A few facts about the recent ultimate exploit/hack

cyx54tc

Axorn wrote: »

show previous quotes

cyx54tc wrote: »

Axorn wrote: »

cyx54tc wrote: »

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

depends how you define dead.

high pvp lag, hackers on the loose, exploits = dead game

It has been like this since day 1 isn't it. The game's big structure never changed.

Zakor

cyx54tc wrote: »

show previous quotes

Axorn wrote: »

cyx54tc wrote: »

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

depends how you define dead.

The game is far from being dead. Dead would mean there is no way to prevent this, but there are several. At it's current state I think the games architecture won't allow an "easy" approach to fix this problem forever. What do i mean with easy? Well it's not like changing a few lines of code or implementing a new system. You can't just let the servers do the calcs for performance reasons.

So what could help without draining too much performance? A watcher task. What will it do? It will search for any change in the games memory area that is not done by the game itself. Since this will run on another thread and in the background it shouldn't slow the game more than opening another program or having a virus scanner.

Why is it necessary to scan the memory? Wouldn't xyz do the job?
This is just one way to prevent cheating/hacking completly (if done correctly). There may be other ways. But every way, that won't protect the games memory area in some way or let the server do the calculations completly can be exploitet with the correct cheats/hacks. Actually it is possible to change and read entries in your memory. So it also is possible to find the point in the memory which holds the data about your ult points, magicka, ... . When found this point can be used to change the value ingame. So the only logical way to prevent this behaviour is to block (hard) or detect (actually pretty easy) those changes and ban the player for cheating or at least trying.

For the moment other solutions may help aswell, but in the end you have to say: When someone really wants to cheat, he will be able to cheat. It's just a question of how hard the devs will make this for him. And if it's to hard the most cheats get useless just in cause of the effort you would have to use them.

umagon

I think it might have been more of a upper management problem. They probably asked the server architect(s) to give them a break down of the different structures' operating costs; then made a decision to go with whatever costed less. I couldn't see any professional willing using client trust on a game like this.

Julianos

cyx54tc wrote: »

show previous quotes

Axorn wrote: »

cyx54tc wrote: »

Axorn wrote: »

cyx54tc wrote: »

I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

depends how you define dead.

high pvp lag, hackers on the loose, exploits = dead game

It has been like this since day 1 isn't it. The game's big structure never changed.

Sadly yes it was

PurifedBladez

Hackers are the worse kind of people. Lol.

clocksstoppe

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

Lord_Eomer

Cheaters should be punished hard...

code65536

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

clocksstoppe

code65536 wrote: »

show previous quotes

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Lava_Croft

code65536 wrote: »

show previous quotes

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Basically we are back in the same state as when the game released, only this time around PvP already runs like crap.

This does not bode well...

Zakor

clocksstoppe wrote: »

show previous quotes

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

susmitds

Server based combat is already present. I tested it out using localhost to simulate staying by online after DCing. Ultimates or any skills did not work. Only thing that worked was weapon attacks, block and dodge. But yeah, the client is vulnerable at such times.

clocksstoppe

Zakor wrote: »

show previous quotes

clocksstoppe wrote: »

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.


How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.


How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.


Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.

code65536

clocksstoppe wrote: »

show previous quotes

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

The problem isn't the calculations--that likely isn't too much. The problem is the extra latency. Instead of the client taking input and calculating the character's position locally, now it takes input, sends that input to the server, waits for a response, and then updates the position locally. That's a full roundtrip exchange over the network. Hello, latency?

clocksstoppe

code65536 wrote: »

show previous quotes

clocksstoppe wrote: »

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

The problem isn't the calculations--that likely isn't too much. The problem is the extra latency. Instead of the client taking input and calculating the character's position locally, now it takes input, sends that input to the server, waits for a response, and then updates the position locally. That's a full roundtrip exchange over the network. Hello, latency?

These problems have been solved a long time ago with client-side interpolation and prediction.

Zakor

clocksstoppe wrote: »

show previous quotes

Zakor wrote: »

clocksstoppe wrote: »

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.


How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.


How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.


Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.

And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.

Or to say it in another way: No constraint will stop people from cheating. It will just make it a bit harder until people found out the exact value of the constraint. I can't move up 50meters? Well then I'll just fly 40 meters above ground. Srsly...

clocksstoppe

Zakor wrote: »

show previous quotes

clocksstoppe wrote: »

Zakor wrote: »

clocksstoppe wrote: »

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.


How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.


How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.


Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.

And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.

Just admit it, you have no idea what you are talking about. The position of every player is already saved on the server, how else would it transfer it to you to see the positions of other players?

Zakor

clocksstoppe wrote: »

show previous quotes

Zakor wrote: »

clocksstoppe wrote: »

Zakor wrote: »

clocksstoppe wrote: »

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.


How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.


How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.


Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.

And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.

Just admit it, you have no idea what you are talking about. The position of every player is already saved on the server, how else would it transfer it to you to see the positions of other players?

Ofc is the position stored, but just to broadcast it to other players. If want to run checks on it you have to backup at least the last recieved position, maybe even more. Thats EXTRA data. Do you think your arguments to the end or just say what comes to your mind?

Next thing is that the gridcheck wouldn't even work that way. It may prevent you from flying up a wall but could also trigger while falling down. Those are things you don't think about. Same with speed.

clocksstoppe

Zakor wrote: »

show previous quotes

clocksstoppe wrote: »

Zakor wrote: »

clocksstoppe wrote: »

Zakor wrote: »

clocksstoppe wrote: »

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.


