Slashdot Mirror
EverQuest/Sony Fights Code Wars With Latest Expansion
The most recent expansion for EverQuest (Planes of Power) adds a lot of problem-solving quests to the game, so Sony beefed up the (long-since broken) encryption that they used for the client protocol. The expansion has been a major hit, pleasing some of the most critical voices in the EverQuest world, but one week later, the anonymous development team of ShowEQ had broken the new encryption. Read on for details of the ongoing battle over keeping secrets in plain sight.
First, the skinny on the latest EverQuest expansion, Planes of Power (PoP). Because this is an expansion chock-full of content for only the highest level characters in the game, Sony added some features that everyone would want (and thus, pay for): the ability to progress to level 65 (60 was the cap before); a new zone called the Plane of Knowledge which allows characters to moved freely to all of the old game areas and a feature that allows large groups to coordinate more easily. That's the carrot for the lower-end users, but really this is the first expansion to lock out even moderately experienced players in favor of large, strong in-game guilds.
Even so, the response has been almost all positive. Some players complain about the last-minute changes (especially the changes that made monks and druids less powerful in the high-end game), but those who are taking advantage of the new game areas are happy with the reduced time required for encounters and the fact that the game rewards strategy more than ever.
Planning, attention to detail and a fanatical focus on getting past every challenge that Sony presents are important in-game, but Sony is less than pleased by programmers who are just as happy to approach those challenges from outside of the game. Using Linux and Qt, ShowEQ is a packet sniffer that watches the EverQuest client protocol and displays a map of everything that the Windows client is privy to, but may not disclose to the player. Years ago, the ShowEQ developers discovered a weakness in the encryption that the client uses, and they have been able to reliably interpret the data ever since.
With the PoP release, Sony improved the encryption so that it used a larger key which was more securely chosen. At first, the talk on the ShowEQ IRC forum was gloomy and the normally secretive developers cloistered themselves off from the the group, returning only rarely to proclaim the difficulty of breaking this new scheme. The protocol is not unlike that used by ssh or SSL. A public key is sent from Sony to the client, and the client uses that key to encrypt a random session key and send it to Sony. Theoretically, this approach is open to only a limited number of attacks, all of which run the risk of being detected by the client.
A former ShowEQ developer who was hired by Sony was reported to have said it's over, "you'll never break this"... One week later, the new version of ShowEQ was available via CVS and was working again. The new keys were vulnerable, it seems, to an even simpler form of analysis and the result was simply that ShowEQ worked significantly faster. In many ways, this seemed to simply be a "bonus quest" that Sony threw into the PoP expansion, and it had been beaten.
On Thursday, October 31 ShowEQ broke once again. The protocol now compresses key data to prevent the analysis that was limiting the keyspace that has to be searched. As of this writing, ShowEQ no longer works passively, but this escalation is not over. The latest version allows a user to input the key directly, and developers are hard at work, trying to find further weaknesses in the key generation and/or exchange. The developers are even starting to question the long-held, unwritten truce that they maintained with Sony. The idea was that if Sony did not make decryption require a Windows-side component, there would never be a Windows version, limiting the use of ShowEQ to those capable of getting ShowEQ working under Linux. Now, the party line is, "there is absolutely, positively no reason not to have a WinSEQ."
The technical details are interesting, but the social and legal details may take center-stage for a while. The seq team is trying to figure out what they could put on the client-side without being detected and that brings into question the legality of Sony scanning running processes and reporting back. There's also the matter of Sony's rather astoundingly harsh EULA that tries to preclude activities like this in every way that it can (though the legality of click-through EULAs is still a hot topic).
One problem with this escalation is that, like another product (TiVo, which is partially backed by Sony) the very people subverting the product and making it more than the creator wants it to be are the best customers. In terms of EverQuest, they are often the ones maintaining several accounts and/or spending extra money for the "Legends" service. How does a company contend with a market where your best customers are also your most resourceful? With the TiVo, there was an uneasy understanding between the company and its modders. Sony has broken that balance with EverQuest.
