http://dbd.game/killswitch
Why is it so easy to hack this game?
I am not a programmer or anything like that direction but I still have to ask this question...why is it so easy to hack this game? They use the Easy anti cheat System and other games who have that too are no where near that amount of hackers. Sure every game has them but right now it feels like a wave of them. Does dead by daylight not have a own second cheat System?
I would way "Hey we can help and report them" but we all know that the report System in this game is a bad joke.
Bhvr please fix this fast
Comments
-
There is an obvious lack of validation in the various states and contextes.
It feels like the server acts as a "dumb" message forwarder and the clients gobble everything mindlessly.
So a player can move at high speed, teleport m, change hook state, ... without triggering any kind of trap in the program.
The simple fact an EGC can start and not lead to the end of the match, holding players hostage, is kind of ridiculous.
edit:
EAC and its kind can only do so much.
8 -
My thread's relevant again!
0 -
yeah their dedicated servers are like..peer-to-peer janked onto dedicated with some validation checks (pallets/etc.) and it's really,really bad
2 -
The game almost entirely client sided, peer to peer, so its very easy to cheat.
Peer to peer or heavily client sided games like dbd main advantage for developers that it's very cheap to maintain servers for it, on other hand its impossible to defend against cheaters in this kind of system.
It's not the fault of cheat detection system, you can imagine dbd like a house made of paper, and cheat protection like a door, even if it made impossible to go through the door, robbers can just go through the paper walls anyway, the whole foundation is flawed.
Solution?
Rewrite the game to be server sided, everything validated through servers.
Why devs won't do this?
Easy to cheat current client sided game cost them 1x money cost to maintain.
Very hard to cheat server sided game 10x money cost to maintain.
It would cost lot of money to maintain a game like that.
Thats why usually most company don't bother with it, but even then they have more server checks than dbd.
DbD is just really outdated in terms of security
0 -
The game doesn't need to be server-sided (assuming you mean everything on the server, the server is the absolute truth). I'm not even sure it could work properly (it's not a shooter).
All they need to do is to add some basic checks and it will filter-out most cheaters and eliminate the most annoying problems (hostage situation).
0 -
Yeah its really hard to understand why they don't have basic checks (like running with x speed impossible, or gens can't be insta repaired etc), maybe the game code is even bigger mess than thought.
0 -
It's made with Unreal Engine and it is notorious for being easy to hack and poor practices in general in regards to netcode. All data for all clients is replicated even though it's only relevant for some. So for example position for players that aren't even visible is communicated to everyone anyway. That's why wall hacks and stuff like that are possible (it isn't in for example Dota 2, where such information is not shared with client unless player is visible). This is true for all UE games by default.
0 -
Even if the game code was a mess, it's not rocket science to keep some state about the actors (to keep the UE terminology) and check for impossible status. It's not rocket science either to send the transition when the EGC ends. There are bits somewhere with that information. Worst case scenario, grafting a separate state machine in the code with that purpose would do it.
You'll have to point out to references about that "notoriously easy-to-hack" and "poor practices" for the UE4 netcode. As far as I know it works just fine.
I'm sure you realize the only way to not send everybody's position would be for the server to have a local, simplified, version of the map so it could do occlusion computations. It's not exactly cheap.
Of course, for a 2D game like Dota 2, there is no such computations required. Limiting the data sent to an area slightly bigger than what the player can see is trivial.
0 -
The multitude of hacks available for virtually all UE games is somehow not proof enough? There's even kits specifically made for hacking UE. I won't link any of that here, naturally. If you deny it you're either ignorant or simply a fanboy of the engine.
Servers literally do run lighter version of the games w/o any graphics, and they could indeed do visibility checks. Either through BSP or modern occlusion culling, essentially ask "for this location, is this other location visible?". These things can be pre-computed and cached, acting more like a look-up table. It's not costly at runtime. It's just not part of UEs base kit as data security and anti-cheat hasn't been prioritized.
Data encapsulation is a very basic concept in programming and it has not been respected in regards to networking in UE, where data to all clients is shared. It IS very poor practice.
0 -
No, you see, the issue in your statement is that "notorious" part. Any engine has the same issue. We aren't talking about military-grade software here. Trying to insult people will not give your opinion any more weight, quite the contrary. (But I have my answer nonetheless : not substantiated)
You have a very personal definition of "not costly". Memory, CPU, time : it's always the same balance. Whatever algorithm is used, it's not free. It's certainly more expensive than what they are doing at the moment. You also have to remember maps aren't static and running servers costs money bound to CPU and memory usage.
It's quite obvious they didn't have any kind of safety in mind while writing the game. It used to run on the killer's computer. There are however very cheap (as in a couple hundred CPU cycles) ways to mitigate most of the current problems.
Data encapsulation has nothing to do at all with any of this, under any of its definition in the field. (And I certainly hope you didn't use to mean "obfuscation".)
If instead you meant to tell to only give the relevant information to the clients, it's not a "programming concept". It's a basic optimization, and it's not always the best choice.
0
