SA DayZ: No Modifications? [POLL]

[Xianyu 820]

I'd prefer for the amount of mods to be scaled back massively if not eliminated entirely. Reasoning? At the moment, the game is a veritable clusterfuck of servers running different versions of the mod, the beta patch, maps, and whatever else.

Think about it: You want to play takistan? you need to find a server that's running the right version, running the map, running the right beta patch, and has a set of rules to it that is tolerable. 40 helicopter, 400 vehicles, start with an M4 SD server, anyone?

I would definitely like to see private hives, and new maps.

Private hives because then there's no server hopping ever. And maps because I'm willing to bet Chernarus+ will get boring after a while.

It's just too hard to maintain a grip on quality control if you allow people to mod your shit willy-nilly. Not to mention it makes it easier for the hackers.

[Zachstar 59]

Dont worry when the SA comes out you will be complaining about all the esp, aimbot, godmode hacks. Instead of vehicles appearing.

DayZ would not exist without modding and to see people saying they want the modding aspect shut down because they convince themselves that it will reduce hackers blows my mind.

Heck DayZ is the first game where hackers were creative and wanted to spice up the players experience without killing them by scaring them and such. Sure you had a few that did dumb things but some of them were actually fun.

You have no idea how the ARMA II engine works in my opinion.

[nnuu 61]

You have no idea how the ARMA II engine works in my opinion.

Please, enlighten us all with your knowledge of the engine. In my opinion the hackers will be just as bad. You will see. I just love how people think this will reduce hacking to a minimum. It wont.

[Michaelvoodoo25 3120]

Keep it closed to all and sundry. If rocket allows access were all doomed. the Mod is fractioning into different areas and types of gameplay, leave it and lets play as Dean envisioned.

If server side options are done right hackers can be kept at bay to some level. I have been reading up on certain sites where they question the security. Plans are afoot even now with claims of stupid activity. What struck me was "their" lack of love for the game 9and general gaming) and just to do it as "something to do"

Allow no-one, if hackers are going to get in, make it hard for them.

If 0=0 but your getting 0=1 kick the feckers.

[OrLoK 16182]

Hello there

A simple way to solve the mod issues is to do what the Iron Front chaps said they were going to do.

Accept submissions from modders. If the mod is of a high enough quality/non game breaking then include it as a patch or at the very least hand out the biskey for it.

More work for the dev's or a sub team though.

L

[plrsniper 87]

One of the most common misconceptions in gaming development is that locking down mod-ability or not going open source is somehow going to stop cheaters, exploiters, hackers etc from breaking into the game.

In fact, lack of customizing and insight into the source is detrimental to the anti hack efforts. Please understand how game/engine development works and how hackers break the measures taken to inject their cheats into a game. Any game.

I will try to explain it in as much "layman terms" as possible so everybody can understand. Let's start off with an example, something that most people should have faced at one point or another.

Imagine you are a kid around 7-10 years old, your brother gets one of those plastic safes to keep his loose change in. You would love to have that change, you wouldn't steal it but you want to at the very least hold it in your hand.

So your brother is out of the house, maybe he is at summer camp or somewhere else. He isn't coming home in a few days at least.

It's one of these:

You already know that you need to turn the wheel one way and then another. So you start messing around with it, you turn it clockwise a few times and you turn it counter clockwise a few times and try to open it. It stays locked but you keep on trying and trying. Eventually you get frustrated with not being able to open it so you take a table knife and stick in into the side of the door to try and pry it open. That doesn't work and you are afraid you might break it or leave marks that your brother will see.

But you notice as you turn the wheel with the door slightly opened that the wheel is scratching against something as you turn it. And you learn that by simply pulling on the wheel as you turn it you get the same result.

Intrigued you pull on the wheel and turn it around until *clunk*, the door opens part way!

You now turn the wheel some more until the door opens completely and you can now pick and choose among the stuff inside the "safe". You look at your brothers money, you leave it be because you know he will find out if you take it. But you also find small clippings from photos, lots of girls from his school that he likes. A few half finished love letters etc etc.

That is how hackers operate, they poke and prod until they get to what they want. Except this is not a kids game, this is not a kids safe.

But the underlying reason for doing it is the same none the less! They do it because it intrigues them.

