We all hate cheating, but it's extremely rampent in pretty much every MMO every made.
Manford recently posted one of the best accessible talks I've ever seen on the topic, from DEFCON 25: https://www.youtube.com/watch?v=PfbMZJsb1cQ
The jist of the video is simple, and very well known in the security world: never, ever, ever trust the client. Always verify everything completly server-side.
The server should view every client as an adversary that is always trying to break it. Pretty much every example in Manford's video is the result of the client sending a packet it shouldn't be able and the server faithfully accepting that packet and executing it without validation. Just because the client SHOULDN'T do something doesn't mean it CAN'T do it. Just because packets have valid encryption, HMAC, etc doesn't mean they weren't tampered with prior to encrypting.
These kinds of hacks ARE preventable and easily detected server-side. The server validates every request from the client and logs any authentic requests with invalid parameters (e.g. trying to buy/sell/trade with negative quantities). If invalid parameters are coming in often from different people, it's likely a client bug that can be fixed. If one player has lots of them, they can be easily detected and banned.
Nonauthentic packets (bad signature/encryption but valid CRC, for example) should be logged as well, as they can be people messing with the protocol unsuccessfully.
Please do not rely on encryption to secure the protocol.
Take a page from the FPS server guys: make the client as dumb as possible and treat all client->server commands as malicious until proven valid.
Most cheats simply do memory scanning/injection/modification, these days.
There's no doubt modifying packets in transit is an option, but it's far easier to skip that step entirely.
Latency and the techniques that deal with it, as well as the abilities granted to players legitimately (run speed increase, teleportation) always make certain hacks possible. It's the nature of MMO's and always will be until latency doesn't exist, which is a ways off yet. :)
vjek said:Most cheats simply do memory scanning/injection/modification, these days.
There's no doubt modifying packets in transit is an option, but it's far easier to skip that step entirely.
This is exactly why everything needs to be validated server-side. If the server doesn't trust the client, then these local memory modifications will only change the display on that client and can never really impact the gameworld. If, on the other hand, the server simply accepts the client requests then the cheats can become a reality. How that can manifest depends on the protocol design. To use an example from the video: if the client requests a trade with another player to give them -1c instead of just trusting the client to never send a negative quantity.
vjek said:Latency and the techniques that deal with it, as well as the abilities granted to players legitimately (run speed increase, teleportation) always make certain hacks possible. It's the nature of MMO's and always will be until latency doesn't exist, which is a ways off yet. :)
Again, the server is the source of truth. There will always be ways to exploit things like lag compensation for a brief advantage, but generally MMOs are slow enough that this isn't really all that meaningful. Things like lag-teleports from old EQ were a symptom of the server trusting the client, not the lag compensation itself.
The problem is, I am allowed to run faster than normal. I am allowed to teleport. These aren't hacks, they're legitimate.
Unless you extend your anti-cheat just far enough to impact client-server performance & latency, you won't be able to stop speed hacks and teleport hacks. Because the player is allowed to do it.
Lots of MMO's have encryption, obfuscation, anti-cheat all over the place. And all of them still have speed hacks and teleport hacks, again, because the player is allowed to do it. It's a perfectly valid action. Case in point, druid can teleport, can teleport others, and can cast spirit of wolf to increase run speed. Realtime audit with secured telemetry, including enough history to prove 100% they should not have been able to teleport or run faster than normal? Expensive in every sense.
Interactions like trades & NPC transactions are trivial to secure, and they are, on any mature MMO.
Just another consideration; If you're within LOS of a creature, you need to know about it's movement, at the very least, it's vector speed & direction. If you don't send that to the player all the time, it creates a problem when the creature suddenly "appears" at their destination, or appears to teleport within the normal social aggro radius (starts getting/giving fast updates) and attacks . There's also sound, lighting, shadows, and any parent child objects associated with the mobile object that all need these updates to prevent this jarring appearance.
Why does this matter, in the slightest? Because.. wait for it.. you can, in the name of security, not trust the client enough to permit these updates, especially in large outdoor zones. Guess what's been shown in the videos thus far? Massive outdoor zones. Guess what else is in Pantheon? Pet classes.
