Kithani
Blackwing Lair Raider
- 1,044
- 1,305
Everquest TLP - Aradune and Rizlona Servers (Now with real customer service)
- Thread starter Zaide
- Start date
yerm
Golden Baronet of the Realm
- 5,992
- 15,446
Foaming
Lord Nagafen Raider
- 403
- 311
I was getting ready for Selos, mostly.
I never actually started the plat runs to make money. I was already EQ wealthy to a point I never have to pay a sub. I started them as a recruitment tool into Faceless. Let some other guilds see how we operate, ect. It kind of worked, but not nearly as well as I had hoped so it became about the plat. I didn't personally make a single dime until the 3rd run. Due to figuring things out, adjusting the rules, and simple mistakes that I paid out of pocket to keep the reputation of the run flawless it took a few runs to reward me. Everyone uses the system I setup so thats cool.
- 1
- 2,716
- 2,996
Sure if you want to be unemployed most of the time.
Get a trade, specifically dealing with resources. Doesn't have to be oil, I've made shitloads working out of the gold/diamond/iron mines alone up north, government contracts are just free money. Become reliable, and you will start getting sent to places where they will provide you a translator, no fucking joke. I have places I've worked i can't legally talk about, nothing exciting at all, just legal type shit. No space ships or super sekrets, just normal crap.
Most of my work the past 15 years has been travelling. It's exhausting, and no where near as fun as it sounds, but you get paid far more, than working "normally".
- 1
Rajaah
Honorable Member
- 11,158
- 14,823
I know a couple of traveling nurses and they make a ton of money compared to stationary nurses. Plus they get to choose where they'll be stationed, so they can go to Alaska or San Diego or whatever is most appealing for the next 3 months. It's an amazing gig, except for the apparently crippling loneliness that a lot of them feel (because they aren't stationary it's difficult to meet people or have relationships unless it's with a fellow traveling nurse). A male traveling nurse does particularly well in this regard since they're outnumbered like 3:1 and in high demand from the wimminfolk. More importantly, it pays a lot and you have a decent amount of free time to explore the places you go to, 3 day weekend etc. Need to be prepared to work like 12 hours a day for four days straight though. If I could get a nursing degree in any kind of timely manner I'd give it a shot. Really stagnating and have hit a bit of a wall in terms of earnings at this point.
More on topic, I've known a few EQers who traveled for work and played on laptops from hotel rooms, and I always thought that was pretty cool. Whenever I go to Europe I always do a few raids from there at 2 or 3 in the morning local time.
- 1
Shit paramedics make tons of money in workcamps, any medical type staff really. Having your first aid alone will make a difference in your pay, and that actually applies to normal work. A 2 day course (not even a full 2 days) can make a huge difference in your pay if your company lacks first aiders. I joked about pilots, but the ones that work for companies that service workcamps likely get paid far more than your average airline pilot, and there is never a lack of work, especially helicopter pilots. I bet it's far less stressful than flying an airline too.
I used to play MMOs ect out of hotel rooms, but it was a pain in the ass. Either the whole work crew was downloading porn, or it was just shit internet. I've worked up north where they actually restrict your bandwidth, although it doesn't take a genius to bypass their 1990's nanny security usually, even then it's like using dialup again.
Sorry for being an offtopic faggot.
Kuriin
Just a Nurse
- 4,046
- 1,020
Paramedics make very little money. In the grand scheme of things, you will want to be a RN instead of a medic for the $$. However, medics do know a shit ton about the heart and prehospital trauma (obviously). And, travelers do not make more money for working. They receive a stipend for housing that if you don't need, then it becomes very worthwhile.
Actually they do. Without going into too much detail, they send a 'loaded module' list to the server on GM request. On Aradune, this is still enabled as automatic - and I can reliably see the message appear after being logged in for 5 minutes. If I set the 'detected' flag to true after receiving a specific response from the server, it will crash. By editing the processes' running memory to set that flag to true, the game will crash. You won't see it in packet collects, as it is xor'd to prevent reading the plaintext data.
The same packet includes information about if your client is detected running in a VM, a crc32mem of the text in question (crc32mem has been used for years in the EQ client for other anti-cheat purposes, like making sure you're using a eqgame.exe/spells_us.txt that matches the server), and crc32mem of a few hardware components - the Launchpad.exe program also records this data for analytics purposes. The three together make a 'fingerprint' for the client.