Now that Sony has crossed this Rubicon, it is quite likely that ShowEQ will be ported to Windows and hundreds if not thousands of new users will be introduced to it. Was that Sony's goal? Certainly Prof. Felton showed us that such a battle is ultimately futile. Why does Sony want to fight it again on yet another front (remember that they are an RIAA member)? Is there any financial justification, here? Does mapping software really threaten the game more than the many in-game exploits that the high-end encounters suffer from?
PoP is a finely crafted fantasy gaming experience, but Sony has once again chosen to spend extra time and money hurting themselves and their market. Perhaps their competition will not make the same mistakes.
Raph Koster's rule of "the client is in the hands of the enemy" seems to have been forgotten by EQ's developers- if ShowEQ is such a problem, it's time, perhaps, that they stopped telling the client all these nasty things they didn't want it to know. I mean, I first remember ShowEQ coming 'round *3 years ago*. Why they haven't simply made the client ignorant of things it shouldn't know in all this time is beyond me.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
This article paints the ShowEQ developers with a rather sympathetic brush. If these were aimbot developers for q3 or ut or cs, wouldn't we totally revile them? What is the difference?
Maybe there should be two sets of servers, one for all the ppl who want to play fair and play against ppl who are playing fair; and one for cheaters, and those who want to reverse engineer the protocol, etc.
Laugh at my Lisp and I keeell you.
A very well written and informative article. I'm intrigued by the story of ShowEQ -- and the fact that Sony seems to want to protect their system by deciding what users can and can't run on their computers. It reminds me of the video player that uninstalled Ad-aware automatically, claiming that running it wasn't allowed under its license. I don't believe that such things are really legal -- are they not an invasion of privacy and an illegal search? (Alas, the Constitution's protections against this in the US are only applicable to the government itself, but such practices, I feel, are going too far) Sooner or later, I think, Sony will be dragged into court over this and sued. What if, for example, they use their little spy applet to suck data off someone's computer that gives them an advantage (a competitor's computer that had confidential information, for example?).
I am, though, a little surprised to see that the ShowEQ people haven't been sued under the DMCA. And I'm glad they haven't, because what they are doing is reverse engineering and they are not actually hacking into the client or the server, so it is legal. They are not trying to pirate the game. They are merely trying to see what exactly their computer is saying to the server and what it is receiving from it. A perfectly fair thing to do, I think, because it IS their own property and the owner of it has the right to know what exactly is happening, so they can choose whether or not to run a given application instead of having to trust the programmers. Checks and balances.
Note: I don't play Everquest. I call it EverCrack, actually. I don't play games that I have to pay a monthly fee for. I prefer to play single-player games, or sometimes multiplayer, offnetwork, with people I already know.
i am a soviet space shuttle
In EverQuest, the license agreement must be accepted each time you start up the game.
/played time, you've seen that license hundreds of times. Whether or not you've read it is illrelevant, but you've willingly clicked yes to it hundreds, if not thousands of times.
No auto-yes option. No "I understand and agree, don't tell me again" option. You [b]must[/b] click "I Accept" every time the game EXE is called.
If you've accumulated any significant level or
I'd say that makes it pretty binding.
The big advantage people get from decoding the zone information is the name, and to some extent, the position of monsters all over the zone. If Sony changed EQ to only send data about monsters that are near you (within a reasonable distance) there would no longer be a big reason to decode the zone data. 99% of what you'd be seeing you could also see by turning in place, and clicking on each monster.
:)
Due to how the servers are setup however, it seems to be more efficient for them to send out all the monsters, rather than do the range calculations and just send the nearby ones.
My prediction, if a Windows version is released and becomes widespread (and I consider the latter likely if the former occurs), is that Sony will, finally, bite the bullet and change the code. It's not quite as straight forward as I may have made it sound, as there are some other systems (such as tracking) that will have to be significantly rewritten as well. However, if they really want to stop people getting at this data, really the only way to do it is to stop sending the parts that aren't needed.
