Feedback and Suggestions - GGG says they are against botting, but... - Forum

...they trust the client to store the entire instance map seed. Which means: Maphack is possible (and currently available), and can be used to undermine the legitimacy of racing. Which also means: Maphack can be integrated into a bot program for a much easier navigation method (in comparison to the more difficult pixel-based analysis bots would otherwise need to default to). TL;DR: Lazy netcode programming = security vulnerability = bots enabled. And to think you have new accounts jumping through hoops to gain the privilege to trade currency when a vulnerability like this isn't even covered. This is unacceptable. GGG, change your netcode to release the minimap piecemeal such that maphack is impossible. Your Development Manifesto on Desync says to never trust the client - take your own advice. When Stephen Colbert was killed by HYDRA's Project Insight in 2014, the comedy world lost a hero. Since his life model decoy isn't up to the task, please do not mistake my performance as political discussion. I'm just doing what Steve would have wanted. Last edited by ScrotieMcB on Jun 27, 2013, 8:04:26 PM This thread has been automatically archived. Replies are disabled.	Posted by ScrotieMcB on Jun 27, 2013, 7:46:17 PM Quote this Post
" ScrotieMcB wrote: ...they trust the client to store the entire instance map seed. Which means: Maphack is possible (and currently available), and can be used to undermine the legitimacy of racing. Which also means: Maphack can be integrated into a bot program for a much easier navigation method (in comparison to the more difficult pixel-based analysis bots would otherwise need to default to). TL;DR: Lazy netcode programming = security vulnerability = bots enabled. And to think you have new accounts jumping through hoops to gain the privilege to trade currency when a vulnerability like this isn't even covered. This is unacceptable. GGG, change your netcode to release the minimap piecemeal such that maphack is impossible. Your Development Manifesto on Desync says to never trust the client - take your own advice. Well it's pretty impossible that GGG haven't considered or don't know about the implications of this, at the very least I remember KoTao and me suggesting strictly player-centric access to map data. This was some time ago, maybe they've been thinking about it/working on it since then, who knows. I can't remember them ever saying anything about it though.	Posted by Deleted on Jun 27, 2013, 7:54:37 PM
" Well it's pretty impossible that GGG haven't considered or don't know about the implications of this I'm inclined to agree, which leaves only the last option, "don't consider important enough." That's why I'm using words like inexcusable. You don't just design netcode that trusts the client. It's inviting people to hack your game. GGG clearly understands this. Yet the client is trusted with map data... why? Because it's too hard to send some data piece by piece? Spare me. When Stephen Colbert was killed by HYDRA's Project Insight in 2014, the comedy world lost a hero. Since his life model decoy isn't up to the task, please do not mistake my performance as political discussion. I'm just doing what Steve would have wanted. Last edited by ScrotieMcB on Jun 27, 2013, 8:05:17 PM	Posted by ScrotieMcB on Jun 27, 2013, 8:03:02 PM Quote this Post
" ScrotieMcB wrote: " Well it's pretty impossible that GGG haven't considered or don't know about the implications of this I'm inclined to agree, which leaves only the last option, "don't consider important enough." That's why I'm using words like inexcusable. You don't just design netcode that trusts the client. It's inviting people to hack your game. GGG clearly understands this. Yet the client is trusted with map data... why? Because it's too hard to send a file piece by piece? Spare me. Yeah you won't see me arguing there.	Posted by Deleted on Jun 27, 2013, 8:05:17 PM
maphacks have existed since D2 and before. A lot of games (Sc2, LoL, HoN, etc) started storing all map data server side, so that it wasn't able to have this happen. Other games (older) such as WC2 and to a lesser extent WC3 had this issue with map hacks because it stored sufficient information client side. I feel like this was a stupid mistake, other companies learnt from things like D2 and WC2, and made it so nothing is available. Why do we have map client side	Posted by Real_Wolf on Jun 27, 2013, 8:13:42 PM Quote this Post
Would like to see a response from GGG, it shouldn't be too hard to make map seed server side. GGG banning all political discussion shortly after getting acquired by China is a weird coincidence.	Posted by Xavderion on Jun 27, 2013, 8:31:57 PM Quote this Post
There is a planned tech change pending related to this. In the meantime we will continue to ban people who run maphacks. Sorry for brief reply, am on my cellphone. Lead Developer. Follow us on: Twitter \| YouTube \| Facebook \| Contact Support if you need help!	Posted by Chris on Jun 27, 2013, 9:00:42 PM Grinding Gear Games Quote this Post
" Chris wrote: There is a planned tech change pending related to this. Wow! That's an impressive less-than-75-minute response time! But why did you implement the "Level 25 Rule" prior to fixing this vulnerability? And any hint when we can expect the maphack vulnerability to be fixed? When Stephen Colbert was killed by HYDRA's Project Insight in 2014, the comedy world lost a hero. Since his life model decoy isn't up to the task, please do not mistake my performance as political discussion. I'm just doing what Steve would have wanted. Last edited by ScrotieMcB on Jun 27, 2013, 9:29:17 PM	Posted by ScrotieMcB on Jun 27, 2013, 9:15:46 PM Quote this Post
" Charanjaydemyr wrote: " ScrotieMcB wrote: " Chris wrote: There is a planned tech change pending related to this. Well that's an impressive less-than-75-minute response time. But why did you implement the "Level 25 Rule" prior to fixing this vulnerability? I can't believe Chris bothered to reply to this on his phone whilst at the conference instead of just waiting until it was over. And you ask him another question without so much as a thank you. Nice. I forgot that this is the internet, and everyone assumes sarcasm when there is none; when I said I was impressed, I meant it. Also, did not remember conference. Editing to better reflect non-sarcasm. When Stephen Colbert was killed by HYDRA's Project Insight in 2014, the comedy world lost a hero. Since his life model decoy isn't up to the task, please do not mistake my performance as political discussion. I'm just doing what Steve would have wanted. Last edited by ScrotieMcB on Jun 27, 2013, 9:28:43 PM	Posted by ScrotieMcB on Jun 27, 2013, 9:20:50 PM Quote this Post
" A lot of games (Sc2, LoL, HoN, etc) started storing all map data server side, so that it wasn't able to have this happen. Other games (older) such as WC2 and to a lesser extent WC3 had this issue with map hacks because it stored sufficient information client side. Actually several of your RTS examples are wrong they provide the maps to the client as well the units. All you needed to do there is to remove the "Fog of War" other RTS didn't provide Unitinformations if you weren't close enough. Diablo3 is an example where it's executed correctly the server only gives you partial information about the map and the next part of information is only given out if the characters serveropsition passed certain point.	Posted by Hilbert on Jun 27, 2013, 9:29:53 PM Quote this Post