Some cheat-catching ideas

Kills per second. A person with weapon "A" can not likely be expected to make more than a certain number of kills per second. An OS will have the highest, I suspect, and a knife the lowest. By automatically flagging for observation any player getting a too-high kills per second with any given weapon, they could help catch some cheaters.

Similarly, TTK: A person with a knife shouldn't be consistently making kills with a 0.01 second TTK, for example.

ROF: Simple to monitor ROF and automatically flag ROF cheaters.

Physical speed: a REXo should not be capable of more than a certain level of speed, for example. Automatic flagging of players who are showing more speed than possible would narrow down the field of who to look at also.

Kill/death ratio. A player who scores above a certain number of kills in any given life, or who tried to thwart this by suiciding after a certain number of kills, can be automatically flagged for observation.

Enabling the devs to see the game as if at your screen, live. This will enable them to observer first-hand if you are cheating. An alternative is to take timed screenshots that can be looked at to ascertain if someone is reloading, getting too much health or armor, or what have you.

Ping, lag, and packetloss: Code can be included that can automatically or manually tests a player's connection to see if their telecom metrics are in line with reality. A player who doesn't seem to "lose" packets unless they are "damage" packets can be automatically flagged for observation.

Letting the player know they are being monitored: If a player's K/D ratio goes from 100/1 to 1/200 when they know they are being monitored, they could have cheats suddenly disabled. No one gets THAT much worse when they know they are being watched.

Litigation: Sue the pants off of sites that hook you up with cheats.

Devs ACTUALLY PLAYING THE GAME! Directly playing against the suspected cheater: If a dev, who has zero ping and zero lag is soundly defeated over and over by someone, this will be suspicious, and worthy of examination.

Enabling software to examine game files, on the fly, to check for tampering. If you somehow disable that, like refusing a breathalyzer, you're presumed guilty.

Encrypting the files would be one way to mitigate game file tampering. Releasing a newly patched batch of encrypted game files each week or month could DRASTICALLY decrease the amount of cheating. Not many hack sellers will spend the money on the supercomputers necessary to decrypt the game files on a weekly basis. This makes the selling of cheats unprofitable, because they will only work for a week before the seller has to gear up the supercomputer to brute-force decrypt the latest batch of game files. Each batch of game files would also be coded to one computer only, so that person's computer could only use that person's computer. Unique identifiers would not be hard to do, and would make hacking that much more difficult.

And, the best weapon of all: Devs who despise cheating to the depths of their souls, and who are assigned to eliminate it from the game.

I would like to see the ability for players to flag others for cheating/hacking. It could be just an interface-feature. Like you right click on someone's avatar, and where it says "Whisper, invite..,etc" also has "Flag for Abuse"

If there are enough of those on an individual at a given time then devs can look into that player

I really think that having to use a credit/debit card to create an account would get rid of cheaters. If you get caught hacking, your CREDIT DETAILS get banned, you cant create another account ever. Period. And people are guna have a finite number of people willing to share their credit card details with them :)

I have found that in F2P games such as America's Army, a cheater would get banned and be back in 5 mins with a new account. It just got silly.

I dont know how viable this is with an FPS but . . . . . . . . having everything serverside, firerate, spread, recoil, speed etc. makes cheating pretty much impossible. The only "hack" you can get with WoW is a speedhack, why? Your speed is adjusted clientside, the rest is serverside. As i said though is this possible on an FPS?

Yes, it is possible. PS1 used client side hit detection. I think the devs said PS2 will be a hybrid. And they are using an anti-cheat program as well as "other means", Smed said.

And you are right, limiting account creation to credit card would stop someone from being able to make a bazillion accounts and keep hackin' away. That's why PS1 reserves (trial F2P) was stopped. Because people could just create accounts without needing a credit card.

And you know what? They probably will make a credit card be required for an account so when you want to buy something in the cash shop, or buy credit for the cash shop, it will just charge your card.

My current credit card has a lovely feature that allows me to generate a random credit card number good for only one purchase. I'm not sure how common that is but it seems like it could poke a hole in the credit card ban idea.