Or, more to the point, the thing *Sony* fears is a weapon to be held against them. If you suddenly have every EQ idiot using SEQ on their 'doze box, and they ban them (as Sony said they would) then they lose money. Or, they have people cheating rampantly. Either way, Sony loses. Bad move for them, I say. Leave well enough alone.
Nice quote. I would guess that you're a Rush fan, but then I noticed your name. OK, so I *know* you're a Rush fan. =)
According to the Sony developer that everyone talked to, the changes that Sony makes to the encryption only takes 20 minutes or so. I believe that part of that time included remaking about 5 different binaries with the new code. Sony just has to change the 5 or so #define's on the encryption and everything breaks. Also, according to the same developer, Sony will not spend much time on breaking ShowEQ until management decides otherwise.
How ShowEQ is fighting back is very interesting. Encryption information is stored at a preset offset in the client. About a month ago, SOE changed it so that, on NT/2000/XP boxes (this didn't effect Win 9x), other programs (even on accounts with "Administrator Access") couldn't read that memory space. However, ShowEQ developers eventually got around the limitation by making the key reader run as a service on the NT LocalSystem account. This service can then send the key information to the decoding system.
As for WinShowEQ, I have sources that have told me that WinShowEQ is an easy port to make. If they are serious about making it and releasing it, expect to see it sometime soon.
-Valen
I hear all of your posts, about how they should get a life, blah blah blah.
I myself played everquerst for about 18 months on and off. I averaged 15-40 hours a month, depending on the month and how I felt.
Everquest "zoned" me, to another world. In our(Non-eq) reality, it left me behind a computer, with closed curtains, fighting and sweating while in battle.
When I was 17, I robbed a firestation, got a drinking and driving minor, and sold adderol (Meds for ADHD) to my school peers.
By the time I was caught I had 30 felonies(Possession with intent to distribute in a drug free (school) zone.), and 50 years in prison staring me straight in the face.
I lost my license and was on house arrest for over 4 months.
About a year later, I was accepted and attended one of the top engineering schools in the nation.
Now, my question to you, is: If I can't spend my time playing EQ, and raising my daughter, do you want me selling a perscription legal meth to your brothers and sisters?
Don't get me wrong, I'm well past that stage, but I'm sure if I did not have habits that keep me home, or somewhat entertained, I'm sure I could find something to do outside in a city of ~3 million people.
I have not done drugs in 6 years, and have drank about 24 beers since I was 16.
I save TONS of money, $15 a month is a lot for EQ sure.
But consider what it saves you.
If I'm spending 40 hours of afterwork/weekend time on this game, I'm not eating with my friends, I'm not buying gas driving around.
I'm not doing anything that will harm you.
Sure some people will kill themselves over this game, just like some willl spend $9000 on a character on ebay. But that's evolution. If they killed themselves prior to reproduction, we won't have to worry about those genes surfacing for at least a little while, but hopefully they will be rid of just as fast.
I'd rather have joe schmo killing himself(maybe a few others) because of distress from the game, than driving with his drunk buddies at 1:00 at night while I am on my way to drop off my daughter at her mother's house.
It is more probable Joe kills me while driving drunk than if I was an innocent bystander near his EQ game.
Firstly, no matter how you paint it as creative coding and a good hacking & cracking job at the code, it still is cheating. What the article failed to mention is what else the ShowEQ program does. It doesn't just show a map, it also shows all the monsters in that zone. So, someone who has that can walk through a very dangerous zone, unhindered by evil beasties should they desire. Or perhaps they are hunting the elusive Gobbleygook dragon, and they can find it within minutes. If Player A uses it and starts gaining levels and platinum faster then Player B, who elects to do it normally, what happens when Player A decides to attack Player B? (assuming this is on a PvP [Player versus Player] server) It is cheating, plain and simple. Like Microsoft's closing out of modders of the X-box (And as much as I am loathe to agree with MS on anything, I must on this), Sony is trying to keep the game fair for everyone. I wouldn't want to play a game where people could cheat like that. Who knows, now they can see the map and monsters....what's next?
