The sad, sad state of anti-cheat in Siege

The Siege team recently posted on their blog about their anti-cheat efforts. Unfortunately, nothing interesting, really. Just the usual “we’re trying hard, see how many cheaters we ban” (10k monthly, apparently). To start with, I’ll quote one section, and discuss it briefly.

SERVER-SIDE VALIDATIONS

This refers to how we validate information we receive from the player’s game client. In the past, multiple player actions were validated only on their own PC. They could “tell” the game that they were supposed to “fly” and the game would allow that. Since then, we’ve added multiple validations that make cheats like this impossible to do, limiting access to this particular vulnerability.

When I read this, I thought “oh, my, not good”. Let me explain.

Cheating is challenging to deal with because stuff happens on a player’s PC (duh), and if a player wants to cheat, he has full control of his PC. For example, the game needs to know the positions of the enemy players, so that it can show them when needed. This information is sent to a player’s PC, and it makes wall-hacking possible. Similarly, a player needs to aim, aiming happens on his PC, and this makes aim-botting possible.

Other stuff happens on a server, and it’s beyond player’s control. A cheat could make the player move faster, or fly, on his PC, but a server shouldn’t accept it. This is very basic, 101, ABC, of software design. The fact that it’s year six and they mention it as news tells you everything you need to know about the state of affairs in Siege.

Imagine you go to an online store and click on that $1000 monitor you want. You then press Ctrl+Shift+I and edit the page source code so that the price is $1. Then you click “buy”. Will that work? Of course not. The shop server knows how much all items cost. In a similar way, a game server should know that players can only move at a certain speed, unlike a four-speed Maestro I once saw on stream.

Oh, and one more thing. Just as you can’t move faster or fly, you can’t melee a player five meters away. Ubi developers didn’t get the memo, tho.

Here’s more from that game, from Pengu himself.

Since we’re at Twitter, just the other day this was making rounds.

Somebody posted a video of a blatant wall-hacker hip-fire’ing people through the ceiling. Ubisoft Support Team’s response:

Hi Norsk! We’re having trouble figuring out what the exact issue is here. Could you explain what is happening in a bit more detail for us? Thanks!

Personally, I’m out of words at this point.