So, continuing the story then. You are proud to have broken into your brothers safe, you now know his secrets and know you can take his money whenever you want. Should he wrong you in any way you know you can retaliate by stealing his saved up pennies.

Then, one day you and your brother are spending time together in his room playing with whatever toys you have. You have a great time together and you have this idea to build a puzzle box...

Example of what a puzzle box is:

As you can probably figure out, this would be a dream for a reverse engineer such as yourself (you, the 7-10 yo kid) to break into. And you find it just as intriguing to build as you would taking it apart. So you start making it together and you show it off with pride to your parents.

In that moment of joy and feeling of companionship with your brother you also show him how easily you can break into his safety deposit box. Your brother initially feels insecure and a bit upset over the whole deal but since you are such good friends he doesn't mind. But now he will surely find a better place for his secrets and his pennies.

However, now your brother have learned how to break into these kids toys. He in turn have friends who own such boxes so he messes with his friends by opening theirs and finding out their secrets. He uses these secrets to poke fun at them and maybe even as leverage to stay on a competitive level with them at school etc.

"If you don't stop teasing me i will tell everybody about your secret crush on that girl i found in your safe."

And so, a cheater is born. You use the trick you learned from your brother to gain an advantage over others in the game of life.

----

Like i pointed out, this was just an example of how a "hacker" operates and how a script kiddie (your brother) takes advantage of your work to cheat others.

There are hobby lock pickers that pick locks on their spare time. Whenever a new lock comes out they swarm that lock to pick that too because it's a brand new challenge to them.

Just some random example video:

http://www.youtube.com/watch?v=ueNgC5_cEoA

And there are countless videos like it!

While hobby lockpickers generally don't use their lock picking skills to do bad things, others who are not of the same good character will use that same information to do bad things.

So, what does this story about you as a kid and hobby lockpickers and hackers all have in common?

Neither of them have access to the "source", you didn't have the blueprints to the toy safe your brother owned but you cracked it open none the less by trying to find a weakness in it's design.

Lockpickers know how locks work because they have disassembled them and looked at how they are made. They didn't see the blueprints but they looked inside and figured it out.

The Nazi army, Navy and Airforce in WW II had the Enigma machine. The allied forces managed to get their hands on one but it would be useless to them since the "key" to decoding the message changed on a daily basis. But knowing the flaw in the machine (one being, a letter never became itself when encoded) they figured out a way to minimize the possible combinations of more than a few billion possibilities down to a few million ones. And then they brute forced it with a machine called the "Bombe" made by Alan Turing.

Mind you, WW II wasn't a game... Real lives where saved and lost because the allies broke the Enigma code.

Once again, neither of these cases required the source code or blueprints to be broken.

-----

How does software work then? How can you reverse engineer a game so you can make a cheat work in a game that you have no source code to and no ability to modify out of the box with modding tools? You can't just poke and prod until the door just opens for you, right?

Well, you know what you want to have happen and you know something about how a game works already since you are so involved with the process. You do it as a hobby, the goal is to break into the "lock" and thus you have a life long experience doing this already. You know all the tricks!

A simple example (one that even YOU can do, there are plenty guides online on how) is hacking Minesweeper from Microsoft. You want to stop the timer in the game... Because then you will beat the game in 0 seconds and be the top of the leader board on that PC. (And there are other ways to do this mind you)

You know that the timer increases by one every second, you know that the timers value is stored somewhere in memory (called a variable) and that location has an address that the game knows, otherwise it would not be able to increase it every second.

So, you start a program (a tool designed to watch applications memory regions) and that tool has a feature that lets you find values that increase, decrease or stay the same among other things.

Knowing that Minesweeper is a 32 bit application you can assume the variable will be a 32 bit integer. So you set your program (hack tool) to look for integers that increase. It will now scan through the games memory and filter out all memory addresses that doesn't increase in value. You are left with a few thousand values, all jibberish to you as they range from negative two billion to positive 2 billion with change.

But, you know the value of the timer. So you filter out all values that are not equal to the timers value and you resume gameplay. You are now down to maybe 4 values, one of those values is the one you are looking for and you use the program to alter the value in real time to see what effect it has on the game.