As to the Click-thru EULA, I think that with the way that they force you to think about clicking on the button, it is legally binding. However, I still don't like the idea of companies attatching unreasonable things to their EULAs. Next thing you know, MS will be asking for the soul of your first-born in the Windows EULA, and a sacrifice of your spouse in the Office one. But the question is, would a clause against cheating be a fair addition to a game where dozens of others are paying to play? Your cheating makes it a worst deal for those others who pay and play nicely.
And no, I don't play EverCrack...I just know lots of people who do.
.sig: It's what's for dinner.
Although I have played EQ off and on for the last 3 years or so, and have heard of ShowEQ, i never really knew what it was used for. I dont have a Linux box, so it didnt make much difference for me. What does concern me about this is that with a windows version, the program can and will become far more widespread. I would compare it to the recent developments in the diablo II community.
There has always been trade hacks, and this hack, and that hack, but to execute them, you usually need packet sniffers, have to understand how the program works, and basically know what you are doing. Every once in awhile, one would come along that was easy to use with some fancy UI and mass chaos would ensue.
Anymore, most players use Pindlebots or Mephisto bots, to just endlessly kill those bosses over and over for hours on end, hoping for some uber item to drop, and in the meantime racking up exp. They are extremely easy to use, just run the executable, configure the config for your character, and it does everything else for you with zero interaction. Now, you can't create a game without having to wait in line on the USEast Realm, and you can get just about any item you want in the trading channels.
I ran pindlebot for two weeks, and in that time, i got alot of the best equipment in the game. It seemed nice, to have this great character, but ultimately it ruins the game, because you have the best equipment, theres no challenge, theres no point in playing the game anymore.
If ShowEQ does get ported to Windows, I can only imagine similiar situations like this arising. The masses start using the program, and ultimately the legitimate players become too frustrated and leave, and the players with the cheat / hack / dupe / whatever ultimately become bored with the game, and a game that was once a great way for people to pass time becomes the playground for the people have ruined the game.
The Man in the Middle attack is one of the oldest and still most effective attack on public key encryption.
I don't know all the details, unfortunately. They may very well have tried this already.
Pardon me for posting anonymously, but at this point I don't QUITE feel like losing my account... which wouldn't be so bad if I could give the character to someone else. But, I digress.
/loc system, and Sense Heading never told me much except where I was facing. Without a map to tell me where the hell I was, I was lost and useless. This game is absolutely worthless to me if I can't figure out where the hell I am. Other games such as World of Warcraft come with a built-in map function, so I really wouldn't need a packet sniffer for it. But for me, in EQ, I need it to play. Otherwise, I'd just cancel my account, and Verant/Sony would be the ones to lose, because they would not get my money.
I use ShowEQ. Does this make me a cheater? Yes, in the strict sense of the definition, it does. Here's comes the more important question: would I still play if I didn't have ShowEQ? No, but not for the reasons you might think.
I do not use ShowEQ to benefit myself at the expense of others. If I was playing on a PvP (Player vs. Player) server, that might be one thing, but I do not. When the packet decryption was working, I would use ShowEQ to avoid monsters that would assuredly kill me (I'm not a melee class.) I also used it to track down the location of groups that invited me, track how much experience I have left to level (as an iidle curiorsity), and find friends' corpses. None of these helped me at the expense of others; in fact, one might argue they helped in others' benefit.
Much more important, and this function still works without packet decryption, is that I use ShowEQ as a GPS. I have a horrible sense of direction in these games, and a lot of the time EQ's terrain in a zone is uniform. I could never get the hang of the
In the end, yes, you could say I cheat. But maybe, just maybe, if Verant made the game a bit easier for me to figure out where the heck I was, I wouldn't need ShowEQ. I can't be the only one with this problem; there are a LOT of us ShowEQ users out there. (We may not admit it, but we're out there.) As it stands, I really enjoy playing EQ, and helping out my friends. If Verant wants to lose me as a customer over this, that's their loss, not mine. (Friends of mine will tell you that while I like the game, I'm not addicted.) And for those of you who condemn me for being a cheater... well, go right ahead. But I still say that I need the tools Verant provides... not for my own score and glorification, but as a basic aid to help myself and others.
