Gamespot has a story on a WoW guild that was banned for “wall-hacking” AQ40 because, well, let’s just go straight to C’thun, OK?
The usually insightful PlayNoEvil security blog asks “uh, isn’t that supposed to be impossible on an MMO? With, like servers and stuff?”
Hah. See, the whole “everything must be server side! the client is in the hands of the enemy!” gestalt is true. But the other side of that coin is that the more processing you can shuffle off onto the client, the less melting down into ash the servers get.
So, every MMO does SOME client-side wizardry, most of which is completely harmless if you hack it. Things like assembling text strings on the client, deciding which particle effect plays where, etc.
The trick is when you cross that line of “if the players find out, we’re screwed!” Or, more to the point, “if the players find out, we’ll ban them.” For example, speedhacking is a very common, and very difficult to defeat client side exploit in MMOs. In DAOC, the server simply did (and still does) periodic checks to see if a person is moving a bit too fast (ok, quite a bit too fast) and silently flags that account for a CSR to pop on and confirm, yes, this character is mowing down people at Mach 5, it’s time to convince him or her to play another game. (Of course, once players figured out this was happening, it was surprising how many people insisted that they were “hit with lag spikes”.)
So which is more harmful – a client-side exploit waiting to be discovered, or a server-side overload (something World of Warcraft has been plagued with, in many forms, due to sheer load) that prevents anyone from playing when the servers crash? And don’t say “none of the above”, because you missed Candyland back at the I-35 turnoff.
{ 27 comments… read them below or add one }
Just changing around the skins can be pretty cheaty. Especially in a pvp/rvr setting. You can make your most wanted classes easier to spot, etc.
This is why I dislike MMO’s in general. Games are no longer like toys that you buy and do with as you please, but more like fun rides and amusement parks. I’d much rather these “services” be rendered for smaller groups of individuals who play as they want to play. The idea that someone needs to curtail some kind of gameplay, regardless of how seemingly griefy, is extremely appalling to my world view…virtual or real. It is however sad that some individuals come to such dire straights as to have to cheat in order to have “fun.” In many cases however, it points to dire problems with the game design itself. Since when did running over vaguely descript landscapes for hours on end become “fun” in the strictest interpretations. Sorry…/rant
In terms of potential? I’d say client-side hacks. It’s easier to fix server load by throwing money at it. Client-side hacks, or rather the result of trying to fix them, could mean fundamental design changes in the game code and the way others play.
Still, I find that near perfect detection, banning, and reversal of hacked effects are just as good as prevention. Letting a wall-hack slip by is ok if it’s immediately detected, the offenders banned, and their effects on the game reversed all within a couple minutes.
“Especially in a pvp/rvr setting. You can make your most wanted classes easier to spot, etc. “
/nod Most mmo’s with a customizable UI already have pre-built flags in the .ini files so you can easily highly the developer favored classes….
With all the money WoW is saving on their distributed patch system, I’m even more disappointed to see they are going cheap on the server hardware as well. This only goes to prove that, like Microsoft, Blizzard’s success isn’t because they made a great product. Success in software comes from social networking. The more people you can get on board, the more people who will follow. And this, my friends, is why community development is important.
Nick,
I disagree entirely, consider that the hack being used here is of the client side movement variety.
Basically the way this hack worked is it removed an object from the client, allowing players to move through the world geometry in a way that would otherwise be illegal. basically C’Thun is directly below the first boss in the instance, so if you remove a part of the temple where the first boss spawns you can drop to c’thun below (bypassing the fights inbetween.) Yes this is cheating, no I’ve never done it, but I can see how it’d be hard to catch this server side (because the type of movement we’re talking here is very hard to flag, it’d be extremely computationally expensive to catch this type of movement server side.) The good news is, the system works. I bet they were flagged for investigation the first time C’Thun died with the Twin Emps still alive, they did get caught and they got banned for doing it.