I generally like what you wrote up, and I'm pretty sure SOE has considered most of this stuff, but I have some comments. :)

Kills per second.

Similarly, TTK: A person with a knife shouldn't be consistently making kills with a 0.01 second TTK, for example.

Kill/death ratio. A player who scores above a certain number of kills in any given life, or who tried to thwart this by suiciding after a certain number of kills, can be automatically flagged for observation.

Not exactly fair, but if it's only for the purpose of observation, I suppose it's OK. ;)

Enabling the devs to see the game as if at your screen, live. This will enable them to observer first-hand if you are cheating. An alternative is to take timed screenshots that can be looked at to ascertain if someone is reloading, getting too much health or armor, or what have you.

A few problems here:
1) The processing power wasted on recording video and/or making screenshots,
2) The lag resulting from uploading that video and/or images,
3) At least with Punkbuster, modern cheats (the ones I know of, sold for monthly subscriptions, at least), are reportedly able to determine when a cheat-protection snapshot is about to be made, and turn off all visible overlays like wallhacks etc.

If you just meant observing from a camera perspective, like an observer mode in typical multiplayer games, that would be fine, of course.

Litigation: Sue the pants off of sites that hook you up with cheats.

Somehow I think these types of "businesses" don't give much of a damn about primitive notions of "law", "property" and "consequences". ;)

Devs ACTUALLY PLAYING THE GAME! Directly playing against the suspected cheater: If a dev, who has zero ping and zero lag is soundly defeated over and over by someone, this will be suspicious, and worthy of examination.

I suspect this would be extremely time-consuming an ineffective, let alone tough to orchestrate in a massive game with a lot of enemies and friendlies about. Not to mention there will likely be a lot more potential cheaters online than moderators/observers/support reps available at that moment.

And, the best weapon of all: Devs who despise cheating to the depths of their souls, and who are assigned to eliminate it from the game.

I believe in what Smed said on many occasions, and think we're covered here. :)

My current credit card has a lovely feature that allows me to generate a random credit card number good for only one purchase. I'm not sure how common that is but it seems like it could poke a hole in the credit card ban idea.

Send me a PM with the details of that. I travel a LOT and would prefer to use that for my dealings on the 'net on the five continents I've been on lately. Nothing untoward has happened yet, but that is an awesome anti-phishing idea.

More to your point: yeah, I can see that being a workaround.

However, the idea is to place as many obstacles as possible in the way of cheating. This will make smaller and smaller subsets of people who can
A) Cheat so obviously
B) Cheat so long
C) Cheat so successfully

Even if we can't eliminate cheating, we can apply pressure against it.

PunkBuster (which will most likely be the "third party solution" mentioned by Smed) can ban users' hardware IDs (most likely the IDs of all hard drives installed on the cheater's PC). Now, I'm not 100% sure whether or not HDD hardcoded "real IDs" can be spoofed, but hopefully PunkBuster can somehow get around this.

Hardware bans are pretty extreme, and are only used by PB when it detects that a user was running software that interferes with PB itself. IF spoofing can't be used to circumvent this security measure, then the only way to get back into the game is to disconnect all hard drives and put in a new one, with a new system.

This would be a good solution, especially since the hassle of needing a credit card (or online "virtual credit card", or a cheap gift card) would detract some people who woul rather just create and account and play the game.

Of course, if I were a cheater, I would prepare a ghost partition with a fresh OS, all updates, drivers and PS2 installed, so I could get back to the game in an hour or so... But would it be worth it? Also, I would need a new HDD, anyway.

Problem is PunkBuster sucks ass, it also constantly runs in the background and invades privacy.

Well, Punkbuster, as a mainstream, rarely-updated piece of software, is likely about a million steps behind cheaters. Since it doesn't detect new cheats, I'm sure this would be SOE's job, but if it can at least be used for effectively perma-banning people for using known cheats, then it serves a vital purpose.