Voila! You now figured out the value and it's memory location, you can alter it to read 2,000 seconds and you can (as you wanted) alter it to read 0 seconds.

But you are not done yet, you need to be able to change this value on the fly. Say by the press of a button. So you scan through the games memory for pointers (addresses that reference this location in memory) to figure out what is actually changing this value from within the game. Then you disassemble the games raw code (known as the Assembly language, that most hackers know by heart) and alter the way the game works by changing out the code.

So, you make the game set the value of the timer to zero and then you forcibly make the game not change that value anymore.

You have now successfully hacked your first game, you should be very proud of yourself and you are most likely left craving for MORE.

-------

Now comes the anti hack measures, they scan for activities on your computer that resembles these reverse engineering and injections/altering of code. If they find something suspicious they will kick (and ban) you from the game. Flag your key as a hacker and you will never be able to play online again.

But the hackers will have none of it! They find a new challenge, bypass the anti hack measures. And they do this the same way they hack the game itself. They hack the anti hack and forcibly disables it from making these sanity checks.

And so, the hacks keep on working and the anti hack measures are toothless as they "seem" to be operating normally but they are in fact doing nothing at all.

Once again, no source code required. No mods needing to be installed.

------

Another method that has been extensively used is reading the network traffic between the server and client, reverse engineering the structure of this traffic to determine where all players are on the map, where all their tents are hidden and where all vehicles are stashed.

Word got out that this was happening and there was no way to stop it from happening. Well, short of cryptography, encoding the traffic so it becomes unreadable to the average person with his simple hack tool.

But you see, that's the problem with client->server communication. Each side needs to know how to communicate with each other. One encodes the data and sends it and the other needs the key to decode the data.

Hackers find out where this key is stored in the games memory, reads the key and uses the key do decode the traffic sent between the client and server.

And the cheaters will now once more know where you are hiding, how many you are, what weapons you carry and so on.

All without source code or mod tools!

---------------------

I will finish with an argument for why having open source and mod tools is a good thing.

Server admins will be able to develop tools to catch cheaters. For instance, they can develop a tool that records players movements. If they can see that a certain player is moving in straight lines towards other players tents, vehicles or the player themselves it's a pretty clear sign that player knows beforehand where everything and everyone is. Strike them with the ban hammer and no amount of anti hack circumvention will save them.

If you can read the source you can also see potential problems and fix them.

While a hacker can do the same, he can see potential back doors and abuse them. But he will find those back doors with or without the source.

Now the average good person can find the holes and plug them instead of having to spend a life time finding the holes through reverse engineering to point out that there is a problem but have no solution on how to fix it because he doesn't know what code needs to be changed.

Thanks for reading!

[Michaelvoodoo25 3120]

Well put. precise and to the point.

[Burt_Reynolds 15]

One of the most common misconceptions in gaming development is that locking down mod-ability or not going open source is somehow going to stop cheaters, exploiters, hackers etc from breaking into the game.

In fact, lack of customizing and insight into the source is detrimental to the anti hack efforts. Please understand how game/engine development works and how hackers break the measures taken to inject their cheats into a game. Any game.

You hit the nail on the head my friend

Edited February 1, 2013 by Burt_Reynolds

[Vipeax 318]

Since when are only clients venerable to hooks (or even memory reading)? You could apply the same logic on the server-side to grab information from memory to draw a visual representation of all player activity on your server, no need for the source as the server has less anti-cheat to worry about too...

The big argument on closed source stopping "hacking" is wrong. The subject referenced here as hackers, is people using the standard scripting API to spawn items and the alike. There is nothing of a hack in there, apart from a possible bypass to circumvent BattlEye, which in some cases doesn't even deserve the term 'hack' either. Making the game closed source won't stop hacking at all, as the parts that should be called 'hacking' are being done in ARMA2/DayZ right now to allow the use of scripts in the first place (which covers like 95 to 99% of the cheats out there).

On the other hand, while a semi decent reverser will easily find all the required info for most of the populair hacking features, open source makes network exploits, full knowledge of classes and structs 100 times easier. Some numbers in memory really don't make sense till you see the actual source of that class, and suddenly these unexplainable random numbers become golden. ;)

[vonlinchen 26]

I completely support it being open, there is nothing more boring than having no user created content in a game. The most re-playable games on the market are source games, and its because they are filled with user created content.

