Memory hacking in Standalone

[trichome (DayZ) 198]

Memory hacks are incredibly easy to detect, so I wouldn't worry too much. Hopefully they have a dedicated software engineer working on this kind of stuff.

I take it you work in the software industry and are speaking from experience?

If not please shut the hell up before you dig a deeper hole for yourself!

[Easy_Tiger (DayZ) 33]

I take it you work in the software industry and are speaking from experience?

If not please shut the hell up before you dig a deeper hole for yourself!

No man let him dig! I want to see how far down he gets :D

[WalkerDown (DayZ) 296]

In the worst scenario: kernel level driver and i can read the memory anytime i want without you can't do a shit about it. Notice: READ ... (writing is something that you can control appside tho). So passive hacks, like radars, wallhacks etc. will always exists and there's nothing an anticheat (or any good programmer in the world) can do to prevent it, it's a lost war.

The only viable solution is to minimize the cheating (avoiding it goes out of control like it is now in A2), eliminating it, is a unrealistic dream.

[banditkilla92 3]

I think that once the "LOLOLOL I SPAWN CAR AND GUN AND MASSKILL EVERYONE" (hey, it rhymes) type of hacks are gone people might lose interest in the smaller, more passive hacks, much like in other MP games

dat doesnt rhyme

[‮spacecaps 101]

In the worst scenario: kernel level driver and i can read the memory anytime i want without you can't do a shit about it.

Technically they can, there's obfuscation for that. But it won't hold for long, and lots of stuff can't be obfuscated due to various reasons.

[WalkerDown (DayZ) 296]

Technically they can, there's obfuscation for that. But it won't hold for long, and lots of stuff can't be obfuscated due to various reasons.

That's not the problem, the problem is that a mass solution via driver is not praticable. Passive cheats between are caught only when you have a prototype in your hands (something to compare to), since there's no heuristic mode to identify a "potential" cheat, there would be so many false positive that would be impossible for the anticheat determines if that's really a cheat or some other legit application/driver.

In other words a cheat can get caught only when it is distributed to the mass, until it lives in the hidden it can least forever .. even the most "stupid" ones (with no obfuscation, metamorfic binary, or any other fancy protection) lives forever until you publish it.

[‮spacecaps 101]

In other words a cheat can get caught only when it is distributed to the mass

Yes, that was exactly the point I was making before, but it doesn't make basic layer of protection unnecessary. Having only the mechanism and resources for targeting mass-distributed hacks but no basic protection at the start is a bit extreme. You will need some sort of obfuscation anyway (removing the crosshair code or scrambling values being the example), because it's the most obvious attack vector and it can be slowed down a bit without triggering false positives.

Edited January 26, 2013 by KizUrazgubi

[gummy52 57]

KizUrazgubi's post from several days ago is spot on.

tl;dr: You have to have dev-hosted servers, a steady income, a vision, a sane toolchain, and an anti-hack lab to combat hackers effectively

The next part is what I, too, fear.

they most likely have none of that

[sharkytowers 1]

Mitigation is the goal as elimination is obviously impossible.

Hacking/scripting issues will be lessened in SA. To what degree? Time will only tell.

What sets this game apart (the relative value of your ingame life) is exactly what makes the same issues that are mere annoyances in other games (aimbot, esp, etc.) so disruptive.

Linking the ban system to the payment method seems like the best way to discourage and lessen those who would cheat. While its unlikely this is the method they will use, one can still hope.

In any case I'm quite sure the DayZ SA gaming environment will be leagues better than the current experience in all sorts of ways. Particularly in regards to cheaters.

Edited January 26, 2013 by sharkytowers

[‮spacecaps 101]

Linking the ban system to the payment method seems like the best way to discourage and lessen those who would cheat. While its unlikely this is the method they will use, one can still hope.

I don't know if there's a reliable way to do that, but in some countries (notably Russia/exUSSR) most people will buy retail keys from 3rd parties and not directly in Steam store, because of stupid pricing policies.

Also, there will be quite a lot of key/account stealers, so this can hit legit people as well.

[keosan24 55]

So from what i got is that certain hacking issues need to be addressed and a big company such as Blizzard only address's them because they are more server sided,has a anti hack team and has money to shell out. However even with all that they still have hackers but yet you want Rocket to address the minority of hackers(Suppose-able 1/3) in the short amount of time he has.

Also you keep saying that this "Memory-Hack" will be a big issue and you want it addressed but you acknowledge that no game will be hack proof.

You should be happy that he is upping the difficulty for hacking, and not bash him and the community because a certain issue wasn't addressed.

There are other games with little to no anti-hack system in place where the community still defends the game to the death why don't you go and complain to them about their situation?

[WalkerDown (DayZ) 296]

There are other games with little to no anti-hack system in place where the community still defends the game to the death why don't you go and complain to them about their situation?

