Memory hacking in Standalone

[gummy52 57]

Rocket seems like an open guy willing to answer questions, but I don't know where to even ask. So, I figured that I'd just make a thread. I don't expect an answer, but I'd like to throw my question out there for the possibility that someone at Bohemia Interactive might read it.

Hacking is an enormous concern for me. Not ArmA 2 Script injecting. I've heard no information about the development team's plans to prevent unauthorized memory access. I'm particularly worried because the team seems content with a server side implementation coupled with Valve's VAC... but neither will prevent or detect custom external programs that read the game's memory. If hackers are still able to detect everything the client program has in memory, then they'll be able to detect all players/vehicles/objects within render distance in real time.

Does the development team recognize this as a serious and potentially crippling issue?

[SmashT 10907]

Realistically hacks are always going to exist in some form or another, you can't completely stop them. The only solution I could think of would be to limit the information being sent to clients until they have line of sight on that object or alternatively by view distance, so nothing out of a certain distance is ever sent to the client, no idea if this is technically possible though or what kind of impact it would have on performance. Both still wouldn't be fool-proof but at least they wouldn't be able to see players/cars/tents on the other side of the map.

Edited January 16, 2013 by smasht_AU

[aussiestig 681]

Realistically hacks are always going to exist in some form or another, you can't completely stop them. The only solution I could think of would be to limit the information being sent to clients until they have line of sight on that object or alternatively by view distance, so nothing out of a certain distance is ever sent to the client, no idea if this is technically possible though or what kind of impact it would have on performance. Both still wouldn't be fool-proof but at least they wouldn't be able to see players/cars/tents on the other side of the map.

This is a fairly good way of stopping ESP hacks and such, but obviously won't stop hackers from sniping everyone in elektro.

It's been acknowledged several times before by the dev team that hacking is a huge issue and needs to be addressed for the standalone. Honestly, I wouldn't be surprised if something like your idea hasn't already been implemented in the SA, but they're just keeping that kind of thing quite so the hackers have no idea what to expect. I think the longer we can keep the hackers from understanding the system, the better. it would also give them more time to improve the anti-hack

[gummy52 57]

Realistically hacks are always going to exist in some form or another, you can't completely stop them. The only solution I could think of would be to limit the information being sent to clients until they have line of sight on that object or alternatively by view distance, so nothing out of a certain distance is ever sent to the client, no idea if this is technically possible though or what kind of impact it would have on performance. Both still wouldn't be fool-proof but at least they wouldn't be able to see players/cars/tents on the other side of the map.

You are right, there is no checkmate that developers can implement. To combat the issue the developers need to be relentlessly proactive. The goal can't be to block/prevent any hacking, the goal needs to be silently catching the tricky ones and banning them at future intervals.

The question isn't 'does BI know a super secret way to prevent hacking', the question is 'will BI do a good job fighting against it'. The fact of the matter is simple. "There will always be hacks" is not an excuse. If there is one person who can consistently hack as easily as he wants to, then anyone can, because that one person will post his hack for the masses to use. It certainly helps if that program he posted becomes obsolete 24 hours later.

As for memory editing; Bohemia Interactive seems completely complacent relying on VAC. Suffice to say, we may as well consider the client defenseless from being completely modified. I think that this is a topic that needs to trump every other discussion. Yeah, sure -- a server side implementation prevents server bombing and god mode. Those are just about the only things that will improve.

I'm deeply concerned that hacking will drown this game if it's not the absolute prime focus of the entire Bohemia Interactive company.

Edited January 25, 2013 by gummy52

[Elo 44]

I think that once the "LOLOLOL I SPAWN CAR AND GUN AND MASSKILL EVERYONE" (hey, it rhymes) type of hacks are gone people might lose interest in the smaller, more passive hacks, much like in other MP games

[gummy52 57]

The reality of the situation is that many (most) players are content pretending to be talented by using things like location hacks. Hacking is actually even more common on `whitelist` servers where server bombs and god mode is uncommon. Incentive is key. What separates DayZ from something like Counter-Strike is that this is more akin to a MMO than an arena shooter. Games like All Points Bulletin suffer the same fate that I fear for DayZ.

Edited January 16, 2013 by gummy52

[tsandrey 379]

VAC is a bad choice. I guess Rocket decided to use it cause it's free when you have a Steamworks game

[Elo 44]

The reality of the situation is that many (most) players are content pretending to be talented by using things like location hacks. Hacking is actually even more common on `whitelist` servers where server bombs and god mode is uncommon. Incentive is key. What separates DayZ from something like Counter-Strike is that this is more akin to a MMO than an arena shooter. Games like All Points Bulletin suffer the same fate that I fear for DayZ.

Do you have any empirical data to support that claim?

[OrLoK 16182]

Hello there

I have no doubt that hacks will be made for the SA (or at the very least attempted) It will have to be a mix of anti cheat methods to ensure it is kept to a minimum. Software/utils/admins etc etc.

