Is anything being done with rfactor2 to stop ram cheats?

Uploaded with ImageShack.us like this

 

ISI cheat detection will be beaten at some point. A single community-developed solution will be beaten at some point. Multiple community-developed solutions will be beaten at some point, though it'll probably take a bit longer.

Does no one cheat in iRacing? Can you prove it?

Does no one cheat in PunkBuster 'protected' games? Of course they do... that's why it gets updated. And then updated again to protect against the new methods... etc etc etc.

If you want to race without the possibility of cheating, set up some LAN parties and physically check the processes/files on each machine.

If you want to play online, you just have to accept cheating is a possibility. In any game.

If you want to talk about reducing the risk or ease of cheating, sure. But ISI has already said there will be better protection in rFactor 2 - what do you want? A description of the system? That'll only help those wanting to cheat.

 

You're right and that's why I used the word "active" i.e. stay on top of things as much as possible. Most modern games with active anti cheat systems rarely have cheats because it's such a massive effort, maybe only 1 in million are able to do it. The chances there is cheat in your league is virtually none which I can live with no problem.

I think iRacing do actively work on anti cheat system and because price is high I doubt cheat would be bothered spending so much and risk getting caught and so banned.

I never read that rF2 will have anti cheat. I would like ISI to elaborate and I need to see evidence that they will be actively working on anti cheat system, not just fire and forget.

 

It's reduced, certainly; One in 1 million? Hard to gauge, but even assuming that's true that one person can easily share it with several/tens/hundreds of friends... nobody knows until it falls into the wrong hands.

Yeah, that's part of the additional risk. Again one of rFactor's strengths (price in this case) can be a weakness, though this is in combination with a non-existent 'name' system (change a folder and filename and you can have any name you want). Hence leagues being a step-up from public rooms, though generally still not huge unless you're willing to risk severely limiting membership growth through lots of identification procedures.

Well, you need to read between the lines a bit, but I think that's part of their approach in not wanting to spell out the scope of what they're doing and making it easier for people to come up with workarounds. Couple of quotes:

(This in response to questions regarding cheats, and 'they' refers to the developers - so that he's heard it mentioned is actually quite a significant event)

And, from earlier in this thread:

It's also worth bearing in mind the people most able to circumvent such systems often do so just for the sake of showing they can do it; the more you wave your hands in the air and say, "ha! Our cheat-detection system is unbeatable!" the more you invite people with no interest in cheating themselves to come along and have a go just for the sake of it.

 

If they cover most of the current rF1 cheats well I imagine the only cheats left would be overly complex for most people, so even if cheat is shared it may not be possible to execute without certain skills or even certain hardware.

Punk Buster for BC2 gets updated quite often http://www.evenbalance.com/index.php?page=support-bc2.php. If there is no sign at all of ISI actively updating anti cheat system well the system is not good enough because there is no end to preventing cheats, or at least not with current OS and software.

Saying that system is either actively updated or is not actively updated gives no advantage to possible cheat at all so there is no reason why they cannot elaborate. If they don't feel they need an active system, well they would have had to do something incredibly clever but more than likely - if it were possible there wouldn't be any anti cheat clients around like Punk Buster so I doubt ISI are that clever.

The only viable systems these days are active, always working in real time which gives ability to adapt. I'm quite sure that some day new OS and hardware will make it easier to design more secure systems and in fact increase the odds way beyond what any intelligent person would take on. This is another subject though, the only choice for developers is to keep ear to ground and actively lock doors as they are opened, afterall there is a finite number of doors that can be opened.

 

Here is good analogy, prisons.. what some seem to be saying here is that there is no point having a jail because it won't prevent people breaking the law. Life without jails would be chaos and of course, jail is a very strong deterent. Of course the hacker or cheat doesn't suffer if caught but their efforts will be in vain if system is active and so therefore they might not bother trying in the first place.

 

Any system that relies on information being sent online can be emulated and broken using software - whether the implementation of the system itself contains hardware or not. (a hardware-based system that wirelessly initiated its own connection and reported to a local base would require more sophistication to break - but is obviously impractical, and even if somehow implemented would be much more stagnant and therefore prone to hacking - not to mention expensive!)

As you've said, any system needs to be updated in order to close holes that are found, or it will no longer be effective. Which really just means writing code that detects the known tricks and reports them, and when that code is broken you release another update that detects that one, and so on and so forth...

