Maintenance for the week of March 25:
• [COMPLETE] Xbox: NA and EU megaservers for patch maintenance – March 26, 6:00AM EDT (10:00 UTC) - 12:00PM EDT (16:00 UTC)
• [COMPLETE] PlayStation®: NA and EU megaservers for patch maintenance – March 26, 6:00AM EDT (10:00 UTC) - 12:00PM EDT (16:00 UTC)
• ESO Store and Account System for maintenance – March 28, 9:00AM EDT (13:00 UTC) - 12:00PM EDT (16:00 UTC)

A few facts about the recent ultimate exploit/hack

cyx54tc
cyx54tc
✭✭✭✭
I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...
Edited by cyx54tc on May 30, 2016 1:07AM
  • Jaronking
    Jaronking
    ✭✭✭✭✭
    Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.
  • cyx54tc
    cyx54tc
    ✭✭✭✭
    Jaronking wrote: »
    Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

    anti hack engine is something like a wrapper on top of ESO which we do not have right now.
  • milesrodneymcneely2_ESO
    milesrodneymcneely2_ESO
    ✭✭✭✭✭
    Jaronking wrote: »
    Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.
    I never thought I'd actually miss the farming bots...

    :/
  • Zyle
    Zyle
    ✭✭✭✭✭
    They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

    676 CP
    Zyle - LVL50 Stamina Nightblade - Former Emp AS - VMA Clear (Flawless)
    Joven - LVL50 Hybrid Templar
    Adion - LVL50 Stamina DK
    Radac - LVL50 Magicka Sorcerer
    Vanikath - LVL50 Magicka DK
  • Jaronking
    Jaronking
    ✭✭✭✭✭
    cyx54tc wrote: »
    Jaronking wrote: »
    Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

    anti hack engine is something like a wrapper on top of ESO which we do not have right now.
    So wait their a way to make the performance in PVP even worst then it is now.Thank you for telling me I always been interested in this type of stuff.Well what do you think ZOs can do to stop this from happening again without making performance worse.
  • cyx54tc
    cyx54tc
    ✭✭✭✭
    Zyle wrote: »
    They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

    but then you will have to make sure the process itself did not get modified
  • Julianos
    Julianos
    ✭✭✭✭✭
    cyx54tc wrote: »
    I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

    Fact 1: Why this is possible to do with ESO?
    ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

    An example flow of client trust (not necessary how ESO does it)

    Client :
    1. Player pressed ultimate key
    2. Validate if player has enough ultimate point to cast it
    3. if player has enough then decrement ultimate point, if not then do nothing
    4. tell server player casted ultimate
    Server:
    1. received player cast ultimate request
    2. broadcast to all players that player A has casted ultimate

    so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

    An example flow of Server trust

    Client :
    1. Player pressed ultimate key
    2. Validate if player has enough ultimate point to cast it
    3. if not then do nothing
    4. tell server player wants to cast ultimate
    Server:
    1. received player cast ultimate request
    2. validate if player has enough ultimate point to cast it. If not then do nothing.
    3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

    so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

    Fact 2: How can it be fixed completely?
    Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

    Fact 3: Why is client trust model used instead of server trust?
    If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

    Fact 4: Could ZoS just simply detect those people and ban them all?
    I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

    Fact 5: What exploits/hacks are possible with ESO?
    Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

    Fact 6: What is a potential solution?
    Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

    so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?
  • cyx54tc
    cyx54tc
    ✭✭✭✭
    Jaronking wrote: »
    cyx54tc wrote: »
    Jaronking wrote: »
    Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

    anti hack engine is something like a wrapper on top of ESO which we do not have right now.
    So wait their a way to make the performance in PVP even worst then it is now.Thank you for telling me I always been interested in this type of stuff.Well what do you think ZOs can do to stop this from happening again without making performance worse.