Flame me all you want. Mod me down.
But anyone who doesn't condemn the actions of this group is no better than them.
This game belongs to Sony. They make the rules, so either play the game as its creators intended the game to be played or don't play it at all.
If you think that this app is a valuable addition to the game, convince Sony to accept it and help those wankers develop it. If they say no, then just go away. It's their game.
Otherwise, you're no better than the people who exploit the in-game weaknesses. A cheater.
/. Where the truth
Every MMORPG I have played has started out not nearly as thin as it had to be, and nearly all have had to undergo significant redevelopment to rectify this matter.
EQ can be forgiven for not knowing this at its start (it was one of the earliest MMORPGs) but it's had a long time to learn from its own experiences and those of its competitors.
Assuming that everything known by the client will be known and exploited by the players using it would seem to be the safest rule.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
Asheron's Call has been like this for years. There's a program called Decal that intercepts and can forge packets between the client and the server. It exposes them through COM to a plugin architecture, allowing people to easily create plugins that interact with the game.
On the one hand it could considered cheating, but at this point, most people seem to run it and it's made some fantastic things possible. For one thing there's a plugin called ACArm which allows figures out how to switch between armor profiles at the touch of a key, much more easily than figuring out the right order and dragging and dropping manually. There's another called Robochef that automatically does crafting. And one of the oldest and best known, Sixth Sense which can scan for items/monsters/players etc. is almost required for some challenges in the game. (Find random spawn monster somewhere out in the wilderness.) It takes much of the tedium out of a game that's supposed to be fun.
The down side, though, is that people have come up with money making trade skill macros where you just load up your character with enough starting cash and some of the ingredients, and it crafts a bunch of items, sells them at a profit, buys more ingredients and continues. That inflates the economy a bit, though not much it seems. Worse, some people have made combat macros that automatically camp a spot and kill all the monsters. It's very annoying to be running around in a dungeon and finding a mage perched in a corner stealing your kills. (Combat macros are now a bannable offense under the CoC, however. Also, the Decal devs are very anti-combat macros.)
Anyway, I know that's AC and not EQ, but I just thought I'd mention that as an existing example of where this can lead. It's got its down sides, but it's mostly been a good thing for the game.
Years ago, Ultima Online had a pretty egregious cheating application called UOExtreme. It let you do all kinds of special stuff- run faster than normal, see hidden people, get an automatic readout of damage you did to players, and have general interface improvements that allowed you to play the game more efficiently.
Well, people got banned for UOE use for quite a while, but the thing that killed it was that the UO dev team simply emasculated it and made it no more than a device for the delivery of trojans.
How did they do this? Clever engineering and greater awareness of the needs of their playerbase.
Fastwalk was fixed by making walk packets require a response from the server before moving the player.
See hidden was fixed by just not telling non-GM clients where hidden players were, and disallowing attacks and other operations on hidden characters. Invisibility was handled in a pretty slipshod way beforehand- the server just told the client, "hey don't show this guy."
The automatic damage readout was just integrated into the client, with the addition of Starcraft-style health bars showing the damage level of your current target.
The interface improvement issue was solved by the legalization of a similar program called UOAssist. Many operations in UO rely on an extremely clumsy interface requiring many mouse clicks and movements for actions that should be far simpler. UOAssist changes this, offering somewhat of an "expert interface" for the game. UOAssist's author sends all program changes to UO's developers to be examined before release.
Come to think of it, you probably know all this stuff already...
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
The comparison to TiVo is an interesting one. TiVo's policy is that they will gladly look the other way for some hacks, and in fact even make some of the hacks as easy as possible to pull off, in exchange for being able to declare certain hacks off-limits.