To do this, you either wait until you find out about exploits (and have the possibility of those exploits being used in the meantime) or periodically rewrite your code with different checking, reporting, and exploit-detection methods to make it difficult for cheats to keep up with the updates, or at least have a cheat-free period (maybe hours, maybe days, maybe weeks) after each update before they break it again.

In all of this you can't be sure if and when new exploits are found/used/distributed. It's quite possible you would jump online an hour after an update and someone's already cheating. Perhaps unlikely, but you'd never know for sure.

So, even with a consistently updated system, you're only reducing the risk.

That means you need a balance between working on cheat reduction and actually developing the software itself. Bearing in mind we're talking about ISI, on the small side in terms of software development globally, and rFactor/2 which isn't even their main product, and there are real limits to the amount of time they can spend working on and updating such a system.

And, again, any one system is more prone to attack than a number of systems, whoever develops and maintains it.

If they don't actively update their anti-cheat measures, and that's enough to stop you buying rF2, that's your call. But if they do, you still can't be completely sure no one is cheating. Anyone playing any game online has to accept that fact.

Who said that in this thread? I just went through it all again, nobody said not to do any anti-cheat stuff. Even tjg_marantz's post was only implying the tendency for threads on this topic to go nowhere, not the pointlessness of cheat detection (even if it was misconstrued). To some extent we're just proving the point

 

Well why are people saying there will always be cheats? I took that as meaning "so why bother". Actually as I said before I think in a few years new hardware and OS will make it easier for developers to design more secure systems.

If ISI was a country, well would you want to live in a country that doesn't have jails? It's that black and white for me. So if there's no sign of regular updates I can only assume ISI aren't actively working on anti cheat system. I probably will buy it to find out, but if I don't see updates I will probably uninstall it. Because it's so easy to cheat in rF1 I would bet that it's close to 1 in 1000 who know how and cheat. Preventing these simple cheats from being used would increase to maybe 1 in 100,000 maybe 1 in miillion - my point is that the odds are significantly reduced even if only the most basic cheats blocked.

 

People are saying there will always be cheats because there will always be cheats. No point burying your head in the sand and thinking otherwise.

I'm not sure what sort of hardware/OS will eliminate cheating. Companies have been trying to do that for 30+ years (big companies, trying to protect their main or only product, very much unlike ISI) without success.

All you can do is make it difficult. rFactor, 6 years in, obviously contains some vulnerabilities and they have become fairly well known. Still a lot of people don't use them, it has to be said. You could cover off a lot of them in a league situation with some basic/intermediate programming (and quite possibly cover any left just with the fact the guys who have been members for years won't want to risk being caught trying something), and eventually rF2 might end up in the same situation. But it's probably fair to expect it will take a while to get to that point, and if the detection system is updated as the game is during its development (after initial release) it'll be mostly smooth sailing.

But cheat-free? No... just like every other product out there. If you can't stand even the possibility you'd be well advised to stick to offline gaming.

PunkBuster is surely the leader in this area... and it gets updated every couple of weeks on average, sometimes every day or two. How long do you think an exploit has been used before it gets patched out? Sometimes it'll be a day or two... sometimes it'll be a month. If you want to be cheat-free, get some mates (and PCs) over and make a day of it.

 

Punkbuster is pretty much worthless in my opinion. I play COD 4 and use Punkbuster...I can find cheaters in every server.... aim bots, wall hacks etc..

 

we have tyka for rfactor 1 and probly rfactor 2 but i was hoping isi could team up with tyka for rfactor2 or something like it and yes you can cheat on iracing with the same program or COD or online bingo (some) infact anything even java games on facebook

 

Exactly what I'd like to see, is a punkbuster style anti-cheat. I play FPS online too, and I see people getting banned for wallhacks and aimbots all the time, so how is it worthless? Have that ban tied to a Username and a Serial Number, now they've got a game with a key that won't allow them to play online, that should take care of any thoughts rational people have to cheat. And if you wanna try to hack again, it will cost you the price of a new game and you'll need a different Username. Like iRacing, tie the Username somehow to the name listed on the credit card used to buy the game.

Not to mention, they can adapt it to whatever the new threat is. Sure, some cheats will get past PB unnoticed, but imagine COD or BF with 20x the cheaters... that's what something like PB gives you protection from.

