[Permabans being lifted] ZOS how are we as a community dealing with exploits/hacking?

WhiteCoatSyndrome

For those of you wondering about the lack of reaction from ZOS...at least some of that is because today is a holiday in the US. Though if they have any sense, they'll buff their support staff for future three day weekends.

timidobserver

SlayerTheDragon wrote: »

Ch4mpTW wrote: »

SlayerTheDragon wrote: »

IS THE LAG BETTER NOW??

Lmao, this is ESO. And in a place like Cyrodiil? Hell no.

@Ch4mpTW I am looking for confirmation. If lag is better then it proves that they dropped the server-side validation. It also proves that the server-side validation did in fact cause the lag.

The validation was never there. As I understand it, people have been subtly using this exploit for a long time. It's just coming into the light now because someone made it impossible to ignore or explain away as L2P.

Mush55

So much for the pc master race, glad i'm a console peasant.....

HuawaSepp

shauny.gibbsb16_ESO wrote: »

I don't get why game companies dont just make a very verbal zero tolerance to hacks etc, once they come down real hard just one time it would put the average player off, be the company that everyone knows will not stand for it.

The hack is only avaliable for pc so they can count on their Xbox and PS community.
Doing smth against this is just not worth the money

Phinix1

Do your part!

1-click report cheaters at a distance

If you can see their name under your cursor, no matter how far away, you can hit a single keybind to grab their name and report them with this addon.

Lysette

Turelus wrote: »

@Ch4mpTW on this issue I lost faith about a year and a half ago.

I love this game, I love the developers but as I've said there is some messed up backwards corporate style of running things going on which doesn't mesh with an MMO company.

I won't give up given them lip for these kinds of issues, I just wondering how long it's worth trying for rather than playing the game and pretending it's not cheat2win.

So for ZOS (if they're still reading) once again here are all the examples of what you should be doing.

SWTOR Exploit Warning Post
EVE Online Exploits Page
Diablo 3 Exploit Warning Post
Guild Wars 2 Reddit Comment

Take note of how every other major company actually talks about the issues, how they warn people and then ban them and then ban them.

Here is an example from EVE Online from this year.
Firstly they make a news post when they become aware: https://community.eveonline.com/news/news-channels/eve-online-news/drone-exploit-notification/ This news post is on the websites/forums/launcher/character select or as close to everywhere they can get it.
Then they fix the issue ASAP, not "next update" ASAP.
Then they look through the data and reports and take action against accounts.
Note that CCP now has a two strike policy (down from three) meaning temp ban, then perma ban.
They have a smaller player base and ESO but haven't been doomed by very draconian rules enforcement so that argument can't be used.

Here are three videos from their security team talking about rules enforcement and server security. Notice how they're open about things.

https://www.youtube.com/watch?v=7Vd-CpnjvAM

https://www.youtube.com/watch?v=1CZR9w3ftjY

https://www.youtube.com/watch?v=WBD7CL9oQqE

On a personal note which I am not sure matters to ZOS but hey ***...

I really hope someone from ZOS actually takes the time to watch those videos, because for whatever you want to say about EVE Online the company running it are probably one of the best in the world. I invest seven years of my life into that game, took five vacations to Iceland to attend their fanfest, dropped money on $100+ collectables, was a member of a corp (guild) of friends for five years.

This year I unsubbed and left all of that behind because I liked ESO more, for all the issues this game faces I enjoy the base mechanics and gameplay of it more. However when threads like this are happening, when I sit and work reading the forums at lunch and every single day I see a new thread about exploits get buried and ignored or just moderated away, I have to ask myself why am I bothering, there are better ways to spend my time and money.

And the results of CCPs efforts to combat cheating - on fanfest 2015

https://www.youtube.com/watch?v=WBD7CL9oQqE

argh, you have added this already - sorry.

Edit: you just think that you left EVE behind - but you will return - EVE will still wait for your return, when games like ESO will long be dead.

SirAndy

https://forums.elderscrollsonline.com/en/discussion/268389/a-message-from-zazeer-hacking/p1

I told you so (for almost 3 years) doesn't feel as good as it should ...


PS: Gonna repeat this here again:
What people need to understand is that on the PC, you can write an app that can read and write *any* running process's memory. Memory is NOT protected!

