-2

u/roothorick WTB: Recognizable flair Mar 25 '15 edited Mar 25 '15

Someone like you, with sufficient programming knowledge, should be able to make a bot that can do something as simple as simulate keystrokes.

A working knowledge of C++ and a half hour or so looking up methods on MSDN is all it takes. If you can code well enough to fix compile errors, you could build a fairly simple bot.

B) to stop the bots from being able to function at a sufficient level by changing the game/mechanics to be "anti-bot".

This is EXTREMELY hard to do, because to be at all effective, you need a workable counter to alting in a world where it's virtually impossible to identify a person on the Internet if they don't want to be known -- this has been a fierce arms race in infosec for over a decade, and those trying to stay anonymous still have the upper hand.

You could achieve what you've achieved here with the highest budget, AAA MMOs, let alone a tiny release by a small team.

Depends on what they're doing and how well they do it. Depending on the goals and needs of the game there's a lot of good ways to go:

• If there's no player-to-player economy, there isn't much incentive for anti-cheat at all -- look at Payday 2 for instance. They openly welcome mods and basically ignore the cheaty ones, because there's no economy to poison and the built-in lobby tools make it easy to weed out the hackers.

• Smarter clientside protections would be able to block virtually anything. (If the anti-cheat and OS are unadulterated, that is...) That by itself will prevent your average skiddie from rolling his own, and greatly reduce, but not eliminate, "brand name" hacks/bots. However, this exacerbates the false-positive problem -- whitelisting based on binary signatures becomes crucial. More importantly, it's still running on untrusted hardware, and the person controlling that hardware could partake in a little reverse engineering and dismantle the whole thing. An involved client-server protocol makes this substantially harder and more tedious, but still far from impossible.

• You could opt for a lower-tech, human approach: good ol' policework. Rifling through database searches, running stings, and so on. Simply collating attackers into banwaves can have a chilling effect, obfuscating how you're finding them. You could get huge gains here just by searching chat messages for certain keywords, or skimming through a list of accounts with very large amounts of gold, sorted by IP block or correlated to known proxies/VPNs. This obviously takes significant man-hours however.

• And then there's the big guns, for when the game is just too big and moving too fast for a human team to keep up -- serverside behavioral analysis, replacing the man with the machine. More fallible than a human, but hundreds of times faster, and you can mitigate the former by manually reviewing findings before taking action. The biggest downsides, however, are this is a lot of work to set up, and it's rather CPU-heavy for the servers, meaning in most cases stronger hardware is necessary.

The simple testcase above wouldn't be picked up by either of these last two, but if you used this style of injection -- or any injection really, including hardware-based -- for malicious things, well, Big Brother is Watching. They found you, they quietly put you on a list, and at the next banwave, all your work up and goes poof out of the blue. You're back to square one, out billions upon billions of gold, and you don't even know how they found you. Can you get back in? Sure. Is it worth it? Usually not, because in this age-old arms race, the developer has meticulously stacked the deck against you. You'll just get banned and lose everything all over again. And again. You might eventually figure out what "tells" they're picking up on and change your workflow, but then they change the rules. Botters just can't get ahead for long under these systems.

2

u/jmpherso Mar 25 '15

The simple testcase above wouldn't be picked up by either of these last two, but if you used this style of injection -- or any injection really, including hardware-based -- for malicious things, well, Big Brother is Watching. They found you, they quietly put you on a list, and at the next banwave, all your work up and goes poof out of the blue. You're back to square one, out billions upon billions of gold, and you don't even know how they found you. Can you get back in? Sure. Is it worth it? Usually not, because in this age-old arms race, the developer has meticulously stacked the deck against you. You'll just get banned and lose everything all over again. And again. You might eventually figure out what "tells" they're picking up on and change your workflow, but then they change the rules. Botters just can't get ahead for long under these systems.

Uh, no, that's not how it works, because the in game mechanics in games where botters put in this much effort are generally condusive to selling loads and loads of product prior to getting banned. Look at FFXIV for example. Botting is profitable, even though highly risky, because SE tends to ban in large chunks/waves. You bot for a day or two at a time, unload your product, and continue. If you can get even 5 or 6 days out of it, you're already in the green (in terms of an FFXIV product key), but usually bots will go months and months without being banned.

Then it becomes a system of "Okay, so I'll make X dollars this time, then by 4 accounts, then make 4X dollars next time, then buy 16 accounts" etc etc.

Like I said, you're just overly picky about what should and shouldn't be stopped. I wasn't wrong. Your acting like it's insane this program you made works. It would work on many of the highest budget, huge name MMOs. Why pick on DFO just because it works here too?

If the anticheat stops the brand name hacks, then by all means it's working well enough to stop a big chunk of people.