As far as I'm concerned, it invades my "privacy" in a completely irrelevant way. It's not like they would be storing information on what processes people are running, let alone combined with my actual private information. And I don't see if it's a real issue that it runs in the background - so does a dozen SVCHOSTs whose exact function you most likely don't know. :p It's software, it' got to work somehow... ;)

I just came off CoD 4 after playing for an hour and a half, I was in 4 servers all with punkbuster and in all but one round there was an aimbotter spinning in circles headshotting people through walls and across the map. I see this in BF2 and other games with PB as well, I have been kicked by punkbuster more often than I've seen hackers get kicked.

VAC is a far more effective hack protection, but some sort of credit card info is needed. The more unique information they have to give during sign up then the harder it is for them to spam accounts.

What could they ask for, information-wise that would be unique to the user, or to their computer, and would take time to enter, and would be hard to fake or change, and easy to detect and monitor?

Credit card info.
HDD info as mentioned above
Networking hardware info (SSID? is that what it is called?)
OS license number

Anything else?

As I said, you will have trouble knocking out the most dedicated cheaters, but it can be the case that the tipping point is reached where profitable websites can't be financed through Planetside cheat sales due to the miles of red tape involved in using them.

What could they ask for, information-wise that would be unique to the user, or to their computer, and would take time to enter, and would be hard to fake or change, and easy to detect and monitor?

Credit card info.
HDD info as mentioned above
Networking hardware info (SSID? is that what it is called?)
OS license number

Anything else?

As I said, you will have trouble knocking out the most dedicated cheaters, but it can be the case that the tipping point is reached where profitable websites can't be financed through Planetside cheat sales due to the miles of red tape involved in using them.

Network Interface Card hardware # is called the MAC Address.

Problem is, there's probably a way to spoof most of this stuff using hacking tools. But if the anti-cheat program is good and keeps up with hacker exploits they should be able to stop most of the spoofing.

Problem is, there's probably a way to spoof most of this stuff using hacking tools. But if the anti-cheat program is good and keeps up with hacker exploits they should be able to stop most of the spoofing.

Or track so many different types of IDs as to make it not worthwhile for a cheater to get back to a game and continue cheating. ;)

Another thing:

Once someone is caught cheating from an IP address, let's say 192:168:1:1, then they could fire him because that would mean he is there in the same building LOL, but, seriously, using that theoretical address, that address or a range of addresses from that IP could be watched.

The punk would then be more likely to be caught again, and again, and again, ad infinitum. Some people would find this pleasurable. Some people like me. Just the thought that I was making fair play more available more of the time would give me a definite level of job satisfaction, for sure.

If you ban someone's IP address, they will contact Support, claiming that they're a different person and have no idea why they're banned. Having no evidence against this claim, Support would just unban the IP.

If you fish out the local IP as well, they can either change the IP in the router's setting, or claim to live in the same building. Again, Support would have no choice but to unban the IP.

That's why IP baning doesn't take place in massive games. It can work on your favorite CS/TF2/CoD4/other server, but not in a massive game.

+1 Devs/Community Agents playing the game. If they are getting pwned by hackers, it'll be coming up at the next meeting for sure, lol!

But seriously, this is something that both makes an MMO successful and that a successful MMO is able to afford. On-going quality assurance testing and support.

Outside of an APB type situation, where the game had problems with hacking from launch, i would say this would at least have the most impact on players perceived level of hacking in PS2. Something which i feel is almost more important.

Definitely an important topic, due to the free to play decision.

Just ban subnet :P

MAC cloning or spoofing is way to easy.
If they ban the router/modem MAC, then that would be awesome. It's not so hard to get that with a CLi command, and only a dedicated hacker would go through the trouble of changing the gateways MAC.

PB DOES suck and I've gotten kicked for no reason.

VAC is good, from what i've seen.

give them OS License? LOL yea ok... because there are thousands of players using cracked version of windows, and most of them are gamers... good one.

I wouldn't be surprised of atleast six thousand people using a single windows 7 license with a WAT crack and updates turned off, and WGA disabled... not that I would know anything about that :rofl:

If you ban someone's IP address, they will contact Support, claiming that they're a different person and have no idea why they're banned. Having no evidence against this claim, Support would just unban the IP.