I’d be way more disappointed if Blizzard banned first and investigated later – that’s way worse. Better to flag suspicious behavior, confirm it’s cheating, then ban. Anyone remember when bards got mass banned in EQ for speedhacking (incorrectly.) Verant thought they knew what the max travel speed was, but forgot that magical instruments could further enhance the potency of bard buffs (and so bards with high end magic instruments got banned by an automated process for speedhacking incorrectly, and it took Verant about a month to realize/admit the mistake, meanwhile a bunch of players got screwed out of a month of playtime, falling out of regular play with their routine groupmates, etc.)
Well to be honest I’ve heard this has been going on for months and months, there aparently is an easier way to get to magmadar in MC that was exploited almost a year ago. Well exploited isn’t really the right word … hacked and chopped is more correct. Which is why I gather is why Blackwing lair was designed as it was to counter some of the wall-hack style exploitation. (to those who don’t know, blackwing lair you make your way to the top of the dungeon to defeat the big boss mob rather than the bottom of the dungeon like AQ40).
Only hearsay of course
For a visual look at what happens …
http://video.google.com/videoplay?docid=-8633973161089723869&q=Aq+quest+Exploit&hl=en
What is installed is a pak file (remind anyone of Quake/quake2 PAK abuse?) which then fools the game into using a different version of the map file allowing the play to fall through the floor.
This is bad. This type of hack could reduce a years worth of content down to a couple weeks of effort.
I wonder if it has been “fixed” yet or not? The BC expansion relies on these types of encounters heavily.
Blizzard has actually been pretty lax when it comes to enforcement of exploit rules. How long did it take them to get the teleporting hunters out of DM?
Hell, there are many exploits that players use on a daily basis: exploits that have become common tactics. The cannon trick in Deadmines and the stone block trick in ZulFurrak at the basilisk boss are some of the most widely used.
Off Topic – Are you sure you used the word ‘gestalt’ appropriately here? I think ‘cliche’ might have been a better choice.
So. Eve.
The client is as dumb as a rock. Server performance has been terrible for the last, oh, YEAR.
It dosn’t even cache market data or map routes on the client. Yeesh.
Reducing the size of onyxia to make it easier to see.
Increasing the size of all reagents / ores to make them visible without tracking.
Also “harmless” client hacks.
I’m actually amazed that Blizzard hasn’t bothered to take more pages from EQ in this regard. There’s several methods to defeat this type of exploit (skipping content, not wall hacks) that EQ has used for a while. None of them check the client for cheats, they just make sure the content is being handled in the way it was designed.
1. Skip the path? No reward for j00…
A guild (I think it was FoH but not sure), back in the Luclin era, discovered you could grav flux up to Lord Seru’s room. Why bother with a long key quest when you can exploit your way in? Well, the server did a check to see if the key had been used and if you didn’t key up Seru wouldn’t drop normal loot. Instead he’d drop items like the Breastplate of Sad Exploitation (-99 to all stats). AFAIK this hasn’t been done anywhere since but it was cool to see devs think ahead.
2. Tethers. In Velious you could pull just about every mob to the zone line. A good puller could pull just about anything anywhere. Got pets? No problem! So tethers were introduced to keep big names sitting where they were supposed to be. If the mob goes more than X from “home” it warps back.
3. Progressive content. I’m amazed AQ40 doesn’t check this. There’s two ways to make this work
A. Make C\’e2\’80\’99thun summon any named mobs still alive to aid him. You don’t clear first, you wipe. Temple of Veeshan used this trick quite well.
B. Make C\’e2\’80\’99thun not spawn until you’ve cleared the other areas. This is the method of choice in EQ now. Can’t kill the boss because he doesn’t pop until you get to the end.
Neither method requires any special checks that would cause processor meltdown. A only requires an additional process to summon and B doesn’t need any checks, just a progression script.
discovered you could grav flux up to Lord Seru\’e2\’80\’99s room
That’s not an exploit, that’s using the game mechanics in the way they were designed. The designers got cute when they created Grav Flux and made it toss up friendlies. This is a part of the spell and makes it’s use to move over things fully legitimate. All because the designers are too stupid to think out what that might do to their game doesn’t make it an exploit to use it.