    IMO...nothing.
  • Jaronking
    Jaronking
    ✭✭✭✭✭
    Axorn wrote: »
    cyx54tc wrote: »
    I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

    Fact 1: Why this is possible to do with ESO?
    ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

    An example flow of client trust (not necessary how ESO does it)

    Client :
    1. Player pressed ultimate key
    2. Validate if player has enough ultimate point to cast it
    3. if player has enough then decrement ultimate point, if not then do nothing
    4. tell server player casted ultimate
    Server:
    1. received player cast ultimate request
    2. broadcast to all players that player A has casted ultimate

    so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

    An example flow of Server trust

    Client :
    1. Player pressed ultimate key
    2. Validate if player has enough ultimate point to cast it
    3. if not then do nothing
    4. tell server player wants to cast ultimate
    Server:
    1. received player cast ultimate request
    2. validate if player has enough ultimate point to cast it. If not then do nothing.
    3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

    so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

    Fact 2: How can it be fixed completely?
    Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

    Fact 3: Why is client trust model used instead of server trust?
    If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

    Fact 4: Could ZoS just simply detect those people and ban them all?
    I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

    Fact 5: What exploits/hacks are possible with ESO?
    Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

    Fact 6: What is a potential solution?
    Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

    so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?
    Lol I was thinking this but didn't really want to say anything.
  • Lenikus
    Lenikus
    ✭✭✭✭✭
    I think they do quite a few client checks... well they should do at least...
    But unless Zeni gets it's lil' hands on the actual trainer that allows people to do that, close to nothing can be done
    ... Mai cave. >:3
  • Sir Daniel Fortesque
    Jaronking wrote: »
    Wait I thought ZOS did Fact 6 to get rid of all the bots.That why performance got worst when they added to the game.

    That happened because they moved over some files from client side to server side.
  • Faulgor
    Faulgor
    ✭✭✭✭✭
    ✭✭✭✭✭
    cyx54tc wrote: »
    Fact 2: How can it be fixed completely?
    Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

    I thought that's what they did in 1.3 or something to prevent the item dupes and other exploitts after launch? That's why PvP performance went into the toilet.
    Alandrol Sul: He's making another Numidium?!?
    Vivec: Worse, buddy. They're buying it.
  • Jaronking
    Jaronking
    ✭✭✭✭✭
    Faulgor wrote: »
    cyx54tc wrote: »
    Fact 2: How can it be fixed completely?
    Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

    I thought that's what they did in 1.3 or something to prevent the item dupes and other exploitts after launch? That's why PvP performance went into the toilet.
    Now I know this one they did the opposite and did client side trust checks.It took a lot of work but it moved things away from the server which had PVP working fine to client side.
  • Rohamad_Ali
    Rohamad_Ali
    ✭✭✭✭✭
    ✭✭✭✭✭
    That's more then a few facts . I demand a title change to A lot of facts .

    Also a TLDR version
  • oibam
    oibam
    ✭✭✭✭✭
    cyx54tc wrote: »
    Fact 6: What is a potential solution?
    Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

    -> Gamemasters ONLINE !!!
  • Krombie
    Krombie
    ✭✭✭
    oibam wrote: »
    cyx54tc wrote: »
    Fact 6: What is a potential solution?
    Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

    -> Gamemasters ONLINE !!!
    oibam wrote: »
    cyx54tc wrote: »
    Fact 6: What is a potential solution?
    Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

    -> Gamemasters ONLINE !!!
    oibam wrote: »
    cyx54tc wrote: »
    Fact 6: What is a potential solution?
    Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

    -> Gamemasters ONLINE !!!

    Support doesnt even work properly...
  • cyx54tc
    cyx54tc
    ✭✭✭✭
    Axorn wrote: »
    cyx54tc wrote: »
    I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

    Fact 1: Why this is possible to do with ESO?
    ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

    An example flow of client trust (not necessary how ESO does it)

    Client :
    1. Player pressed ultimate key
    2. Validate if player has enough ultimate point to cast it
    3. if player has enough then decrement ultimate point, if not then do nothing
    4. tell server player casted ultimate
    Server:
    1. received player cast ultimate request
    2. broadcast to all players that player A has casted ultimate

    so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

    An example flow of Server trust

    Client :
    1. Player pressed ultimate key
    2. Validate if player has enough ultimate point to cast it
    3. if not then do nothing
    4. tell server player wants to cast ultimate
    Server:
    1. received player cast ultimate request
    2. validate if player has enough ultimate point to cast it. If not then do nothing.
    3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

    so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

    Fact 2: How can it be fixed completely?
    Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

    Fact 3: Why is client trust model used instead of server trust?
    If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

