Archeage

S

Secrets

ResetEra Staff Member
1,874
1,879
Byr_sl said:
theres a difference between having hacks/bots and having all the information sent between the client and server unencrypted. To give you an idea cinge, the client tells the server how much a trade pack is worth. You can trade every pack at 130%, its not verified server side at all.
XLGames were just irresponsible with it. In korea it may not be a problem with SSNs being attached to game accounts but when you start exporting your game, you need to be better.
Click to expand...
Even if the communication was encrypted it wouldn't matter. Most of these hacks utilize the functions in the game to send packets. This is actually the mistake a lot of korean MMO companies make - they are aware of the methods used to inject code into a program, but fail to fix the underlying issues that are causing the problem to begin with.

Your example of the trade pack percentage being clientsided is a great example of XLGame's incompetence, though.

There's only so much they can do clientsided before they have to check things on the server as well - even if they fix the blatantly obvious and detectable hacks that should be checked on the server, there's still a level of communication that you HAVE to trust the client on, such as player positioning. There's no way in this type of game that you can get near-instant response times by making movement controlled entirely by the server. What they can do (and should be doing, and probably are doing for the trade pack teleport hackers) is checking for large position update changes and making a threshold that cannot be passed even with lag.

As for the house grabbing hackers - data on objects outside of the render distance should not be sent. This is very basic to do - show objects when they get into render distance, and keep them in view on the client up until 1.5 their original 'clip' distance. Stop position updates and remove all client interactivity with that object when the 1.5 threshold is met. Add a restriction on the server where you can't place a house unless you are within 50 meters of the claim spot to encourage PvP for land. This is very basic programming... and most Korean devs ignore it because of the whole KSSN requirement to play their games.
 
Bondurant

Bondurant

Ahn'Qiraj Raider
3,837
4,786
XBngMRZ.jpg
 
S

Shaod

Trakanon Raider
7
0
Byr_sl said:
theres a difference between having hacks/bots and having all the information sent between the client and server unencrypted. To give you an idea cinge, the client tells the server how much a trade pack is worth. You can trade every pack at 130%, its not verified server side at all.
XLGames were just irresponsible with it. In korea it may not be a problem with SSNs being attached to game accounts but when you start exporting your game, you need to be better.
Click to expand...
Are you sure about this? I tcpdumped a bunch of network traffic to the game server and ran a FIPS test over it, and apart from the first 16 octets of each TCP flow there?s no significant pattern (p=<0.005). There?s some unencrypted overhead for sure, but the vast majority appears truly pseudo-random. As well as that, ArcheAge.exe is making continuous calls to Secure32.dll. I?m no expert in games hacking, but it looks to me like there?s network encryption in place (presumably SSL/TLS).

Am I wrong? I only gave it a 30 minute analysis, so it?s perfectly possible. What are you basing the lack of encryption on? I have no experience with game or MMO encryption, nor am I a crypto guy, but I frequently come up against both genuine and ?proprietary encryption?/obfuscation attempts for work. At first glance this data (apart from a header) looks encrypted to me.
 
Bondurant

Bondurant

Ahn'Qiraj Raider
3,837
4,786
Shaod_sl said:
Are you sure about this? I tcpdumped a bunch of network traffic to the game server and ran a FIPS test over it, and apart from the first 16 octets of each TCP flow there's no significant pattern (p=<0.005). There's some unencrypted overhead for sure, but the vast majority appears truly pseudo-random. As well as that, ArcheAge.exe is making continuous calls to Secure32.dll. I'm no expert in games hacking, but it looks to me like there's network encryption in place (presumably SSL/TLS).

Am I wrong? I only gave it a 30 minute analysis, so it's perfectly possible. What are you basing the lack of encryption on? I have no experience with game or MMO encryption, nor am I a crypto guy, but I frequently come up against both genuine and "proprietary encryption"/obfuscation attempts for work. At first glance this data (apart from a header) looks encrypted to me.
Click to expand...
I think it's more likely a "game's been released for 18 months and there's nothing we don't know" pattern.
 
A

aegdaien

86
0
Shaod_sl said:
Are you sure about this? I tcpdumped a bunch of network traffic to the game server and ran a FIPS test over it, and apart from the first 16 octets of each TCP flow there's no significant pattern (p=<0.005). There's some unencrypted overhead for sure, but the vast majority appears truly pseudo-random. As well as that, ArcheAge.exe is making continuous calls to Secure32.dll. I'm no expert in games hacking, but it looks to me like there's network encryption in place (presumably SSL/TLS).

Am I wrong? I only gave it a 30 minute analysis, so it's perfectly possible. What are you basing the lack of encryption on? I have no experience with game or MMO encryption, nor am I a crypto guy, but I frequently come up against both genuine and "proprietary encryption"/obfuscation attempts for work. At first glance this data (apart from a header) looks encrypted to me.
Click to expand...
It's obfuscated, but the decryption keys for the NA/EU servers are publicly available on hacking forums.
 
Pasteton

Pasteton

Blackwing Lair Raider
2,603
1,716
So what can be done about this? Is there anything trion can do to handle it or is this up to xl games?
As an aside - I've never had any of these hacks/hackers hurt my experience so far. Not to say it shouldn't be fixed, but it definitely feels blown out of proportion when reading these forums. And I play a lot, 5-6 hrs on avg a day
 
Gravel

Gravel

Mr. Poopybutthole
36,375
115,557
Same here. For all the talk of bots and gold spammers, I never see it (although I stay out of most of the public channels).

The only one that sounds bad is the land hacking.
 
