Jump to content
Sign in to follow this  
fluffycalico

Local save file DD1 vs DDA

Recommended Posts

Could always create a source of an item with the respective value ranges that item could have from that particular source. Then every x minutes check to see if the items in play match said value pair?

Share this post


Link to post
Share on other sites
2 minutes ago, Little Magic Hat said:

Could always create a source of an item with the respective value ranges that item could have from that particular source. Then every x minutes check to see if the items in play match said value pair?

There are lots of things they could do...the issue is what ARE they doing as the local save files suggest nothing useful is being done as that is the worst place to start from.

Share this post


Link to post
Share on other sites

I completely understand and agree that they have to do something to minimise cheating, but I think your emphasis on local vs server is somewhat misplaced. If you allow me to illustrate an example of what happened in another game I shall.

I played an online multiplayer game for around 10 years from 2002 until it finally closed its doors. This game was called Toontown Online and ran by Disney (and we all know how much money they have available). The game was subscription based and completely server side, there was no way to play offline. The game was aimed at a family audience and focused on team work and co-operation. some people quickly found a way to inject codes into the game and other such tools to alter the gameplay. These tools were FREE to anyone with a google search engine. There was no way to tell if anyone reached the max level or had items through play or cheating NONE. In the last few years of the game some idiots used these tools to make the game unplayable for others, they would clone characters to lock servers, use administrative type tools to game wide use profanity, or remove a user at will, appear in your private "online home" etc. It was such a mess there was no real way to enjoy the game any longer for those who just wanted to play the game.

In most single player games like Persona and Tomb Raider which are for the most part offline and local players dont have an easy way to cheat. There may be exploits, but those would  be present regardless. There are effective ways to prevent cheating with local save files they already exist. The issue for most of us here is CG willing to invest in them or not. Cg has a poor track record with this in DD1, but a better track record with DD2, one can only hope the lessons they learned have been brought into account while designing DDA. 

The point being that the anti-cheat system will only be as good as how much investment the company is willing to make in anti-cheat. If a multi-billion dollar company like Disney can decide not to invest in good anti-cheat for an always online kids game it shows that some companies just dont value it the same as others.

Edited by dizzydiana
  • Like 1

Share this post


Link to post
Share on other sites

You keep missing the point entirely.   We all agree that server side doesn't make something anti-cheat.   The point we are making is local save files makes successful anti-cheat tons and tons harder and super easy to hack in most cases.   As you pointed out they don't have tons of money to throw at anti-cheat...when you add in local save files making it tons harder...I expect the best gear that drops anywhere to be available to everyone for $20 within a month.   Going with server side saves is usually the 1st step in anti-cheat even though it doesn't to too much good by it's self...not having it makes the stuff that does work nearly impossible to pull off.

Edited by fluffycalico
  • Like 1

Share this post


Link to post
Share on other sites

That's a large part of it. We're all aware it will be A issue, it's a question of how BIG of an issue - and so far, they haven't said anything except that they're making it easier to hack. It's not encouraging. 

Share this post


Link to post
Share on other sites
10 hours ago, Xurtan said:

Hm. Official word relevant to this thread. 

That is good news!

Now I just want the option to add phoenix pet and skins to my KS package.  It can be like $10 or whatever just give me the option

Share this post


Link to post
Share on other sites

I'm disappointed that there are so many misinformed people in this thread.

On 11/30/2019 at 1:14 AM, Alhanalem said:

Making a game with central ized servers does not prevent cheating, although it makes certain kinds of cheating more difficult. Really the problem with DD1 was the lack of checks placed on anything at all. The game doesn't check or care if values are in valid ranges, and that's the real problem. 
Central servers just makes it easier to detect and take action against cheaters, it doesn't in any way prevent cheating directly. The same checks that the server runs can also be done by the game code locally. And modifying that generally results in VAC bans on Steam. 

Wrong, you clearly don't understand how any of this works. If everything is run server-side the servers don't do any checks, they only accept input values, so it's literally impossible to cheat/hack any values directly. What's theoretically still possible is gameplay exploits (if they exist) or hack the clients memory for local visibility hacks (aimbot, see through wall) which is not a concern with DD.

Range checks are completely useless, it just prevents "over the top cheat items" but makes everyone run around with 100% BiS gear. Anti-Cheat for local save files are an utterly waste of time. The only thing it may do is delaying rampart hacking for a few days until people have figured out a way around it.

