Slashdot Mirror
The Million-Dollar Business of Video Game Cheating
An anonymous reader writes "If you play games online against other people, chances are you've come up against somebody who's obviously cheating. Wall hacks, aimbots, map hacks, item dupes — you name it, and there will always be a small (but annoying) segment of the gaming population who does it. Many of these cheating methods are bought and sold online, and PCGamer has done some investigative reporting to show us rule-abiding types how it all works. A single cheat-selling website manages to pull in $300,000 a year, and it's one of many. The people running the site aren't worried about their business drying up, either — game developers quickly catch 'rage cheaters,' and players cheating to be seen, but they have a much harder time detecting the 'closet cheaters' who hide it well. Countermeasures like PunkBuster and VAC are sidestepped quickly and easily."
VAC is AWFUL. They admit that it could take several weeks or even months to detect cheaters, then months more to ban them. Steam are *terrible* and thats why I refuse to buy COD / Steam MP games anymore
$300,000/yr posting game hacks?
Damn, I'm in the wrong business.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
It was the players who nicknamed it that, not the provider. Whoever it was sold an entire external server with a packet router on it that gave an entire linkshell (guild) of people the extra millisecond advantage needed to claim monsters first. The company sold the system for $3000 a pop, and only sold one per game server to ensure that the group using it would have no competition.
The reign of terror lasted about six months before SE finally figured out who was selling the NASA bot system and sent a pointed cease and desist letter. The programmer and designer of the system complied and all the servers were taken offline. Many of the users were ultimately banned.
To this day I cannot believe people would pool together three grand just to get more monsters in a video game.
Occasionally living proof of the Ballmer peak.
I run a 16 player (coop) L4D1 server, a 32 player TF2 server, and a 32 player Insurgency server.
I *really* wished Valve would provide better out-of-the-box tools to admins. Plugins like "TooLateTooBan" to ban disconnected players shouldn't even be needed in the first place -- they should be built into all Source games.
For example, why doesn't the server automatically log Steam Id, IP, and Handle? Why the hell do I have to write a SourceMod plugin to do this? And then I can't even use this on newer Source games like Insurgency because SourceMod doesn't work (yet).
When a community on a server has more then a few admins we can self-police. But we can't do this if the admin tools are lacking, broken, or "unsupported" !
As people can easy bypass it by doing something as easy as rebooting the modem.
Also it can flag the wrong person and it can get tripped by user behind NAT / proxies
Criminal justice systems, perhaps understandably, aren't preoccupied with people cheating in online games. “Especially when it’s international,” Gibson said. “Then you’re talking about the FBI and Interpol. If someone stole $10 million in diamonds, call them. If someone is hacking your game, they don’t care.”
Really? Isn't FBI bound to pursue possible CFAA violations? I mean, cops already used it for a number of other idiotic things already, haven't they?
Ezekiel 23:20
Wait... people still run Insurgency servers?
Well, guess I know what I'm reinstalling tonight!
An enigma, wrapped in a riddle, shrouded in bacon and cheese
It's been awhile since I played, but the reason was the monsters that they tried to get spawned so infrequently that it was pure masochism to do so. You had two issues, respawn time and the spawn window. The common botted spawns like fafnir were 21 hours, so you'd get all the linkshells crammed into Dragon's Aerie or wherever the mob would spawn for a chance at nailing it. If this meant the mob spawned at 3 a.m. EST, you got up at 3 a.m. EST. Some mobs spawned something like once a week; usually the Chains of Promathia wyrms did something like that.
Then you had the spawn window. The respawn didn't mean it spawned exactly at 3 a.m., oh no. It meant that the spawn window started. That meant it could spawn anywhere from 3:01 a.m. to however long the window was. I forget what faf's window was, but something like three hours or more wasn't unheard of. For Argus, a notorious monster back in the day, it had a spawn window of twelve hours.