If you fish out the local IP as well, they can either change the IP in the router's setting, or claim to live in the same building. Again, Support would have no choice but to unban the IP.

That's why IP baning doesn't take place in massive games. It can work on your favorite CS/TF2/CoD4/other server, but not in a massive game.

Ah, but it would take time. And having to spend time while you get your IP ban lifted, PS support can use that time to run a scan of your game files.

And get you to run some PS-specific diagnostics that look for stuff they know cheaters use.

I think there are methods that could be used to, as I said, apply a constant pressure against the cheaters.

There are people who know far more than I do, so I'm throwing ideas out there.

PS1 had close to no support on this issue. I suspect PS2 will not suffer the same fate.

The cert system being an over-time thing makes the consequences for cheating gradually get more severe as they play the character more, as losing it loses the benefits of all that time playing. But it won't stop brand new characters or the flying MAX of Doom that we've seen in PS1.

I like the idea of flagging for abuse. It would help catch players that slip under the radar also because eventually they'll pile up a fair amount of flags and we can get the Eye of Sauron gazing upon them.

The flag interface should include a list of players you can click on so names like IlIlIlIlllIllllI are just as easy to flag as names like bob.

I also think it's important that outfit be included in the abuse flag to help prevent against abuse of the abuse flag, or give people a certain number of abuse flags per day. on the back end someone who does a lot of spiteful flagging can just be ignored on the system.

Flag for abuse is good. Puts power in the players hands so we arent entirely at the mercy of a system or petitioning to get rid of a hacker. It will make the jobs of those looking for cheaters easier as well since the flag system gives them a nice sorted list of who to look at.

History of flags should not ever be erased either. Just because someone who looked at a suspected cheater and didn't see anything doesn't mean that they aren't cheating so history should be viewed.

The right flag metric should also be used. Values such as...

- Total Flags received
- Flags per-unit-playtime received (divide flags by minutes or hours played). This is an important metric so you get the proper weight of playtime, as everyone will eventually accumulate flags over time. Blatant cheaters on new accounts will ahve very high number of flags-per-unit-playtime, while cheaters under the radar will have a higher-than-average number.
- Average flags per-unit-playtime across the population (excluding confirmed cheaters). Measuring what the typical population has in terms of flags will help spot abnormalities.
- Flags received in the last hour. This is a metric for finding people who might have enabled their cheats or are just blatantly cheating who are likely to get caught in the act. This just helps those watching to prioritize who they look at. Start with those with the most recent flag activity.

Also, someone should be able to flag another person multiple times, but only after a certain amount of time has passed (like a day).


I would really like to see this flagging system implemented & used by the anti-cheat service.

Well said. A sudden flurry of flags could result in an almost instant response from the devs, who would want to catch a cheat in action.

I really don't think cheats will be so prevalent this time around.

I really don't think cheats will be so prevalent this time around.

???????
HUH?!?!

Why would you think this?

???????
HUH?!?!

Why would you think this?

The indications that we have been getting from the devs. Such as SS and CS portions of the coding, not just all client side, as an example.

I didn't mean people wouldn't be TRYING to cheat. What I mean is that I don't think they will be so completely overrunning the servers unchecked.

Number one thing to stop cheating players is in line packet analysis of the network traffic. This would also give a massive edge over things like Anons doing a DDOS attack against planetside2 servers.

In short if we want to stop the hacks then we need real people on site in some form to look at reports, look at log files, look at screen shots, THEN BAN HAMMER THE FUCK OUT OF THOSE CHEATING ASSHOLES!!!

Some one mentioned VAC. The reason VAC works is because your game is tied to you steam account. If you get hit by VAC you have to go out and buy another copy of the game before you can hack on the same sever again. Plus if there are enough VAC bans against your account Valve starts to take a good hard look at your activities.