And it's not hard to do either, the code required for such an app is pretty simple. Once you find the right data offsets while the game is running, you can change them at will in realtime.

ThePonzzz

Haderus is completely unplayable right now. I don't know just how many people are doing stuff, but people were flying through the air and just going nuts. I thought it was lag last night. Like I didn't see the inner wall come down. But it's pretty shameless right now. Not really fun. On top of that, you have Haderus pop locked and good players pushing emp too. But if you just have 1 person per group doing this stuff, it makes them nearly invincible.

Shame it has to be so close to DB launch, because I doubt anything this severe can be hotfixed. So it's gotta last for at least a week.

Lysette

SirAndy wrote: »

https://forums.elderscrollsonline.com/en/discussion/268389/a-message-from-zazeer-hacking/p1

I told you so (for almost 3 years) doesn't feel as good as it should ...


PS: Gonna repeat this here again:
What people need to understand is that on the PC, you can write an app that can read and write *any* running process's memory. Memory is NOT protected!

And it's not hard to do either, the code required for such an app is pretty simple. Once you find the right data offsets while the game is running, you can change them at will in realtime.

This is what a proper client-server architecture is for, which does NOT trust the client software, but performs vital things on the server and leaves just minor things like running animations or do flex hair and stuff like that to the client - well, ESO does not have flex hair, but there are MMOs which have this as well as body physics - and that stuff is done client-side for example.

Avezack

https://www.youtube.com/watch?v=zYg8n3kimGI
No mercy for hacking/exploiters

dsalter

Avezack wrote: »

https://www.youtube.com/watch?v=zYg8n3kimGI
No mercy for hacking/exploiters

ugh i hated that abomination of a film

Phinix1

ThePonzzz wrote: »

Shame it has to be so close to DB launch, because I doubt anything this severe can be hotfixed. So it's gotta last for at least a week.

ZOS could run a simple script and mass-ban everyone it flags, and ask questions later.

All the player interactions with the server are recorded.

All the script would have to do is analyze how many ultimates were cast over an interval of time. With some basic template calculations and a reasonable margin, flag any player that cast more than the legitimately possible number within any period and ban them.

Then come back and do proper sanity checks and server-side later.

I actually think it's pretty funny how many think this is "undetectable" unless someone reports you.

Nebthet78

Frankly, one of the first things I think ZOS should do while they go through dealing with the cheaters is to Disable ALL Add-Ons until they can figure out and deal with how to prevent this in the future.

There may be a lot of people miffed about losing the use of Add-Ons, but for the long term health of the game, this would be a better alternative than shutting down the servers as I have seen some people suggest. That way every one is put on a level playing field and they are not actually required to enjoy the game.

Now another thing that I am concerned about in regards to this whole hack cheat, is just HOW much has this third party program been influencing the way the devs "attempt" to balance the game, which never seemed to actually work out.

How many nerf threads have been created because of people coming up against other players using that program to increase their attributes, regeneration, DPS, or cost reductions by 10-20+%?

Infinite Dodge rolling, Infinite Blocking, Speed running, Infinite Shields?? Just how much has this Cheat program influenced the constant nerfing at the hand of the Devs in the name of "Game Balance"?

SirAndy

Nebthet78 wrote: »

Frankly, one of the first things I think ZOS should do while they go through dealing with the cheaters is to Disable ALL Add-Ons until they can figure out and deal with how to prevent this in the future.

@Nebthet78
You are confusing AddOns with 3rd party apps. This whole thing has absolutely NOTHING to do with game AddOns!

See my post above. It's a known standalone app that allows one to manipulate the ESO memory while the game is running.

ola.wilhelmssonb16_ESO

Nebthet78 wrote: »

Frankly, one of the first things I think ZOS should do while they go through dealing with the cheaters is to Disable ALL Add-Ons until they can figure out and deal with how to prevent this in the future.

There may be a lot of people miffed about losing the use of Add-Ons, but for the long term health of the game, this would be a better alternative than shutting down the servers as I have seen some people suggest. That way every one is put on a level playing field and they are not actually required to enjoy the game.

Now another thing that I am concerned about in regards to this whole hack cheat, is just HOW much has this third party program been influencing the way the devs "attempt" to balance the game, which never seemed to actually work out.

