Ne'er-do-well player 'executed' in Guild Wars 2

I don’t actually know, but I’ve always presumed they’re running a modified version on the game (it runs on your system) that reports to the server. As long as what the modified game is reporting to the server seems normal enough, it will never trigger any red flags.

This is exactly what shits me about PC gaming as well: mods and hacks are trivial compared to on consoles and the “remedy” for a ban is to start again. In the case of consoles they can ban the particular machine from ever connecting again.

Lots of ways. Care for me to derail the thread to explain some of the techniques? Or should we split the thread?

1 Like

The way to deal with griefers and cheats is to extinguish them in an embarrassing whimper. Making a scene of it would just include this dbag in the game’s folklore. Erasing him from history in a way that will infuriate the person is a great method IMO. Seeing someone else play as his character would have been very frustrating.

1 Like

Yes please!

*starts chanting*

Derail!
Derail!
Derail!

3 Likes

Easiest way is to buy black box hacks from Argentina, China, and India. But to specifics.

There are a couple of things to exploit, and I will break this in to several posts.

The first are simple network level exploits. You run wireshark, reverse engineer the protocol (easier than you’d think), and test protocol options. It seriously can be as simple as the client will enforce “you can equip weapon A but not with B”, but if you mod the protocol you may get away with it.

It is a simple, bog standard data sanitation bug. burp suite, a local proxy is excellent for this.

5 Likes

The second is to patch the client to ignore certain commands from the server. This is also in the realm of, “the client thinks one thing, the server thinks something else” bugs.

If you can locate the logic via looking through a hex editor, awesome. That is easy. Next is to decompile with IDA pro or ollydbg. Hopefully you can find the logic branch and patch the executable. Third is to inject a DLL or .so into the running process to alter the runtime, not the exe (if they are digitally signed you have to start at that step). Fourth is to patch your OS kernel to reroute system calls or system service dispatch table calls to your functions.

You can always patch function call pointers (I.e. so LoadLibraryA calls your library first, but that’s lazy)

3 Likes

Third, you explore timing differences in server shards. See, even in a load balanced environment it takes time to transfer state from one server to another.

So if you find the right circumstances, you can manipulate server B into accepting server A state, even though it is invalid.

2 Likes

Four, you ‘lizard stress’ the controller or main node of a cluster and force them to fail over. Results are similar to number three.

1 Like

Fifth, simplest of all, client side timing bugs. I.e.if you throw gold on the ground, someone picks it up and throws it down within one second, then you pick it up, you double your gold.

And if you find out it is truly client side, you script it with burp suite >:)

3 Likes

KIDS!! NEVER DO WHAT UNCLE @japhroaig MENTIONS!!

5 Likes

3 Likes

With MMOs cheats are almost all timing or protocol abuses. Though if you can pwn a production shard member… (I.e. a server that is part of a cluster that handles front end traffic) the game is your oyster.

1 Like

I’m not entirely sure but I assume this is sort of the hack that I saw once for Simpsons Tapped Out. Someone had kindly modded the apk to ignore 0 as the lowest possible donut count (the premium currency) so you could spend as much premium currency as you wanted and the donuts in your wallet just went negative. I had two escalators to nowhere, two popsicle stick skyscrapers and one of everything else in the game.

At some point they pushed a new version that required the app to be manually updated via the play store. I’d lost interest by that point but after I updated the hack had been remedied. All my precious expensive buildings and negative donut count remained.

1 Like

Yep. It is literally one assembly instruction.

1 Like

Did you ever have one of these?

2 Likes

Dooood, no, but I can guess what it does!!

Yo, video dudes!

2 Likes

I cannot speak your crazy moon-language.

1 Like

“each of” (a) (b) © would have worked, but yes. Quite right.

1 Like

I miss playing the TFX simulator with Game Wizard for unlimited cannon ammo. (Weird, in the arcade mode you got unlimited missiles but cannon, the more satisfying thing to both shoot at the aircraft and strafe the ground, was limited to some lousy 1700 or so shots, 10 per round.) The 25-MIGs-on-the-sky-right-above-you-and-unlimited-cannon missions also felt more than satisfying. Maybe I should dig it out of one of the ancient hard drives from the era of DOS and 320x200 256-color graphics…

1 Like