The other games you're talking about are match based FPS, so a cheater/hacker can disrupt a single round, it causes no much trouble, coz you can change the server and start again like nothing has happened (apart the little annoyance of server switching). While DayZ has a permanent enviroment, a cheater/hacker can "destroy" days (or even weeks) of gameplay progression in one instant.

This is the big difference, this is why being killed by a cheater in DayZ is 1000 times more annoying than being "hacked" in a tradizional FPS.

In fact if you look at the other "perma-world" games out there (most of them are RTS/RPG's) you can notice that the cheating is taken very seriously and most often they have dedicate staff to monitor and handle the situation (something that we can only dream of...).

For this reason, the cheating MUST be the issue at the top of everything or the game will fail.

[SmashT 10907]

Rocket touched on it a bit in the latest livestream/interview.

Q: How will the new engine prevent cheating?

A: The single biggest difference between standalone and the mod, is that in the mod, the way ArmA II works is it sends all updates to everyone and individual clients can control their world. In the standalone you only receive updates for objects that are near you and the server decides everything so unless you hack the server, the impact of whatever hacking or any of that is limited. That doesn't mean people can't hack but it does fundamentally change what effect hacks can have. It's a hard one to talk about because people will assume what you are saying is hacking is gone and I don't think it will ever be gone entirely, in a sense the mod was kind of a hack but I think it's drastically going to remove the impact of hacking and that's the key.

This seems like the best approach to things like 'memory hacking' to me, rather then trying to prevent the memory from being read you just don't send information to the client until it's needed so there is limited information that can be read.

Edited January 26, 2013 by smasht_AU

[$able 257]

It is not the anti hack that is the part to get right, i know first hand how good the battleeye system is. It does not ban you instantly but it gets you every time without fail the bypass is easily detected.

The problem is however the availability of CDkeys, whether stolen or forged. You can buy them cheaply on hack sites so hackers dont even need to use steam anymore...

Yes i used to hack, 200$ later i want to play normally it really does ruin the game beyond measure. I really hope the standalone can get passed this however, me and a friend have been burned 3 times in past two days by hackers invincibility/teleporting. I guess karma really is a bitch.

Thanks for posting the truth. Ironically it's mostly those from the other side (i.e. cheaters/hackers) that appreciate what BE does.

There are two main reasons why BE is quite ineffective right now (yes, it is!):

1.) A multiplayer engine that allows a client to do pretty much anything (no limits).

2.) Cheaters don't care about being globally banned over and over again because they can always get new stolen cd-keys for just $2 or less.

Both of these issues cannot be solved by BE, which is incredibly frustrating for me (I really would like to, but I can't). Luckily they will be tackled in the standalone, which is what I'm personally really looking forward to.

[gummy52 57]

Q: How will the new engine prevent cheating?

A: The single biggest difference between standalone and the mod, is that in the mod, the way ArmA II works is it sends all updates to everyone and individual clients can control their world. In the standalone you only receive updates for objects that are near you and the server decides everything so unless you hack the server, the impact of whatever hacking or any of that is limited. That doesn't mean people can't hack but it does fundamentally change what effect hacks can have. It's a hard one to talk about because people will assume what you are saying is hacking is gone and I don't think it will ever be gone entirely, in a sense the mod was kind of a hack but I think it's drastically going to remove the impact of hacking and that's the key.

Honestly, his answer did not even come close to answering the question. He's simply repeating what's already been said.

but it gets you every time without fail the bypass is easily detected.

Thanks for posting the truth.

Nothing in his post was the truth.

Edited January 26, 2013 by gummy52

[jacknapier2099 (DayZ) 2]

My honest opinion is that hacking/script using will kill off this game within the first 5 months.

There are two reasons for this. First and foremost is the complete lack of attention and later recognition of the issue in the mod. The second reason is directly related to how you saps out there insist that, "Nothing can be done about it", "Hacking will always exist".

You people are freaking pathetic. There are secure applications out there all over the world run on billions of devices which very rarely if ever have their security compromised. The reason this is an issue with video games is very easy to understand at it's most basic level. In the video game industry it does not pay to have a secure game. Security in the gaming industry is directly correlated to the amount of money your game makes.

So, rather then preempting these security breaches with good practice(and more man hours) they are left to manifest until which time as the user base describes the game as unplayable because of them.

Now never forget that for each one player whom stop playing because of a hacker, there is a hacker out there whom bought 5-10 cd keys to hack with.

I'm a certified .net engineer and I can tell you with absolute certainty that as soon as the gaming community out there collectively demands secure applications, web services, and data transfer - You will have it. Period. There is plenty of technology and government regulation out there available to developers for making secure applications.

Making a secure application should be FIRST AND FOREMOST for any developer out there. If you are a developer and you issue a product riddled with security holes in it to be exploited then you are a failure. Period.