Yes, you could wait up to twelve hours camping it in real life. I literally had to warn people to get some sleep and stop doing it before they went crazy. And Argus was a shared spawn, which meant it didn't always spawn: sometimes instead another monster called the leech king would, and the spawn was wasted. you could wait 6-12 hours and the mob you want didn't even show up at all. You'd ask Once he was dead, then you had his 21 or so hour respawn till the next twelve hour window. You could spend months camping him, and they had to introduce a bind on equip version of his drop just to keep players sane.
Then you get into mobs like King Vinegarroon, which didn't even have a set respawn; they had a chance of showing up whenever a certain kind of in-game weather happened in a specific location. Even what we'd consider trash mobs were a pain; camping mobs for poor or vanilla gear could mean four hours in between pops while waiting. just for a second or third tier spear. All the while you did this, you were trying to claim it against multiple groups of players. For one item per drop, not per player. Many linkshells had thirty players or more in them. And ground king drops are bind on equip-you can't buy a ridill from the auction house. Even for RMT, you had to be there and invited into the alliance when the ridill dropped, but before it would randomly be assigned to a player. You'd pay the HNM alliance to kill you, and then wait. (Not that I did-my friend was in a HNM shell on Siren; I was a beastmaster who played mostly by himself.)
The NASA guys could dominate the server in a way impossible to think of. I don't think people really knew how insanely hardcore old FFXI was when it came to the end game. SE wound up fixing some of the stuff by introducing token systems and less powered, but adequate gear that you didn't need to waste your life to get, but NASA happened because FFXI's endgame, and even the game in general, was masochistic to the point of causing literal harm in players lives.
I was playing Dayz and getting real tired of not having a car.
It took about 6 hours between online research and programming to get a working memory hack working.
When it only takes one call to readprocessmemory to learn anything you want about a game the legit players never stand a chance. While anticheats are a good option part of it has to be on the game programmers themselves. There is simply no reason my client should know what's in someone's backpack from 15km away.
A couple years ago I was developing bots for very popular game called Runescape. As a 16 year old I was pulling in thousands a month and I was at the low end of the spectrum, one of my buddies made $100k in a year at 17. And we were only getting a small slice of the pie. The bigger developers and the resellers were making hundreds of thousands. The two guys running it all made millions every year. What a wonderful world we live in. Ill answer any and all questions about it.
MSN Rated Backgammon doesn't even charge extra for cheats. Anyone who can figure out the bugs in their poorly written and administered code can employ the well know "Stalled Time Out Exploit". In this case, a "staller" who refuses to complete their turn can make the game "time out" on their legitimate opponent. This awards them the rating points and takes them away from the victim. I have been documenting and reporting every instance of this cheat every time it occurs to me for two years. But its been happening since 2003. At this point, I have a folder full of screen captures and one hundred unanswered letters to the "Zone Master" and it is all I'll show for this effort. I feel like I'm in jail with Tim Robbins in 'Shawshank Redemption' writing to the department of corrections for a library fund.... Its always AMAZING to me when an institution remains totally, willfully IGNORANT of a widespread problem. What is even MORE egregious is MSN's complete DENIAL that the problem even exists - so that when you pursue answers to why you keep experiencing this, there is NO MENTION in any of there FAQ or help forums. At one point I was so pissed off I took the issue up in a Microsoft Dev Forum (which pissed them off) and finally an admin admitted to be that Microsoft had in all likelihood purchased the application from a third party vendor and that they did not have the ability to repair the code. These bugs were not a problem at first, until they were discovered and exploited, and as Microsoft has proven to the world, a defect exists only after it does damage to the customer, and only then if it becomes widely recognized. Screw you MSN. I gonna play opera in the jail yard and expose the warden as a crook. Now if I could just get a pile of cash burieded by an oak tree...
Same AC. You've already spent a LOT of hours getting to the point to where you can participate. Back then getting to the level cap, and grinding the exp you need to earn the merits that will make you not gimp to participate would take a tremendous amount of time. It took me about a year of hard play for my first 75 back then. Heck, just getting to level twenty and surviving the first noob party area Valkurm dunes would take forever, due to losing exp when you died and even deleveling. Or just doing the Chains of Promathia Promyvion quests to open new areas. By the time you've reached 75 you are hooked, because if you weren't you'd have quit like everyone else who left.
