this post was submitted on 27 Apr 2024
312 points (97.6% liked)
Gaming
19998 readers
156 users here now
Sub for any gaming related content!
Rules:
- 1: No spam or advertising. This basically means no linking to your own content on blogs, YouTube, Twitch, etc.
- 2: No bigotry or gatekeeping. This should be obvious, but neither of those things will be tolerated. This goes for linked content too; if the site has some heavy "anti-woke" energy, you probably shouldn't be posting it here.
- 3: No untagged game spoilers. If the game was recently released or not released at all yet, use the Spoiler tag (the little ⚠️ button) in the body text, and avoid typing spoilers in the title. It should also be avoided to openly talk about major story spoilers, even in old games.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Whats sad is that people keep wanting more client-side anticheat to fix this, when the real answer is server-side anticheat and changing the engine to stop being so leaky with that much information.
It's easy to just handwaive and say "Server side will fix it" but here's a major issue:
You have to render people in before they appear. How do you do that without the client knowing where people are?
You're acting like other games have never successfully ran server-side before. Hell the whole net engine doesn't need to be server-side at all. But you can run server side checks on shit at the very least. A player being 100 ft in the air is likely a cheater... A player making a shot through impenetrable terrain is likely a cheater. Tarkov is missing these basics. Forget ESPs and other bullshit.
If you should absolutely be checking for repeat issues and basics. Not trying to excuse that shit, just saying server side isn't a silver bullet.
That is just wrong. For example, increased movement speed. Just check every couple of seconds if the movement that the player actually did is possible with the allowed parameters. Yes there can be bugs in that too, but not trivial to bypass when you validate every packages.
It is resource intensive. But much more effective for things like movement then client side.
Even if true (it is not) this does not proof anything other the that to less resources are invested in it. Client side Anti Cheat is cheaper because you just simply buy that product and yiu have not fix your broken game code which bately runs smooth anyway.
Client side Anti Cheat goes against basic IT-Security principles. Every single packet that is sent from the Client to the Server is User Input. It is not to be trusted. You have to validate it.
When you login to your Online account the check if your password is correct does not happen on your Computer. It gets sent to the server and the server validates it.
Lol
You need to go out in the world (where the trees don't have pixels) and learn about this stuff if you want to be in this field / pretend to argue about it. Instead you've conflated the facts that other people are telling you (this is a hard problem that takes effort) with the corpo propaganda (It's expensive so It's impossible)
Also: Your llama-based waifu is not real. Good luck with your chat bot addiction.
No, I'm not an AI technro, and this doesn't have fuck all to do with LLMs, but with today's sophisticated cheats if you want serverside anti cheat, that's just a fancy way of saying behavior verification, and if you can do it without some sort of adaptive system then good luck mate
I also don't give a shit about pretending to be in the game, mate I'm a developer and I would love nothing more than getting another degree and kissing this garbage field goodbye
AMD is always hiring devrel. You get to fanboy, travel, vaguely consult on a bunch of cool titles before they come out, and it pays way better than actual gamedev. Same goes for all the other hardware manufacturers, as well as engine and Middleware companies. (Also yacht parties and drama if you swing it right)
I think you're talking botting where I'm talking hacking. With botting, you're right you do need "AI" where AI is the old heuristics and state machines AI. I still think anyone calling this AI in 2024 deserves to get clowned on. (And which I concede is not you).
Those checks can be buggy ofc or do not cover all possible exploitable behaviors. But when there are implemented correctly you can not circumvent them. Similar to a Login form, bugs excist.
A youtuber named CodeOverflow made two great series about game exploitation.
Not talking about that. And Client side anti cheat does also not help here.
No they haven't created games with server-side net code? Yeah you've just outed yourself as having NO fucking idea how any of this works. Most MMOs are fully server-side to put that in perspective. Very few usable cheats exists for these games that are not detectable.
Server side checks/anticheats are IMPOSSIBLE to bypass short of an actual flaw in the system/code.