    Fact 4: Could ZoS just simply detect those people and ban them all?
    I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

    Fact 5: What exploits/hacks are possible with ESO?
    Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

    Fact 6: What is a potential solution?
    Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

    so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

    depends how you define dead.
  • Rex-Umbra
    Rex-Umbra
    ✭✭✭✭✭
    ✭✭
    ZOS has data and they will be banning once they review it.
    Xbox GT: Rex Umbrah
    GM of IMPERIUM since 2015.
  • holosoul
    holosoul
    ✭✭✭✭
    Lenikus wrote: »
    I think they do quite a few client checks... well they should do at least...
    But unless Zeni gets it's lil' hands on the actual trainer that allows people to do that, close to nothing can be done

    That's not true. It has nothing to do with that at all, or the specific process being used to open the game memory.

    Let's evaluate how the PE (portal executable i.e. *.exe) format works for a moment

    Don't worry, I won't offer a full solution or even a really helpful one for people who wouldn't be able to accomplish this on their own, but I will use some snippets from code I have personally written.

    A windows processed is mapped to virtual memory space, and the whole process + allocated memory shares this space, whose base address is different from the kernel's perspective and the perspective of other processes than it is to itself.

    Firstly, windows API offers a method to access the memory of any process assuming you have sufficient permissions.

    #pragma region Open Map View
    // Open a file mapped view of the executable
    hFile = (unsigned long)CreateFile(fullname,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
    if((HANDLE)hFile == INVALID_HANDLE_VALUE) return false; // :(
    hMapping = (unsigned long)CreateFileMapping((HANDLE)hFile,0,PAGE_READONLY,0,0,0);
    if(!hMapping) return freeHandles(false,(HANDLE)hFile,NULL,NULL); // :(
    pMapping = (char *)MapViewOfFile((HANDLE)hMapping,FILE_MAP_READ,0,0,0);
    if(!pMapping) return freeHandles(false,(HANDLE)hFile,(HANDLE)hMapping,NULL);
    #pragma endregion

    This "map view of file" includes the file headers itself, which is important because it contains references to the IAT (import address table)
    The next thing you would do is obviously validate that it is an NT format file, and then pull out the program entry point

    entryPoint = NTHeaders->OptionalHeader.ImageBase + NTHeaders->OptionalHeader.AddressOfEntryPoint;

    Then we would want to rewrite the first 2 bytes of the program into an infinite loop, to do this we have to page a certain region of the executable as being writable

    if(!VirtualProtectEx(processinfo.hProcess,(LPVOID)entryPoint,2,PAGE_EXECUTE_READWRITE,&flProtect))
    return freeHandles(false,(HANDLE)hFile,(HANDLE)hMapping,(void*)pMapping);

    DWORD orig_main(0);
    // save original 2 bytes of main
    ReadProcessMemory(processinfo.hProcess,(LPVOID)entryPoint,&orig_main,2,0);
    // write infinite jump (EB FE) to main (jump short -2 to itself)
    WriteProcessMemory(processinfo.hProcess,(LPVOID)entryPoint,&infjmp,2,0);

    I'm not going to go into much more code than this, because it would reveal a method of hacking which is almost completely unknown to the general public and more or less impossible to find any information about on google. This fact is really down to the maturity of knowledgeable people simply not sharing any information, and it will remain that way in general.

    You write a dll stub in raw machine code, such as this 68,FE,BE,EB,FE,B8,FE,BE,EB,FE,FF,D0,6A,FE,B8,FE,BE,EB,FE,FF,D0,CC,CC,CC,CC,CC,CC,CC,CC,CC,CC,CC,

    which is the compiled version of something like this
    __declspec(naked) void loadDll(void)
    {
    _asm {
    // Placeholder for the string address and LoadLibrary
    push 0xFEEBBEFE
    mov eax, 0xFEEBBEFE

    // Call LoadLibrary with the string parameter
    call eax

    // SuspendThread argument
    push 0xFFFFFFFE
    mov eax, 0xFEEBBEFE // SuspendThread address
    call eax;
    }
    }

    you ask the kernel via win32 for the address of kernel32.dll->loadlibrary and suspendthread
    allocate memory in the opened process readwriteexecute paged
    write the actual filename of our dll to remote process memory in its own ram
    get the thread context of the remote process, take its EIP and save it
    modify EIP so it points to the first byte of our opcode stub
    take the foreign addresses we got in the earlier step from the kernel, and write those real addresses into the stub (which is basically a plain array of bytes)

    Then we've injected our DLL and it happens before the process has a chance to execute even '1' instruction, much less open game guard or some other program. The reverse engineering of game guard is a really tedious process, but it is by no means difficult for an experienced programmer/engineer.

