I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.
Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.
An example flow of client trust (not necessary how ESO does it)
Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate
so what would happen if someone modified the ESO client and removed step 2, 3 on client side?
An example flow of Server trust
Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate
so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid
Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.
Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.
Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......
Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect
Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...
so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?
depends how you define dead.
high pvp lag, hackers on the loose, exploits = dead game
I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.
Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.
An example flow of client trust (not necessary how ESO does it)
Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate
so what would happen if someone modified the ESO client and removed step 2, 3 on client side?
An example flow of Server trust
Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate
so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid
Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.
Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.
Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......
Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect
Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...
so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?
depends how you define dead.
I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.
Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.
An example flow of client trust (not necessary how ESO does it)
Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate
so what would happen if someone modified the ESO client and removed step 2, 3 on client side?
An example flow of Server trust
Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate
so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid
Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.
Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.
Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......
Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect
Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...
so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?
depends how you define dead.
high pvp lag, hackers on the loose, exploits = dead game
It has been like this since day 1 isn't it. The game's big structure never changed.
clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Basically we are back in the same state as when the game released, only this time around PvP already runs like crap.clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would
- be a slower than now in cause of having to send the needed calc data to the server
- be slower due to the server doing MANY calculations for MANY players
Again, you are wrong.
clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
The problem isn't the calculations--that likely isn't too much. The problem is the extra latency. Instead of the client taking input and calculating the character's position locally, now it takes input, sends that input to the server, waits for a response, and then updates the position locally. That's a full roundtrip exchange over the network. Hello, latency?
clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would
- be a slower than now in cause of having to send the needed calc data to the server
- be slower due to the server doing MANY calculations for MANY players
Again, you are wrong.
No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.
How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.
How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.
Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.
clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would
- be a slower than now in cause of having to send the needed calc data to the server
- be slower due to the server doing MANY calculations for MANY players
Again, you are wrong.
No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.
How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.
How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.
Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.
And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.
clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would
- be a slower than now in cause of having to send the needed calc data to the server
- be slower due to the server doing MANY calculations for MANY players
Again, you are wrong.
No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.
How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.
How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.
Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.
And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.
Just admit it, you have no idea what you are talking about. The position of every player is already saved on the server, how else would it transfer it to you to see the positions of other players?
clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would
- be a slower than now in cause of having to send the needed calc data to the server
- be slower due to the server doing MANY calculations for MANY players
Again, you are wrong.
No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.
How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.
How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.
Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.
And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.
Just admit it, you have no idea what you are talking about. The position of every player is already saved on the server, how else would it transfer it to you to see the positions of other players?
Ofc is the position stored, but just to broadcast it to other players. If want to run checks on it you have to backup at least the last recieved position, maybe even more. Thats EXTRA data. Do you think your arguments to the end or just say what comes to your mind?
Next thing is that the gridcheck wouldn't even work that way. It may prevent you from flying up a wall but could also trigger while falling down. Those are things you don't think about. Same with speed.
clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »clocksstoppe wrote: »Fun? Not fun at all, in fact it's a disgrace that 2016 game programmers can't implement an authoritative server model in an MMO.
You are very wrong however, fixing the ultimate exploit would have literally no performance hit. It's an int compare extra.
The Ultimate cheat is only the most visible and problematic one. There are other problems that people have posted, like characters walking on air. There's a lot of state-keeping on the client-side, and offloading that to the server will have a very detrimental effect on performance. Period.
Only if they are terrible programmers. There are always ways to fix these problems, you just need the right people for it.
Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations would
- be a slower than now in cause of having to send the needed calc data to the server
- be slower due to the server doing MANY calculations for MANY players
Again, you are wrong.
No, YOU are wrong. You don't HAVE to do those exact calculations, you just have to impose constraints on what the client claims to have calculated using cheaper calculations.
How to cheaply negate speed hack: compare the new position sent by client to the position on the server. If it's farther than the actual speed of the player, deny movement.
How to negate the "character walking on air": You use a simple (2d) grid system for the world map where each tile has a tolerance range for the height allowed for the player standing in it. Grids are extremely cheap and you still allow the client to do complex mesh collision calculations to look right on the client side.
Naysayers like you are exactly the problem. You give them an excuse for doing a terrible job.
And where would you save things like position or speed of a player? On the server? sure, lets collect some extra data, save them on serverside instead of just passing them to the server and do a few checks. That obviously wont affect performance at all. No thats the wonder we all waited for. If we would do it like that we could have began with a server side architecture and let the server do all calcs. I'm not a "naysayer" nor do I give them an excuse. I just state that it isn't as easy as you describe it.
Just admit it, you have no idea what you are talking about. The position of every player is already saved on the server, how else would it transfer it to you to see the positions of other players?
Ofc is the position stored, but just to broadcast it to other players. If want to run checks on it you have to backup at least the last recieved position, maybe even more. Thats EXTRA data. Do you think your arguments to the end or just say what comes to your mind?
Next thing is that the gridcheck wouldn't even work that way. It may prevent you from flying up a wall but could also trigger while falling down. Those are things you don't think about. Same with speed.
You can do it without storing two positions, the hell dude? Also are you seriously going to claim they don't have enough RAM?
Im going to go now, pointless talking to you, you have no idea how servers work in practice if you're going to bring these stupid arguments.
You are the one who is wrong...Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations wouldAgain, you are wrong.
- be a slower than now in cause of having to send the needed calc data to the server
- be slower due to the server doing MANY calculations for MANY players
You are the one who is wrong...Sorry dude, but you are horribly wrong. This has nothing to do with people not being able to program it but with the server side calculations wouldAgain, you are wrong.
- be a slower than now in cause of having to send the needed calc data to the server
- be slower due to the server doing MANY calculations for MANY players
I've worked on client/server based game engines as well as enterprise level high traffic client/server systems.
If done right, a server side system would but multitudes faster than anything we have ever seen from ESO. There as so many bad design decisions in this game, it's missing all the fundamental parts that make for a lean and fast client/server system.
So... If they fix the hacks, it creates more lag. If they fix the lag, it creates more hacks. Also, if you're caught cheating, you only get a 3 day ban, max. So Zenimax doesn't care if we cheat? What kind of *** is that?
@holosoul i must admit that you shed a light on the situation but as you i am very surprised to see that simple program like .... can be used in ESO. I mean damn... used it myself ages ago for single player game, didnt think any of the new AAA MMOs are prone to that hack.
Anyone found cheating using a third party program is someone who without doubt willingly cheated. This should constitute nothing but a permanent ban.I don't know how to fix the problem, but a first time warning ban should be implemented on those with proof of cheating, a longer second time warning can be implemented if same or very similar exploit used, and a full life time ban on those that do it a third time would at least help.