The modules that get loaded outside of the game additionally show up. For example, if you have a Discord overlay enabled, that will be seen by them on the server side.
If you remember a few years back, they had the list embedded into the client of stuff they check for. Now it's checked on the serverside instead of also being exposed on the client... and it's now XOR'd.
This does NOT account for external programs like MySEQ which only read memory and exist in a different process space. But MQ2 is stupidly easy to detect and makes no attempt to hide itself.
This crc32mem function existed in clients dating back to 2003; it's quite old, but reliable.
In the 2008 testeqgame.map, we can see a clear view of where that function is used:
Even back in 2008, they had tried to prevent some MQ2 functionality. You all might remember that 'stop cheating' warning they put out around that time for ghostkill, that was ominous and said, "We know who you are."
Well, this is how they knew: they hashed the memory versus the value stored in WinMain. MQ2 would sometimes not inject itself until the game was fully loaded, and this would work most of the time to detect memory hooks:
The above is still in the client. I'm surprised they haven't utilized it. Or maybe they do. Who knows.
Last edited:
- 3
Doop
Silver Squire
- 12
- 6
God damn finally we get someone with expertise chime in on this.
2008 was right when EQ began to die iirc and when MQ2 started to become widespread. Seems likely this was the studios attempt to put it to bed. I was under the impression that the writers of MQ2 worked around this and then proceeded to start bragging about it hardcore which just made MQ2 even more prevelant.
This is when I quit playing so my knowledge here is a bit spotty but I hear frequently that botting became somewhat household for a good while due to low populations before all the servers were consolidated. Seems like the devs turned a blind eye and i suspect they ultimately abandoned this piece of code.
Im real curious if it even catches an active MQ2 running right now, I suspect not but I'm not gonna touch that with 50ft pole lol.
I will however be showing DPG face into this because it could work if MQ2 is being injected ( not sure if that's standard use case for it or not ) but that the very least, will remind them this shit exists. I honestly think they don't even have devs that can handle this level of coding. Only people they have nowadays, at least that work on EQ, are probably just scripters.
Thanks Secrets, this was extremely useful.
2008 was right when EQ began to die iirc and when MQ2 started to become widespread. Seems likely this was the studios attempt to put it to bed. I was under the impression that the writers of MQ2 worked around this and then proceeded to start bragging about it hardcore which just made MQ2 even more prevelant.
This is when I quit playing so my knowledge here is a bit spotty but I hear frequently that botting became somewhat household for a good while due to low populations before all the servers were consolidated. Seems like the devs turned a blind eye and i suspect they ultimately abandoned this piece of code.
Im real curious if it even catches an active MQ2 running right now, I suspect not but I'm not gonna touch that with 50ft pole lol.
I will however be showing DPG face into this because it could work if MQ2 is being injected ( not sure if that's standard use case for it or not ) but that the very least, will remind them this shit exists. I honestly think they don't even have devs that can handle this level of coding. Only people they have nowadays, at least that work on EQ, are probably just scripters.
Thanks Secrets, this was extremely useful.
Vanessa
Uncle Tanya
- 7,689
- 1,417
From what I saw... it would, if the MQ2 in question wasn't actively hiding from the PEB.
By default MQ2 wouldn't attempt to. So loading it up on Aradune would be a surefire ban.
For other live servers (+ Rizlona), MQ2 is explicitly allowed. But you just can't advertise you are using it publicly.
A lot of MQ2 is closed source now and EQMule, the maintainer of MQ2, made an agreement with Daybreak along with the three major providers of precompiled MQ2 (MQ2 itself, Redguides, MMOBugs) to work together and create the code I mentioned above, that reads the process list. I know those that end up bypassing the MQ2 creators/maintainers' preventions, but still have EQMule's required DLL loaded can expect some nasty surprises if they did try and crack the DLL.
Last edited:
How many characters do you think they'd flag if they sat a GM in plane of knowledge for a week.
None. A human cannot manually figure out MQ2 usage for 100% certain without looking at the results of an issued command. They cannot ban if they do not have proof, or unless someone is actively disrupting gameplay for other players and would therefore cause a loss of revenue for Daybreak.
Also - not everyone who is botting is using MQ2. Some have turned to glorified Cheat Engine trainers turned into exe's made by that Abyss guy (EQBot), that only read or write limited memory to the program and otherwise operate externally and would not be picked up except by the code integrity checks.