I despise stupid and lazy designers. The only thing I despise more are companies that think banning players for playing the game the way the game will let them play is good business.
You wouldn’t honestly maintain that what you’re saying is in any way applicable to the Overrated scenario?
Candyland would be the CA17 exit off of CA85. And it is nice, I lived there for a year… quite expensive but cloudscapes, redwoods and the pacific ocean come with a premium.
Very few games actually do proper server side physics. Turbine’s servers always checked and corrected your path of travel to avoid these types of exploits, and we paid a huge price for it. First, the server load, as has been pointed out, is much higher. Second, the average persons experience is much worse. AC1/2 suffered from all manners of rubber banding and rubber walls due to these checks. While they provided security against the people trying to cheat, they did so at the cost of the average users experience being much more frustrating. That never seemed like a smart tradeoff to me, but the alternatives also have problems.
Looking into it this is basically what the guild is saying. “We’re better then you so we shouldn’t have to follow the same rules.” Same thing that Conquest said when they got banned from EQ. Glad to see Blizzard taking a stand and not caving to the demands of a single overrated guild. Blizzard could easily of said “Oh our bad… we’ll let the players decide how our game should be palyed.” like Verant did with the whole Conquest banning back in EQ that I mentioned. I hope Blizzard keeps them banned and bans their credit cards also.
GG
>>A guild (I think it was FoH but not sure), back in the Luclin era, discovered you could grav flux up to Lord Seru\’e2\’80\’99s room. Why bother with a long key quest when you can exploit your way in? Well, the server did a check to see if the key had been used and if you didn\’e2\’80\’99t key up Seru wouldn\’e2\’80\’99t drop normal loot. Instead he\’e2\’80\’99d drop items like the Breastplate of Sad Exploitation (-99 to all stats). AFAIK this hasn\’e2\’80\’99t been done anywhere since but it was cool to see devs think ahead.
^^
text got cut off
anyhow, that was clever of SOE I though.
Apache said
Clever that SOE averted the exploit, but they lose points for rewarding the exploiter. Players will seek to experience content. Even rewarding them with a useless trophy is still a reward.
On topic: It sounds like the client is too trustworthy, but the exploiters were caught and banned. So the question is, is it okay to trust the client in cases where you can retroactively catch the bad guys and punish them? This seems to be the tact Blizzard has taken.
I also wonder if there were any members of the raid who refused to apply the hack, and were spared the ban. Is the server logging robust enough to see who went down and who logged or left?
I normally tend towards allowing stuff to be on the client, but things like *where your walls are* really needs to be server-side.
The keeps / towers in DAoC have this problem somewhat, although you don’t need to hack to get past them.
The items: http://lucy.allakhazam.com/itemlist.html?searchtext=exploitation
The reality: Once a game architecture has been built and deployed (and played for a few years), it becomes more difficult to go back and make radical changes to it. Having developers with a solid understanding of the weak points of the game engine is fairly important quality.
I’d agree that having trophies of shame isn’t the best course of action, but in all honesty, this could also be considered an easter egg.
Most of them got banned in DAoC too for radar, which makes it x2 funny.
Cheap servers? The particular piece of work that Blizzard decided to offload comes with a lot of overhead that you wouldn’t otherwise need the servers to carry. It’s like comparing the overhead of taking an extra sandwich into space on the shuttle vs the cost of launching a sandwich into space on its own.
It might account for less than 1% of the cpu load of each client playing the game, its not going to use *less* on the server, its going to use more.
That could easily mean an extra CPU per 100 players, and I’m guessing that enabling it on the servers could easily make it an extra CPU per 25-50 online players.
That might seem cheap to you, but the real expense is in operating costs – the increased power and facilities costs would be huge.
We really oughta have a security session at next years AGC. Some of the most interesting conversations I’ve had at the last few have been with other guys who have to deal with the stuff regularly; of course we’re always all paranoid of saying anything that might somehow wind up being mentioned carelessly in the wrong place and blam that achillies heel we’re praying will never get noticed will be out there…
{ 4 trackbacks }