• Semperverus@lemmy.world
    link
    fedilink
    English
    arrow-up
    52
    arrow-down
    2
    ·
    7 months ago

    Whats sad is that people keep wanting more client-side anticheat to fix this, when the real answer is server-side anticheat and changing the engine to stop being so leaky with that much information.

    • huginn@feddit.it
      link
      fedilink
      arrow-up
      17
      arrow-down
      5
      ·
      7 months ago

      It’s easy to just handwaive and say “Server side will fix it” but here’s a major issue:

      You have to render people in before they appear. How do you do that without the client knowing where people are?

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        31
        arrow-down
        2
        ·
        7 months ago

        but here’s a major issue:

        You’re acting like other games have never successfully ran server-side before. Hell the whole net engine doesn’t need to be server-side at all. But you can run server side checks on shit at the very least. A player being 100 ft in the air is likely a cheater… A player making a shot through impenetrable terrain is likely a cheater. Tarkov is missing these basics. Forget ESPs and other bullshit.

        • huginn@feddit.it
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          7 months ago

          If you should absolutely be checking for repeat issues and basics. Not trying to excuse that shit, just saying server side isn’t a silver bullet.

          • ShortN0te@lemmy.ml
            link
            fedilink
            arrow-up
            19
            arrow-down
            1
            ·
            7 months ago

            That is just wrong. For example, increased movement speed. Just check every couple of seconds if the movement that the player actually did is possible with the allowed parameters. Yes there can be bugs in that too, but not trivial to bypass when you validate every packages.

            It is resource intensive. But much more effective for things like movement then client side.

              • ShortN0te@lemmy.ml
                link
                fedilink
                arrow-up
                18
                arrow-down
                1
                ·
                7 months ago

                Every. Single. Serverside anticheat ever implemented has been defeated with absolute ease.

                Even if true (it is not) this does not proof anything other the that to less resources are invested in it. Client side Anti Cheat is cheaper because you just simply buy that product and yiu have not fix your broken game code which bately runs smooth anyway.

                Client side Anti Cheat goes against basic IT-Security principles. Every single packet that is sent from the Client to the Server is User Input. It is not to be trusted. You have to validate it.

                When you login to your Online account the check if your password is correct does not happen on your Computer. It gets sent to the server and the server validates it.

                  • ShortN0te@lemmy.ml
                    link
                    fedilink
                    arrow-up
                    7
                    arrow-down
                    1
                    ·
                    7 months ago

                    All the input verification and processing of player locations is done on the server (at least in any respectable game), I can smell the fact that you haven’t touched a single line of multiplayer code in your life from here

                    Those checks can be buggy ofc or do not cover all possible exploitable behaviors. But when there are implemented correctly you can not circumvent them. Similar to a Login form, bugs excist.

                    A youtuber named CodeOverflow made two great series about game exploitation.

                    EDIT: things like physical hardware hacks are also near impossible to detect reliably except for stuff like blatant recoil hacks

                    Not talking about that. And Client side anti cheat does also not help here.

                  • SexyVetra@lemmy.world
                    link
                    fedilink
                    arrow-up
                    7
                    arrow-down
                    1
                    ·
                    7 months ago

                    Lol

                    It STILL is impossible to verify everything server side unless you have a crazy powerful adaptive AI engine the likes of which still don’t exist today and you need to scale that for hundreds of thousands of concurrent players.

                    Serverside anti-cheat requires AI

                    You need to go out in the world (where the trees don’t have pixels) and learn about this stuff if you want to be in this field / pretend to argue about it. Instead you’ve conflated the facts that other people are telling you (this is a hard problem that takes effort) with the corpo propaganda (It’s expensive so It’s impossible)

                    Also: Your llama-based waifu is not real. Good luck with your chat bot addiction.

          • Saik0@lemmy.saik0.com
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            6 months ago

            No they haven’t.

            No they haven’t created games with server-side net code? Yeah you’ve just outed yourself as having NO fucking idea how any of this works. Most MMOs are fully server-side to put that in perspective. Very few usable cheats exists for these games that are not detectable.

            Server side anticheats are absolutely trivial to bypass

            Server side checks/anticheats are IMPOSSIBLE to bypass short of an actual flaw in the system/code.

            You’re arguing that you can hack the code the server runs that you never see or know anything about. That’s absurd. Hell the game itself doesn’t even necessarily need to know that the server-side checks are a thing depending on the implementation. You can’t fuck with code you never even have a chance to directly interact with.

