to play with their friends or have a challenge.

So to you ZOS, I hope you are doing the right thing, but if this continues to get out of hand, your community is going to lose it's faith and turn against you.

Ch4mpTW

Hm... I don't think that Zenimax actually cares too much about its consumers losing faith in them. I mean just recently we had numerous threads saying that poisons were too strong at 30%, and can't go live that way — only for ZOS to buff poisons to 60% in response... So I really don't think faith and respect from its customer base is relatively high on its priority list. Lol.

Also, I think much of its community is in the process of and or have already turned on them. I for one have. I used to be crazy loyal to ESO and Zenimax. I'd defend ZOS to the teeth, and even bought the game on two platforms to show support. I also would buy things in the crown store, just to try and lace ZOS' pockets even further. But will I anymore? Absolutely not. I only recently obtained the $40.00 mount, because I have tons of crowns on my account (bought numerous packs while they were on sale). Literally tons. Otherwise, I'd have not even batted an eye at it.

BFT88

Well my entire thread showing video evidence from 3 different people, and multiple screenshots from people, got locked with "We're locking this thread due to naming and shaming." I'm done with this game, you got some guy on the forums locking threads that has NO IDEA THE LEVEL OF FRUSTRATION we are at 11 hours from a 30 day campaign completion. THANK YOU ZOS, LOCK ALL THE THREADS AND HIDE THE PROBLEM.

Buffler

Repost vids, send in vids via tickets and dont name players then the thread wont get locked

Rakkul

Where are we?
Stage 1 - identify and report
then onto........
oh nothing happening
back to Stage 1

Nifty2g

Buffler wrote: »

Repost vids, send in vids via tickets and dont name players then the thread wont get locked

I think when players are hacking, then videos are fine, I don't see why we can't name and shame. We don't want to hide the toxic players in the community, why are we protecting them. Get rid of them once and for all.

As for the Maelstrom Arena before that gets out of hand, I've been seeing players all day getting high scores who are mainly unnamed/unknown in the realms of PvE.
But honestly the players who held #1 are my friends and my guild mates, they have put countless hours of effort into keeping that spot, to have someone come in and ruin it is just disgusting behavior because they know nothing will happen to them. If I was #1 I would be completely pissed that I would be unable to grab a screenshot to show the achievement before Dark Brotherhood goes live because someone had hacked and gotten a seemingly impossible score. (which is actually a 29 Minute clear.)

As for PvP, I know it has less of a direct impact like PvE leaderboards do, but players should also get punished thinking how they can get away with such *** I don't understand how time after time you allow players to exploit, no more 3 day ban, stand handing out permanent bans, especially to those who have received one before and decided to come back and disrespect the company outright.

ZOS_DaryaK

Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

Tryxus

Give 'em the good ol' Stendarr's Hammer!

Ch4mpTW

ZOS_DaryaK wrote: »

Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

Lol. You know... I've been wondering something @ZOS_DaryaK that I'd love for you to explain... How does one exactly post a video on the forums of a exploit taking place involving themselves and another player, while managing to censor the other person's name who's exploiting? Lmao. Are you supposed to use censoring software, like the blur effects used to cover-up people's faces or explicit images? Or just have a floating black censor bar over the person's name in the video? I really wanna know.

ZOS_DaryaK

Ideally, you can send your videos to our support team, then you don't need to block any names and the videos are potentially more useful.

Ch4mpTW

ZOS_DaryaK wrote: »

Ideally, you can send your videos to our support team, then you don't need to block any names and the videos are potentially more useful.

Oh reeeeally? You mean like how many of us have done for months, only to get a generic response from this "support team" (if we were lucky enough to even receive a response) Hmm? And then for us to say in these cheating/exploit threads how we've already made numerous attempts at bringing these things to you all's (ZOS) attention (because 9x out of 10 they're relatively old exploits), and nothing get done about it?

You're one of my favorite admins, @ZOS_DaryaK because of how entertaining your responses can be. I always smile when I read your words.

Tonnopesce

I'm thinkg at this poor dude, today's moderator, probably working in sunday cuz is a new zos employee, getting probably one of the worst days Since ever....

Runs

ZOS_DaryaK wrote: »

Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

I understand not mentioning the names in the posts. But I am at a loss at why video of game play is not allowed, if it does not show how to replicate an exploit. We are allowed to show video that is deemed "good" why not be able to show the bad too? There are too many nay sayers that think nothing is wrong and nobody is cheating. Censoring proof of it just makes it seem like ZOS doesn't want to have to fix the issues and are happy with just being able to blind the majority from knowing about them.