You're arguing that you can hack the code the server runs that you never see or know anything about. That's absurd. Hell the game itself doesn't even necessarily need to know that the server-side checks are a thing depending on the implementation. You can't fuck with code you never even have a chance to directly interact with.
Change your health in a ram editor... Server receives the state of your character... see it's invalid to the game state and drops you from the lobby/game. Do it enough times and you get flagged as a cheater, account ban. There is no "bypassing" this. Considering that game states have to be broadcast to all clients anyway, the server already has to touch all the states submitted to it anyway. A quick check on some sane things is simple and easy. A reference check from last known location to current state location and seeing that you're clear across the map or your y value is impossible... This is trivial to check.
ESPs and other client side stuff is harder since you have to send game state information to the client at some point (including information on enemies)... but you could conceivably not send status updates about characters/objects that are not relevant to a player. That would cut the vast majority of usefulness of ESP hacks.
The most important part of ALL of this discussion. Tarkov does exactly NONE of this. They check nothing. They enforce nothing. The client side anti-cheats in place are useless.
Sure, the absolutely most blatant stuff can be detected, BUT
Stuff like aimbots and wallhacks are still very doable even in the presence of serverside anticheat. And for MMOs, the cheats used are different in nature, autofarms and scripts exist
Look at FairFight anti cheat for example, your fucking holy grail serverside garbage. People still developed aimhacks for it
But what do I know, some Lemmy dweebs apparently cracked the fucking holy grail code of developing anticheats, you guys should send some job applications lmfao
No buts. Tarkov does NOTHING to address even the basic stuff. There's no buts at all. You can't say "there's still hacks" when Tarkov is literally filled to the brim with hackers. Nobody ever claimed serverside is perfect. Quite the contrary. But holy fuck would the game be a fuckton better if they at least did literally ANYTHING.
A serverside anticheat could absolutely detect impossible flicks (autoaim). Especially since they're too consistent.
But the point is that Tarkov has become a shit-filled game because of the rampant cheating.
Fairfight is an interesting example to take. Siege is a much better game comparatively. It's proof that serverside works... and can work in real time. Except you claimed that would be impossible.
Edit: I'm calling Siege better in the aspects related to this conversation. You only run into cheaters on rare occasion. When I played Tarkov it would be damn near EVERY map.
If the trajectory and speed says either the client or another player will cross a wall soon where the player sees them THEN it could send the data to the client. You need some tolerance for ping up to maybe 200ms but that's it. Wallhacks could give you at most a flash of a couple specific people.
You need to account for every gap in the wall, nook and cranny and peephole for these sightlines. You'd have to bake so much detail into every calculation server side that it would effectively be rendering the entire map to host a single game.
There are many ways of doing this. I know the source engine uses visboxes, which are calculated once at map compile time. It takes a while to compile, but it means that clients can use the pre-compiled data to calculate parts of the map that are visible and the server can use them to determine what the player can see at a given time. I'm not sure whether it does that or not, but it would make sense to use that data.
It could be a client-side check with verification on the server. Basically transmitting which places are in view. Ray casting like the other person said. Not raytracing which is much more computationally intensive. A server side check basically so that the client can't just say they're looking around every corner at once.
But then you're adding extra latency to all visual calculations.
Your client needs to know if something is visible within the framerate of their PC.
You cannot do that fast enough.
Why not? More computationally intensive things are done to calculate lighting in a lot of modern games as I alluded to. Yes it would increase the load on your CPU but that's less of a problem nowadays with higher core counts and clock speeds and it's not like modern anticheats don't steal some CPU cycles already. I think you underestimate the power of modern computers. I'm not trying to be condescending here but it is worth remembering that gigahertz means BILLIONS of calculations per second.
We're only talking in theoreticals right now anyways, it is entirely possible that a game studio has tried this and it hasn't worked, I just don't put a lot of faith in modern game companies.
You cannot break the speed of light with computational effort.
You're saying that you want to have a round trip from client to server and back happen in-between frames.
