A few facts about the recent ultimate exploit/hack

cyx54tc

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

Jaronking

Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

cyx54tc

Jaronking wrote: »

Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

anti hack engine is something like a wrapper on top of ESO which we do not have right now.

milesrodneymcneely2_ESO

Jaronking wrote: »

Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

I never thought I'd actually miss the farming bots...

Zyle

They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

Jaronking

cyx54tc wrote: »

show previous quotes

Jaronking wrote: »

Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

anti hack engine is something like a wrapper on top of ESO which we do not have right now.

So wait their a way to make the performance in PVP even worst then it is now.Thank you for telling me I always been interested in this type of stuff.Well what do you think ZOs can do to stop this from happening again without making performance worse.

cyx54tc

Zyle wrote: »

They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

but then you will have to make sure the process itself did not get modified

Julianos

cyx54tc wrote: »

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

cyx54tc

Jaronking wrote: »

show previous quotes

cyx54tc wrote: »

Jaronking wrote: »

Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

anti hack engine is something like a wrapper on top of ESO which we do not have right now.

So wait their a way to make the performance in PVP even worst then it is now.Thank you for telling me I always been interested in this type of stuff.Well what do you think ZOs can do to stop this from happening again without making performance worse.

IMO...nothing.

Jaronking

Axorn wrote: »

show previous quotes

cyx54tc wrote: »

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

Lol I was thinking this but didn't really want to say anything.

Lenikus

I think they do quite a few client checks... well they should do at least...
But unless Zeni gets it's lil' hands on the actual trainer that allows people to do that, close to nothing can be done

Sir Daniel Fortesque

Jaronking wrote: »

Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

That happened because they moved over some files from client side to server side.

Faulgor

cyx54tc wrote: »

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

I thought that's what they did in 1.3 or something to prevent the item dupes and other exploitts after launch? That's why PvP performance went into the toilet.

Jaronking

Faulgor wrote: »

show previous quotes

cyx54tc wrote: »

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

I thought that's what they did in 1.3 or something to prevent the item dupes and other exploitts after launch? That's why PvP performance went into the toilet.

Now I know this one they did the opposite and did client side trust checks.It took a lot of work but it moved things away from the server which had PVP working fine to client side.

Rohamad_Ali

That's more then a few facts . I demand a title change to A lot of facts .

Also a TLDR version

oibam

cyx54tc wrote: »

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

-> Gamemasters ONLINE !!!

Krombie

oibam wrote: »

show previous quotes

cyx54tc wrote: »

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

-> Gamemasters ONLINE !!!

oibam wrote: »

show previous quotes

cyx54tc wrote: »

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

-> Gamemasters ONLINE !!!

oibam wrote: »

show previous quotes

cyx54tc wrote: »

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

-> Gamemasters ONLINE !!!

Support doesnt even work properly...

cyx54tc

Axorn wrote: »

show previous quotes

cyx54tc wrote: »

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

depends how you define dead.

Rex-Umbra

ZOS has data and they will be banning once they review it.

holosoul

Lenikus wrote: »

I think they do quite a few client checks... well they should do at least...
But unless Zeni gets it's lil' hands on the actual trainer that allows people to do that, close to nothing can be done

That's not true. It has nothing to do with that at all, or the specific process being used to open the game memory.

Let's evaluate how the PE (portal executable i.e. *.exe) format works for a moment

Don't worry, I won't offer a full solution or even a really helpful one for people who wouldn't be able to accomplish this on their own, but I will use some snippets from code I have personally written.

A windows processed is mapped to virtual memory space, and the whole process + allocated memory shares this space, whose base address is different from the kernel's perspective and the perspective of other processes than it is to itself.

Firstly, windows API offers a method to access the memory of any process assuming you have sufficient permissions.

#pragma region Open Map View
// Open a file mapped view of the executable
hFile = (unsigned long)CreateFile(fullname,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if((HANDLE)hFile == INVALID_HANDLE_VALUE) return false; //
hMapping = (unsigned long)CreateFileMapping((HANDLE)hFile,0,PAGE_READONLY,0,0,0);
if(!hMapping) return freeHandles(false,(HANDLE)hFile,NULL,NULL); //
pMapping = (char *)MapViewOfFile((HANDLE)hMapping,FILE_MAP_READ,0,0,0);
if(!pMapping) return freeHandles(false,(HANDLE)hFile,(HANDLE)hMapping,NULL);
#pragma endregion

This "map view of file" includes the file headers itself, which is important because it contains references to the IAT (import address table)
The next thing you would do is obviously validate that it is an NT format file, and then pull out the program entry point

entryPoint = NTHeaders->OptionalHeader.ImageBase + NTHeaders->OptionalHeader.AddressOfEntryPoint;

