From :
http://gafferongames.com/2016/04/25/...st-the-client/
A lot of people are complaining online about cheating in The Division lately, especially on PC. So much so that it’s starting to hit mainstream media.
But how bad are these hacks, and more importantly, can they be fixed?
don’t own a copy of The Division so I watched a few videos and dug around to see what’s going on. As a game networking expert (I’ve shipped a few titles) I can usually look at exploit videos and see what’s going on fairly quickly.
The first videos I saw were the usual overly smug glitchers out there, super proud to have discovered things the QA department should have probably picked up when testing the game:
https://youtu.be/koWe9uLTKHQ
Not a great thing to see in a shipped game, but also not the end of the world. These glitches can be fixed.
But then, I saw this video:
[link removed]
And this is super bad news ��
Because here we have a client-side cheat program that is poking memory locations and giving players infinite health, infinite ammo, and teleporting players around the level.
This indicates that The Division is most likely using a trusted client network model.
I sincerely hope this is not the case, because if it is true, my opinion of can this be fixed is basically no. Not on PC. Not without a complete rewrite. Possibly on consoles provided they fix all lag switch timing exploits and disable players moving and shooting while lag switch usage is detected (trusted client on console exclusive games is actually more common than you would think…), but not on PC unless they completely rewrite most of their netcode and game code around a server-authoritative network model.
When I present such a bleak outlook people often people ask: why can’t they just implement more server-side checks? In fact the developers prior to release seemed to say something along the lines of: Oh, don’t worry. We haven’t implemented server side checks yet. Everything will be fine. Don’t worry. We’ve got this! Hmm. <network spider senses tingling>
To me this displays a fundamental misunderstanding of how FPS games are networked. It’s actually a fairly common misunderstanding so I’m going to spend some time in this post debunking this myth.
Top-tier competitive FPS games don’t work by having clients send a bunch of actions to the server for validation such as: I moved over here <position>, I reloaded my weapon, I fired my gun, I hit this guy and did X damage. The server does not sit there and run checks over the stream of actions sent to them by each client, validating each action, checking to make sure each action is safe, magically detecting cheaters and banning them from the game.
What top-tier competitive FPS games actually do is actually quite different…
For a competitive first person shooter there is a pretty standard approach to networking pioneered by Quake and later on perfected by Counterstrike. This is the same network model used today by top tier FPS games like Call of Duty, Overwatch and Titanfall.
This networking model has two main features you’ve probably heard of:
•Client side prediction so players don’t feel lag on their own actions (movement, shooting etc…)
•Lag compensation so when you shoot another player and bullets hit on your machine, you generally get credit for that hit as you saw it (so you don’t have to lead the target according to lag). But, critically, this decision of bullets hitting other players is decided on the server, not on the client.
Behind all of this, the key idea behind this network model is that the server is THE REAL GAME. What happens on the server is all that counts and the server never trusts what the client says they’re doing:
•The server does not trust where the client says they are (position)
•The server does not trust when the client says they fire a bullet or when the client says they hit another player with that bullet.
•The server does not trust the fire rate of the weapon or the ammo count on the client.
•The server does not trust what the client says they have in their inventory, and especially not the weapon the client says is in their hands…
What happens instead is that the server takes the inputs from the client and runs those player inputs in THE REAL GAME (on the server). What happens as a result of those inputs on the server is what really happens and is seen and experienced by other players in the game. Not because those actions were sent from the client to the server and magically validated, but because those actions are what actually happened on the server in response to the player’s inputs.
For example, if the input sent from a player is that they are holding down the fire button, then the server runs the same player code on those inputs (fire button pressed) which results in bullets being fired on the server according to the the current weapon the player is holding, the fire rate of the weapon, the amount of ammo in that weapon, and so on.
And those bullets emitted on the server are the ones that actually hit and do damage to other players.
In the standard FPS network model, what the client sees if they hack their client is just a ghost…
•If they increase ammo counts or fire rate of their weapon, it doesn’t matter because they are just firing ghost bullets on the client that don’t actually do any damage.
