I am a software developer, and in my experience, if a bug/exploit isn't abused enough or only known to a small group/"not a big problem", then it won't get priority at all and be ignored by the developer/manager for more important things (or what the manager deems as such). If, on the other hand, it is open for everyone to see and abuse, it will be fixed as fast as possible because it stops to be "not a big problem". Yes, doing such hotfixes as programmer sucks (and most of the time the hotfix breaks something else), but usually making such exploits common knowledge is the fastest and best way to get them fixed - but every software developer will hate you for exposing it.
Originally Posted by Prinsesa
File this in the "Onyxia Deep Breaths More" folder if you will, but I swear this isn't working anymore. I'm still getting hit by the Kaliri even when flying directly upwards with Crusader Aura activated.
I just wear my tank gear nowadays to become immune to daze while flying through Skettis.
Most of the time it works well for me, but sometimes it doesn't work at all (just died yesterday again to such a bird). I have the suspicion some GM is bored and simply controls a few birds to hunt down players who try this trick to escape them.
I'm not too sure if some of you realise this, but a lot of the "bugs" you guys are talking about, simply cant be fixed, hands down. Yes, there are ways of preventing it happening, but the exploit will *always* be there
Take speed and wallhacking as an example. No matter how many times you report this, it will never, *ever* get fixed, provided there is someone whos had a *relative* experience in hacking games who wants to do it. Unfortunately the movement design in WoW is pretty poor, as you send packets (tell the server) where you are on the map, as opposed to the server telling you where you are. Ok, its probably designed like that for a reason. To save space and time? If they actually went through the trouble of recoding the entireity of WoW to fix this, you can be damn sure its going to lag a lot more.
In some games (like uh.. tibia for example - its a crap game dont play it - 2d mmorpg :P) everything is on the server. Hp, stats, movement. In fact, probably one of the only things that isn't controlled by the server is the amount of light you see (which is by most means, purely cosmetic). But tibia, a very simple game compared to wow (very few variables, heck movement is based on squares, collision detection is very easy etc.). This isn't to say that nobody has hacked it in the past - (like a certain Rick who broke into the server and ran rampage with a GM account), but its a lot safer than wow, purely because of the game design (or rather, how it was designed after the beta).
WoW on the other hand, has a very unsafe design. You (the client) controls a lot of things. This (probably) includes your position, speed, cooldowns, regeneration rates, checks for certain attack availiabilities etc. Heck even from a bit of observation you can say theres a chance that you can even fire attacks and the like whilst you are dead (ever had two people kill each other at the same time when it is impossible?)
Lots of modern games are like this - (to name a few lame RPG's and the like- Maple story, gunbound, gunz, etc.). To protect against hackers completely, really they would have to recode the entire game - not an option. (Maybe a side project for WOTLK, but i highly doubt it). Instead WoW uses a defence program called warden (which is btw, a very very good defence program - one of the best probably - also used in WC3 and the likes).
Warden detects variables and the like such as "has the client tried to do something stupid like move 10x faster than usual" and will flag the player for a ban or kick him or something else. It has various protections on it (armadillo i think?) to make it very hard to bypass. Unfortunately, once you bypass it once - people who have the knowledge to bypass it (which are limited to a very small percent of the cheating community) can very easily make the hacks above undetectable.
And once you bypass it once - when blizzard "patch" the game - they are really just updating warden to find a new way of detecting the hack. To the noobs in the cheating community, they usually get stumped and cant cheat anymore, but anyone who can bypass warden in the first place can most probably make a 10 minute fix to bypass the new warden (since he has done a very similar thing before it was patched) and the hack continues.
So what this all means is - like some of you have mentioned, it is very unlikely that blizzard are going to make fix's even with the more serious hacks, mainly because they can't fix it. And if god forbid, someone who knows what they are doing feels like releasing public hacks and updating it each time warden gets updated, then blizzard is in a lot of trouble.