    Ok, so you can inject a DLL into the remote process, so what?
    Well, for one thing you could do something like rewrite the IAT so that instead of winsock.send and winsock.connect calling their expected functions, they actually call a function in your DLL first, which then detours the function back to the real process after it changes them (such as to make a localhost proxy of the program for network modification or bots), almost no one writes bots so advanced, most of them are what I would call "macros" rather than actual AI with full network awareness.

    The memory of the program is more or less open season for a hunt, and memory editing should be considered the most accessible and easy method of cheating. An online game can't reliable trust that the memory in the client has not been modified under any circumstance. It should be completely irrelevant except as a "view" and "command request" process.

    Whether or not ZOS has access to some random memory hack isn't remotely relevant to whether or not they should be able to prevent it. The reason is that the server must be aware of your player statistics on its own, and even if you locally change your health to 2 billion that shouldn't even begin to matter. If they wanted performance movement they could simply receive a movement vector from the client, without positional data of any kind. This vector should not include the z-axis in the first place, as that is (in the scope of ESO) handled entirely but the jump command. Validating whether the vector is valid shouldn't take more than 100 raw OPs, less than 10 to check that the numbers are within valid ranges, another 20 or 30 to validate the speed modification state from RAM, and another 50 to access whether the next tile (should be O(1) position access) is a valid place to move. Whether you have or do not have enough ultimate should really just be an O(1) [players[id] direct offset] validation of your current ultimate value.

    I could probably write a thesis about network mechanics, but what's going on is really unprofessional and I am deeply disappointed. Nevertheless, no ZOS does not need to find the client hack to fix the problem. It shouldn't even be possible in the first place.
    Edited by holosoul on May 29, 2016 8:23PM
  • Pigment
    Pigment
    ✭✭
    So... If they fix the hacks, it creates more lag. If they fix the lag, it creates more hacks. Also, if you're caught cheating, you only get a 3 day ban, max. So Zenimax doesn't care if we cheat? What kind of *** is that?
    @ikon0 / Alt-aholic / PC / NA
    Pigment / AD / Altmer / Templar
    Pay Me / AD / Dark Elf / Dragonknight
    Pay Up / AD / High Elf / Sorcerer
    Puerto Rico / EP / Redguard / Dragonknight
    Puerto Vallarta / DC / Redguard / Sorcerer
    Perimo / AD / Argonian / Nightblade
    Puerto Cabello / AD / Khajiit / Nightblade
  • code65536
    code65536
    ✭✭✭✭✭
    ✭✭✭✭✭
    Zyle wrote: »
    They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

    Speaking as a programmer with experience in reverse engineering security... this will never work.

    If I were the engineer designing this, what I'd do is to trust the client, but have a separate server-side watchdog that audits what the client does and see if the client's calculations actually agree with what the calculations that the server would've made if the server was doing full validation. And by separate, I mean it's not handled by the actual game server but by a separate server, working alongside the main server.

    The key difference between this and a full server-validation system is that this doesn't have to be real-time and so it won't affect server performance. If the client sends bogus data, the game server will act on it, but the watchdog will, at a later point in time (a few seconds later), detect an abnormality and flag/boot the client. So you can get one errant meteor or whatever off, but it'll result in you being booted off the server a few seconds later.

