• Naz@sh.itjust.works
    link
    fedilink
    arrow-up
    106
    ·
    edit-2
    7 months ago

    Yeah honestly, I bought Tarkov second-hand for $8 and even then I felt like I was getting ripped off.

    It’s probably not news to anyone but the game has extremely lax anti-cheat controls.

    As for why people would cheat in an online game, it always seems obvious from a psychological standpoint, but the cheats for Tarkov are so egregious they’re like full blown developer offline DEBUG TOOLS.

    I don’t mean “oh no, aim assistance, and they can see you through walls” – the cheat tools are hooking into features of the GAME ENGINE ITSELF, allowing players to see:

    PlayerName, Current HP, Current Level, Full inventory contents, currently equipped weapon, position, heading, estimated value of inventory, estimated value of your account, age of account creation, and so on.
    

    They can also: Teleport, FLY, increase or decrease their run speed, jump height, and so on.

    The cheaters are basically running around with admin privileges in the game, and the developers don’t give a flying fuck. It’s like GTA5 levels of cheating.

    Why would anyone play such a game, much less pay $150 to be abused by people? You can slam your dick in a car door for a lot less.

    • Semperverus@lemmy.world
      link
      fedilink
      English
      arrow-up
      53
      ·
      7 months ago

      Whats sad is that people keep wanting more client-side anticheat to fix this, when the real answer is server-side anticheat and changing the engine to stop being so leaky with that much information.

      • huginn@feddit.it
        link
        fedilink
        arrow-up
        14
        ·
        7 months ago

        It’s easy to just handwaive and say “Server side will fix it” but here’s a major issue:

        You have to render people in before they appear. How do you do that without the client knowing where people are?

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          29
          ·
          7 months ago

          but here’s a major issue:

          You’re acting like other games have never successfully ran server-side before. Hell the whole net engine doesn’t need to be server-side at all. But you can run server side checks on shit at the very least. A player being 100 ft in the air is likely a cheater… A player making a shot through impenetrable terrain is likely a cheater. Tarkov is missing these basics. Forget ESPs and other bullshit.

          • huginn@feddit.it
            link
            fedilink
            arrow-up
            3
            ·
            7 months ago

            If you should absolutely be checking for repeat issues and basics. Not trying to excuse that shit, just saying server side isn’t a silver bullet.

            • ShortN0te@lemmy.ml
              link
              fedilink
              arrow-up
              18
              ·
              7 months ago

              That is just wrong. For example, increased movement speed. Just check every couple of seconds if the movement that the player actually did is possible with the allowed parameters. Yes there can be bugs in that too, but not trivial to bypass when you validate every packages.

              It is resource intensive. But much more effective for things like movement then client side.

                • ShortN0te@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  17
                  ·
                  7 months ago

                  Every. Single. Serverside anticheat ever implemented has been defeated with absolute ease.

                  Even if true (it is not) this does not proof anything other the that to less resources are invested in it. Client side Anti Cheat is cheaper because you just simply buy that product and yiu have not fix your broken game code which bately runs smooth anyway.

                  Client side Anti Cheat goes against basic IT-Security principles. Every single packet that is sent from the Client to the Server is User Input. It is not to be trusted. You have to validate it.

                  When you login to your Online account the check if your password is correct does not happen on your Computer. It gets sent to the server and the server validates it.

            • Saik0@lemmy.saik0.com
              link
              fedilink
              English
              arrow-up
              4
              ·
              7 months ago

              No they haven’t.

              No they haven’t created games with server-side net code? Yeah you’ve just outed yourself as having NO fucking idea how any of this works. Most MMOs are fully server-side to put that in perspective. Very few usable cheats exists for these games that are not detectable.

              Server side anticheats are absolutely trivial to bypass

              Server side checks/anticheats are IMPOSSIBLE to bypass short of an actual flaw in the system/code.

              You’re arguing that you can hack the code the server runs that you never see or know anything about. That’s absurd. Hell the game itself doesn’t even necessarily need to know that the server-side checks are a thing depending on the implementation. You can’t fuck with code you never even have a chance to directly interact with.

              Change your health in a ram editor… Server receives the state of your character… see it’s invalid to the game state and drops you from the lobby/game. Do it enough times and you get flagged as a cheater, account ban. There is no “bypassing” this. Considering that game states have to be broadcast to all clients anyway, the server already has to touch all the states submitted to it anyway. A quick check on some sane things is simple and easy. A reference check from last known location to current state location and seeing that you’re clear across the map or your y value is impossible… This is trivial to check.

              ESPs and other client side stuff is harder since you have to send game state information to the client at some point (including information on enemies)… but you could conceivably not send status updates about characters/objects that are not relevant to a player. That would cut the vast majority of usefulness of ESP hacks.