I mean because the server is still in Luclin and they use PoK to travel everywhere...
The sirens grotto bots have plane of mischief achievements and either no temple of veeshan achievement, or tov achievements that happen way after plane of mischief.
I agree the botting isn't all MQ2 but EQbot is pretty bad by itself. Also, all of the botters that are worth anything have to warp. Without warping, they are easy to control.
The way SG is set up, they use 2 clerics, 12 total toons. When they start wiping, they actually warp their clerics back into camp when the clerics die. This is done 100% automatic. It will happen at 3am when the person is dead asleep. Imagine having it set up in your script to WARP your clerics back into camp to try to save yourself from wiping.
You know the cleric warps back into camp because you see them appear but their corpse doesn't poof.
The sirens grotto bots have plane of mischief achievements and either no temple of veeshan achievement, or tov achievements that happen way after plane of mischief.
I agree the botting isn't all MQ2 but EQbot is pretty bad by itself. Also, all of the botters that are worth anything have to warp. Without warping, they are easy to control.
The way SG is set up, they use 2 clerics, 12 total toons. When they start wiping, they actually warp their clerics back into camp when the clerics die. This is done 100% automatic. It will happen at 3am when the person is dead asleep. Imagine having it set up in your script to WARP your clerics back into camp to try to save yourself from wiping.
You know the cleric warps back into camp because you see them appear but their corpse doesn't poof.
Also how is it possible they can use EQbot for permanent levitate, EB, no fall damage, etc etc and none of that is detectable? lol. The program has a mode that lets you fly around like Godmode too.
I think it's hilarious how it's even possible to get away with something that can do those things.
I think it's hilarious how it's even possible to get away with something that can do those things.
Doop
Silver Squire
- 12
- 6
The botters I've seen are not going that extreme, never seen them using anything outside of just the normal stuff besides warping. I feel like the warping is what got them nailed so quickly since if you have timestamps and character names, proving this was hacking becomes easy and inexpensive database query.
Without this security check Secret is talking about, detecting botters is extremely difficult, especially by a very small team managing so many games at once. I'm just going to ask them if they are aware of this security check code and see if they can revitalize it.
Without this security check Secret is talking about, detecting botters is extremely difficult, especially by a very small team managing so many games at once. I'm just going to ask them if they are aware of this security check code and see if they can revitalize it.
Fall damage is clientsided. It's actually based on framerate. If you uncap your frames, you take less damage. If you remove the code that sends the damage packet, you never take falling damage.
Same with Enduring Breath. The player is responsible for sending the 'ok, i'm taking environmental damage' packet to the server. Drowning and Fall Damage use the same packet internally.
If you're in a water region and just tell the bar on the client to not exist or tick down, you don't take damage.
All forms of movement are clientsided, including movement flags. If you never tell the server that you are levitating, but change the address clientsided for your movement flag (0 is no-lev, 1 is flymode, 2 is levitate mode, 3 swimming etc), you will perform that movement flag clientsided and the server would be none the wiser.
There's some stuff in movement update packets that prevent sending straight up warps by tracking the last n positions in the client... but that's also subject to manipulation.
All of these hacks could be neutered if your position was tracked on both the client and server... and if you took too much of a fall, and took 0 damage, you could apply falling damage or log those instances. The problem also is with the latency between updates; there would be a fair bit of false positives if the client lagged.
I'd argue warping players back when they exceed specific movement time deltas would be the way to go here, as well as recording instances where players are beyond the zone geometry where they cannot possibly move; ie underneath the world, in the sky x units above without no-lev on the server, etc. It'd solve the above issue. It would be annoying for high latency players, but it would outright prevent long-warp cheating and short-hop cheating if they move too many units relative to their speed. I put in a rudimentary form of this detection on classless 3.0 actually, and never got around to outright rewinding people.
The fact that the code above is known and well-documented would mean that it wouldn't do anything by using it again... people could easily bypass it. There's also the notion that preventing memory reads has no real solution. You can't stop people from tinkering with their own computers. You can log and detect them doing it, but the moment you start handing out instabans or have a pattern for detection is the moment the cheaters figure it out.
I still think a serversided solution is the way to go for the issue in question. There would be no chance in hell for bypassing it, no matter what you manipulated locally.