    You can either prevent cheats by making it impossible to send any bogus data, which requires full game server validation, which takes a severe performance hit. Or you can make prevent cheats by making it futile to send bogus data more than once, which can be done in parallel and not in real-time.
    Edited by code65536 on May 29, 2016 7:53PM
    Nightfighters ― PC/NA and PC/EU

    Dungeons and Trials:
    Personal best scores:
    Dungeon trifectas:
    Media: YouTubeTwitch
  • Julianos
    Julianos
    ✭✭✭✭✭
    cyx54tc wrote: »
    Axorn wrote: »
    cyx54tc wrote: »
    I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

    Fact 1: Why this is possible to do with ESO?
    ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

    An example flow of client trust (not necessary how ESO does it)

    Client :
    1. Player pressed ultimate key
    2. Validate if player has enough ultimate point to cast it
    3. if player has enough then decrement ultimate point, if not then do nothing
    4. tell server player casted ultimate
    Server:
    1. received player cast ultimate request
    2. broadcast to all players that player A has casted ultimate

    so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

    An example flow of Server trust

    Client :
    1. Player pressed ultimate key
    2. Validate if player has enough ultimate point to cast it
    3. if not then do nothing
    4. tell server player wants to cast ultimate
    Server:
    1. received player cast ultimate request
    2. validate if player has enough ultimate point to cast it. If not then do nothing.
    3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

    so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

    Fact 2: How can it be fixed completely?
    Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

    Fact 3: Why is client trust model used instead of server trust?
    If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

    Fact 4: Could ZoS just simply detect those people and ban them all?
    I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

    Fact 5: What exploits/hacks are possible with ESO?
    Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

    Fact 6: What is a potential solution?
    Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

    so you say eso is dead since there is no fix without ruin the game performance which is already sucky ?

    depends how you define dead.

    high pvp lag, hackers on the loose, exploits = dead game
  • Faulgor
    Faulgor
    ✭✭✭✭✭
    ✭✭✭✭✭
    code65536 wrote: »
    Zyle wrote: »
    They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

    Speaking as a programmer with experience in reverse engineering security... this will never work.

    If I were the engineer designing this, what I'd do is to trust the client, but have a separate server-side watchdog that audits what the client does and see if the client's calculations actually agree with what the calculations that the server would've made if the server was doing full validation. And by separate, I mean it's not handled by the actual game server but by a separate server, working alongside the main server.

    The key difference between this and a full server-validation system is that this doesn't have to be real-time and so it won't affect server performance. If the client sends bogus data, the game server will act on it, but the watchdog will, at a later point in time (a few seconds later), detect an abnormality and flag/boot the client. So you can get one errant meteor or whatever off, but it'll result in you being booted off the server a few seconds later.

    You can either prevent cheats by making it impossible to send any bogus data, which requires full game server validation, which takes a severe performance hit. Or you can make prevent cheats by making it futile to send bogus data more than once, which can be done in parallel and not in real-time.

    I don't know a whole lot about programming, but I'd have thought about a similar solution as well ... but I just tell to myself "nah, it can't be that simple, or else they would have already done it".

    So what are the reasons this isn't done by all online games?
    Alandrol Sul: He's making another Numidium?!?
    Vivec: Worse, buddy. They're buying it.
  • Julianos
    Julianos
    ✭✭✭✭✭
    Faulgor wrote: »
    code65536 wrote: »
    Zyle wrote: »
    They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.

    Speaking as a programmer with experience in reverse engineering security... this will never work.

    If I were the engineer designing this, what I'd do is to trust the client, but have a separate server-side watchdog that audits what the client does and see if the client's calculations actually agree with what the calculations that the server would've made if the server was doing full validation. And by separate, I mean it's not handled by the actual game server but by a separate server, working alongside the main server.

    The key difference between this and a full server-validation system is that this doesn't have to be real-time and so it won't affect server performance. If the client sends bogus data, the game server will act on it, but the watchdog will, at a later point in time (a few seconds later), detect an abnormality and flag/boot the client. So you can get one errant meteor or whatever off, but it'll result in you being booted off the server a few seconds later.

    You can either prevent cheats by making it impossible to send any bogus data, which requires full game server validation, which takes a severe performance hit. Or you can make prevent cheats by making it futile to send bogus data more than once, which can be done in parallel and not in real-time.

    I don't know a whole lot about programming, but I'd have thought about a similar solution as well ... but I just tell to myself "nah, it can't be that simple, or else they would have already done it".

    So what are the reasons this isn't done by all online games?

    i think real problem and the mess comes from megaserver architecture its just too much load and they cant effort any other systems on it
  • Abeille
    Abeille
    ✭✭✭✭✭
    ✭✭✭✭✭
    Thanks for this post, OP. It is definitely not my area and I understand very little of all of this. Your post surely helped.
    Just so that everyone knows, my Altmer still can't have black hair. About a dozen of Altmer NPCs in the game have black hair. Just saying.