            Change your health in a ram editor… Server receives the state of your character… see it’s invalid to the game state and drops you from the lobby/game. Do it enough times and you get flagged as a cheater, account ban. There is no “bypassing” this. Considering that game states have to be broadcast to all clients anyway, the server already has to touch all the states submitted to it anyway. A quick check on some sane things is simple and easy. A reference check from last known location to current state location and seeing that you’re clear across the map or your y value is impossible… This is trivial to check.

            ESPs and other client side stuff is harder since you have to send game state information to the client at some point (including information on enemies)… but you could conceivably not send status updates about characters/objects that are not relevant to a player. That would cut the vast majority of usefulness of ESP hacks.

            The most important part of ALL of this discussion. Tarkov does exactly NONE of this. They check nothing. They enforce nothing. The client side anti-cheats in place are useless.

            • AMDIsOurLord@lemmy.ml
              link
              fedilink
              arrow-up
              1
              arrow-down
              6
              ·
              edit-2
              6 months ago

              Sure, the absolutely most blatant stuff can be detected, BUT

              Stuff like aimbots and wallhacks are still very doable even in the presence of serverside anticheat. And for MMOs, the cheats used are different in nature, autofarms and scripts exist

              Look at FairFight anti cheat for example, your fucking holy grail serverside garbage. People still developed aimhacks for it

              But what do I know, some Lemmy dweebs apparently cracked the fucking holy grail code of developing anticheats, you guys should send some job applications lmfao

              • Saik0@lemmy.saik0.com
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                6 months ago

                Sure, the absolutely most blatant stuff can be detected, BUT

                No buts. Tarkov does NOTHING to address even the basic stuff. There’s no buts at all. You can’t say “there’s still hacks” when Tarkov is literally filled to the brim with hackers. Nobody ever claimed serverside is perfect. Quite the contrary. But holy fuck would the game be a fuckton better if they at least did literally ANYTHING.

                A serverside anticheat could absolutely detect impossible flicks (autoaim). Especially since they’re too consistent.

                But the point is that Tarkov has become a shit-filled game because of the rampant cheating.

                Fairfight is an interesting example to take. Siege is a much better game comparatively. It’s proof that serverside works… and can work in real time. Except you claimed that would be impossible.

                Edit: I’m calling Siege better in the aspects related to this conversation. You only run into cheaters on rare occasion. When I played Tarkov it would be damn near EVERY map.

      • ProgrammingSocks@pawb.social
        link
        fedilink
        arrow-up
        10
        ·
        edit-2
        7 months ago

        If the trajectory and speed says either the client or another player will cross a wall soon where the player sees them THEN it could send the data to the client. You need some tolerance for ping up to maybe 200ms but that’s it. Wallhacks could give you at most a flash of a couple specific people.

        • huginn@feddit.it
          link
          fedilink
          arrow-up
          5
          arrow-down
          2
          ·
          edit-2
          7 months ago

          You need to account for every gap in the wall, nook and cranny and peephole for these sightlines. You’d have to bake so much detail into every calculation server side that it would effectively be rendering the entire map to host a single game.

          • ColonelPanic@lemm.ee
            link
            fedilink
            arrow-up
            5
            ·
            7 months ago

            There are many ways of doing this. I know the source engine uses visboxes, which are calculated once at map compile time. It takes a while to compile, but it means that clients can use the pre-compiled data to calculate parts of the map that are visible and the server can use them to determine what the player can see at a given time. I’m not sure whether it does that or not, but it would make sense to use that data.

          • ProgrammingSocks@pawb.social
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            7 months ago

            It could be a client-side check with verification on the server. Basically transmitting which places are in view. Ray casting like the other person said. Not raytracing which is much more computationally intensive. A server side check basically so that the client can’t just say they’re looking around every corner at once.

            • huginn@feddit.it
              link
              fedilink
              arrow-up
              1
              arrow-down
              5
              ·
              7 months ago

              But then you’re adding extra latency to all visual calculations.

              Your client needs to know if something is visible within the framerate of their PC.

              You cannot do that fast enough.

              • ProgrammingSocks@pawb.social
                link
                fedilink
                arrow-up
                2
                arrow-down
                1
                ·
                6 months ago

                Why not? More computationally intensive things are done to calculate lighting in a lot of modern games as I alluded to. Yes it would increase the load on your CPU but that’s less of a problem nowadays with higher core counts and clock speeds and it’s not like modern anticheats don’t steal some CPU cycles already. I think you underestimate the power of modern computers. I’m not trying to be condescending here but it is worth remembering that gigahertz means BILLIONS of calculations per second.

