Mad World MMORPG Testing Today

Posted by Daeity On Monday, October 30, 2017

Mad World is one of the first HTML5-based MMORPGs that can be quickly played in any (capable) browser. Developed by a small team of developers in Korea, I have been following Jandisoft for some time with eager anticipation.

Today, they have just opened up an "alpha test" of basic gameplay and PVP. Here's a direct link where you can start playing right away in your web browser: http://halloween.madworldmmo.com/

No sign-in or install required.

The game is, of course, still very buggy. Certain classes are overpowered in PVP, movement is jerky, players can get stuck on walls, server latency vastly extends mob hit range, and you're really only seeing a small fraction of the ultimate game. All of the standard stuff you would expect.

It is, after all, just an "alpha test". =]

Really though, overused terms like "alpha" or "beta tests" are completely meaningless. Remember how long GMAIL was in beta for? Labels and version numbers are selected on a whim, and understanding how the practice is abused internally, I would never defend them myself. They are completely subjective and even the definitions of alpha vs beta change between developers (just like the term "millennial"). These days, they're used solely for marketing and PR purposes to save face when users experience bugs. You never really know what build they're really giving you, or how far ahead their internal builds are.

They all come in different flavors: alpha, early alpha, beta testing, soft launch, early demo, test candidate, canary release, etc.

I've learned, however, that complete ignorance will defend apps by invoking these labels. Unless they are paid employees, then they are shilled intentionally. Have you ever heard someone say, "it's just a beta", "still in alpha", "only a demo", or "CHILL OUT! IT'S IN SOFT LAUNCH". These people are goldmines for big companies, easily trained, manipulated, and they will quickly jump on marketing phrases like a bitch in heat. Level 10 susceptible's.

Inside the industry, we can slap completely subjective labels on anything and players will believe you. Meanwhile, others drink enough of your kool-aid until they become unpaid employees that will defend your app, attack criticism, promote ignorance, and advertise for you. These users are great for business, and very easy to identify since they all say the same things.

For Mad World, I ignored all of the labels. As a game, I can't tell yet how popular it will become. I have my doubts at the moment, but they are based on the environments and features within the game. Users need a wide variety of content to consume, and I have a suspicion that based on the art style, many of the environments will look the same. This means that players will grow bored more quickly.

As a HTML5 tech demonstration, however, the performance of the game within a web browser gives me great confidence and high hopes for the future of MMORPG's through web browsers. This is a great example of how hugely popular MMORPG's are possible within browsers that can run on any device. As HTML5 popularity grows, I think we're going to see a lot more high quality games being produced than the current flash-like clones that are currently being produced.

When the final product finally releases, I do foresee some future problems due to the claustrophobic sizes of the environments. The zones are very "tight", so players won't really receive a sense of exploration. Also, due to the number of players that play per zone, combat becomes extremely frustrating. The chaotic nature of the game might be attractive to some players, but they only represent a small fraction of gamers who prefer wider-open spaces and areas to explore. I think using the term "claustrophobia" though is a really good way to describe the game, and I don't see that aspect changing. It's meant to be a simple game, too, but they have introduced too many character defense traits for example (ie, they show too many numbers under the character details). But, those changes can easily be made.

So, far - I'm a very impressed. A great example of the power of HTML5.

Phone Destroyer is Totally 100% Cheat Proof

Posted by Daeity On Tuesday, September 19, 2017

The /r/southparkphone subreddit is arguably the largest and most popular community forum currently dedicated to fans of South Park Phone Destroyer.

What's highly unusual about this subreddit, however, is that Ubisoft employees are actually moderators of this unofficial fan forum. Meaning that they have direct control of all narratives and reviews involving their own game. That's like Ubisoft being owners of Metacritic where they can delete posts critical of the company, ban dissent, and change public opinion.

I suppose the Community Manager job description has evolved from "engaging the online community in an open and honest way" to "controlling what people are permitted to say about their game."