•If they hack their inventory and give themselves a weapon they don’t really have, it doesn’t matter because the bullets that actually do damage are fired on the server out of the weapon that the server thinks they have.
•If they poke memory to warp around it doesn’t matter because bullets are fired from the server position not the hacked client position, and bullets fired by other players hit or miss them based on their server position.
If a competitive FPS was networked the other way, with client trusted positions, client side evaluation of bullet hits and “I shot you” events sent from client to server, it’s really difficult for me to see how this could ever be made completely secure on PC.
I’m rooting for the dev team on this one and I sincerely hope really they can turn this one around.
I hope they’re not using a trusted client networking model. I hope they have something up their sleeves. I hope they have a valid networking approach based around server-side checks that can address this issue in some way…
But unfortunately, so far, all signs point to no ��
After this. this game is DONE.
Saw this hack tonight with my own eyes in the DZ.
Had a Rogue Agent - [no names please] or something to that effect up in the parking garage extraction area of DZ05, came up behind him, hit my Tactical Link and started to unload on him with my Aug. Had him to zero health, he teleported 50m ish away up to the overlook by the rope and back at full health. Thing is the guy was nailing our group of 4 with explosive ammo, 1 shotting us and not running out of that friggin ammo.
We gave up on him and exited the DZ.
Ubisoft - you've got to do something about this. It's almost as bad as Crysis 2 and at this rate, the reason why I won't purchase the season pass.
Get it fixed and close up the holes.
Makes perfect sense why PC version is riddled with hackers " (trusted client on console exclusive games is actually more common than you would think…)".
Is this the reason why hackers aren't being banned? The server isn't aware that player X is doing 10 million DPS or firing through concrete walls. Ubisoft probably has no way of knowing who is or isn't hacking [other than players providing video proof].
It does bother me a bit...but I really don't think about it much. I'm a soloist PVE player - I have no interest in the DZ or group required missions [Challenge mode or the Incursion].
It does seem to be a just analysis of the current situation and I have basic experience with network technology myself.This is indeed a safe assumption at the moment and the reason to the same group of hackers being able to run rampant in DZ unchecked for weeks continuously. If what OP says and expects is true then you can bet your butt that there will never be any sort of mass ban wave cuz it will have to be dealt with case by case, probably manually as well.Originally Posted by W_Watts Go to original post
You need to understand one important fact..
The game was built for a "closed" system (xbox/PS) PC was only allowed because of the whine that ensued, the "master race" was an afterthought..
But then that's facts and logic.. and has no place at the salty dish that is the internet..
It's not Massive's fault the world is full of a-holes, maybe if we taught the younger generations about how ugly they have become on the inside instead of letting them sit in their rooms because now their happy/ quiet.. the world.. and this game wouldn't be in such a bad shape.
Excuse me but I'm pretty sure everyone asking for the game to come to the PC didn't ask for it to be in this state. Didn't say, "Hey, Ubi, bring this game to PC with no checks so it wil be an unplayable mess! I'll take it anyways!"Originally Posted by Xarian7 Go to original post
Nor does Ubisoft's decision to do so exclude them from what is happening. They should stand behind their product, have done enough research and figured out if they could do it right at the right price. (And if they couldn't they should have explained so and released it as is or choose not to release it on PC.)
Like your picture.... in fact it already drop to 10000 now... from 24000Originally Posted by Riyact Go to original post
![]()
At this rate the DZ will be quite empty in no time... And I'd be quite fine with that, being the last player, I am legend the game, roaming completely desolate world...
This game really would benefit from being completely offline with clouded save system and optional online coop, especially when compared to this always online mess we are witnessing right now.
Maybe some day...
DZ now is more like a cheater zone.Originally Posted by Entropy_Burst Go to original post
A lot of DZ server is empty.. and there only one cheater playing around in the server... see this a lot of time...
Really don't know whats the point of playing cheat....
No team work... No achievement.. No friend... such life loser...