How many nerf threads have been created because of people coming up against other players using that program to increase their attributes, regeneration, DPS, or cost reductions by 10-20+%?

Infinite Dodge rolling, Infinite Blocking, Speed running, Infinite Shields?? Just how much has this Cheat program influenced the constant nerfing at the hand of the Devs in the name of "Game Balance"?

Isn't the cheat we're all raving about, an entirely separate, third-party program? Would disabling add-ons even help in the slightest?

Tommy1979AtWar

Well whatever happens you just know that the players who haven't cheated are gonna get screwed over just like every other time.
What do you think they'll nerf this time? AP?... RNG?.. place your bets!

Pallio

Is this new unlimited power buff going to be implemented in the game or fixed? 600k score in VMA sounds intriguing, actually finishing it all would be nice for most of us.

ola.wilhelmssonb16_ESO

There's a locked thread, with a very informative, but sometimes extremely technical discussion about the lates hack/cheat:
https://forums.elderscrollsonline.com/en/discussion/268253/a-few-facts-about-the-recent-ultimate-exploit-hack#latest
From what I understand of that thread, disabling add-ons will not help. At all. But I know very little of programming and server/client technology, so read that thread for yourselves.

Korah_Eaglecry

Oh no we got too many threads about this issue. Better sweep it under the rug and force everyone into one easy to lose sight of thread.

Im tempted to flood this damn forum with as many threads about the topic as possible. It probably get me banned but hey....If players can exploit and get a three day vacay and players can go years outright hacking the game.

arena25

Hello all, Lord Arena25 here.

Every game has that exploit that a lot of players use and it made a mess of PR in their respective games. For World of Warcraft it was the Saronite Bomb Platform Rebuild. For RIFT it was a dummy boss mechanic. And now ESO has to deal with this mess.

While unfortunate, ESO isn't the first game to have this kind of a PR issue right before a major content update, and I doubt ESO will be the last game to have this kind of a PR issue right before a major content update.

I'll be back later when I can be bothered.

Signed,
Lord Arena25

Minalan

ola.wilhelmssonb16_ESO wrote: »

There's a locked thread, with a very informative, but sometimes extremely technical discussion about the lates hack/cheat:
https://forums.elderscrollsonline.com/en/discussion/268253/a-few-facts-about-the-recent-ultimate-exploit-hack#latest
From what I understand of that thread, disabling add-ons will not help. At all. But know very little of programming and server/client technology, so read that thread for yourselves.

It's true that you can't completely make a client program 'safe', but there's plenty that you can do to improve from where they are now. Enough so that a bunch of 15 year old children with a memory edit program can't break in.

* They have no redundancy in their data structures. No checksums, hash values, or copies of the data are stored to use for integrity checks. They have no security built around core objects, so that modifications and reads done to private object variables *must* be done via method calls with specific/valid keys or tokens that change over time.

* They didn't bother to encrypt or compress their core data structures. Everything is apparently stored once and easily readable. Really, this isn't hard guys.

What does all this do? If the encrypted and compressed object values for your health or ultimate don't match up to a dozen internal copies, each hashed with a different algorithm, then crash the client and report to the server. Three reports and your login stops working, and you spend two hours on the phone with customer service listening to elevator music. This won't stop the NSA, but your average kid? Probably.

* There is no server side cheat detection. There are no algorithms checking whether a player should be dead from damage, out of mana/stamina from skill use, or have no ultimate left after dropping one meteor.

Even if you do get a kid who manages to break your client, the server should have extensive cheat detection algorithms in place to stop it. Someone taking 50K damage and surviving. Someone spending 50K Magicka in a few seconds. Someone ripping too many attacks at once. Someone moving too fast. Check. And have the server hang up that person.

* They have no routines in place to shut down or temp ban players clearly/purposefully corrupting the client process memory, or those that fail server side cheat detection.

Conclusion: ESO developers are nearly as terrible and arrogant as their exceptionally poor design team. They think they're much better than they are, but they really aren't.

I say 'nearly as bad' because If they followed @Wrobel standard procedure, they would come in here and tell us how awesome their non existent security is instead of fixing it.

Riggsy

AdmiralSam wrote: »

Doing an IN-GAME exploit isn't the same as running a 3RD PARTY software. While most of us recognize in-game exploits as dirty, it is nothing in comparison to what the people this thread is about do. I really hope you can see that.