Also, essentially what some of you may consider different hacks (say that hack with the rogue doing a million attacks per second, and a hack which allows someone to walk really, really fast) are probably the same exploit, which cant be fixed. In essence, someone smart can translate this into a levelling hack and a goldhack and a OHKO hack and an invincibility hack (for example - being able to kill all the monsters on a map, really really quickly by teleporting all over the place, super fast looting and selling all the items instantly, using speed to kill the monsters really fast, and appearing out of range of the monsters when they try to hit you)
Every hour a developer spends trying to hotfix some bug/exploit that went unnoticed for weeks/months until it was made known to the general public is an hour that could've been spent on content.
If it's made public, someone knows it so it can't have been unnoticed.
Every hour a developer ignores a known exploit, players not exploiting suffer from it.
Take speed and wallhacking as an example.
Actually serverside movement would fix this. Lineage 2 for example. However the results were even worse
But the weak spot of warden hacking should be other users, that could report something like this. The question is, how to be sure/close to sure, that someone is using this ?
Hildegard Sprigglespruxx - Wissenschaftlerin am Institut für Pfuschkunde
The hardest exploits to fix, in my opinion, are raid-related ones, because it's tough to draw the line between simply doing the encounter in a way the devs didn't really intend (using a warrior to tank Vek'lor, for example) and just flat-out cheating (kiting Patchwerk, DI'ing Razorgore, the Malchezzar door bug).
Take speed and wallhacking as an example. No matter how many times you report this, it will never, *ever* get fixed, provided there is someone whos had a *relative* experience in hacking games who wants to do it. Unfortunately the movement design in WoW is pretty poor, as you send packets (tell the server) where you are on the map, as opposed to the server telling you where you are. Ok, its probably designed like that for a reason. To save space and time?
It's like that for a reason. You simply can't do it any other way with so many players. You have to somewhat trust the client. If you think the servers are slow now, and the lag is bad, it would be totally unplayable if the server handled everything. It would be safer, but no one would be able to play it.
The server can of course add checks here and there to try and detect a client missbehaving, but to have all the movements on the server is simply not feasible for an MMORPG or FPS.
Originally Posted by Prinsesa
Every hour a developer spends trying to hotfix some bug/exploit that went unnoticed for weeks/months until it was made known to the general public is an hour that could've been spent on content.
Bugfix developers are rarely the same people designing content. Even if you use the "content" term loosely to include code features.
Warden seems to be a great solution. I was just reading the top google links on the topic. The knowledge to bypass warden seems to greater than what the average script kiddie can do. Although there are some concerns about privacy issues.
Raid exploits are another thing, where tickets - at least in europe - seemed to have no effect. I once reported another raid on the Razorgore exploit and explained en detail to the GM how they did it, but there was no reaction.
Some exploits were on the other hand handled quit strictly - kiting Lashlayer to Vaels room (never got what that was for, as I expect you would pull the whole room) or Void Reaver with the mindcontrol (whereas the fire protection buff for Ragnaros and Vael seemed to be ok).
Hildegard Sprigglespruxx - Wissenschaftlerin am Institut für Pfuschkunde
Generally with raid exploits they'll fix it without doling out punishment. After the whole Conquest/Molten core fiasco they were much more hesitant in giving out bans for things people could do with their raid content, so hardly any (none?) of the Blackwing Lair exploits were punished.
Client side modifications in AQ40 were clearly treated differently
Some exploits were on the other hand handled quit strictly - kiting Lashlayer to Vaels room (never got what that was for, as I expect you would pull the whole room)
There was a way to pull him without pulling everything. Some sort of trickery with vanish and a hunter, I'm not real sure on the exact details. The end result was a broodlord running around vael's room without any elite friends. We had maybe 10 people, took probably 45 minutes to do.
Pretty sure 2 of the 3 pieces of loot ended up getting DEed (was our first broodlord kill too) due to not having those classes present among the 10 there.
Actually serverside movement would fix this. Lineage 2 for example. However the results were even worse
It's like that for a reason. You simply can't do it any other way with so many players. You have to somewhat trust the client. If you think the servers are slow now, and the lag is bad, it would be totally unplayable if the server handled everything. It would be safer, but no one would be able to play it.
The server can of course add checks here and there to try and detect a client missbehaving, but to have all the movements on the server is simply not feasible for an MMORPG or FPS.