This isn't anything too important, just another reassurement (is this even a word?) that SOE at least wants to treat cheat protection seriously:
http://forums.station.sony.com/ps/posts/list.m?start=0&topic_id=88000028136***88000469104

This isn't anything too important, just another reassurement (is this even a word?) that SOE at least wants to treat cheat protection seriously:
http://forums.station.sony.com/ps/posts/list.m?start=0&topic_id=88000028136�

"reassurance"

"reassurance"

Thank you, sir. Me no speaky the English. ;)

someone with a simple knowledge of packet editing can cheat at the game... someone with a great knowledge of packet editing can be another rick rolled....

False.

I'll bet you a Large Stack of Money that the packets will be encrypted. Looking at them won't tell you anything. Changing them will break them.

Now, anything your computer knows how to ENcrypt, your computer also knows how to DEcrypt. Hackers will eventually manage to figure out how to decrypt packets if they work at it long enough. SOE can make this Very Hard, but they can't make it impossible.

So a simple knowledge of packets just isn't going to cut it.

And there's more SOE can do. They can change encryption protocols with point releases. They can change the order fields are defined in the packets, perhaps even with the preprocessor. So they can break hacks with every release... and if they're clever they can break the hacks in a way that they can detect, hunt down, and KILL. Say they just change the checksum generation. Now the old hacks think they work, but they're actually getting themselves flagged as dirty cheating whores.

So the devs wait a couple weeks, build a nice long list of accounts to ban, and boot all those fuckers. They can look at IP addresses. If no one but cheaters is coming from a particular IP, ban it. When someone comes along and asks for that IP to be reopened, you do so, and stick all players from it on a "high risk" list for extra scrutiny from the server.

Encrypted pack X that is sent doing Y action = packet.
Packet analysis (takes about 3 minutes) can show you what encryption they are using if it's a commonly known protocol OR. take 8 hours with a good machine, and run through decryption software... damncheaters have teams they PAY to do this... simply encrypting the packet will do nothing but slow them down a day.... they could do alternating encryption but it will cause lag.

So don't rely on network encryption. Have the software itself jumbling the bits around prior to giving them to the network to handle.

And I have trouble believing that standard modern packet encryption techniques can be so trivially broken.

Hmmm... actually I can think of a way that wouldn't even require cracking the game, "just" the OS.

I think im on the same page as you, I also realize they are ways to modify the OS to do certain things..... but that is why most game developer's dont go linux.... well not BECAUSE of it.. but unix based systems are very easily manipulated.

If you set the encryption locally, you are giving the bad guys ammo like no other... I'd say burst the encryption, remove it, add it back... this saves on netcoding and keeps the lag to a minimal.

You really want it all encrypted from day 1. Makes it harder to figure out your packet structures, even if all you're doing is reducing the number of people capable of taking a look.

You can skip it for some stuff... text/voice chat between clients, but for client<->server communication you really want crypto from the start.

Here is a radical idea.... use encryption based on the client installed.. the same way they use cd keys.... it causes nearly ZERO latency, and it will send out one byte of information differently for each user.... this will stop all packet whoring and no cheat engine program could work ever.... each person would have to cheat on their own...... now add your incremental encryption.. we have a win.

Elaborate, please.

Here is a radical idea.... use encryption based on the client installed.. the same way they use cd keys.... it causes nearly ZERO latency, and it will send out one byte of information differently for each user.... this will stop all packet whoring and no cheat engine program could work ever.... each person would have to cheat on their own...... now add your incremental encryption.. we have a win.

A: There's always a way to cheat. If you control the computer doing the encryption, you can (given enough time and effort) make it decrypt whatever it encrypted. You simply CANNOT trust the client in a client server game.

Which is why client side hit detection is so flawed. OTOH, I understand why they did it... detecting a hit requires a fair bit of math. No big deal for each machine to handle their own processor-speed wise, but trying to do it all on the server would require some major computing horsepower.

B: even if someone can't change packets, being able to see them often opens up various cheat possibilities. Knowing things you shouldn't... the positions of all the enemies within 50 meters of you, that sort of thing.