At times it just seems ZOS is more willing to lose the population of serious gamers that wont stay when exploiters are allowed to continue than they are willing to lose the exploiters.

LadyNalcarya

Runs wrote: »

At times it just seems ZOS is more willing to lose the population of serious gamers that wont stay when exploiters are allowed to continue than they are willing to lose the exploiters.

So much this!
Its also quite ridiculous that rules about naming and shaming are much more strict than rules about cheating in game...

zerosingularity

ZOS_DaryaK wrote: »

Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

Sorry, but until the players see proof that such things as exploiting and hacking are dealt with appropriately (no 3-day ban crap but perma-ban/character deletion) then naming and shaming of exploiters/hackers will and should still happen.


Remember, exploiters/hackers have no rights, only the innocent do.

Looks like we will need a leaderboard reset this next DLC, at this rate.

Nifty2g

@ZOS_DaryaK What do we do about Maelstrom Arena, it is a solo instance but the scores clearly show exploitation.

LadyNalcarya

Nifty2g wrote: »

@ZOS_DaryaK What do we do about Maelstrom Arena, it is a solo instance but the scores clearly show exploitation.

They've just started with vMA, but who knows if 12 cheaters would cooperate for vMoL?
Would be quite embarrasing if cheat engine would take worlds 1st hm clear lol.

Nifty2g

zerosingularity wrote: »

ZOS_DaryaK wrote: »

Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

Sorry, but until the players see proof that such things as exploiting and hacking are dealt with appropriately (no 3-day ban crap but perma-ban/character deletion) then naming and shaming of exploiters/hackers will and should still happen.


Remember, exploiters/hackers have no rights, only the innocent do.

Looks like we will need a leaderboard reset this next DLC, at this rate.

597935 on the Sorcerer VMA is the main reason a leaderboard reset is in order. That score is impossible to obtain, to those who don't know Streak One currently #2 his run was 40 minutes and his score is 575102. The person ahead of him has that 597k which means that run was 29minutes. I don't believe that is possible at all unless you are spamming free cost Overload.

Anhedonie

ZOS, you could ban several cheaters, or lose your entire pvp playerbase.
I hope you can do the math.

Rosveen

I understand protecting the players' identity because of that whole "innocent until proven guilty" stuff - but these people already have been proven guilty. If someone's dropping ultimate after ultimate for a minute straight, there can be no mistake: it's an exploit, and we know how they're doing it. Nobody downloads a third party program by accident, without malicious intent. What exactly are you protecting them from and why are you not protecting honest players?

Nebthet78

ZOS_DaryaK wrote: »

Hello folks, this issue (and the associated videos and images) has been sent over to the appropriate team for investigation. We are closing this discussion as discussing in-game disciplinary action is not in keeping our forum rules.

https://forums.elderscrollsonline.com/en/discussion/268213/zos-permaban-the-ulti-exploiters-hackers-no-excuses/p3

I'm sorry Darya.. at this point, the closing of these threads with this type of excuse when there is clearly a major issue tells me that you are only interested in trying to do damage control but not actually deal with the real issue.

The thread, while dealing with what should happen to those using the cheat, was actually not discussing disciplinary action used on a specific player and therefore should have been allowed to remain active as long as there was no naming and shaming in it. Players need a place to voice their complaints regarding what is happening and how they feel the situation should be handled and whether or not players should be banned or not.

I agree with pics being removed that have players names in it, or some videos, but if there is no naming or shaming or clear discussion on why player X was not given disciplinary action when player y was, then it should have been left alone as it is a clear discussion regarding the TOS and in a sense, yes disciplinary action, but the discussion itsself was on the line of acceptability.

This is a major issue happening right now and you are treating this like someone trying to bury their head in the sand, or covering their eyes and ears and trying to pretend it's not happening. This issue is not going to go away and it IS hurting the game and how these threads are being handled reflects on how we the players view ZOS as a company.

Sorry, but just my opinion.

Attackopsn

This kind of intentional exploitation and cheating is disgusting. This is the same behavior that ruined diablo on console platforms, such a shame to see players going out of their way to ruin a game.

Jaronking

Attackopsn wrote: »

This kind of intentional exploitation and cheating is disgusting. This is the same behavior that ruined diablo on console platforms, such a shame to see players going out of their way to ruin a game.

Well to be fair their not trying to ruin the game well not all of them some are just trying to get @ZOS to fox their dam game.Can you blame them for that?

Yolokin_Swagonborn

Here is a name and shame free video. If this gets removed its a blatant act of censorship.

NOTE: This video contains NO NAMES and NO DESCRIPTION of the exploit or how to do it. It just shows visually what is happening.

https://www.youtube.com/watch?v=KosPhi1vchQ

This is what it's like to PvP right now. This is the quality of our game.

