How to stop hacking in one easy step

[ChipNinja]

Ok, so given the fact that there are files on the client side which can be modified to create hacks, we need a way to prevent this from happening. As it stands, we can assume that as people are being reported they are being banned. However, this in itself doesn't prevent hacks from being used.

So, I would propose the use of some form of hashing to prevent hacks from being used.

As an example:

Code:

 
MD5 for "random text" = ff0c03a2a4cfca86a61f364a2263a32d
MD5 for "random txt"  = 69d7bee360e82e9c7c7cf0b375ec0b3b

As you can see, when hashing a file with a slight difference you get a completely different result. So how is this relevant?

Well, I suggest the developers implement a slight change to the game's login process. The first step would be to enable some form of hashing against files known to be changed when using a hack. So, when a user logs into the game, you have the code hash these files, and send the hash to the server for server-side comparison.

If a player is using a file with a different hash, they are disconnected from the game.

Now, while that's all well and good, it won't cover all the bases. In order to prevent people from joining the game, then replacing files after the game is running you would need periodic checks during play as well.

What about when the game is updated? Not an issue. Since the developers have the most recent files saved on their end, it would be too easy to keep an updated hash for comparison. A patch gets pushed out, the hash is updated, and there are no issues.

But wouldn't this be a big patch? Not at all. At most we're talking about around 30 lines of code if you use openssl. If you don't it will take more code, but shouldn't take very long to implement at all.

Wouldn't players be penalized for faulty downloads or the corruption of files? Only if you ban them. If your files don't match, you really shouldn't be playing the game with those files. If your file is corrupted, you could potentially see a lot of issues in the game - i.e. bugs etc. Since it would be impossible to tell which is the case by simply hashing, rechecking all the game files, and redownload of any changed/incomplete files would both fix issues with hacks, and faulty files.

[Wrecklin]

I agree with this change to help maintain an optimal equality in this game. It would be quick and easy to include into the game and take minimal space to maintain. This also has the ability to help progress the game in a much more fun environment. I myself have come across several hackers in the game during PvP, which is very frustrating, and I believe this element needs to be counteracted with some kind of hacking discipline. At this stage, something is better than nothing.

[Zara351]

This sounds like a really good solution thats easy to add in will improve PVP alot.

[SoKruul]

Yeah what he said ^ It's amazing the increased amount of Hackers that are running around in both PVP and PVE now but Mainly PVP is the worst. INFURIATING!!!

[ChipNinja]

Yeah what he said ^ It's amazing the increased amount of Hackers that are running around in both PVP and PVE now but Mainly PVP is the worst. INFURIATING!!!

The sad part is as long as there are no countermeasures or publicized bannings the number of people hacking will likely continue to increase.

[Smitch]

If it were this easy to "fix" hacking, I think a few dozen other games well known for being exploited would have gone with it and hacking games would be a thing of the past.

There is really only one way to stop this in one easy step.

DON'T HACK!

p.s. They did mention in the live stream that they have started issuing bans for cheating/hacking.

[AzzerUK]

The hacks - and this is the same for any and all hacks - are modifying values live in memory from random programs that can disguise themselves - rather than modifying files on your hard-drive (which would be very easy to detect).

The easy solution is to not let the client tell the server how much damage your gun is doing. The server already has the gun (and it's stats) stored server side - USE THESE! If the client tells the server it's done damage WAY above what the gun is capable of (based on max crit-multiplier of the target being hit etc.), then the server "knows" they are cheating.

[ShadowViper]

A quick way to stop hackers in one step?

Have all the people complaining about hackers delete their System32

Problem Solved.

[Schwa]

Considering how Trion has failed to meet its own standard of quality at launch in stability, content, and momentum, I very much look forward into seeing if they can meet their own standard of quality on exploits/third-party hacks.

The login bypass issue on Rift was solved within a week with coinlock.

[ChipNinja]

If it were this easy to "fix" hacking, I think a few dozen other games well known for being exploited would have gone with it

It is that easy if the hacking is taking place locally, and methods like this HAVE been used in other games.

and hacking games would be a thing of the past.

This isn't true by any means. There are multiple ways of exploiting hardware and software... I'll get back to this in a moment.

This game uses data from the client-side files. Using hashing is known as a lot of different things, checksum, crc, hash, etc. I've worked on code for games which have used similar systems, AND yes, there are also ways to circumvent it (then again no security is ever fool-proof).

Think about it like this - if you edit your save in a single player game you can add any sort of inventory you want. When you play a multiplayer game the saved state of your character isn't stored locally, it's stored on the server. This is done to prevent (direct) modification to your character.

From what I'm understanding of how the hacks work in Defiance its no different. While the character data itself is stored on the server, all the hit detection, along with the code for how weapons etc are working is performed locally.

Is it still possible to hack a game that uses some form of checksum, or only stores critical files on the server? Sure, but now you're talking about manipulating the flow of traffic to and from the server and/or editing memory as the game is running. You can implement counter-measures to this as well... but we're getting ahead of ourselves.

So, in the case of this game using some form of checksum would take care of the current hacking issues. That does not mean that there won't be more down the road. This method would not be suitable for all games.

There is really only one way to stop this in one easy step.

DON'T HACK!

That would stop it, but that's akin to saying you can stop crime by stating "DON'T COMMIT ANY CRIMES!" Unfortunately, while the statement itself is simple, it is largely ignored.