              The most important part of ALL of this discussion. Tarkov does exactly NONE of this. They check nothing. They enforce nothing. The client side anti-cheats in place are useless.

              • AMDIsOurLord@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                7 months ago

                Sure, the absolutely most blatant stuff can be detected, BUT

                Stuff like aimbots and wallhacks are still very doable even in the presence of serverside anticheat. And for MMOs, the cheats used are different in nature, autofarms and scripts exist

                Look at FairFight anti cheat for example, your fucking holy grail serverside garbage. People still developed aimhacks for it

                But what do I know, some Lemmy dweebs apparently cracked the fucking holy grail code of developing anticheats, you guys should send some job applications lmfao

                • Saik0@lemmy.saik0.com
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  edit-2
                  7 months ago

                  Sure, the absolutely most blatant stuff can be detected, BUT

                  No buts. Tarkov does NOTHING to address even the basic stuff. There’s no buts at all. You can’t say “there’s still hacks” when Tarkov is literally filled to the brim with hackers. Nobody ever claimed serverside is perfect. Quite the contrary. But holy fuck would the game be a fuckton better if they at least did literally ANYTHING.

                  A serverside anticheat could absolutely detect impossible flicks (autoaim). Especially since they’re too consistent.

                  But the point is that Tarkov has become a shit-filled game because of the rampant cheating.

                  Fairfight is an interesting example to take. Siege is a much better game comparatively. It’s proof that serverside works… and can work in real time. Except you claimed that would be impossible.

                  Edit: I’m calling Siege better in the aspects related to this conversation. You only run into cheaters on rare occasion. When I played Tarkov it would be damn near EVERY map.

        • ProgrammingSocks@pawb.social
          link
          fedilink
          arrow-up
          10
          ·
          edit-2
          7 months ago

          If the trajectory and speed says either the client or another player will cross a wall soon where the player sees them THEN it could send the data to the client. You need some tolerance for ping up to maybe 200ms but that’s it. Wallhacks could give you at most a flash of a couple specific people.

          • huginn@feddit.it
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            7 months ago

            You need to account for every gap in the wall, nook and cranny and peephole for these sightlines. You’d have to bake so much detail into every calculation server side that it would effectively be rendering the entire map to host a single game.

            • ColonelPanic@lemm.ee
              link
              fedilink
              arrow-up
              5
              ·
              7 months ago

              There are many ways of doing this. I know the source engine uses visboxes, which are calculated once at map compile time. It takes a while to compile, but it means that clients can use the pre-compiled data to calculate parts of the map that are visible and the server can use them to determine what the player can see at a given time. I’m not sure whether it does that or not, but it would make sense to use that data.

            • ProgrammingSocks@pawb.social
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              7 months ago

              It could be a client-side check with verification on the server. Basically transmitting which places are in view. Ray casting like the other person said. Not raytracing which is much more computationally intensive. A server side check basically so that the client can’t just say they’re looking around every corner at once.

              • huginn@feddit.it
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                But then you’re adding extra latency to all visual calculations.

                Your client needs to know if something is visible within the framerate of their PC.

                You cannot do that fast enough.

                • ProgrammingSocks@pawb.social
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  7 months ago

                  Why not? More computationally intensive things are done to calculate lighting in a lot of modern games as I alluded to. Yes it would increase the load on your CPU but that’s less of a problem nowadays with higher core counts and clock speeds and it’s not like modern anticheats don’t steal some CPU cycles already. I think you underestimate the power of modern computers. I’m not trying to be condescending here but it is worth remembering that gigahertz means BILLIONS of calculations per second.

                  We’re only talking in theoreticals right now anyways, it is entirely possible that a game studio has tried this and it hasn’t worked, I just don’t put a lot of faith in modern game companies.

                  • huginn@feddit.it
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    7 months ago

                    You cannot break the speed of light with computational effort.

                    You’re saying that you want to have a round trip from client to server and back happen in-between frames.

                    You cannot do that. Period. You will not ever have latencies that low.

                    Even if you frame lock it at 60fps that means you’re calculating views, sending the data up the tube, checking it on the server, responding back with all the data about the new character that should appear and then rendering the new guy within 17ms.

                    That is physically impossible.

        • thantik@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          7 months ago

          You do something called raycasting to determine visibility beforehand, and don’t render anything not visible.

          • doctorskull@lemmy.world
            link
            fedilink
            arrow-up
            9
            ·
            7 months ago

            lol raycasting isn’t optimized for server side deployment, it would increase the poly count of the mesh tenfold, which would in turn increase average ping and fps. Couple that with the client side rendering problem and I don’t know anything about development just kidding

          • huginn@feddit.it
            link
            fedilink
            arrow-up
            5
            ·
            7 months ago

            Your suggesting the server maintain a real time render for every single player and somehow manage to get the data back to them in less than 17ms so that they don’t have empty frames that suddenly become people?