                We’re only talking in theoreticals right now anyways, it is entirely possible that a game studio has tried this and it hasn’t worked, I just don’t put a lot of faith in modern game companies.

                • huginn@feddit.it
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  3
                  ·
                  6 months ago

                  You cannot break the speed of light with computational effort.

                  You’re saying that you want to have a round trip from client to server and back happen in-between frames.

                  You cannot do that. Period. You will not ever have latencies that low.

                  Even if you frame lock it at 60fps that means you’re calculating views, sending the data up the tube, checking it on the server, responding back with all the data about the new character that should appear and then rendering the new guy within 17ms.

                  That is physically impossible.

      • thantik@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        7 months ago

        You do something called raycasting to determine visibility beforehand, and don’t render anything not visible.

        • misterdoctor@lemmy.world
          link
          fedilink
          arrow-up
          10
          arrow-down
          1
          ·
          7 months ago

          lol raycasting isn’t optimized for server side deployment, it would increase the poly count of the mesh tenfold, which would in turn increase average ping and fps. Couple that with the client side rendering problem and I don’t know anything about development just kidding

        • huginn@feddit.it
          link
          fedilink
          arrow-up
          6
          arrow-down
          2
          ·
          7 months ago

          Your suggesting the server maintain a real time render for every single player and somehow manage to get the data back to them in less than 17ms so that they don’t have empty frames that suddenly become people?

          Because that’s a ludicrous requirement in terms of latency (ping is totally reasonable at any value under 100ms) and server capacity.

          Because your solution sounds like it would cause popping constantly and be a major burden on the server, which is already the largest overhead on a released game.

      • 30p87@feddit.de
        link
        fedilink
        arrow-up
        4
        ·
        7 months ago

        By rendering people, as in sending data about an object that should be rendered, in a few pixels before they would be visible. And not at all on distances, without a scope (as they would not be visible). Footsteps etc. could be represented by two noise levels precalculated by the servers very roughly, so you can tell someone is there behind you, but a cheat could not determine where exactly.

        • huginn@feddit.it
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          7 months ago

          You want a server to determine if a player should be visible (ie render each player’s perspective) and then get that back to them right before someone walks around the corner? With latency you’d need to render people in at least 200ms before they appear… Which is still plenty of time for a hacker to flick to them and kill them.

          • 30p87@feddit.de
            link
            fedilink
            arrow-up
            2
            ·
            7 months ago

            True that, but I imagine such sudden flicking to seemingly random positions to be much more obvious than if the hacker had 10 seconds to see the player, tactically preaiming a corner pretending to hold an angle to then be lucky and hit a shot. Would be harder on games with smaller maps, CS like, as holding angles would be much more common than in open worlds - eg. Tarkov.

            • huginn@feddit.it
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              7 months ago

              My point was that you’re multiplying server costs several times to do that complex rendering and still not solving the problem.

      • Crackhappy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Hell. I have enough trouble knowing where I am much less predicting where other people will appear.

      • jjjalljs@ttrpg.network
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        7 months ago

        I don’t know game development but uh do you? What are you rendering when the player can’t see them? I might legitimately just not get what you mean

        • huginn@feddit.it
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          You constantly have to render people in when they can’t be seen but will soon be seen. Which also means instead of keeping track of just locations the server needs to render the scene in sufficient detail as to determine sightlines.

          Usually games just do this by sending info to clients of where everyone is and letting the clients render people in when the client determines that the sightline isn’t interrupted.

          Some games will just not send the positions until they’re within a certain range of each other, but I’m a realistic game like tark you’d need several kilometers of info in case someone scoped in.

          If you don’t do this correctly it leads to characters popping into existence from thin air

          • ShortN0te@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            7 months ago

            You could use things like ray tracing to determine if one player can be seen by another on the serverside and only send packages when they can see.

            But to resource heavy to do that.

            Edit: Thinking about it, you simply have to render the whole map with all players server side and based on that determine which players can see each other and based on that send the information to the clients.

            • huginn@feddit.it
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              7 months ago

              You do see why that’s a serious issue right? Before the Server did nothing more than maintain a list of x,y,z coordinates of player positions. Now it’s rendering the entire game space and doing 3d calculations.

              That’s several orders of magnitude more complex and costly.

              • ShortN0te@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                That’s exactly what i said.

                Still no reason to put a root kit on the customers PC.

                • huginn@feddit.it
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  7 months ago

                  There’s no way in hell you’ll ever get a game company to agree to that. You’re talking 100x the expense of running a server at a minimum.