New-hire Steve is the current overseer of the Phone Destroyer community. When he's not shamefully trolling redditors, you can find him on the Phone Destroyer subreddit angrily stating and re-stating.. ad nauseam.. the same arguments that cheating and exploits within the game are impossible. And, that all of the problems users experience are their own fault. It's never a server or software issue, it's because they "stepped in an elevator", "it requires a good connection", they have a bad phone service plan, they're lying, or they are a terrible human being.

There are also claims of a 100% effective anti-cheat system, but which was interestingly implemented after Steve said that cheating was already not possible. If cheating was impossible, uh... why would to need to implement a client side anti-cheat update then? You need to protect against cheating on an already hack-proof game?

I feel that many of the hacking complaints came to a boiling point in July 2017. Customers were complaining non-stop about unfair cheating within the game, and rightly so, but Ubisoft's Community Managers were screaming back at the customers, telling them they were clearly wrong. It's just a bug, there are no exploits, there are no cheats, it's network related, it's your cell phone, your internet sucks, you suck..

Finally, in late July the fucking hammer came down and Ubisoft laid down the law in the Phone Destroyer fan subreddit. Redditors were no longer allowed to complain about the rampant cheating. You used the word "rampant"? Banned. If anyone complained about unfairness, their post would be deleted and/or they would be banned. Even posts about "emulation" were classified as bannable, even though they were perfectly acceptable under the ToS. But, Steve apparently had enough.

I think what makes this mildly interesting is that the other, non-Ubisoft moderators, are known cheaters. Cheaters telling other people not to cheat, claiming that the game is cheat-proof, and deleting posts related to the rampant cheating. That's not irony, but it is fucking sad.

So while Ubisoft and their moderators are adamant that there are no cheats or exploits possible in the game, and excuses such as "we're still only in open beta" and "this is just a soft launch" are constantly being thrown in people's faces, here's what's happening in the real world for those who haven't drunk the Kool-Aid.

Even after their most recent patch, cheating is still very common. Hacks and mods have always been fully functional within the game since day one. They have just required some minor tweaks after certain patches. Most recently, a new iOS mod was even released publicly right after their most recent "huge" patch.

However, don't put any trust in these public hacks. They are very simple, and easily detectable.

Here's why: the Phone Destroyer team doesn't exactly have highly proficient security developers, so their anti-cheat methods are very rudimentary. The problem with these public hacks is that they use basic level patches like freezing the energy bar at max levels, but Ubisoft is specifically monitoring and logging energy levels for numbers that don't fluctuate or make sense. Luckily, that's pretty much the limit to their anti-cheat system.

I have been cheating since day one and have never been caught, on dozens of accounts. There are a hundred other ways to cheat the system. If you slowly increment the energy flow to regenerate faster, rather than simply fixed at 10, you'll be undetected. If you alter your card attack speed, it will be undetected and barely noticeable by your opponent. If you change card energy costs to be less than actual, you'll be undetected. If you manipulate damage or health regen numbers, you'll be undetected. You can also keep your primary health bar regenerating, or reduce damage to your main character, without detection. And so on.

Basically, as long as you're not freezing memory addresses and you don't get reported, you'll never get caught.

I feel that a lot of this subreddit drama can be used to your advantage. Moderators (some of whom are cheating themselves) are screaming that cheating and exploits are not happening, and that it's all coincidental network latency issues. They are also deleting posts and banning users who complain. Not only that, but Ubisoft has a very convoluted and frustrating way to report users, and there is no instant-reporting feature available, so most victims are completely discouraged from reporting abuse. Maybe the Catholic Church gave them some pointers. Even if you do manage to take a picture demonstrating proof and report it, they still need to manually investigate (like I said, it's a very poor anti-cheat system) and review reports, with most being written off as network latency bugs or some such nonsense. It's a great system that protects hackers!

While the game runs rampant with cheaters and hacks, there's a kindly gentleman telling everyone "Move Along. Nothing to see here." Just like Officer Barbrady.

Seeing everything they've written, it reminds me a lot of Trump. If he repeats something often enough, he'll actually believe it himself.