I don't see why responsible server owners, such as myself, should be denied this just because of idiot kids who wouldn't understand the word balance even if it was the only word they knew.

Making it non-open source will not prevent hacking, at all. Do not delude yourselves, all you have to do is look at any AAA gaming title to see that...

I would also like to point out that the actual hacking is done by very few people and everyone else just uses their scripts/programs.

Public servers also have fundamental flaws that will never be fixed.

For example people server hopping for loot or kills.

I think restricting people's ability to customize their server is a big mistake and will drive people away from the game in the long run. If anything the dev team should be working on ways of supporting the open DayZ community and add better ways of filtering servers.

More content = more playability

Its as simple as that...

[dgeesio 1034]

maps maps maps

for standalone to survive longer than a short term it needs the other maps like namalsk and taviana . so yes mods for mas alrest not interested in as the mod/game is fine.

[Burt_Reynolds 15]

X0TCadde gave some great examples of the motivation behind hackers. With that being said whats the best way to combat them? This kind of question comes up a lot in my line of work in network security. Currently the best defense is a intrusion prevention system. It is an appliance or software that inspects the traffic and shuns it. Sounds simple right? Well no, sometimes the software is wrong and shuns legitimate traffic. The best way to manage this is to have trained humans who know the nature of the legitimate traffic to review the logs and determine if the traffic should be shunned. My point is, the best defense against hackers is well trained admins who have control over their servers to make the hard calls on banning hackers. This is why private hives have been successful against hackers.

[Meeshe 170]

Nope it shouldn't be opensourced. Its moving beyond mod status and becoming a game. The mod can and should continue to be, well mod-able, but lock down the SA.

[plrsniper 87]

Nope it shouldn't be opensourced. Its moving beyond mod status and becoming a game. The mod can and should continue to be, well mod-able, but lock down the SA.

Why should it be locked down just because it's "becoming a game" though? Do you want the game to be equal across the globe? That can (and is) already happening. You have the official DayZ servers and you have the private hives.

The official servers are almost helpless to the many varieties of cheaters out there. The private hives can have whitelists which filters out most cheaters because they are only after a quick rampage on a server they can easily access.

Then, private hives will cater to the many kinds of players that exist out there. Some like low vehicle count servers, having a vehicle becomes so much more special to them and those that don't have a vehicle will hunt those that have or leave the server because they are fed up with walking.

And there are those servers that have plenty of vehicles, some to the point of absurdity, which ensures nobody will have to walk from point A to point B very often.

There are servers that reduce the amount of zombies to save on performance for both the server and the clients. There are servers that have limited view distance so players with low end PC's can compete too.

While all of this can be turned into settings server side you will quickly find that there are several orders of magnitude more that the players may or may not want to have in the game. If it wasn't for the open nature of DayZ we wouldn't have Namalsk and all the other maps as alternatives thus far. We wouldn't have a few of the features that are part of DayZ today without customization.

On that note and relevant to this topic. Battlefield 1942 was mod-able. It spawned the Desert Combat mod and without that mod, Battlefield 2 would not have become the success it was, we might not have seen any more battlefield games at all. Interest in that type of game might not have been as high and ArmA 2 might not have become what it is today.

Lack of interest in the title may have kept Rocket from making DayZ and we wouldn't be sitting here talking about this to begin with...

Mods are a very important part of a title, especially one that is independent and doesn't have a huge flock of blind sheep that will line up at the store as long as the title contains anything like "Call of Duty" or "Battlefield" or has a Blizzard logo on it etc etc. All of these games thrived on the success of mods made for them, then they turned their backs on the core community and started releasing "just another game".

Mark my words... One day these kind of titles will be doomed to failure and their developers will have no idea why. But titles like Minecraft, ArmA 3 and others like it... Games that allow modifications and customization from the community will thrive as more and more gamers want THEIR game and not something some ill informed game designer decides to make.

Not saying Dean "Rocket" Hall is ill informed but eventually, he too will fall prey to making bad decisions whose counter complaints drown in the day to day rambles of the community. A decision that will destroy the title in the long run.