"Ok, its probably designed like that for a reason. To save space and time? If they actually went through the trouble of recoding the entireity of WoW to fix this, you can be damn sure its going to lag a lot more."
^^
Both lineage 2 and Tibia have fixed this problem, and you can quickly tell what the problem with the whole thing is (for example, in tibia if you try and say.. walk into a wall, you will walk halfway through as usual, and the server will push you back realising you can't do that (even though you never actually walk at all), and tibia is a very laggy game with expensive servers for what is mostly simple variables)
I think raid exploits are the easiest to fix (not that i've ever been in the position to abuse any myself). Don't punish anyone, and hotfix so it can't be done seems like the current solution, and it seems to work just fine
Personal experience - easiest way to stop hackers is just to slap bans on people. Even short bans (3 day) are enough of a kick in the ass to stop people who are "trying out hacks from the internet" (if any exist). Keep banning people and having progressively larger bans is enough of a deterrent - especially considering the game involves payment (note that this solution was often enough to halt hacking progression in free games also)
Hilde - Yes, warden is probably *the* toughest to break anti hack system out there. That isn't to say a nub can't break it. What usually happens is someone experienced breaks it, and posts a public bypass on the internet (which btw, do exist) and then anyone can break it. Or in terms of anti detection, there are tools such as rootkit which makes hacks extremely hard to detect, with very little work required by the hacker.
Hilde - Yes, warden is probably *the* toughest to break anti hack system out there. That isn't to say a nub can't break it. What usually happens is someone experienced breaks it, and posts a public bypass on the internet (which btw, do exist) and then anyone can break it. Or in terms of anti detection, there are tools such as rootkit which makes hacks extremely hard to detect, with very little work required by the hacker.
Yes, but I read something about an enhancement to warden, that now encrypts the data send to blizzard. More information is found by using the link I posted above.
I seriously doubt they are using Sony's rootkit. And, even if they were, Warden would be able to detect the hack just as easily as before. You see, Warden doesn't scan the hard drive for the hack. Warden scans memory space. The Sony rootkit doesnt stop WoW from seeing the hack in memory space. Thus, the rootkit has no effect on WoW.
Yes, but I read something about an enhancement to warden, that now encrypts the data send to blizzard. More information is found by using the link I posted above.
Don't know how trustworthy this source is as I am not a coder.
This is a very old trick, don't know if blizzard was using warden back then. Anyway, I know firsthand, since I had a few people in my guild that got their hands on the teleport prog, that it was working fine, and wasn't detectable at the time(I mean, not automatically, people being reported would usually get banned). One of the guy in my guild for example made a little google video that spread like wildfire on boards, about him teleporting from scholo entrance to the scholo chest(the one that opens after pulling lever in crypts), looting it, and resetting in less than 25seconds. He got banned obviously, and the chest was hotfixed.
However, about 4months later, another guildmate was still using the teleport hack to level one of his alt(he would only level during nighttime, and not do stupid shit, he was just teleporting back to town to turn in quests, and teleport between flightpaths to avoid travel time). He never got banned as far as I know.
There was also another who never got banned after leveling his mage to 60 in a day, using the teleport to AE bosses and crap in instances.
It might be a bit different now, since all this took place years ago. I guess blizzard hired a lot more GMs in the meantime, and their autodetection is probably better. However as far as I know, model hacks(to skip content) and basic macros(using colors on screens and automated addon functions to reduce the input needed) still are undetectable. I won't risk my account to find out, but considering the kind of behaviour I see sometimes in game, I'd say it's still working fine.
Overall I think blizzard did a decent job tho. You can see some games where dupes totally ruined all the economy(vanguard), or exploits/hacks were more common than "clean" play(AC and UO).
Oh and in the list of "inventive" exploits, back in naxx days, we found some safe spots on heigan by luck(one guy was afk when we started, and somehow managed to survive the whole fight just standing there like an idiot, between waves ^^). We had 2 safe spots, in decursing range of each other, so we had tanks/melees on one side, and casters on the other, was rather fun ^^.