Then we would want to rewrite the first 2 bytes of the program into an infinite loop, to do this we have to page a certain region of the executable as being writable

if(!VirtualProtectEx(processinfo.hProcess,(LPVOID)entryPoint,2,PAGE_EXECUTE_READWRITE,&flProtect))
return freeHandles(false,(HANDLE)hFile,(HANDLE)hMapping,(void*)pMapping);

DWORD orig_main(0);
// save original 2 bytes of main
ReadProcessMemory(processinfo.hProcess,(LPVOID)entryPoint,&orig_main,2,0);
// write infinite jump (EB FE) to main (jump short -2 to itself)
WriteProcessMemory(processinfo.hProcess,(LPVOID)entryPoint,&infjmp,2,0);

I'm not going to go into much more code than this, because it would reveal a method of hacking which is almost completely unknown to the general public and more or less impossible to find any information about on google. This fact is really down to the maturity of knowledgeable people simply not sharing any information, and it will remain that way in general.

You write a dll stub in raw machine code, such as this 68,FE,BE,EB,FE,B8,FE,BE,EB,FE,FF,D0,6A,FE,B8,FE,BE,EB,FE,FF,D0,CC,CC,CC,CC,CC,CC,CC,CC,CC,CC,CC,

which is the compiled version of something like this
__declspec(naked) void loadDll(void)
{
_asm {
// Placeholder for the string address and LoadLibrary
push 0xFEEBBEFE
mov eax, 0xFEEBBEFE

// Call LoadLibrary with the string parameter
call eax

// SuspendThread argument
push 0xFFFFFFFE
mov eax, 0xFEEBBEFE // SuspendThread address
call eax;
}
}

you ask the kernel via win32 for the address of kernel32.dll->loadlibrary and suspendthread
allocate memory in the opened process readwriteexecute paged
write the actual filename of our dll to remote process memory in its own ram
get the thread context of the remote process, take its EIP and save it
modify EIP so it points to the first byte of our opcode stub
take the foreign addresses we got in the earlier step from the kernel, and write those real addresses into the stub (which is basically a plain array of bytes)

Then we've injected our DLL and it happens before the process has a chance to execute even '1' instruction, much less open game guard or some other program. The reverse engineering of game guard is a really tedious process, but it is by no means difficult for an experienced programmer/engineer.

---

Ok, so you can inject a DLL into the remote process, so what?
Well, for one thing you could do something like rewrite the IAT so that instead of winsock.send and winsock.connect calling their expected functions, they actually call a function in your DLL first, which then detours the function back to the real process after it changes them (such as to make a localhost proxy of the program for network modification or bots), almost no one writes bots so advanced, most of them are what I would call "macros" rather than actual AI with full network awareness.

The memory of the program is more or less open season for a hunt, and memory editing should be considered the most accessible and easy method of cheating. An online game can't reliable trust that the memory in the client has not been modified under any circumstance. It should be completely irrelevant except as a "view" and "command request" process.

Whether or not ZOS has access to some random memory hack isn't remotely relevant to whether or not they should be able to prevent it. The reason is that the server must be aware of your player statistics on its own, and even if you locally change your health to 2 billion that shouldn't even begin to matter. If they wanted performance movement they could simply receive a movement vector from the client, without positional data of any kind. This vector should not include the z-axis in the first place, as that is (in the scope of ESO) handled entirely but the jump command. Validating whether the vector is valid shouldn't take more than 100 raw OPs, less than 10 to check that the numbers are within valid ranges, another 20 or 30 to validate the speed modification state from RAM, and another 50 to access whether the next tile (should be O(1) position access) is a valid place to move. Whether you have or do not have enough ultimate should really just be an O(1) [players[id] direct offset] validation of your current ultimate value.

I could probably write a thesis about network mechanics, but what's going on is really unprofessional and I am deeply disappointed. Nevertheless, no ZOS does not need to find the client hack to fix the problem. It shouldn't even be possible in the first place.

Pigment

So... If they fix the hacks, it creates more lag. If they fix the lag, it creates more hacks. Also, if you're caught cheating, you only get a 3 day ban, max. So Zenimax doesn't care if we cheat? What kind of *** is that?

code65536

Zyle wrote: »

They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

Speaking as a programmer with experience in reverse engineering security... this will never work.

If I were the engineer designing this, what I'd do is to trust the client, but have a separate server-side watchdog that audits what the client does and see if the client's calculations actually agree with what the calculations that the server would've made if the server was doing full validation. And by separate, I mean it's not handled by the actual game server but by a separate server, working alongside the main server.

The key difference between this and a full server-validation system is that this doesn't have to be real-time and so it won't affect server performance. If the client sends bogus data, the game server will act on it, but the watchdog will, at a later point in time (a few seconds later), detect an abnormality and flag/boot the client. So you can get one errant meteor or whatever off, but it'll result in you being booted off the server a few seconds later.

You can either prevent cheats by making it impossible to send any bogus data, which requires full game server validation, which takes a severe performance hit. Or you can make prevent cheats by making it futile to send bogus data more than once, which can be done in parallel and not in real-time.