            Because that’s a ludicrous requirement in terms of latency (ping is totally reasonable at any value under 100ms) and server capacity.

            Because your solution sounds like it would cause popping constantly and be a major burden on the server, which is already the largest overhead on a released game.

        • 30p87@feddit.de
          link
          fedilink
          arrow-up
          4
          ·
          7 months ago

          By rendering people, as in sending data about an object that should be rendered, in a few pixels before they would be visible. And not at all on distances, without a scope (as they would not be visible). Footsteps etc. could be represented by two noise levels precalculated by the servers very roughly, so you can tell someone is there behind you, but a cheat could not determine where exactly.

          • huginn@feddit.it
            link
            fedilink
            arrow-up
            3
            ·
            7 months ago

            You want a server to determine if a player should be visible (ie render each player’s perspective) and then get that back to them right before someone walks around the corner? With latency you’d need to render people in at least 200ms before they appear… Which is still plenty of time for a hacker to flick to them and kill them.

            • 30p87@feddit.de
              link
              fedilink
              arrow-up
              2
              ·
              7 months ago

              True that, but I imagine such sudden flicking to seemingly random positions to be much more obvious than if the hacker had 10 seconds to see the player, tactically preaiming a corner pretending to hold an angle to then be lucky and hit a shot. Would be harder on games with smaller maps, CS like, as holding angles would be much more common than in open worlds - eg. Tarkov.

              • huginn@feddit.it
                link
                fedilink
                arrow-up
                2
                ·
                7 months ago

                My point was that you’re multiplying server costs several times to do that complex rendering and still not solving the problem.

        • jjjalljs@ttrpg.network
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          I don’t know game development but uh do you? What are you rendering when the player can’t see them? I might legitimately just not get what you mean

          • huginn@feddit.it
            link
            fedilink
            arrow-up
            3
            ·
            7 months ago

            You constantly have to render people in when they can’t be seen but will soon be seen. Which also means instead of keeping track of just locations the server needs to render the scene in sufficient detail as to determine sightlines.

            Usually games just do this by sending info to clients of where everyone is and letting the clients render people in when the client determines that the sightline isn’t interrupted.

            Some games will just not send the positions until they’re within a certain range of each other, but I’m a realistic game like tark you’d need several kilometers of info in case someone scoped in.

            If you don’t do this correctly it leads to characters popping into existence from thin air

            • ShortN0te@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              7 months ago

              You could use things like ray tracing to determine if one player can be seen by another on the serverside and only send packages when they can see.

              But to resource heavy to do that.

              Edit: Thinking about it, you simply have to render the whole map with all players server side and based on that determine which players can see each other and based on that send the information to the clients.

              • huginn@feddit.it
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                You do see why that’s a serious issue right? Before the Server did nothing more than maintain a list of x,y,z coordinates of player positions. Now it’s rendering the entire game space and doing 3d calculations.

                That’s several orders of magnitude more complex and costly.

                • ShortN0te@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  7 months ago

                  That’s exactly what i said.

                  Still no reason to put a root kit on the customers PC.

                  • huginn@feddit.it
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    7 months ago

                    There’s no way in hell you’ll ever get a game company to agree to that. You’re talking 100x the expense of running a server at a minimum.

        • Crackhappy@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          Hell. I have enough trouble knowing where I am much less predicting where other people will appear.

    • cbarrick@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      7 months ago

      Cheating is such a hard problem.

      Like, this is what leads to invasive client-side anti-cheat. Which also happens to be one of the main blockers for OS portability.

      But if you make it so that the server has to constantly validate the game state, you get terrible lag.

      You really have to design your game well to deter cheaters. And you have to empower server moderators to ban cheaters. This sorta implies releasing the servers so that communities can run their own instances, because these studios don’t have the resources to handle moderation themselves.

      • bountygiver [any]@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        7 months ago

        the validation shouldn’t cause too much lag since game needs to sync up the game states anyways, which is an operation that is inherently way more expensive than any validation anyways (since each frame of the following game states need to adhere to the game rules anyways, there’s already inherently some form of validation). It’s more about not trusting everything the client says the game state should be.

    • ℍ𝕖𝕝𝕚0𝕤@social.ggbox.fr
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      6 months ago

      Cheaters are a big problem in this game. To experience the cool parts of the game without all the bulshit, there is still SPT-AKI for playing solo and also the SIT mod for PvE multiplayer coop.