Specifically, they make it easy to upgrade a TiVo with a large hard disk by designing their single-disk designs to have a place where the second disk can fit nicely in the box. They also it possible for users who want to accomplish their "daily call" over the Internet rather than a phone line by just happening to leave the server that handles those sessions at an Internet-accessable location rather than requiring that the only way into their network is through their chosen dial-up providers. The company sponsors (but does not actually run) message boards at TivoCommunity.com where hacking discussion is encuraged, and people can compare notes and share experiences.
The tradeoff is that there are certain hacks that the company does not want to see made, and will not allow the TivoCommunity.com boards to discuss. There are the hacks that would either harm the company, like any hack that would provide another source of listings, which would eliminate the need to subscribe to TiVo's listing services, or any hack that would allow content to be extracted from the device which would surely bring down the wrath of the MPAA and friends.
By allowing wide open back doors into their system, TiVo has been able to direct hacking efforts into the areas the company wants to see them go. Yes, there are a few people trying to drill through the concrete and get the "forbidden hacks" to work, but their numbers are few and they operate in obscurity compared to the company-sponsored forums.
It's a total 180 from Everquest's "Thou shalt not hack us!" perspective. TiVo's offering carrots, Everquest is using rather ineffective sticks.
The phrase "most resourceful" in the article is a rather thin disguise. The author is trying to say "Sony's best customers are also the ones most capable of becoming cheating bastards with the potential to ruin the game for the wider and less technically adept player pool."
Hacking the protocol is great, nothing wrong with that. Actually USING the hack during public gameplay is cheating, plain and simple. I personally don't think it's something the courts should have to deal with, but it's still a game exploit and rampant cheating has ruined more than one online game in the past. Sony has every right AND THE OBLIGATION TO IT'S NON-CHEATING USERS to do whatever it can to hamper efforts to use game cracks/hacks/whatever to gain an unfair advantage over other players.
That said, Sony better come up with something other than legal action in their efforts or they will suffer an amazingly embarassing loss. Short of pulling the game off the shelves, it's unlikely they'll actually succeed in "winning" this battle.
There are many things that the client MUST know, for performance and usability reasons.
:-)
Every request the client makes for information means another round trip access to the server. Another complex decision by the server whether the client should be allowed that information. When you have 100K users online, making requests like that dozens of times a second, it can get JUST A TINY BIT LAGGY.
To alleviate these issues, the server sends some information to every client. The game map. The nearby creatures that the client may need to render at any moment. The current statistics of all the players equipment. All this information the client NEEDS to know.
Here is an example of one thing people often think the client does NOT need to know... creatures that are behind a hill, or not in the players cone of view. However, what if the player whips around to look behind them? How disorienting and unplayable would it be if every time you turned it took half a second before you saw ANYTHING other than terrain? As for obstructed creatures, would you want to go around a corner in a dungeon and not see anything for half a second until the server caught up? Not to mention the exhaustively difficult math required to accurately determine whether you have line of sight to something or not.
Thin clients DON'T WORK. At least, not in MMORPG's. Works for MUDs though. If you don't mind, I'll be going back to my DikuMUD now.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
I think the only factor that prevents a Palladium-based security model from being applied here is the fact that if they did that, they would have to make Palladium the only platform on which the game is available. Microsoft has quite a lot of skeptical people to sell on that concept before that becomes a viable business decision.
I've been playing Everquest for nearly 2 years, my husband for nearly 4 years. It is a remarkably cheat-proof game. Nothing that ShowEQ does for people really impacts us. In fact even though we have never used it and never will, it's helped us because it supplies information to the people who supply it to the sites that we go to for information.
The creators of Everquest have not allowed item duplication cheats, item stealing cheats, run speed cheats, etc. such as those described in the article referenced. In fact everquest "cheats" are things that you can do in game anyway: tracking (get a ranger of any level, or a sufficient level bard or druid), see invisible (a spell that takes hardly any mana, that casters all get at fairly low levels) etc. And things that everyone benefits from, not some unfairly (knowing what spells are available, what each spell does).