Julianos

cyx54tc wrote: »

show previous quotes

Axorn wrote: »

cyx54tc wrote: »

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

depends how you define dead.

high pvp lag, hackers on the loose, exploits = dead game

Faulgor

code65536 wrote: »

show previous quotes

Zyle wrote: »

They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

Speaking as a programmer with experience in reverse engineering security... this will never work.

If I were the engineer designing this, what I'd do is to trust the client, but have a separate server-side watchdog that audits what the client does and see if the client's calculations actually agree with what the calculations that the server would've made if the server was doing full validation. And by separate, I mean it's not handled by the actual game server but by a separate server, working alongside the main server.

The key difference between this and a full server-validation system is that this doesn't have to be real-time and so it won't affect server performance. If the client sends bogus data, the game server will act on it, but the watchdog will, at a later point in time (a few seconds later), detect an abnormality and flag/boot the client. So you can get one errant meteor or whatever off, but it'll result in you being booted off the server a few seconds later.

You can either prevent cheats by making it impossible to send any bogus data, which requires full game server validation, which takes a severe performance hit. Or you can make prevent cheats by making it futile to send bogus data more than once, which can be done in parallel and not in real-time.

I don't know a whole lot about programming, but I'd have thought about a similar solution as well ... but I just tell to myself "nah, it can't be that simple, or else they would have already done it".

So what are the reasons this isn't done by all online games?

Julianos

Faulgor wrote: »

show previous quotes

code65536 wrote: »

Zyle wrote: »

They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

Speaking as a programmer with experience in reverse engineering security... this will never work.

If I were the engineer designing this, what I'd do is to trust the client, but have a separate server-side watchdog that audits what the client does and see if the client's calculations actually agree with what the calculations that the server would've made if the server was doing full validation. And by separate, I mean it's not handled by the actual game server but by a separate server, working alongside the main server.

The key difference between this and a full server-validation system is that this doesn't have to be real-time and so it won't affect server performance. If the client sends bogus data, the game server will act on it, but the watchdog will, at a later point in time (a few seconds later), detect an abnormality and flag/boot the client. So you can get one errant meteor or whatever off, but it'll result in you being booted off the server a few seconds later.

You can either prevent cheats by making it impossible to send any bogus data, which requires full game server validation, which takes a severe performance hit. Or you can make prevent cheats by making it futile to send bogus data more than once, which can be done in parallel and not in real-time.

I don't know a whole lot about programming, but I'd have thought about a similar solution as well ... but I just tell to myself "nah, it can't be that simple, or else they would have already done it".

So what are the reasons this isn't done by all online games?

i think real problem and the mess comes from megaserver architecture its just too much load and they cant effort any other systems on it

Abeille

Thanks for this post, OP. It is definitely not my area and I understand very little of all of this. Your post surely helped.

Lava_Croft

This is a game that was worked on for at least 6 years, is an MMO and was released without any form of meaningful protection against the most basic hacks.

'Nuff said.

SirAndy

cyx54tc wrote: »

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Why is client trust model used instead of server trust?
Because when they had that meeting where some kid "programmer" said:

"Hey, i have an idea! Why don't we ignore what everyone else has already figured out and use client side trusted decisions so we don't have to write good server code! I mean, "Never trust the client" is soooo '90s ..."

Nobody stood up and told the kid: "Are you insane?"



If they had implemented a server based system using UDP for transport, optimizing the data packets for throughput and used client side prediction combined with server side prediction and server side decision (!) the game could easily support hundreds of players in the same spot without lag and most importantly, without cheating.

SirAndy

Zyle wrote: »

They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

But that's not how the hacks are done. None of the game files are modified.

What people need to understand is that on the PC, you can write an app that can read and write *any* running process's memory. Memory is NOT protected!

And it's not hard to do either, the code required for such an app is pretty simple. Once you find the right data offsets while the game is running, you can change them at will in realtime.

Rohamad_Ali

SirAndy wrote: »

show previous quotes

cyx54tc wrote: »

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Why is client trust model used instead of server trust?
Because when they had that meeting where some kid "programmer" said:

"Hey, i have an idea! Why don't we ignore what everyone else has already figured out and use client side trusted decisions so we don't have to write good server code! I mean, "Never trust the client" is soooo '90s ..."

Nobody stood up and told the kid: "Are you insane?"



If they had implemented a server based system using UDP for transport, optimizing the data packets for throughput and used client side prediction combined with server side prediction and server side decision (!) the game could easily support hundreds of players in the same spot without lag and most importantly, without cheating.

You're abusing the amount of acceptable emojis . Also , this is a Fable made into a myth wrapped in a urban legend .

sadownik

@holosoul i must admit that you shed a light on the situation but as you i am very surprised to see that simple program like .... can be used in ESO. I mean damn... used it myself ages ago for single player game, didnt think any of the new AAA MMOs are prone to that hack.