You don't think entirely rationally at that point. You have the sunk cost of your character, and the reinforcement from the friends you make in the game. This isn't like WoW, which was intensely individual, trivial to level in till the cap, and easy on the rewards. FFXI conditioned you to accept spending a ridiculous amount of time spent doing things just to get to the cap. Leveling from 18-20 was probably as hard as many WoW endgame instances, and by the time you got to endgame, you often took the ridiculousness of it in stride. Kind of developed an espirit de corps about it.
The HL2 mod is now a stand alone 2014 game.
* http://store.steampowered.com/...
How many "hacks" are created by the devs of the game and sold out the back door?
Well, the problem is the same as in securing your hardware: Physical access = Game Over.
You've got folks running software on their hardware, they're going to be able to do whatever they want with that. I can see the ethics behind punishing people who cheat against other non consenting folk, but this statement bugs me:
If it wasn't for hacking and cheating in games I wouldn't have taught myself how to program as a child. In fact, the first thing I did when I got any new game was save the game, do some action, save it again and do a hex-diff to scan for the change, and edit the byte values to give myself more ammo or items or money, etc. I'd still take pride in beating the games without cheats, and in competitive servers I wouldn't cheat, but amongst other hacker friends, or on my own servers I see nothing wrong with cracking games. I've added new game modes, weapons, and levels to games via patching the EXE and data files.
Lots of folks bought Doom when they already had Duke3D and Quake just to play with new weapons I added to the game: Flame Thrower: Replace rocket launcher projectile with imp fire ball frames, limit its range by making it disappear after a duration [use the frame tables], increase ammo counts, reduce the damage and reload for VERY rapid fire, replace the projectile's death frame with Archvile flame attack, FIX the damn Archvile flame animation sequence so it animates smoothly. The sound effects preempted itself, so rapid fire would make a great whooshing sound as big beautiful gouts of fire shot out and went crackling up the walls. It was beautiful and all done with just a hex editor using in-game graphics, and I couldn't for the life of me imagine why the game makers didn't have it in the game already... High Explosive Ammo: Set the bullet puff / bleed frame to be the rocket launcher explosion, great fun in co-op w/ specially designed insane difficulty levels. Then there was the Tactical Force Gun: Plasma rifle bolts w/ no damage, high HP, partial invisibility, and high mass, but slow speed. You could make a time-limited wall of force by strafing. You could maintain a barricade, trap folks against walls or via encircle them, great for escape. BFG mines: Zero speed BGF blasts, without the bright bit set - they look small but have a big radius for hit-detection, and just twinkle as a little dot until someone walks into the detection range and they explode -- When these mines go off, invisible kill rays shoot from the "owning" player's current location even elsewhere in the map, but aimed in the original direction the blast was fired at (because that's how the BFG code worked, yep, the biggest and "best" weapon is/was fucking buggy as all hell, ruined would be a better word for it, come the fuck on Carmack, do you even algebra?). So, I'd do a binary diff and produce a binary patch that worked against a certain executable version to avoid distributing modded EXEs themselves so as not to break copyright. Soon DEHACKED came out, and even more folks were able to mod the EXEs. Thus when Doom2 just gave us one more shotgun barrel, everyone was fucking pissed! The hackers had shown off what the engine was capable of, so the game felt like a half-assed attempt to monetize the same game twice.
My most successful hack was when I finally managed to fix the BFG in Doom2.exe by having the rays shoot out from the blast instead of the player and gave the ray direction the reflection vector of the surface it struck or reversed it if it was a player. This required reverse engineering the fixed point math format, and I had to find some unused area for my machine code to be inserted -- which was easy because Carmack
and it's very hard. We had good success not in stopping a commercial cheat system directly, but identifying the cheaters correctly. Our game was small enough that by making the cheat developer work too much they eventually decided it wasn't worth the money they spent on development. Most big online game companies don't care enough to even bother doing anything, other than maybe buying some commercial product that's easily bypassed. They make enough money up front that pissing off some customers isn't important. The funny thing is that people spent more on the cheat product than on the game.