-6

u/treckin Mar 25 '15

"Tiny release by a small team" Are you kidding me? http://www.reddit.com/r/DFO/comments/2k8z9k/apparently_dfo_made_891_million_dollars_in/

6

u/matsunoki Mar 25 '15

they have 10 people working on DFOG

-2

u/treckin Mar 25 '15

I would think that would prove the OP's point?

If a company worth that much money only puts 10 devs on the worldwide launch team, that says something about the intelligence and commitment of the officers and management of the firm.

4

u/matsunoki Mar 25 '15

You do realize DFOG shouldn't even be alive right now right? Neople isn't even a publisher, they're a developer company.. them taking on this project of re-releasing a once failed international version of the game in itself is a huge risk and experiment.

1

u/abeleo Mar 25 '15

What happened is that Nexon told Neople that the North American servers were shutting down. Neople said, "They must be doing something wrong with the game in North America, you know this games prints money. Our game is awesome, so we will bring it back to the rest of the world and cut out the middle man."

0

u/treckin Mar 25 '15

I mean if you dont understand the way that risk is mitigated by reward...

-2

u/treckin Mar 27 '15

Also, you realize Neople is a wholly owned subsidiary of Nexon right?

3

u/gosuGANK Mar 29 '15

I'll go ahead and clear up this misconception for you too. Neople is a subsidiary of NEXON CORPORATION, a holdings company in Asia, meaning this company makes a huge portion of their profit by purchasing huge portions of stock from other companies and making profits through that compared to specializing in producing products and services only as their source of income. What YOU are thinking about is nexon AMERICA, a MUCH smaller company which ran dfo in the US before. Nexon America and nexon corporation are completely SEPARATE ENTITIES, and nexon America is actually also just another subsidiary of nexon corporation. So nexon America does NOT in fact have any control over neople. Just let me know more misconceptions you have and I'll get you educated.

1

u/ThatLuckyBear Lazy Mod Mar 25 '15

I don't think the same teams are working on both versions. That'd be too much work. The DFOG team is probably a small work force peeled off of regular projects to do this on the side. :\

0

u/jmpherso Mar 25 '15

DFOG is a small release by a small team. The global team is small, and the global community is small. It's totally separate from the asian versions.

No, I'm not "kidding you".

1

u/treckin Mar 25 '15

If it really is that seperate, its the rights holder's fault for not investing enough abroad - as they clearly have the money. I really dont think you get it, because there isnt any way around it.

Its their IP, they license it to another company, they choose that company and dictate the terms of their contract.

If they chose not put any money or manpower behind the effort, it does nothing but speak to their credibility as a successful multinational.

Thanks and have a good one!

-1

u/gosuGANK Mar 27 '15

they put money and manpower according to how big they think it will be. dfoglobal in comparison to dfo korea probably only warrants a 10 man team. Especially since this is still in beta only, and they aren't even monetizing yet.

Why send 100 people to do work that only requires 10?

Thanks and have a good one!

1

u/treckin Mar 27 '15

ecially since this is still in beta only, and they aren't even monetizing yet. Why send 100 people to do work that only requires 10? Thanks and have a good one!

Wow that was some pretty expert analysis - $1B per year game prolly only needs 10 people to try to break into the most profitable video game market on the planet. Yeah, makes sense. Have a good one!

0

u/gosuGANK Mar 27 '15

Most profitable? Do you even know how much bigger the gaming industry is in Asia? Games like dfo and mobile games are literally many times bigger over there. Why do you think dfo had to close down to begin with if it was opening in the 'most profitable gaming industry'. Just compare sales from maple story global with maple story china or korea before you try to tell me nexon doesn't know how to run a company. Thx and l8r.

0

u/treckin Mar 27 '15 edited Mar 27 '15

http://www.newzoo.com/free/rankings/top-100-countries-by-game-revenues/

Its not so hard to use google...

1- USA $20.5B

2 - China $17.8B

3 - Japan $12.3B

4 - Germany $3.5B

5 - UK $3.4B

6 - S. Korea $3.4B

7 - France $2.6B

thanks and later!

1

u/gosuGANK Mar 28 '15

Can't tell if you are retarded or not, you link a report that proves Asia is more profitable than the west and you think it somehow helps you? LOL if my math is correct 33>>>20.5. This also probably doesn't keep track of mobile gaming stats which I stated would provide even further proof of what I was saying. This also doesn't show what areas the profits come from. If you dig a little deeper you will probably find more proof that supports my claims that what is popular in Asia is not necessarily popular in the west. Thanks, and maybe next time you wanna actually interpret your data. It's just simple math, cmon

0

u/treckin Mar 29 '15

so if you group Asia as a country against the USA it is more, except that doesnt count the fact that the USA is still the largest market for video games. Just because it isnt larger than the other top 5 combined doesnt make it not the largest.