Unlike other online games that I've played, Everquest hasn't been ruined by cheating. It's also fun for all levels, and though its true that those starting today may never catch up with the uberest players, that doesn't matter: it's fun at all levels. It's fun from beginning to end. It isn't about winning, it's -- like a tabletop rpg -- about playing and having fun.
I don't think ShowEQ or its like applications (EQWin, that lets people play everquest in a window) cause any harm or help really. They are nice for people who like that kind of thing, but they are not cheats that ruin the game for everyone else.
Maps are nice, but there's maps all over the web and freely available to anyone who cares to look for them; there are maps for sale by Sony in an official EQ Atlas as well.
Basically, it's an excellent game that was well designed from the beginning to make sure the server took care of all important information exchanges. When there are occasional client side cheats allowed by new bugs introduced by a patch, they're always fixed super-fast.
There are things Sony has done not that well with Everquest, but allowing cheaters to ruin the game for the rest of us isn't one of them.
Writing is the only socially acceptable form of schizophrenia. (E. L. Doctorow)
CPU time costs money, the more CPU time they burn on the server, the more money it costs them in terms of CPU time.
OTOH, client machines have tons of CPU cycles that they aren't using or don't really need. The more you can offload to them the better.
Cheaters can ruin a game for a lot of people, and people upset at cheaters leave and cost sony money.
So it becomes an optimization problem, (in the statistical sense, not the computational one).
Do enough to prevent cheating so that you wont lose more customers' income then the cost of the server load that's caused by your anti-cheating software.
Throwing monkey wrenches into the cheater-coder's work is a very cheap way to prevent cheating that changes the equations around.
autopr0n is like, down and stuff.
When I used to play on normal blueservers, I would use it all day long and it didn't bother me. There was many places where I just got lost running through it. No matter what I did, I got lost, so seq was my guide.
Well, 4 months ago, I got bored of the blue servers, and headed towards PvP. (Sullon Zek) I was using seq as a basic idea of where PKs where and such, or knowing someones level when I zoned it, to know if I am gonna be screawed. But, right before PoP was released it started getting insaine. PKs would zone in, they knew where you where, how your HPs was (if there kinda close to you, around the corner, where you can't see em) Suddenly, you didn't know what hit ya.
Each zone has some nice hidding spots, which can only be found by a druid, ranger or bard. (Those with a tracking skill) Its kinda funny how a wizard comes running from across the zone to that spot where you are. Durring which time, I shout hey, hows seq working for ya ?
Since its more or less broken now, requires you to run some programs on your windows box that are very risky, very few people are using it. People have to use there real game skill. Honestly, its much nicer that way. Belive it or not, I really hope they find an even tougher form of encryption for it.
Those who flame me from carebear servers, go try PvP before you open your mouth. You will soon learn how harsh of an enviorment it is. Things like seq make it really suck.
until (succeed) try { again(); }
Netrek figured this out about fifteen years ago. The source is open, so it was assumed from day 1 that clients couldn't be trusted. Attempts at client authentication were added later, but those were add ons (and could be and were subverted), they weren't the prime means of preventing cheating.
The strength of the Netrek model is that the game was designed from its infancy to send exactly and only the information that each client needs to display what it's supposed to be displaying. For example, cloaked units are supposed to be shown as unidentified contacts and on the galactic window only, with erratic position and irregular updates. One of the first things a hacked client developer will do is to display them on the tactical window as well, and there's nothing that the design can do to stop that. Also, it's not perfect; an ID is sent for the cloaked units, so the client can show what they really are. However, the server does only send irregular updates, and it flat out lies about the position, heading and speed of the unit, so the client can only show so much.
One of the most controversial design decisions involved torpedo weapons. The servers sends "start" and "end" packets, but instead of sending speed and heading and letting the client handle movement of the weapon, it sends regular "position" updates, with a jitter built in. This increases the bandwidth requirement significantly, but it means that the client doesn't know the exact speed and heading of the weapon, so can't make an easy calculation about how to dodge it.