It will not be on the scale we have seen on pub servers though.

It will have been looked into. don't worry.

Rgds

LoK

[dgeesio 1034]

tbh aslong as the stupid ones like teleported and mass killings are solved im not that bothered becuase as mentioned by others you cant stop hackers . doesnt matter how good a company there will always be one person undoing what the others are fixing. so as long as the game is mostly hack free or less than now im happy .

[noreaster 41]

My honest opinion is that hacking/script using will kill off this game within the first 5 months.

There are two reasons for this. First and foremost is the complete lack of attention and later recognition of the issue in the mod. The second reason is directly related to how you saps out there insist that, "Nothing can be done about it", "Hacking will always exist".

You people are freaking pathetic. There are secure applications out there all over the world run on billions of devices which very rarely if ever have their security compromised. The reason this is an issue with video games is very easy to understand at it's most basic level. In the video game industry it does not pay to have a secure game. Security in the gaming industry is directly correlated to the amount of money your game makes.

So, rather then preempting these security breaches with good practice(and more man hours) they are left to manifest until which time as the user base describes the game as unplayable because of them.

Now never forget that for each one player whom stop playing because of a hacker, there is a hacker out there whom bought 5-10 cd keys to hack with.

I'm a certified .net engineer and I can tell you with absolute certainty that as soon as the gaming community out there collectively demands secure applications, web services, and data transfer - You will have it. Period. There is plenty of technology and government regulation out there available to developers for making secure applications.

Making a secure application should be FIRST AND FOREMOST for any developer out there. If you are a developer and you issue a product riddled with security holes in it to be exploited then you are a failure. Period.

For some reason you gaming developers out there are the only development group out there getting a free pass on selling software riddled with security holes for people to exploit.

Gee, I wonder why?

I wish I could say differently, but I don't think the people backing dayz will invest the necessary funds to keep the code secure and a script free environment. Hopefully in 6 months I will eat my words here and look a fool. I doubt it.

Now, if you'll excuse me I need to get back to my work of of developing secure web applications and services. Because If tomorrow there should be a breach of security in one of them, or a database I will be looking for a new profession.

Edited January 16, 2013 by noreaster

[OrLoK 16182]

I think you are investing to much stress and thought into this. Especially if you are supposed to be working.

It is only a game. there are more important things to get wound up about.

Lastly, if you can deliver a hackfree solution to gaming then you've just made your millions.

Rgds

L

[WalkerDown (DayZ) 296]

Prediction (you don't need to be a wizard tho..): we won't have mass-kill, mass-teleports and anything based on script events; but we will sure have: ESP, autoaim, godmode, and anything you normally have in other FPS. There's nothing you can really do to stop "memory hacks" (ans such), other games aren't blocking them, but they provides feature (and tools) like: killcam, 3rd person view, and such .. so you would notice immediately a cheater (assuming there's an active admin aboard). Now in DayZ this would be a sensible argument: giving all this power to an admin and be sure that you will have kids to exploit the game (like abusing of it for their own advantage). Better than having mass kills anyway.

If you believe there won't be cheaters aboard (i predict the first public cheats within 2 weeks from the release)... it's better you chose another game (where cheating is not possible or doesn't make sense), there will be cheaters, the only thing we can hope is that the situation doesn't run out of control like it is now.

[bad_mojo (DayZ) 1204]

The fact of the matter is simple. "There will always be hacks" is not an excuse.

The second reason is directly related to how you saps out there insist that, "Nothing can be done about it", "Hacking will always exist".

You guys are living in a fantasy world.

If I say "there will always be crime in this world" no matter how much you resist the idea and beg for it not to be true, it's always going to be true. Law enforcement can never be perfect. Prevention is the key.

[dgeesio 1034]

noreaster

it isnt pathetic its just business !

doesnt matter if it can be secure i would love hacking to be stopped but the simple fact is no company and i mean none in gaming is going to invest the amount of money and resources to totally eridicate it or make it almost hackproof. so its all just blah blah do this which wont ever be done as its all about profits at end of day.

look at call of duty and bf for eg hackfest and make ***ing look like noone does it in comparison. i have been a admin of anticheats for quite along while and i literally just gave up in fps gaming because its a joke ! i can tell you now in every game of cod or bf3 there will be atleast two or three hacking every game !

now look at the money they earn as companies EA and activision and then look at BI :D if activision or EA wont stop it and they earn billions how ar bi gunna do it ? they arnt cant . so you just live and except a certain amount or just stop playing if it bothers you that much.

Edited January 16, 2013 by dgeesio

[gummy52 57]

Do you have any empirical data to support that claim?