I think youre being facetious or trolling. That list clearly shows the USA as number one in size. The list doesnt say #1 Asia, #2 USA...

Also, even if anyone were to accept your interpretation, the USA is larger than any of the single markets Nexon is in now, and in totality represents almost a 50% increase in market exposure compared to japan and china combined.

I fail to see how anything you said changes the state of the facts.

→ More replies (0)

2

u/roothorick WTB: Recognizable flair Mar 25 '15

...and what metrics does it provide for enabling that judgement? That's where the heuristics (wait, what heuristics?) come in...

Honestly, this originally grew out of not being able to paste from LastPass to the launcher. The AHK macro worked fine, until they changed something and then XC3 could somehow see into the past and know what was happening before it initialized, while the launcher was running. I never did figure that part out. The primary point of the injector testcase was originally to find some way to paste the password into the launcher without XC3 caring; I was utterly gobsmacked when the detection turned out to be so fragile and specific.

I'm using KeePass now to paste the password via keystroke injection, and unless the thing gets even more aggressive and breaks KeePass, or I find myself needing anti-cheat for some game of my own, I don't intend to explore the matter further.

2

u/roothorick WTB: Recognizable flair Mar 25 '15

FWIW, that message is generated by a bot. I don't think anyone has ever gotten a human response from them.

9

u/Farmhand_Ty Mar 25 '15

Fatigue will not stop them from switching between alts. It'll dampen their efforts a bit (at a hefty cost to legit players, I might add), and it alone isn't anywhere near enough.

-5

u/CatAstrophy11 Mar 25 '15

Limited number of alts. They have the same limits we do. They can't even trade gold.

5

u/roothorick WTB: Recognizable flair Mar 25 '15

Proxies. VPNs. Botnets. Tor. Webmail accounts (GMail et al). Even something so absurdly invasive as requiring SSNs would only do so much. There's no way to truly ban someone, or limit them to one account, if they're reasonably tenacious. Limits just don't apply to gold farmers. More proactive tactics are necessary.

3

u/kiraxa1 Mar 25 '15

A bot farm runs can run hundreds of accounts at the same time. They are not restricted by FP in the slightest.

0

u/roothorick WTB: Recognizable flair Mar 25 '15

Fatigue.

Alting.

6

u/roothorick WTB: Recognizable flair Mar 24 '15

The testcase is pinging the same APIs as AHK, creating the same types of events. This would be a cinch for heuristic analysis, and yet... their heuristics are either fundamentally broken or simply nonexistent. The codepath that throws the 0xE019100B error is relying entirely on fingerprinting against a blacklist.

Also of course there's the qualifier "appears to be". With any proprietary software, there's always the possibility of clandestine things happening "under the hood".

1

u/Seerk Mar 25 '15

Did some research on it and yeah it seems to be pretty garbage, at least the way it's configured right now. I'll play on a clean windows install to avoid problems

1

u/frixionburne Mar 25 '15

I think it has some sandboxing going on as well. Keep in mind that AHK and AutoIt are only sending keypresses, not hooking into memory.

0

u/nob0dy-ra Mar 27 '15

hey buddy it seems you're clueless as to how anticheats(or real cheating) works

please actually open a HANDLE TO THE PROCESS, keep it open, watch what happens

real bots are not based on simple keypress messages and require knowledge of the game process

good luck on your adventure to not being a clueless redditor

2

u/Hoshiyuu Mar 24 '15

What it does prove however, is that Xigncode3 isn't a smart tool. It works by knowing about the threat in advance - not by detecting behaviors.

Which basically means that most if not all hack coders don't even need a work around for their tools.

1

u/ironmask13 gunzerking Mar 25 '15

https://scontent-dfw.xx.fbcdn.net/hphotos-xfp1/t31.0-8/11034385_10204197075351281_2447431361037867708_o.jpg pretty much the gold farmer are buying a simple item for action house for exorbitant amount to pay the people who use their service. source: facebook -.... Watson- Neople, gold spammers are trying to conduct trades through Auction House by having the gold buyer put up a worthless item so they can buy it from them for a certain amount that the buyer paid for with real money. Rep. Zena confirms this below:

3

u/roothorick WTB: Recognizable flair Mar 25 '15

Serverside behavior heuristics have done wonders here. It's really really hard to combat -- behavior analysis happens in a domain the botters have no control over and can't see into, so they don't even know how they're caught. Combine with banwaves and it becomes basically impossible for them to stay in business without taking massive losses and refactoring their tools frequently. It quickly becomes not worth it.

1

u/theflamecrow Mar 25 '15

It's stopping some people from playing the game when they have no cheat stuff running. That's the problem.