So now... you can see the creature, you send your pet to attack it, the pet attacks, then you tell it to return. You've now done something that is waaay outside the realm of normal, but it's allowed. In order to tell the difference between a legit pet attacking/traveling, returning, and someone doing something shady, you have to affect the performance of the client-server and specifically, several RTT's worth of latency. (as above, very expensive)
It's not that it can't be done, it's just very expensive and so far, no MMO I've ever played does it, because the speed hacks, teleport hacks, and pet hacks aren't bad enough to pay a human to prevent. Just hope the server side metrics catch them, or people report them, and move on to revenue generating tasks, is the typical attitude.
vjek said:The problem is, I am allowed to run faster than normal. I am allowed to teleport. These aren't hacks, they're legitimate.
Unless you extend your anti-cheat just far enough to impact client-server performance & latency, you won't be able to stop speed hacks and teleport hacks. Because the player is allowed to do it.
Lots of MMO's have encryption, obfuscation, anti-cheat all over the place. And all of them still have speed hacks and teleport hacks, again, because the player is allowed to do it. It's a perfectly valid action. Case in point, druid can teleport, can teleport others, and can cast spirit of wolf to increase run speed. Realtime audit with secured telemetry, including enough history to prove 100% they should not have been able to teleport or run faster than normal? Expensive in every sense.
Interactions like trades & NPC transactions are trivial to secure, and they are, on any mature MMO.
Just another consideration; If you're within LOS of a creature, you need to know about it's movement, at the very least, it's vector speed & direction. If you don't send that to the player all the time, it creates a problem when the creature suddenly "appears" at their destination, or appears to teleport within the normal social aggro radius (starts getting/giving fast updates) and attacks . There's also sound, lighting, shadows, and any parent child objects associated with the mobile object that all need these updates to prevent this jarring appearance.
Why does this matter, in the slightest? Because.. wait for it.. you can, in the name of security, not trust the client enough to permit these updates, especially in large outdoor zones. Guess what's been shown in the videos thus far? Massive outdoor zones. Guess what else is in Pantheon? Pet classes.
So now... you can see the creature, you send your pet to attack it, the pet attacks, then you tell it to return. You've now done something that is waaay outside the realm of normal, but it's allowed. In order to tell the difference between a legit pet attacking/traveling, returning, and someone doing something shady, you have to affect the performance of the client-server and specifically, several RTT's worth of latency. (as above, very expensive)It's not that it can't be done, it's just very expensive and so far, no MMO I've ever played does it, because the speed hacks, teleport hacks, and pet hacks aren't bad enough to pay a human to prevent. Just hope the server side metrics catch them, or people report them, and move on to revenue generating tasks, is the typical attitude.
I have to agree with this the best way to stop someone from hacking/cheating is if the the community reports them, we have to help the devs manage the cheaters, granted it would be nice with they have something in place to prevent a good majority of it, but to catch the rest, the community needs to come to other and make sure no one is cheating.
There are ways that they could encrypt the data streams that would make it more difficult, but not impossible, do use external cheat mechanisms. To take it a step further, they could encrypt the contents of RAM as it relates to the game as well. Again, while it wouldn't be impossible to cheat, at some point you run into a "diminishing returns" effect. Security is an onion... Layers is the key.
In order to get around the hard coded certificate/encryption key in the client, which could be exploited, they could send down a fresh new ewncryption key on every connect, but there would have to be some sort of method to hide it to make it more difficult for external applications to find prior to app data encryption taking place. If they wanted to make it even more difficult, they could use one encryption certificate/key for the data stream and a differing one for the RAM encryption.
Folks, we have already covered this topic multiple times, here is the most popular thread with the most information: https://www.pantheonmmo.com/content/forums/topic/3253/anti-cheat-precautions
I will go ahead and close this down but please remember we have been very clear in saying how we will make the client as dumb as possible for this exact reason, the devs know what they are doing and while we will never be able to fully protect the game from cheaters we will do our best.