The value of the game and setup is lost at much higher rate than the profit made from cheating,
many games that good fun to play like COD older version was spoiled because of players that was cheating,
Im not saying the life of game is 10+ years, but playing a game 6months or 12 is not uncommon but this
time a lot more short if you keep running into games that lack support to stop cheats.
I have a solution, at least in part. Have a circle of trust so that:
1. You can only play if you know people in the service (or at least have a few very notable seed individuals which dev's trust)
2. If an individual is reported (and verified) as cheating, have a non-trivial penalty on the individual(s) who are in said friend group
3. If the upstream peer continues to be penalized for their peer's cheating, they can choose to drop their association essentially stopping the other guy from playing (unless they have other upstream peers willing to support them)
The system relies on a person knowing others, which is a hassle in the video gam troll world, but it means there's truely a penalty for not just players, but their peers as well. As a cheat provider, you'd be less likely to target said system, because the cheaters will be soon weeded out of the 'good players' pool
Just a first swipe on the idea, enjoy.
Bye!
... online DRM'd games lead to this naturally. Game devs/pubs brought this on themselves by taking servers out of the control of players hands because of greed. Many people get hacks to get around paying for anything in online DRM'd games. Who'd of thought it, cheats being cheated by the original cheats (game pubs/devs).
ie: CoD MW2, It's not easy, then you toss in recoil of the weapon and it just becomes a war of words, very hard to prove. We had two people who's function was to judge weapon recoil and only they could ban or bless the player.
For me it was also important to recognize a good player, as my son was banned from just about every server he played on, he's just freaking good. This is an old clip I made proving an accused cheater was really just a good player. http://www.youtube.com/watch?v...
But just goes to show just how hard it is to nail a cheater. What one thinks is a cheat, is another being very good.
IDKFA was more than a phrase, it's how I started my games. http://www.gamefaqs.com/ is my source of faq's and other unknown tricks of a game.
My son brought me into CoD, he's good, and cheat free. I not only set an example by following his lead but I see no sense in cheating in these types of games and honestly I'm one that would benefit from doing so. I'm not a good shooter, if in an engagement I'll almost always lose be in on foot, armor, or aircraft. (were talking CoD or BF3).
I have a lot of BF3 friends and know a few cheat on the sly. Coming over a hill from an obscure direction (jet crashed) when one of my friends picked me off, it was slick and shouldn't of happened. They knew me after the kill and I figure they knew they had been caught, but I said nothing.
Even if I were to turn them in nothing shows they were cheating, they maintain an approvalable battle record.
I say this affirming the fact that some are cheating but not for progression, or any spectacular Rambo stuff. Just doing so in the back ground gaining very little from it.
Definitely going to check that one out, I remember playing it when the crew first developed it, and I thought it was probably the best "war-sim" FPS out there at the time.
Side note regarding Steam - I'm really digging how they've embraced the modder community by folding them in as full (for lack of a better term) games - Just Cause 2 MP being another of my favorite examples.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Valve has always understood the long tail. Ubisoft/EA is the complete opposite of Valve -- smegging clueless about what customers want.
Ubisoft: We'll sell you same shit year after year. Map editor? Mods? 4+ coop support? Begone because "obviously" _everyone_ pirates our game; we have complete and utter contempt for our PC players even though they helped build our company before we could do shitty PC ports!
Valve: Here are yearly dirt-cheap sales so you can play with your friends. You can run your own server -- most of our games have an in-game server browser. Here is a map editor too so you can guys make your own maps! The team behind L4D's custom campaign "I hate Mountains" even had Valve record new voice lines! That custom campaign is extremely well-done!
Basically, Valve respects their customers; other large publishers treat them like a resource to be exploited.