The Netrek model is replete with decisions like this. There are a few snafus (like the cloaked ship ID), but in general there is very little that a client can display that it's not supposed to. And believe me, I tried.
The reason for this tight design is simple if you think about it. Netrek, like XPilot and Xfire, was originally an X-display game. The server handled both mechanics and display. When Netrek moved to a TCP(later UDP)/IP based model, that model was preserved and the server took on a lot of responsibility for culling information that each client shouldn't know.
It never fails to amaze me that commercial games developers never seem to learn the lessons that open source projects can teach them. I know (from bitter experience) that there's a huge rush to get results on screen, but hey, guys, do it right, don't do it twice.
If you were blocking sigs, you wouldn't have to read this.
"For every technology, there is equal and opposite hacker technology".
The funny thing is, the orginator of the qoute is a PS2 and Xbox game developer in San Jose.
Lawyers, MBA's, RIAA? A jedi fears not these things!
bitch, bitch, bitch.
Geez!
To the "It's ok to cheat!" group (Group One):
No it isn't. If it were, it wouldn't be called "cheating".
To the "cheating is bad" group (Group Two):
no shit. But someone will always cheat. This isn't the simple, clear cut right-and-wrong thing that some people make it out to be though. It would be if everyone was Dudly Do-Right, but they're not and they never will be.
If it were automatic for everyone to do-the-right-thing, banks would not need safes and locks and guards and all else. There is always, in human nature, the struggle between what society says you should do and what you actually want to do. Note that things get even more confused because certain elements in society will say that it's okay to do what you want to (i.e. Group One). For some people, some of the time, there is a temptation to cheat.
Suppose, for example, that you and I are playing a game of cards. Now suppose you've got to get up and leave the room for a bit. I stare at your hand lying face down on the table. Do I look at it and see what cards you've got? In my case, no I don't because I have a certain ethic about cheating in games (that have human opponents--when the opponent is a computer, whether I cheat depends on how much respect I have for the game and other factors) and I'm pedantic and I want to try to play by all the rules. So no, I don't look at the cards.
But another person might look at the other guy's cards and rationalize it as being a "more technically advanced style of play". Note that it becomes easier to rationalize cheating when you don't actually see the person that you're screwing over. It also becomes more tempting when there's money on the line. Don't people still pay big bucks on eBay for high-power EQ chars?
When you look at it that way, it's easy (for me anyway) to start to see the EQ "cheaters" as "power users", even though I know they're not. It becomes easier to lie to myself, because it becomes increasingly tempting to become on of them so I can set myself up a nice little business on eBay and make money (this is human nature in action, folks) out of little bits of data and other people's gulibility. :-) But making money off of people's gulibility always leaves a bad taste in my mouth (so to speak). That's why I'll never be a politician or a lawyer.
But the point, Group Two, is that there is no need to let Group One get away with so much in this situation. The server could, perhaps, be better written to give away less information. That would be a perfect example of doing the Right Thing. (But also note "deserves to lose". I suppose this is where some of the Group One people are coming from.) Yes, unfortunatetly, that might require some rewrites and it might increase the required bandwidth, but... Think of the Children!! (sorry, couldn't resist. ;-) )
So how can we get to that point? What would get Sony to rewrite the code some more so that the client has less info to go on? Simple. Release WinSEQ. Then they won't have much choice.
This is not a new battle. It's just the age-old war of access to information being played out AGAIN . Other examples include: illegally copying mp3s, application programs, games programs, ALL programs. Where do YOU draw the line? What level of information access do you think is okay, and what do you think is wrong? Does your philosophy have any contradictions? Are you aware that arguing for illegalization of spam whilst also arguing for legalization of file trading implies that your right to privacy is greater than the right of copyright? But copyright is explictiy referred to and defined in the Constitution and, AFAIK, the right to privacy is not. Have you ever thought about the implications of that? How many more times will we have to go through this, I wonder? A hundred times? A million?
I think fifty years from now, people will look back on this age of poorly defined/handled information access rights and laugh. Heck, I live in this time and I already laugh at it!
Furry cows moo and decompress.