SHAME!
SHAME!

Attackopsn

Jaronking wrote: »

Attackopsn wrote: »

This kind of intentional exploitation and cheating is disgusting. This is the same behavior that ruined diablo on console platforms, such a shame to see players going out of their way to ruin a game.

Well to be fair their not trying to ruin the game well not all of them some are just trying to get @ZOS to fox their dam game.Can you blame them for that?

Are you joking? This isn't a bug, and even if it was, exploiting it at the player base's expense is fully malicious and should result indisputably in perma bans

zerosingularity

Nifty2g wrote: »

zerosingularity wrote: »

ZOS_DaryaK wrote: »

Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

Sorry, but until the players see proof that such things as exploiting and hacking are dealt with appropriately (no 3-day ban crap but perma-ban/character deletion) then naming and shaming of exploiters/hackers will and should still happen.


Remember, exploiters/hackers have no rights, only the innocent do.

Looks like we will need a leaderboard reset this next DLC, at this rate.

597935 on the Sorcerer VMA is the main reason a leaderboard reset is in order. That score is impossible to obtain, to those who don't know Streak One currently #2 his run was 40 minutes and his score is 575102. The person ahead of him has that 597k which means that run was 29minutes. I don't believe that is possible at all unless you are spamming free cost Overload.

Yeah I just saw that score, and while I am no where near Streak One's skill level, I know full well that 598k score is pure exploit/hack. Hopefully we get some form of real response, one that is not damage control but a real person to person communication on this issue.

Ch4mpTW

Nifty2g wrote: »

zerosingularity wrote: »

ZOS_DaryaK wrote: »

Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

Sorry, but until the players see proof that such things as exploiting and hacking are dealt with appropriately (no 3-day ban crap but perma-ban/character deletion) then naming and shaming of exploiters/hackers will and should still happen.


Remember, exploiters/hackers have no rights, only the innocent do.

Looks like we will need a leaderboard reset this next DLC, at this rate.

597935 on the Sorcerer VMA is the main reason a leaderboard reset is in order. That score is impossible to obtain, to those who don't know Streak One currently #2 his run was 40 minutes and his score is 575102. The person ahead of him has that 597k which means that run was 29minutes. I don't believe that is possible at all unless you are spamming free cost Overload.

Whoa! What!? WHOA! A 29mins. run!? That's bs! Even a 35mins. run through VMSA is bs! Now I really understand the anger behind everyone at this point. WTF is this!?

People out here doing 20-40mins. runs through VMSA, landing too spots on the leaderboards, and getting laced with Maelstrom weapons!? Meanwhile people like me and a few others have had to grind in there doing hour and a half to two hour runs? Some people it taking them 2 days, but they're still mustering through it... And you have these chumps out here on the leaderboards doing 20-40mins., and getting defended by the admins and mods here on the forums? Are you serious!? Oh hell no! ZOS have you lost your minds!?

Jaronking

Attackopsn wrote: »

Jaronking wrote: »

Attackopsn wrote: »

This kind of intentional exploitation and cheating is disgusting. This is the same behavior that ruined diablo on console platforms, such a shame to see players going out of their way to ruin a game.

Well to be fair their not trying to ruin the game well not all of them some are just trying to get @ZOS to fox their dam game.Can you blame them for that?

Are you joking? This isn't a bug, and even if it was, exploiting it at the player base's expense is fully malicious and should result indisputably in perma bans

I never said they shouldn't be banned I actually posted multiple times they should be permabanned.I didn't state it was a bug but we all know ZOS knew nothing about this until we started spreading information which is sad.A lot of people just want them to actually stop stuff from this from happening again that's why their doing it as bad as they are.Its forcing a response and forcing ZOS to make sure this doesn't happen again.

Anhedonie

Jaronking wrote: »

Attackopsn wrote: »

This kind of intentional exploitation and cheating is disgusting. This is the same behavior that ruined diablo on console platforms, such a shame to see players going out of their way to ruin a game.

Well to be fair their not trying to ruin the game well not all of them some are just trying to get @ZOS to fox their dam game.Can you blame them for that?

Cheaters always say this. And guess what, it's a lie.

Arvs

Now they're trying to justify using it. Lmao.

SirAndy

Let me just leave this here, from another post of mine:

There's still A LOT that is done client side.
Without changing the underlying architecture, it's impossible to prevent abuse.

What people need to understand is that on the PC, you can write an app that can read and write *any* running process's memory. Memory is NOT protected!

And it's not hard to do either, the code required for such an app is pretty simple. Once you find the right data offsets while the game is running, you can change them at will in realtime.