Xevy

Xevy

Log Wizard
8,604
3,817
Pasteton_sl said:
As an aside - I've never had any of these hacks/hackers hurt my experience so far. Not to say it shouldn't be fixed, but it definitely feels blown out of proportion when reading these forums. And I play a lot, 5-6 hrs on avg a day
Click to expand...
A majority of everything said in these forums is something being blown out of proportion. It's like a gaming retirement home where everyone comes to gripe about how it 'used to be' and how games were soo much better before all the ______ came in and took the important dev jobs! Also, our bones hurt!
 
Tuco

Tuco

I got Tuco'd!
<Gold Donor>
45,431
73,493
Bondurant_sl said:
Hire more CS people and ask XL Games to update their security process.
Click to expand...
Yep.

They need better software from XL to use software to stop the hackers, but if they start monitoring the game and ban people for cheating it increases the cost to bot professionally and discourages players from cheating.
 
Bondurant

Bondurant

Ahn'Qiraj Raider
3,837
4,786
Xevy_sl said:
A majority of everything said in these forums is something being blown out of proportion. It's like a gaming retirement home where everyone comes to gripe about how it 'used to be' and how games were soo much better before all the ______ came in and took the important dev jobs! Also, our bones hurt!
Click to expand...
Gotta love seeing some of those so called "oldschool hardcore MMO PvPers" running around in Archeage with questing gear and shitty builds one month after release, calling anything an exploit and anyone killing them a hacker. I'm a Rookborne bandit, I'm playing a Primeval and I gank / PK people running tradepacks from Falcorth to Rookborne. I usually just camp the hill before the bridge next to NPC, I do kill and rob anyone wearing a tradepack regardless his faction, especially if he's alone. When I PK people, 8 times out of 10 I got death threats, comments about my mother's sexuality, my sexual orientation or my overpowered gear. Dude, you're trying to earn game currency by traveling through some PvP zone, what the hell do you expect ?
 
moontayle

moontayle

Golden Squire
4,302
165
There's bots running trade packs now too. You can tell they are even beyond the name because they won't be riding donkeys and they'll be using Songcraft movement buff. Trying to get my donkey up I decided to run from Falcorth back to Villanelle and I must have run across twenty bots doing this. All of them had the debuff on them and a couple even had the big bot debuff, the one that's supposed to bring them to Trions attention.
 
Byr

Byr

Ahn'Qiraj Raider
3,663
4,943
Bondurant_sl said:
Gotta love seeing some of those so called "oldschool hardcore MMO PvPers" running around in Archeage with questing gear and shitty builds one month after release, calling anything an exploit and anyone killing them a hacker. I'm a Rookborne bandit, I'm playing a Primeval and I gank / PK people running tradepacks from Falcorth to Rookborne. I usually just camp the hill before the bridge next to NPC, I do kill and rob anyone wearing a tradepack regardless his faction, especially if he's alone. When I PK people, 8 times out of 10 I got death threats, comments about my mother's sexuality, my sexual orientation or my overpowered gear. Dude, you're trying to earn game currency by traveling through some PvP zone, what the hell do you expect ?
Click to expand...
Most of the oldschool hardcore mmo pvpers grew up from being a teenager and have a job/family/etc now. Im not sure why they still try and cling to the same expectations.
 
A

Arcaus_sl

shitlord
1,290
3
On my server last night we had a guy who was offline claim a farm. Like come on XL Games. That is kind of crazy. I don't show up for abandoned properties anymore. My guild is looking to go for a castle so I will just wait it out and plant my 8x8 and 16x16.
 
Vandyn

Vandyn

Blackwing Lair Raider
3,652
1,378
Bondurant_sl said:
Gotta love seeing some of those so called "oldschool hardcore MMO PvPers" running around in Archeage with questing gear and shitty builds one month after release, calling anything an exploit and anyone killing them a hacker. I'm a Rookborne bandit, I'm playing a Primeval and I gank / PK people running tradepacks from Falcorth to Rookborne. I usually just camp the hill before the bridge next to NPC, I do kill and rob anyone wearing a tradepack regardless his faction, especially if he's alone. When I PK people, 8 times out of 10 I got death threats, comments about my mother's sexuality, my sexual orientation or my overpowered gear. Dude, you're trying to earn game currency by traveling through some PvP zone, what the hell do you expect ?
Click to expand...
Only dumb people travel solo through a PvP zone carrying a trade pack. It's why the roads are flooded when peacetime happens. I don't mind the peacetime periods but it does carebear the game up a bit, I hardly ever see anyone running a tradepack in a warzone unless they have escort. I did witness once some 50 tried to gank a seemingly solo dude with a tradepack and the next thing you know, 3 50's popped out of the weeds and killed the ganker. If you give players the ability to kill and take your stuff, they are going to do it time and time again. Could be worse like UO where you not only lose your tradepack but everything else in your inventory as well.
 
Tuco

Tuco

I got Tuco'd!
<Gold Donor>
45,431
73,493
I guess this is pretty popular, people will post up in peace-time trade routes and try to blockade/harpoon folks into open seas where they can attack and steal tradepacks:
Pace22 - Pace-Lv50 OCEAN PVP (KYRIOS WEST NA) - Twitch

Look at 4:00 and 35:00 for how well it worked against us.

Arcaus_sl said:
On my server last night we had a guy who was offline claim a farm. Like come on XL Games. That is kind of crazy. I don't show up for abandoned properties anymore. My guild is looking to go for a castle so I will just wait it out and plant my 8x8 and 16x16.
Click to expand...
Any proof?
 
You must log in or register to reply here.