You cannot do that. Period. You will not ever have latencies that low.
Even if you frame lock it at 60fps that means you're calculating views, sending the data up the tube, checking it on the server, responding back with all the data about the new character that should appear and then rendering the new guy within 17ms.
That is physically impossible.
That's why I already proposed tolerance for ~200ms with trajectory projections
So you're going to take all the places a character could be in the next 200ms, do Ray casting on all of them and send that data to the server to check every 17ms?
While the server also does that for 15 other players at the same time.
Do you know what algorithmic complexity is? Big O notation? If so - that's a n³ * 15m³ problem space that you're expanding out across 200ms every 17ms, where n is player locations possible in x/y/z and m is the other players locations. Physics collisions are usually the biggest drain on a computer's cycles in game and in the worst case that's n² complexity.
You're talking insanely taxing here.
It's mainly client side not server side. I'm not typing out an essay for you about a random ass idea I had one day on a forum.
I'm just baffled by the idea. No need to defend it though, this is all arbitrary anyways. It's not like anyone is going to do this.
True, I'm of the belief that gaming companies aren't too fussed about cheaters if they're bringing money in some way.
You do something called raycasting to determine visibility beforehand, and don't render anything not visible.
lol raycasting isn’t optimized for server side deployment, it would increase the poly count of the mesh tenfold, which would in turn increase average ping and fps. Couple that with the client side rendering problem and I don’t know anything about development just kidding
Your suggesting the server maintain a real time render for every single player and somehow manage to get the data back to them in less than 17ms so that they don't have empty frames that suddenly become people?
Because that's a ludicrous requirement in terms of latency (ping is totally reasonable at any value under 100ms) and server capacity.
Because your solution sounds like it would cause popping constantly and be a major burden on the server, which is already the largest overhead on a released game.
By rendering people, as in sending data about an object that should be rendered, in a few pixels before they would be visible. And not at all on distances, without a scope (as they would not be visible). Footsteps etc. could be represented by two noise levels precalculated by the servers very roughly, so you can tell someone is there behind you, but a cheat could not determine where exactly.
You want a server to determine if a player should be visible (ie render each player's perspective) and then get that back to them right before someone walks around the corner? With latency you'd need to render people in at least 200ms before they appear... Which is still plenty of time for a hacker to flick to them and kill them.
True that, but I imagine such sudden flicking to seemingly random positions to be much more obvious than if the hacker had 10 seconds to see the player, tactically preaiming a corner pretending to hold an angle to then be lucky and hit a shot. Would be harder on games with smaller maps, CS like, as holding angles would be much more common than in open worlds - eg. Tarkov.
My point was that you're multiplying server costs several times to do that complex rendering and still not solving the problem.
Hell. I have enough trouble knowing where I am much less predicting where other people will appear.
I don't know game development but uh do you? What are you rendering when the player can't see them? I might legitimately just not get what you mean
You constantly have to render people in when they can't be seen but will soon be seen. Which also means instead of keeping track of just locations the server needs to render the scene in sufficient detail as to determine sightlines.
Usually games just do this by sending info to clients of where everyone is and letting the clients render people in when the client determines that the sightline isn't interrupted.
Some games will just not send the positions until they're within a certain range of each other, but I'm a realistic game like tark you'd need several kilometers of info in case someone scoped in.
If you don't do this correctly it leads to characters popping into existence from thin air
You could use things like ray tracing to determine if one player can be seen by another on the serverside and only send packages when they can see.
But to resource heavy to do that.
Edit: Thinking about it, you simply have to render the whole map with all players server side and based on that determine which players can see each other and based on that send the information to the clients.
You do see why that's a serious issue right? Before the Server did nothing more than maintain a list of x,y,z coordinates of player positions. Now it's rendering the entire game space and doing 3d calculations.
That's several orders of magnitude more complex and costly.
That's exactly what i said.
Still no reason to put a root kit on the customers PC.
There's no way in hell you'll ever get a game company to agree to that. You're talking 100x the expense of running a server at a minimum.