    Meet my characters:
    Command: Do the thing.

    Zadarri, Khajiit Fist of Thalmor: The thing was done, as commanded.
    Durza gra-Maghul, Orc blacksmith: The thing was done perfectly, in the most efficient way.
    Tegwen, Bosmer troublemaker: You can't prove I didn't do the thing.
    Sings-Many-Songs, Argonian fisher: Sure, I'll do the thing... Eventually. Maybe.
    Aerindel, Altmer stormcaller: After extensive research, I've come to the conclusion that doing the thing would be a waste of resources.
    Liliel, Dunmer pyromancer: Aerindel said I shouldn't do the thing. Something about "resources".
    Gyda Snowcaller, Nord cryomancer: I will find a way to do it that won't waste resources and make Aerindel proud of me.
    Beatrice Leoriane, Breton vampire: I persuaded someone else into doing the thing. You are welcome, dear.
    Sahima, Redguard performer: Doing the thing sounds awfully unpleasant and really not my problem.
    Ellaria Valerius, Imperial priestess: I'll pray to the Eight for the thing to be done, if it is Their will.
  • Lava_Croft
    Lava_Croft
    ✭✭✭✭✭
    ✭✭✭✭
    This is a game that was worked on for at least 6 years, is an MMO and was released without any form of meaningful protection against the most basic hacks.

    'Nuff said.
  • SirAndy
    SirAndy
    ✭✭✭✭✭
    ✭✭✭✭✭
    cyx54tc wrote: »
    Fact 3: Why is client trust model used instead of server trust?
    If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

    Why is client trust model used instead of server trust?
    Because when they had that meeting where some kid "programmer" said:

    "Hey, i have an idea! Why don't we ignore what everyone else has already figured out and use client side trusted decisions so we don't have to write good server code! I mean, "Never trust the client" is soooo '90s ..."

    Nobody stood up and told the kid: "Are you insane?"
    screwy.gif


    If they had implemented a server based system using UDP for transport, optimizing the data packets for throughput and used client side prediction combined with server side prediction and server side decision (!) the game could easily support hundreds of players in the same spot without lag and most importantly, without cheating.
    shades.gif
  • SirAndy
    SirAndy
    ✭✭✭✭✭
    ✭✭✭✭✭
    Zyle wrote: »
    They just need a client side process watching for modifications to ESO's core game files & DLL's. Difference in performance would be miniscule if implemented properly.
    But that's not how the hacks are done. None of the game files are modified.

    What people need to understand is that on the PC, you can write an app that can read and write *any* running process's memory. Memory is NOT protected!

    And it's not hard to do either, the code required for such an app is pretty simple. Once you find the right data offsets while the game is running, you can change them at will in realtime.
    type.gif
    Edited by SirAndy on May 29, 2016 8:08PM
  • Rohamad_Ali
    Rohamad_Ali
    ✭✭✭✭✭
    ✭✭✭✭✭
    SirAndy wrote: »
    cyx54tc wrote: »
    Fact 3: Why is client trust model used instead of server trust?
    If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

    Why is client trust model used instead of server trust?
    Because when they had that meeting where some kid "programmer" said:

    "Hey, i have an idea! Why don't we ignore what everyone else has already figured out and use client side trusted decisions so we don't have to write good server code! I mean, "Never trust the client" is soooo '90s ..."

    Nobody stood up and told the kid: "Are you insane?"
    screwy.gif


    If they had implemented a server based system using UDP for transport, optimizing the data packets for throughput and used client side prediction combined with server side prediction and server side decision (!) the game could easily support hundreds of players in the same spot without lag and most importantly, without cheating.
    shades.gif

    You're abusing the amount of acceptable emojis . Also , this is a Fable made into a myth wrapped in a urban legend .
  • sadownik
    sadownik
    ✭✭✭✭✭
    @holosoul i must admit that you shed a light on the situation but as you i am very surprised to see that simple program like .... can be used in ESO. I mean damn... used it myself ages ago for single player game, didnt think any of the new AAA MMOs are prone to that hack.
This discussion has been closed.