Today I heard someone using an exploit to take a turret in AV before the game actually started. Such exploits seriously bother me.
Well, WoW uses the same warden as all the other blizzard games and its still pretty strong ^^
There isn't much you can do cept - report ---> ban, which probably works.
Beleive me blizzard is doing *a lot* better than many other games i've uh.. "seen". If warden wasn't there, or the protection system was slightly easier to break (and easier to break meaning that it only needs one person to break it and then to release a public bypass.) Then you can be assured that hacking would be just as bad as games like MS where everyone has their own personal levelling, items, gold, OHKO and invincibility hacks.
Also, blizzard are very quick in scouting for public hacks and coming up with hotfixes to instant detect them. Usually a hacker will update it to bypass again, and then blizzard refix's etc. By this point the hacker just gets bored and the problem is solved (since he probably didn't play the game in the first place, or can't be bothered to keep getting new acc's.)
Every hour a developer spends trying to hotfix some bug/exploit that went unnoticed for weeks/months until it was made known to the general public is an hour that could've been spent on content.
This is absolutely ridiculous.
Development is totally parallelizable, unless the content requires some specific recode of the engine to implement a fancy script. Development and bug fixing are not mutually exclusive.
Today I heard someone using an exploit to take a turret in AV before the game actually started. Such exploits seriously bother me.
Unless it was hotfixed, you don't need any hack to do this, you can get out of the AV starting zone just fine using "normal" exploits. Not everything needs a hack, there's plenty of exploits in wow that they can't really be bothered to fix, or fix for some time until someone finds another way to do it. Getting out of starting zones, or climbing walls(and the combination of both) are the most common I believe.
I think it's disgusting how Blizzard PAY Mister T after he admitted to HACKING the game to insert in his level 70 Night Elf Mohawk into it, yet if any of us did the same, they'd ban us instantly. It's one rule for him, one rule for the rest of us.
I think it's disgusting how Blizzard PAY Mister T after he admitted to HACKING the game to insert in his level 70 Night Elf Mohawk into it, yet if any of us did the same, they'd ban us instantly. It's one rule for him, one rule for the rest of us.
I remember Guild Wars making an issue about its vector based movement. AFAIK, it sent direction and speed (0/1/2 - stop/walk/run) to the server. One of the main advantages is you could hit someone who was lagging as melee, lag actually caused issues to the people with the faulty connection instead of the ones around them in pvp. However, I'm sure it was to prevent teleporting but i have no idea how many checks they did on the vectors.
Doesn't Blizzard allow up to 2 people to use a given account if they one is the other's parent and the child is a minor? Doesn't this render all of their banning account sharing moot since they can't know if, for instance, someone is sitting several thousand miles away from their dad and logs in right after him?
If I recall correctly, the child has to reside with the parent to share the account.
Don't know it is a bug, exploit or just good use of ingame mechanics - but flying away (on a non-epic mount) and up from a Skettis dismount-o-matic bird prevents you from being hit, and the poor bird continues flying after you as an ingame demonstration of "Xeno's Paradox of the Arrow", but with a crunchy Tauren Shaman as the target.
Yeah, actually, i don't even go forward. Just climb till they disengage.
Speaking of cheats and exploits... I'm not sure if this is considered hacking, or if it's even still possible (I've heard both yes and no) but at one point players could spam a sit/stand macro to disconnect their position from the server, causing what I'm sure we've all seen as the rogue teleporting all around you during a fight. Apparently you can get the same behavior by intentionally lagging yourself out, for example running bittorrent at high speeds while playing.
I'm not sure what (if anything) Blizzard can or should do to fix this, but I can tell you as a hunter that type of behavior is incredibly frustrating and annoying.
Today I heard someone using an exploit to take a turret in AV before the game actually started. Such exploits seriously bother me.
Which bunker/tower was taken? Last I heard theres a bug with AV where if you die after zoning in (Hellfire/DI) you will respawn at IB GY for Horde, and I assume SH GY for Alliance. It's entirely possible I'm wrong or it was fixed already, but I've seen it happen once or twice.
12/18/07, 5:01 AM
Similar Threads