Any type of built-in or commonly accepted anti-cheat would stop 95% of the cheaters, I'd bet. Yes, there will be a few that will be able to get around it, of course, but let's stop the vast majority in their tracks.



Listen, we wouldn't leave the front doors to our homes unlocked when we left just because a burglar could kick the door in or break a window and go in that way, why is this any different to understand.

Sometimes locking the door is enough, and and unlocked door is just an invitation inside to a thief who otherwise wouldn't have bothered. They can't help themelves- look the door's wide open! Who could blame them for walking out with your 65" TV?

'Hey! I hear the rFactor house down the street never locks their doors!! Shhhh.'

Whoops, too late. Now everybody in Digital Detroit knows, so looks like they'd better get a deadbolt or two installed, and maybe grab a shotgun, just in case one of these crackhead hackers tries something stupid.


I'd be willing to pay 40 bucks or so subscription a year to ISI, for them to employ a couple guys to always be tending to an anti-cheat solution and user accounts with a reputation or rating tied to their CC, if that's what it would take. Just so long as I can mod at will like always, and I don't have to pay for cars or tracks unless I want to. Let the kids have the full version as a free offline trial, too. No more cracked .exe's, it's either the free offline version or has the online subscription. Yeah, I said it. Sounds like iRacing without the suck.

 

Protecting against local physics tampering should not be too difficult in this case, considering the fact that there are multiple computers connected to the server, where the cheater typically only has access to one of them. Doing realtime intra-session physics parameter comparisons between all clients and the server, and using majority decisions to determine right from wrong would be quite hard to get around. Couple that with some local process and plugin introspection, which checks against configurable blacklists, and you would have a system that would be pretty effective against any attempt to modify in-memory values or alter the system timing.

 

I think at least part of what you're talking about would have to be included if rF2 were written to defeat the low-tech 'manual' cheating that goes on at the moment. If communication of a breach is done through the existing connection it would be difficult for the average user to block it; and that's where one of the difficulties lies I think. Since anyone can host a server, potentially anyone can check whether a certain procedure is detected, and avoid going 'live' with it until they're sure it's invisible.

Still, it would be a lot better than what we have now.

Physics 'checking' is difficult in my opinion - with a more sophisticated workaround legitimate values could be reported (rather than the tweaked ones actually in use), and if you managed to set up a system where clients were periodically requested to send more detailed info on current physics parameters and performance (which could be impractical, given a large number of mod/track/condition variables), there is always the potential to just revert to proper values for the verification period and then go back to modified values when it's over. But, I digress... we know any system will have workarounds given enough time and effort.

Lots of options, and probably none would please everyone. But it has to be a major factor in rF1 cheating that apart from your IP (which is limited at best) there is nothing saying who you are. Create a new player file (or just change your name, and possibly the 'unique ID' [is that reported anywhere? Dunno]) and you can start afresh. This is one area where a more strict system would give some advantage, even if you'd still get 14 year olds using their parents CCs to buy multiple accounts.

 

Evidently you didn't get the gist of my post, I use punkbuster... it gets updated frequently. The servers I play on use punkbuster, and I still see cheaters. "worthless"

 

Umm ya I did, you're little one liner says say punkbuster is worthless because you see a few cheaters, and I responded with a multiple paragraph, thought out response, telling you you're dead wrong and why. I get that you use PB, duh. So you see a couple cheaters... without punkbuster you would see A LOT MORE cheaters, hence not 'worthless', how hard is that to understand?

Talk about not getting the gist.. stop parroting what you 'heard' about PB and have an original thought, please.

 

There always seems to be someone who needs to take it to the next level... it has nothing to do with what I "heard", I play COD4 almost every day on multiple servers, and see the hackers everyday. When I do I leave and find a different server, and it is usually within an hour or so before I have to leave and find yet another server. Punkbuster is worthless.. this is my opinion, you don't have to agree with me, we can leave it at that.

 

Ok guys, Millard saw a cheater with PB, it must be worthless, his 'opinion' says so.

Never mind the facts, like the scale of how many people play FPS's and that it blocks most cheaters. A couple got through, so Dave says it's worthless.

 

Not very good at debating the facts are we Dave?

Doesn't change the fact that rFactor 2 needs some built-in anti-cheat measures, to stop the majority of the cheating.