Not many people are going to wall hack on a server that gets bombed by a kill command once every 2 to 4 hours. I make my claim based on what I've observed using my own memory reading program. Do I have a prepared spreadsheet for your viewing pleasure? No. Do I play on whitelist servers? No. Wana know why? At least 1 out of every 3 players on whitelist servers are using some form of location hack, and I would say that EVERY home clan is either location hacking or is in VOIP with someone who is.

There's nothing you can really do to stop "memory hacks" (ans such)

This is not a FPS and retail is a different beast than modding. You can not simply write off the abundance of advantageous hacking as an unfortunate constant in an MMO. There needs to be a serious risk to reading memory, and a near guarantee that most (nearly all) people modifying memory are caught. You are blind if you think that this is not feasible.

Edited January 16, 2013 by gummy52

[Zachstar 59]

Server Model and VAC will already make things FAR FAR FAR worse for the hackers. VAC is especially potent as those bans are for good and will render the purchase virtually pointless. Then you've got rocket who has watched his work get tarnished by hackers and his incentive to make code changes to make it harder.

So I personally am not too worried. They will try their hacks and get quickly VAC banned.

[bad_mojo (DayZ) 1204]

This is not a FPS and retail is a different beast than modding. You can not simply write off the abundance of advantageous hacking as an unfortunate constant in an MMO. There needs to be a serious risk to reading memory, and a near guarantee that most (nearly all) people modifying memory are caught. You are blind if you think that this is not feasible.

There's a huge difference between accepting that you can't stop all hacking, and giving up altogether. When people say "there will always be hacking" they're not saying prevention isn't feasible. Combating hacking is and always will be an ongoing battle between the software developer and the hackers.

[Zachstar 59]

And there is no evidence BI is giving up on it. Going with Steam exclusive and VAC should be evidence of that.

[‮spacecaps 101]

Does the development team recognize this as a serious and potentially crippling issue?

Sure they do, especially after all this. But it's not enough, because if it's popular among 14-year olds, there will be hacks, public and paid.

The situation is pretty much the same as with malware. If you're not Blizzard with their massive anti-hack and legal departments (and, more important, the vision), you can't do much against hackers. Even if you'll sacrifice the experience to illusion of safety by introducing some techniques of last resort (server-side occlusion, honeypots etc), this won't help if you don't have some of your people searching and blocking existing hacks 24/7.

Hackers are a moving target, having a very advanced but slowly updated anticheat system is not enough. Anti-hack department is what really matters in keeping the public and paid hacks away, but it needs a constant money flow to be a thing. Private hacks (as in written by RE expert for himself only) can't be caught on a regular basis, but they don't make numbers and can even mostly be ignored.

You can shift the responsibility to administrators shoulders, but it will just increase the paranoia and number of false positives, degrading the experience. Human factor is a bitch.

tl;dr: You have to have dev-hosted servers, a steady income, a vision, a sane toolchain, and an anti-hack lab to combat hackers effectively, and they most likely have none of that.

VAC isn't a solution by itself, it can't detect shit. Paywall isn't a solution either, as we all can see right now (people just buy new keys). We can expect first proof-of-concept hacks to be written within days after the release, or even before it (in closed beta), and paid hacks to appear within a couple weeks.

Edited January 17, 2013 by KizUrazgubi

[Zachstar 59]

Yes but again the scale will be no where NEAR what it is today. VAC is going to make many hackers cry. Server side will mean their hacks will cost more and be easier to report to VAC. And then the fact that games are tied to steam means their 15 or whatever USD is gone for good once VAC banned.

[Zombie Jesus 723]

Lots of stuff.

If you want to be a rich man then develop a way to completely lock down PC gaming from hackers. You will quickly see that software licensed by many game developers. Or you can go with the conspiracy theory angle of "developers do this so hackers will buy more keys."

[‮spacecaps 101]

Indeed the entry barrier will probably be a bit higher (especially with the different architecture), but there still will be traditional ESP and aimbots, and ESP is quite destructive to DayZ mechanics. 3rd person will be also heavily abused, on servers with forced 1st person mode.

Guessing from information released by DayZ SA team so far, they seem to follow a pretty standard way. The rest will depend on the game's popularity and their ability to scale the anti-hacking measures.

Edited January 17, 2013 by KizUrazgubi

[ImageCtrl 719]

Lastly, if you can deliver a hackfree solution to gaming then you've just made your millions.

Already proved...

[Zachstar 59]

Indeed the entry barrier will probably be a bit higher (especially with the different architecture), but there still will be traditional ESP and aimbots, and ESP is quite destructive to DayZ mechanics. 3rd person will be also heavily abused, on servers with forced 1st person mode.

Guessing from information released by DayZ SA team so far, they seem to follow a pretty standard way. The rest will depend on the game's popularity.

Not a bit. A LOT. VAC, Steam and severside alone will make things hell for the hackers. Then you have development that takes security into account as opposed to the more open ARMA II. We should have more confidence in rocket in his team.