[MUD-Dev] DGN/TECH: exploiting/hacking in MMOGs - sources of info?

Damion Schubert ubiq at zenofdesign.com
Thu Sep 16 08:16:58 CEST 2004 

John MacQueen wrote:
> elina.m.koivisto at nokia.com wrote:

> Lastly the creation of "packet replacement proxies" which filter
> the data stream looking for specific data within packets, and
> replacing that data with the hackers data before sending that data
> packet onto the game's server.

This sort of hacking is the most common in MMOs, due largely to the
complexities and (typically) non-twitch gameplay of MMOs.
Infiltrating the packet stream is usually easier than infiltrating
the client itself, and when they do so, players can be incredibly
savvy about finding stuff that you shouldn't be trusting the client
with but do.

Helper apps often come into the fore here.  Meridian 59's helper app
for a long time allowed players to purchase from any vendor in the
world in any location, as long as he wasn't in your room.  Since you
can't normally purchase from an NPC unless he's right in front of
you, it never occurred to me to do a room match check, and it never
occurred to QA to test it (nor would they have been able to if they
had thought of it).  We fixed that one, but in the same build, one
of the programmers modified character creation, but accidentally
removed the lower bounds on your character stats.  The Client
wouldn't let you do it, of course, but the server gladly took the
incredibly low number, which of course rolled over to be an
incredibly high number.

Players found this exploit in about 2 hours after releasing the
build, which was a lesson in itself.

For non-MMOs twitch games, the hacks gravitate more towards speed
hacks and wall hacks, and aim-bots, while probably not technically a
hack, are right up there in terms of horrible technical problems
that are plaguing the dreams of those programmers right now.  MMO
devs haven't worried about those quite as much, although as the MMOs
get faster paced and more action-oriented, as well as start becoming
more centered around PvP than they currently are, these issues will
rise in importance.  Unfortunately, these are much more difficult
problems to solve than packet sniffing, which is usually solved by
slapping some junior programmer on the back of the head for trusting
the client too much.

--d
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list