The problems with their anti-cheat system actually open up some other security holes. Because they depend so much on player snitching, they can be easily manipulated by butthurt opponents.

It's very much possible to create a Photoshopped image of a "cheating" player and report them. They'll take the image at face value and ban the innocent victim. And because of this same broken reporting process, their innocent cries for assistance will be completed ignored... twisting the knife even further. Without an adequate cheat detection system, framing innocent players is currently quite easy. This used to commonly happen in popular online games, like World of Warcraft, for several years before it was even noticed.

If you suspect that some of your opponents are generating energy just too fast, they are instantly regenerating health, or hitting too hard, you're right to suspect they are cheating. Of all the cheating complaints I've seen, that have been written off as latency bugs, I haven't found any that I wasn't capable of reproducing using simple mods. If your suspect is constantly winning, it's definitely not a coincidence.

High and Mighty (Cheating) Mods

Posted by Daeity On Monday, July 17, 2017

We've all read the new articles and factual accounts of the massively widespread and rampant corruption of power by redditor mods. Whether it's a corporation who has bought the loyalty of a moderator to promote certain products, or a political party deleting posts and peddling propaganda, it's something that permeates all levels of popular subreddits.

But, it happens in very small subreddits as well. It amazes me at just how quickly people can be bribed or corrupted with small amounts of power. I see it in every day life, and power is abused in the most petty of circumstances. But the king of a shit pile, is still a king in their eyes.

It's similar to how cheating works. You're abusing power over another individual. World of Warcraft has a very high number of cheaters (e.g. botters, exploits, hacks), but Blizzard worked on having safeguards in place to prevent cheating as much as possible. South Park Phone Destroyer, however, did not seem to anticipate cheating at all.

The RedLynx/Ubisoft team did a fantastic job on their micro-transactions and payment systems, ensuring that they would securely receive their money quickly. And, they did an adequate job integrating South Park Studio's art into their game. But the rest of the game, especially security and PVP netcode, is a bug-ridden mess. Much like the Achievement system, it seems like PVP was just thrown into the mix as an afterthought. Seriously, who creates client-side authoritative PVP matches these days?

The cheating is so bad in the game right now, that there's practically a 90% chance you'll be faced with a cheater. There are so many cheaters trying to cheat other cheaters, that most cheaters have just given up, and now they're trying to desync the other player so that they win with match instantly when the game starts. And, legitimate players falsely believe that the issues are related to their phone or internet service.

I wouldn't even call it the Wild West, at least there was some order there.. this... is just absolute madness. Some of the early cheaters were pretty sneaky about it for the first month, but most aren't even hiding it any more, and they know that RedLynx/Ubisoft have no tools to monitor, address, or catch cheaters.

It feels like everyone is cheating since the last "hotfix". It was supposed to stop cheating.

What bothers me the most though, isn't the cheaters and complainers on various forums, but rather the long list of hypocrites who are the most vocal advocates against cheating. The ones that doth protest too much. There have even been obvious cheaters that have (hilariously) made PVP Guides, made YouTube videos exposing other cheaters, the ones who "reason" why certain glitches happen in-game, and even /r/SouthParkPhone mods who have been cheating. I don't care if you cheat, but stop trying to fool other people with your lies. That's the aspect I find most annoying. Big deal, you cheat.. now stop being so petty about it, and just accept your role.

I do enjoy, though, when cheaters try to explain why glitches happen. They're quite funny.

So, what kind of cheats/hacks are available today? Since the "hotfix" came out (ie, it's not really a hotfix, it's an update patch), hacking has intensified. The new patch they promised to fix woes really just moves memory addresses around, but the game is still quite exploitable. You can pretty much tweak anything in PVP or PVE.

Many of the hacks and trainers are being passed around within small circles or various hacking groups. I haven't seen too many trainers in the wild, but I see that many cheaters are still using hex/memory editors on their iPhones, Androids, or emulators (like a certain reddit moderator). When you've tested out the hacks on different platforms, you get a pretty good idea of how players are exploiting the game.

