46
This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn't take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully...... even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope....
"never trust the client" is pretty much a motto of infosec, idk what the hell game devs expect
See, the wild thing is that I used to run with some actual hackers in GMod... and... I learned from the exploits that they did, how you actually design at least a game mode script that can't be fucked, can't be poked proded or queried directly.
Of course, if the actual exploit is lower level than what I'm writing at, well then I'm still fucked...
I can remember at least one GMod originated, lower level exploit, caused by Garry leaving some direct, unsanitized interface to Steam itself directly exposed via lua... which caused Steam/Valve themselves to step in and rewrite a part of all of Steam, because Garry is s fucking moron, and more or less allowed a virus/malware to propogate through Steam itself, independent of Garry's Mod...
Never did figure out if any of the goobers I knew had any direct ties to that or not.
But anyway, fucking yes, literally never trust the client with anything beyond their own GUI, and barely trust them with that, don't just let them click on anything in their screen space to see if its an item they can put in their inventory, do an actual server side vector ray trace, from the item to the playet, make sure the thing they clicked on is actually near them, put that all into a buffer that locks up if they're calling it at inhuman rates...
It was so easy to item dupe and stat boost and even hijack other players accounts in so many gamemodes I saw.
Fucking one of them had the user set and enter a login password to 'access' their various characters, pick one to spawn as.
Problem?
... That gamemode was actually doing the id check via SteamID, duh.
The username/password thing was a fucking phishing scam, that game mode had a forum, everyone used the same user names, a bunch of people got their hotmails or whatever fucked, by the dev of that gamemode.
... Anyway... yeah, I learned all this infosec type shit first hand, in an earlier 'FacePunch Studios' production.
Fuck Garry, fuck FacePunch, these people are idiot clowns.
Roblox exists now, the GMod roleplay communities independently invented their own ways of monetizing their gamemodes via syncing to their sites and forums with payoal widgets, ya'll missed the boat on that one, no one is going to play S&ndbox in anything close to GMod in its heyday numbers.
That sounds entirely on Steam. The game is the client in this context, and Steam as the server shouldn't be trusting anything from the client.
This was like, over a decade back, I don't remember it in accurate detail, and also, Garry deleted all the old Facepunch forums, which I do remember having a lot of discussion about this...
But, best I can recall, it was something like a buffer overflow/memory space exploit, because Garry exposed a core Steam function, that normally is only called by other Steam functions, in c++...
Well, Garry decided to give basically a lua api / reference method of accessing it directly, allowing doing arbitrary code injection into it, from anyone running a GMod server or networked client.
So I mean yeah, you can say Valve should not have trusted Garry with low level access to Source and Steam, that that's their bad, they should have expected he would create a serious security exploit out of naivette/hubris, like the proverbial junior sql db admin who just does 'DROP ALL' on prod, as an 'experiment'.
Uh yep, I would agree with that.
... I think this may have had something to do with Steam's, fairly new at the time, achievements system roll out, but I'm not sure if that's correct.
sir, this is a wendy's
Fuck you, take my order, stupid hallucinating AI drive thru working off an 18 year old microphone!
Oh Wait!
You're closing half your locations after trying to push realtime adjusting prices.
Nah I'm good, I'm gonna be posted up at the abandoned Wendy's, screaming at it all day long.
Get those pigtails in a hairnet, and my fries in a bag, thanks very much.
The Problem is that that would increase the load on the server as well as make latency-mitigation much harder.
As with everything, it‘s always a tradeoff.
They're totally different scenarios. How is the server supposed to know if a player has (e.g.) walls disabled and knows where the enemies are?
Because the client has to know where the enemies are while still hiding it from the player.
People who have no idea how things work and go off on quotes they see online is why these discussions are useless.
That's the neat part: you don't. If their idea of anti cheat means taking over my machine to scan everything that runs on it, it's a lost battle. Either find a way to do it server side based on behavioral heuristics, or don't bother.