On 11/30/2019 at 4:22 PM, dizzydiana said:

I completely understand and agree that they have to do something to minimise cheating, but I think your emphasis on local vs server is somewhat misplaced. If you allow me to illustrate an example of what happened in another game I shall.

I played an online multiplayer game for around 10 years from 2002 until it finally closed its doors. This game was called Toontown Online and ran by Disney (and we all know how much money they have available). The game was subscription based and completely server side

Wrong, Toontown was client-side with a few server checks. Just because it's online doesn't mean calculations are done by the server. They have so much money because they don't care about hackers and just run cheap servers.

 

People really need to understand what client-authoritative and server-authoritative means.

Client-authoritative means the client does the calculations. The server accepts those calculations and may do a few sanity checks. This is complete and utter bullshit, only done to save on server costs. Of course you can hack it. No serious game developer would implement such a system today that's why you need to dig out games like toontown as example.

Server-authoritative means you never trust the client. The server does all the calculation. The client is only a dumb input terminal. The server accepts WASD keys and that's it (simplified). You can't cheat or hack.

Just look at somewhat comparable games - ARPGS:  Path of Exile, D3 etc., none of those games has item hacking issues because they simply don't trust the client.

Sadly i have to pass on DDA if they don't do it server-side (again...), playing with hackers everywhere just isn't my thing.

  • Like 1

Share this post


Link to post
Share on other sites
2 hours ago, ModularModulo said:

 

Sadly i have to pass on DDA if they don't do it server-side (again...), playing with hackers everywhere just isn't my thing.

I think you missed a couple dev posts.   They have already said that at launch all gear and stats/pets will be kept in server side save files.   They are just local for the beta.

Share this post


Link to post
Share on other sites
On 12/14/2019 at 6:33 PM, fluffycalico said:

I think you missed a couple dev posts.   They have already said that at launch all gear and stats/pets will be kept in server side save files.   They are just local for the beta.

And you missed the point of ModularModulo post entirely. If you cannot trust the client, it does not matter if the save files are located on a server or locally. The server-side save files are (just) used because they are essential for crossplay functionality. You login into your account from any device, the server sends you your data, you play and report changes to your data back to the server.

But here lays the problem: You have to assume that the client is hacked and therefor not trustworthy. A modified client could tell the server "Hey, I have found this amazing item, please add it to my save file". As long as it has legit stats, there is no way to tell if the client has actually played the game or just called the (modified) "generateLoot" function. Actually there are ways to prevent or notice this and I already have suggested a very basic way, which is inspired by real-world cryptographic systems.

But the point is, you can make a really complex system, which could still be circumvented at one point or you simply do not trust the client at all and ensure that all important calculations are done in a secure and controlled enviroment (-> server-side).

On 12/5/2019 at 7:20 PM, cg_kyled said:

Cheating (at least for items) won't be possible because the saves will be stored on our servers.  We are working hard to make sure the game is fair for everyone!

The first sentence is just wrong or let's say it will completely depend / rely on the client integrity protection. In that case the safety aspect is just pushed to a different level.

Edited by The Ich

Share this post


Link to post
Share on other sites

I'm personally not concerned with item hacking because I have a dedicated play group. As long as I can use my save file without losing anything (Munchkin PS4 has this problem), put it wherever works best.

Share this post


Link to post
Share on other sites
On 12/16/2019 at 1:33 PM, The Ich said:

And you missed the point of ModularModulo post entirely. If you cannot trust the client, it does not matter if the save files are located on a server or locally. The server-side save files are (just) used because they are essential for crossplay functionality. You login into your account from any device, the server sends you your data, you play and report changes to your data back to the server.

But here lays the problem: You have to assume that the client is hacked and therefor not trustworthy. A modified client could tell the server "Hey, I have found this amazing item, please add it to my save file". As long as it has legit stats, there is no way to tell if the client has actually played the game or just called the (modified) "generateLoot" function. Actually there are ways to prevent or notice this and I already have suggested a very basic way, which is inspired by real-world cryptographic systems.

But the point is, you can make a really complex system, which could still be circumvented at one point or you simply do not trust the client at all and ensure that all important calculations are done in a secure and controlled enviroment (-> server-side).

The first sentence is just wrong or let's say it will completely depend / rely on the client integrity protection. In that case the safety aspect is just pushed to a different level.

We will be doing everything in our power to prevent/reduce any type of cheating. Keeping things server-side makes things more difficult for cheaters but does not entirely mitigate issues. We will have additional checks and software in place to prevent cheating to the best of our abilities.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...