Here are some examples of what is currently possible today (using glitches, memory hacking, or pre-made trainers):

  • one very common exploit is a quit-lock glitch. If you pause your game for several seconds during certain periods of PVP gameplay (by changing apps) and loading, you can cause your players' client to crash, giving you an instant win. And typically, you will be rematched with the same player so that you can exploit them again.
  • when you see a player suddenly "explode", two things can happen: you'll receive a window that the game has been interrupted, or you'll see them with 0 HP then suddenly they will jump back up with HP again. In either case, you'll receive a "DEFEATED" window and lose a star.
  • there are also hotkey trainers and scripts that allow you to crash the other player, or speed up your own movement (which is different than the speed-hacking I detailed before.)
  • energy bars can still be altered, giving you unlimited energy or mana (whatever you want to call it)
  • you can set the enemies energy bar to zero, which is helpful in PVE.
  • you can receive locker rewards without requiring to watch an ad, or open an unlimited number of lockers (I haven't tested this myself, I've just seen other users talking about it.)
  • duplicate charge script, when you activate your charge you can trigger it multiple times such as triple AOE damage (that the player never notices, assumes it's a graphics glitch), trigger multiple healing arrows, bombs, or Timmy can summon large quantities of rats. It's not an accidental bug or network lag related, it's an exploit/hack if you see it happen.
  • prevent your units from dying, even if they hit 0 HP. Only way to kill them is with Unholy Combustion or Cock Magic.
  • scripting method to insta-gib your opponent at any point during the game, a simple network injection will do the trick.
  • injection methods allow you to duplicate player drops, so that you can summon 2 sets of a card at a time or my personal favorite: summoning 12 rats instantly. Players are often being told this is a glitch, but it's quite intentional.
  • you can alter your charge time to make it charge faster or allow you to use your ability even if locked out by a spell.
  • you can change the stats on any card, such as giving the character or spell higher damage (+900 hits), AOE or poison damage, more HP, faster attack speed, or faster walking speed.
  • one common card to hack is the Lightning Bolt or Arrowstorm because opponents won't see what level it is, so you can give it a huge amount of damage that gets unnoticed.
  • HP and regeneration are usually tweaked because they don't attract much attention.
In the past, cheaters were _very_ careful with their tweaks, so that they wouldn't get noticed and be reported. Little was known early on about their security mechanisms. But, the developer has made it clear that they have no systems in place to monitor cheating, and must rely on users providing video proof (if you can find out how to report opponents). Yes, it's completely ridiculous. Almost anything about the cards can be edited during PVP matches, but they've just restricted money/cash/etc to be server authoritative (ie, they put all programming emphasis on their payment systems, instead of fair gameplay.)

For example, using injection tricks, you could summon double cards, or cards from other decks. Then, just blame it as a "bug". Or you could make your characters have unlimited HP or regeneration.

But the really sneaky players would tweak their cards just enough so as not to raise suspicion. Like, increasing all card HP by 30%, or all damage by 50%, and give them +15% movement speed. Spells work best, like direct damage or mind-controlling other players for longer periods of time typically allowed. And all of these cheats are completely undetectable at present. I suspect they'll even launch the game like this too, which is a shame.

In some groups I'm involved in, several people already have bots setup in the game too, running on multiple simultaneous Google Play accounts. That's just in case one of the accounts gets reported and banned. They use simple injection to summon "modified" cards, and then just steamroll the opponent. Very little AI is required, since the game AI does all of the work for you! They have been farming PVP locker rewards all day long. They'll likely never be caught either, just wait until a major security patch comes out, and continue using all of their overpowered cards and play legitimately moving forwards. =]

So for now, go crazy. South Park Phone Destroyer has no tools to combat cheating or catch cheaters. Just don't make PVP Guides or be a vocal dick about being against cheating. We all know you're a dick already.

A new update is scheduled for tomorrow, so many of the cautious cheaters will be playing it cool for a week or so, just to ensure that no new security measures have been put in place. But, cheating will eventually resume again since the patch is merely to balance the game and they won't be able to improve cheat protection or detection for some time.