How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.


How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.


Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.

And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.

Just admit it, you have no idea what you are talking about. The position of every player is already saved on the server, how else would it transfer it to you to see the positions of other players?

Ofc is the position stored, but just to broadcast it to other players. If want to run checks on it you have to backup at least the last recieved position, maybe even more. Thats EXTRA data. Do you think your arguments to the end or just say what comes to your mind?

Next thing is that the gridcheck wouldn't even work that way. It may prevent you from flying up a wall but could also trigger while falling down. Those are things you don't think about. Same with speed.

You can do it without storing two positions, the hell dude? Also are you seriously going to claim they don't have enough RAM?
Im going to go now, pointless talking to you, you have no idea how servers work in practice if you're going to bring these stupid arguments.

SirAndy

clocksstoppe wrote: »

show previous quotes

code65536 wrote: »

There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Zakor

clocksstoppe wrote: »

show previous quotes

Zakor wrote: »

clocksstoppe wrote: »

Zakor wrote: »

clocksstoppe wrote: »

Zakor wrote: »

clocksstoppe wrote: »

code65536 wrote: »

clocksstoppe wrote: »

Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.

You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.

The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.

Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.


How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.


How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.


Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.

And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.

Just admit it, you have no idea what you are talking about. The position of every player is already saved on the server, how else would it transfer it to you to see the positions of other players?

Ofc is the position stored, but just to broadcast it to other players. If want to run checks on it you have to backup at least the last recieved position, maybe even more. Thats EXTRA data. Do you think your arguments to the end or just say what comes to your mind?

Next thing is that the gridcheck wouldn't even work that way. It may prevent you from flying up a wall but could also trigger while falling down. Those are things you don't think about. Same with speed.

You can do it without storing two positions, the hell dude? Also are you seriously going to claim they don't have enough RAM?
Im going to go now, pointless talking to you, you have no idea how servers work in practice if you're going to bring these stupid arguments.

If you say so. I didn't claim they won't have enough RAM, thats what you made out of it. Fact is that your ...let me call it suggestion won't help at all, just make it harder for a few weeks.

SirAndy

Zakor wrote: »

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

You are the one who is wrong...
I've worked on client/server based game engines as well as enterprise level high traffic client/server systems.

If done right, a server side system would but multitudes faster than anything we have ever seen from ESO. There as so many bad design decisions in this game, it's missing all the fundamental parts that make for a lean and fast client/server system.

Zakor

SirAndy wrote: »

show previous quotes

Zakor wrote: »

Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would

1. be a slower than now in cause of having to send the needed calc data to the server
2. be slower due to the server doing MANY calculations for MANY players

Again, you are wrong.

You are the one who is wrong...
I've worked on client/server based game engines as well as enterprise level high traffic client/server systems.

If done right, a server side system would but multitudes faster than anything we have ever seen from ESO. There as so many bad design decisions in this game, it's missing all the fundamental parts that make for a lean and fast client/server system.

So I would like to hear how a server that have to run checks/calcs would be faster than a server that just passes data to different clients to display them. (No really, this interests me, maybe I'm missing a detail you know)
And, to come back to topic, how would you end those cheats WITHOUT having to pass all the checks to the server since that would change the complete architecture of the game or at least combat. I think we can agree they won't do that.

Reykice

Pigment wrote: »

So... If they fix the hacks, it creates more lag. If they fix the lag, it creates more hacks. Also, if you're caught cheating, you only get a 3 day ban, max. So Zenimax doesn't care if we cheat? What kind of *** is that?

Really? 3 day ban? hell why is anyone not cheating at this point lol, absolute power with virtually no risk.

The permanent ban prevented me but 3 days, ha.

Reykice

sadownik wrote: »

@holosoul i must admit that you shed a light on the situation but as you i am very surprised to see that simple program like .... can be used in ESO. I mean damn... used it myself ages ago for single player game, didnt think any of the new AAA MMOs are prone to that hack.

Cheat engine can be used on anything as long as the developers are stupid enough not to validate client requests.

Basically, the server believes everything your client tells it to no verification of any kind. So you can just edit the memory and change the values just like in a single player game.

This doesn`t work with any game tho, the better designed mmo`s validate that data so you simply can`t change it. But ESO went the fast and cheap way... or they did not have good enough people or whatever so basically its a cheaters paradise.

But oh well, they have pretty mounts right?

Farorin

I don't know how to fix the problem, but a first time warning ban should be implemented on those with proof of cheating, a longer second time warning can be implemented if same or very similar exploit used, and a full life time ban on those that do it a third time would at least help.

Lava_Croft

Farorin wrote: »

I don't know how to fix the problem, but a first time warning ban should be implemented on those with proof of cheating, a longer second time warning can be implemented if same or very similar exploit used, and a full life time ban on those that do it a third time would at least help.

Anyone found cheating using a third party program is someone who without doubt willingly cheated. This should constitute nothing but a permanent ban.

TrueGreenSmoker

I feel so bad for you PC players I felt 3 meteors on me it hurts but raining meteors like the YT videos my God its destroying the game for many people i also heard they doing this in PvE just ulti the adds down dont know if thats true but damn the leaderboards will be BS too...

EZgoin76

All this just to kill more players in a video game.
No wonder there isn't a cure for cancer yet.

sekou_trayvond

Some serious 'inside baseball ' talk being had here.

Very much appreciated for it's nuance and technical insights.

Sure beats reading about crown store prices, crafting bags and RNG for the umpteenth time.

/HatTip