Impressions from Hack-Session

[Kill]

Since most people didn't participate in Hack-Session yesterday, I want to give some little information for those who weren't there.

Principally I was not very satisfied with the session itself and its results, which is a tragedy for me to say, since we all are great friends of Nost. Here are some key-facts why:

1) Using proprietary Multihacks that can be found with a quick Google search, it was possible to use a variety of Hacks undetected, running on water and (short distance) teleportation included!

2) Time was much to short. As I already mention in the Hack-Session thread, 2:30h is just to short to try all the stuff you want. I was only able to cover ~1/8 of the stuff I wanted to try. This is especially influenced by issues concerning the usage of the communicated time frame for the test. Please devs, if you put the server up ~1:30h late, let the server run longer than 2:30h!

3) Participation was only very little. Principally there where more devs around than people from the community. I can't understand why. Googleing some stuff and clicking on some buttons in some Multihacks is something everyone who raids can do for sure. Ok, that is not real hacking but being a script kiddy, but that was what the devs wanted. There was no time for real hacking (in 2:30h atleast) and the devs wanted me to click on buttons anyway.

4) Of cause there where also some upsides: Devs where friendly, some hacks where detected (and if not at the first time, then at the second or third) and you had a whole Nost server for your own

F**k yeah - I am Jesus


Darn! - The Anticheat spotted me

[kovenant]

looks and sounds interesting!

in short why i did not participate
im not going to try / test tools that are made to adjust a certain game.
those tools are created by people that know what they are doing so if i test it on my own PC i migth infect my pc with trojans or other stuff.
not interested in that for a test

and if it is so simple, the dev's could have done some googling themselves for tools right?
( im sure they did )

all i can hope for is that there maybe will be a test server available next to the live server in order to have a regular test session to be better able to detect malicious software, since that will never stop to be developed.
it might not be perfect anti-cheat and i'm also quite sure that saying you are a anti-cheat server with detection tools will be a open invitation to cheaters to test their software.

[Kill]

im not going to try / test tools that are made to adjust a certain game.
those tools are created by people that know what they are doing so if i test it on my own PC i migth infect my pc with trojans or other stuff.
not interested in that for a test

This is generally false (I would say ;D). If you provide tools for hacking you do it a) to another hacker community, hence people will notice when you fuck around with them and you will loose reputation or b) to a wide range of users that actually PAY for them. So you don't put a virus/trojan into it, because they give you money and you don't want to mess with your customer base. Of cause, there are some bad apples, but in my life time I never downloaded a virus in a hacking forum (except for someone else of cause ;D).

and if it is so simple, the dev's could have done some googling themselves for tools right?

Googleing and Clicking on some buttons in an ".exe" is simple as shit. Fixing stuff is the hard part, because you can't easily look into the ".exe" and see what it does, but you have to disassemble the stuff, get an idea what data is manipulated in what way and then try to fix it. THAT is the (extremly) hard work.

[kovenant]

i understand the workings of the products and no i don't understand how to counter it, thats why im not a devver.
however if i was a "real" hacking kinda guy i would never ever release tools to do this for others.
except to lure script kiddies into using the "free" tools to for example run in the background bitcoin miners.
no matter what a "community" has to say about it, since when googling for the tools you dont find the community around it.
it's quite underground and simple found tools arent that underground.

* maybe it's just me being naïve..

[Viper]

Hello Kill,

We understand that you can be disappointed by the test session. We thought that 2 hours would be enough to check cheating software, maybe it was a little short: we did not expect so many cheating attempts. Anyway, if you want us to try other cheating tools, you can send them to us on the forum by PM.

The goal of this session was to find as much data as possible to update our security system.
The most difficult part is to reproduce the hack so that our Dev Team can work on it later, and it generally won't take long before we find a solution.

During this session, we wanted to focus on "home made" tools some hackers used, which are the most difficult to analyze since you can't find them on Internet. Among all the custom hack tested, 3 were not detected by our system. 2 of them were fixed during the session, we managed to reproduce the last one, and a fix is under development. All the other cheating attempts were spotted by the system.

Regarding commercial tools, 5 hacks still need to be fixed (we can reproduce it). You may have noticed that the effect of these hacks are limited by our anticheat, even if they are not explicitly detected (you can't teleport more than a few meters without being detected).

An update of the situation will be given next week, stay tuned !

[Noxx]

Well i highly doubt a good scripter would want to waste the time making the hack to just tell the devs about it

[Gelbin]

Well i highly doubt a good scripter would want to waste the time making the hack to just tell the devs about it

I'm afraid so to. I think it's even more important to be prepared for if someone would ever be able to hack, how to catch that problem.

For example (and this happened on Feenix): One guy does a gold hack and trades thousands of gold to other players, ruining the economy. You can do a rollback, but players that weren't evolved will not be happy with that rollback.

So, there must be a plan ready for whenever someone succeeds at doing a hack that has a certain influence on other players.

[Kill]

Well i highly doubt a good scripter would want to waste the time making the hack to just tell the devs about it

I'm afraid so to. I think it's even more important to be prepared for if someone would ever be able to hack, how to catch that problem.
[...]
So, there must be a plan ready for whenever someone succeeds at doing a hack that has a certain influence on other players.

Both your points are very true. Partially influenced by the argument from Noxx, I proposed a Hall of Fame for Hackers at a prominent place some time ago, so there might be an initiative to research and disclosure hacks. There should be a form of appreciation of hackers that makes: Disclosure > in-game benefits. I don't know if that can be archived however.
Nonetheless the issue of Gelbin remains a vital problem.

[kovenant]

if a person has the ability to hack the server or modify the game then it has to be somewhere in the logs??
creating rules to flag certain changes that might be hacks or need further investigation would then be possible.
only i have no idea how it works, or what is logged.

[whitekidney]

if a person has the ability to hack the server or modify the game then it has to be somewhere in the logs??
creating rules to flag certain changes that might be hacks or need further investigation would then be possible.
only i have no idea how it works, or what is logged.

Hacking the server is very different from hacking the client. All hacks today works by changing certain values in the games memory to change the behaviour of the game, for example swimming in the air.

All cheats (except speedhacking and teleportation, maybe a few more) are detected client-side via the warden module which has been reversed and is now in use by private servers. This module works by scanning said memory addresses and looking for changes that shouldn't be there.

I was the first one to join in the hacking session and I spent about 2 hours with 2 gamemasters fiddling around with various hacks such as airswimming, teleporting, noclip etc.

I can't say for sure, but I think I contributed to ~2 more hacks getting detected and fixed, including one of my private airstuck hacks from 1.12 which till this day has not been detected by any server.

The problem with detecting walking on water / slowfall / teleportation and speedhacks is that it is quite resource heavy to do this on several hundred players at once, hence why only simpler checks are used. I can say that there are more hacks detected on this server than it was on Blizzard's 1.12 servers back in the day.

The hacking session was fun and it was my first contribution to this server. The GM's was very interested in knowing more about my hack and it took them only 20 minutes or so to patch one of my airstucks/airwalks. I have no doubt they will continue fixing/detecting hacks/cheats as soon as they are spotted.

On the subject of rollbacks and major hacks that influences a large group of people: There is only so much you can do in these cases, even Blizzard did whole-server rollbacks back in the day when gold dupes was found. In most cases doing a rollback is the wisest and quickest decision.