This is usually quite complicated as the requests from honest players to get more info are legitimate, but satisfying them is likely – in many cases – to provide intel to those damaging the honest players’ experience. Satisfying this request might be counter-productive – A Catch22!
In the meantime, judging us on results is also challenging. There is no such thing as “no cheats” in online games and as soon as one (real or supposed) cheat is reported, fear starts to spread and players tend to believe that the phenomenon is everywhere.
- SINE, can you share more about the Anti-Cheat team’s approach and vision of addressing cheating and hacking in GRO?
In order to combat cheating and hacking more effectively, over the past six months we’ve built a multi-disciplinary team with the expertise required to add security to the development process. It was a paradigm shift, from a reactive to a more proactive mind-set in defining the most-effective solutions to prevent future exploitations. We have started by re-evaluating and improving the existing security-related processes and procedures as well as continued reassessing and refactoring all vulnerable game systems including our own Anti-Cheat system – all on an ongoing basis. This has been a lengthy process, but we have managed to reach a point where the result of our efforts will soon become visible to everyone.
- The community has been complaining about cheats/hacks/exploits – could you explain why it was best to keep a low profile?
From past experience, I’ve come to believe that one’s most valuable ability to influence the outcome of any battle is to first understand one’s opponents and the battlefield. In order to establish and implement an effective approach to protect the integrity of GRO, we’ve chosen to remain silent until the moment when we can make a strong statement.
- Can you give us more details on the cheats/hacks/exploits of GRO?
To start with, up to a certain degree, every game has its own type of vulnerabilities; some may be related to subtle flaws in the design of the game, while others may be related to subtle flaws in the implementation of the game systems, or a combination of both. Unfortunately these inadequacies tend to become more obvious once an online game is released, as soon as a certain type of individual begins to take it apart with the interest of identifying design and/or implementation inadequacies/vulnerabilities that can be exploited to give themselves various types of advantages. To some, this process itself is a game that they enjoy playing more than any other game.
It’s a “game of chess” between the game developers and game exploiters over the confidence and support of the community and the integrity of the game.
Having said that, the cheats, hacks and exploits of GRO are typical first person shooter (FPS) exploits, ranging from moving and firing at abnormal rates, seeing and going through walls, traversing vast distances instantly, knowing the positions of the enemy players at all times, aiming and hitting targets with extreme speed and precision, etc.; basically, exploits meant to provide an unfair tactical advantage over one’s opponents in an tactical game.
However, we have been able to devise detection methods for major cheats and hacks and we have been able to apply sanctions to the offending players on a regular basis.
As a side note, I would like to increase the awareness of the risks of using different types of cheats and hacks provided by various individuals around the internet. We have seen GRO cheats and hacks being advertised around, which didn’t turn out to be cheats and hacks for GRO, not at all, but rather malicious code meant, for example, to open a backdoor to the computers they run on.
- What are the steps the team took to address cheats that exploit the timing and synchronization vulnerabilities?
We have seen various discussions on the forum regarding this topic and I believe that further clarification is required. It is expected that a certain type of people are optimizing their hardware settings in order to get better performance. Depending on the type of hardware, there are multiple hardware attributes/properties that can be modified in order to boost the performance of the system.
For example: higher performance can be achieved by adjusting the Front-Side-Bus (FSB) on older hardware, Base Clock Rate (BCLK) on newer hardware and/or the CPU multipliers. This can be achieved either by changing these attributes before the operating system starts in BIOS, or after the operating system starts using specialized applications dedicated to overclocking. However, we’ve discovered that certain components of our engine, more precisely the core timing system, are susceptible to the discrepancies caused by adjusting the FSB or BCLK while the operating system is running.
The side effects of this type of overclocking impacted the ability of the engine to compute time lapses and frames as expected, resulting in an increase of game specific actions providing a player with an advantage over his peers he was otherwise not supposed to have. We’ve deployed a system called the Abnormal Frame Rate Monitoring System also known as AFRMS. Without getting into more details about how this system really works, as the name suggests it monitors, among others, the frame rate of the game client. This is not achieved in the traditional sense expected by the definition of frame rates, nor being achieved by the means of using one single method to define and/or determine rates, but by a combination of several different methods meant to determine specific anomalies in a constraint based system. In the pictures below you can see the reports being generated by AFRMS ever since we have deployed it late November last year.
We’ve used the information collected by AFRMS to understand how this specific type of vulnerability is exploited, to apply the required sanctions to offending players and we began immediately to refactor (change) the core timing systems and all other systems of the engine in order to prevent further exploitation.
This was a fundamental change, affecting more than just one system and we were required to find the right solution to meet all expectations in the process of improving these systems. This proved to be a big change and as such, extensive testing was required in order to ensure that all systems are operating as expected in various conditions.
- Where do we stand today on those steps?
We are very close – in the late stages of the validation process. We plan to release these changes soon after the Steam launch.
- We talked about timing and synchronization issues, but there are other hacks/cheats – what is the strategy for those?
Each cheat and hack exploits a vulnerability of one or more game systems of GRO and as such we have decided to address each one using the following process (steps):
- Identify the vulnerability exploited and the systems affected
- Collect information and extract meaningful patterns
- Detect and report abuse as well as apply the appropriate sanctions
- Refactor vulnerable systems enable automated systems to prevent further abuse
This is and will remain an ongoing process, but so far we have identified which systems have been exploited and we have deployed various monitoring systems to detect abuse and apply sanctions, while at the same time; we proceeded with the refactoring and hardening process of these systems. We aim to reach a point where further abuse will no longer be tolerated, resulting in immediate actions taken against every abusing player automatically. What this means is that instead of allowing a player to continue playing despite the fact that he has been abusing the system, and by doing so affect the experience of all other players in a match, an offending player will be immediately disconnected and temporarily banned as soon as an offense has been detected. Users caught twice will face more severe sanctions. We consider this to be vital to reducing the impact of cheating in GRO and improving the overall experience of honest players.
- From a player standpoint, when can I expect to see progress? When do you plan to communicate next?
You can expect to see progress soon after the official launch of the game. Moving forward, we intend to communicate our progress on a regular basis, approximately each month, if nothing outstanding needs to be communicated in the meantime. However, we request that you as our community understand that some information cannot and will not be shared in order to ensure the effectives our Anti-Cheat efforts.
- What can the community do to help you fight cheats/hacks/exploits?
Continue to report suspicious players. We value your efforts; your reports play an important role in identifying offending players and offending methods. It may not be obvious to everyone, but the reports that we receive from you trigger various manual and automatic investigations, which most of the time yields conclusive evidence and leads to banning. Everyone plays an important role and we want everyone to know that their contribution is appreciated.
At the same time, we have seen many bright minds discussing various interesting aspects of this topic on the forum and, as long as the discussion remains constructive, we intend to start engaging our community further and give everyone interested the opportunity to contribute to our efforts, more than ever before.