I understand the difference. Abusing either is still wrong, especially when they are closely guarded secrets enjoyed by only a few elite players while anyone trying to post about in on here, to expose it, is moderated into silence with their silly no name-and-shame policy.

Nebthet78 wrote: »

Infinite Dodge rolling, Infinite Blocking, Speed running, Infinite Shields?? Just how much has this Cheat program influenced the constant nerfing at the hand of the Devs in the name of "Game Balance"?

I wonder that as well. For the longest time the excuse was "they run a great build" or "learn to play" but I, along with a lot of people one here, have seen the invincible opponent who, despite taking on 5-6 skilled PvPers at once, never seems to run out of resources while moving faster than everyone else.

vladimilianoub17_ESO1

Yolokin_Swagonborn wrote: »

Here is a name and shame free video. If this gets removed its a blatant act of censorship.

NOTE: This video contains NO NAMES and NO DESCRIPTION of the exploit or how to do it. It just shows visually what is happening.

https://www.youtube.com/watch?v=KosPhi1vchQ

This is what it's like to PvP right now. This is the quality of our game.

SHAME!
SHAME!

Hory shet ,this thing is serious.Just wow.That look like a apocalypse movie.Wow,you allow this shet to happen? ZOS? Shame on you.Those player doing that should be named and shamed on a video of ZOS deleting their characters.

Rakkul

See the hacking threads getting locked, hmm.

And in the middle of this we have a supposedly white knight hero who was only hacking to show everyone the hack
Well.......
[Snip].

"ah your honour, I was only doing three times the speed limit to show the speed cameras would work at 120mph." - I'll be off now then ok?

Also he named a person who was hacking (himself) - so that's a double infringement, although a perma-ban kind of covers both.

Zos - you urgently need to be less vocal about forum threads and significantly more about what you are doing about this. Apparently your game has been running in a player corrupted state for years.

Ok not everyone hacks of course, but the outcome is not limited to the hackers.

Anyone - no matter how brief or how extended the fight - who has engaged a hacking player, has done so on an uneven basis.
On a stage tipped in favour of the hacker(s).

Players - remember that fight you just lost or that campaign target you just didn't get - you'll be wondering now if you should have won as maybe the opposition was hacking.

All those l2p messages you received after getting beat - could well have been from people laughing at you whilst using the hack software - how good does that make you feel?

As for pvp now - who the heck would want to contemplate it when you're met with this corruption of the game?

Remember - not all the hackers where dumb enough to nuke everything, some where quietly adjusting things to keep below the radar.

Adjusting things just enough to beat you - and they're still there.

[Edit to remove censor bypass]

Sasyk

Phelaen wrote: »

i am more worried about the people using these cheat engines marginally then the idiots that make it so obvious they are cheating.

its way harder to spot people that do 20% more dps with 20% more health and 20% more regen
for all we know its been going on for a long time and some of the people we think are really good are just pulling a "lance Armstrong" and EPOing up.

This is something that bothers me as well.

vladimilianoub17_ESO1

This link is old and it doesnt show how to expolit or anything( i just read the 1st page) but it shows how dedicated some players are to exploit the game.I wish ZOS was that dedicated when it comes to stop exploiting.

[Removed malicious link]

Turelus

@vladimilianoub17_ESO1 I would remove the link as it's going to get moderated any way.

Also just because files are out dated doesn't mean they can't be updated to still work.

mtwiggz

Sasyk wrote: »

Phelaen wrote: »

i am more worried about the people using these cheat engines marginally then the idiots that make it so obvious they are cheating.

its way harder to spot people that do 20% more dps with 20% more health and 20% more regen
for all we know its been going on for a long time and some of the people we think are really good are just pulling a "lance Armstrong" and EPOing up.

This is something that bothers me as well.

That bothers me almost as much as the fact that ZoS still hasn't made an official response to this issue.

Memorial Day picnics > their ESO community.

Tandor

WhiteCoatSyndrome wrote: »

For those of you wondering about the lack of reaction from ZOS...at least some of that is because today is a holiday in the US. Though if they have any sense, they'll buff their support staff for future three day weekends.

Those who believe ZOS have not reacted need to check the Dev Tracker - they responded on this yesterday.

MaxwellC

Edit: I've seen the light of the Dev tracker!