For some reason you gaming developers out there are the only development group out there getting a free pass on selling software riddled with security holes for people to exploit.

Gee, I wonder why?

I wish I could say differently, but I don't think the people backing dayz will invest the necessary funds to keep the code secure and a script free environment. Hopefully in 6 months I will eat my words here and look a fool. I doubt it.

I agree the industry as a whole needs to demand a standard anticheat that is as secured as what banking institutions use.

[$able 257]

Honestly, his answer did not even come close to answering the question. He's simply repeating what's already been said.

Nothing in his post was the truth.

Explain? He said that BE bans pretty much all hacks (including popular private ones) quite often, which is true.

Edited January 26, 2013 by BEdev-Sable

[gummy52 57]

Explain? He said that BE bans pretty much all hacks (including popular private ones) quite often, which is true.

It's not true, and many of the same people have been hacking for months without needing additional keys, myself included.

[Zachstar 59]

VAC will be far more effective in my opinion.

Valve made it when hackers were literally at the point of tearing down sales of the game and HL1 to play Counterstrike and Team Fortress. (Sound familiar to the falling Arma II sales?) They had a DAMN good reason to invest serious resources over the years into making it the king of anti-cheat it is today.

There will never be 100 percent. It does not have to be to be the best.

[gummy52 57]

It's like going around in circles with you, Zachstar.

[nik21 287]

VAC will be far more effective in my opinion.

It won't. In fact, there will be more cheaters than in the DayZ mod since it will be a lot more popular and VAC will as always fail to keep up. Maybe they launch a few banwaves on private hacks at the beginning of this game's lifecycle, but that's about it. Public cheats will stay undetected a lot longer as well as private ones, even though those cheats may will probably be a lot less game-breaking than scripts are in Arma 2. Even though that's not something VAC archieved, but the engine itself. People may actually think that there will be less cheaters because they won't notice them. And think that it's because of VAC. But I can ensure you, it's not.

However, VAC has a far easier job than BE has right now due to the CD-Key theft and the engine Architecture... but that doesen't mean that the numbers of cheaters will decrease.

It's not true, and many of the same people have been hacking for months without needing additional keys, myself included.

It is true, simple as that. We don't need to believe a script kiddie anyway, do we? We hear enough lies every day in the ban appeals section... not to mentoin BE's email box.

Edited January 26, 2013 by Nik21

[gummy52 57]

It is true, simple as that.

[citation needed]

Battle Eye knows when ArmA's memory is read? Please, elaborate.

We don't need to believe a script kiddie anyway, do we?

believe a script kiddie anyway, do

a script kiddie anyway

script kiddie

lol

Edited January 27, 2013 by gummy52

[$able 257]

[citation needed]

Battle Eye knows when ArmA's memory is read? Please, elaborate.

VAC knows when a game's memory is read? I'm not even going to comment on that.

Go look up some popular private hack forums to get your proof. They hate BE like they have never hated any anti-cheat system before because they get constantly busted every few days for months. They can't wait to finally get some relief with VAC which bans them close to never.

Anyway, I guess there is no point in arguing with someone who admits that he is hacking himself. Obviously you don't have any interest in getting banned all the time, right? ;)

[nik21 287]

Private Hack User:

"Solution: Wait for standalone and wait for (hopefully) full framework support, along with useless anticheat called "VAC". That'll solve our problems.

The rate of detections is so high the hack is virtually unusable now so I advise you to stop wasting your money on cd keys, instead try to play clean with a bunch of friends or not at all. Kinda what BE wanted all along, good for them. Anyway the standalone should be here in a few weeks so it's not a long wait for some real fun."

Shortly after, this (really popular) cheat site dropped support for their Arma 2/ DayZ Cheat. Archieved by any other Anti-Cheat before? No.

Edited January 27, 2013 by Nik21

[‮spacecaps 101]

There are two main reasons why BE is quite ineffective right now (yes, it is!):

1.) A multiplayer engine that allows a client to do pretty much anything (no limits).

2.) Cheaters don't care about being globally banned over and over again because they can always get new stolen cd-keys for just $2 or less.

3) Each new version of certain public hack goes undetected for weeks, sometimes months.

4) A certain BE dev lacks vision and motivation to innovate, and prefers to shut his eyes to the problem instead of appropriately scaling the efforts.

They hate BE like they have never hated any anti-cheat system before because they get constantly busted every few days for months.

Hate? Please. People are making private hacks for money. Quite a lot of money, in some cases. It's just business. Or are you talking about those retarded script kiddies? They'll whine no matter what.

Anyway, I guess there is no point in arguing with someone who admits that he is hacking himself. Obviously you don't have any interest in getting banned all the time, right? ;)

Yeah, "you hack, your point must be invalid". Great way to ignore the problem. Kaspersky-style.

Edited January 27, 2013 by KizUrazgubi‮