Pages

Thursday, September 15, 2011

A little thought about D3 exploits..

Alright, so by now you're aware that Diablo 3 has been designed with a new type of client/server security system and with methods of exploit detection.

I've also updated the Unrealized Reality of Diablo 3 post with an example showing what happens to areas that haven't been randomly generated yet, and how model editing (for the purposes of world crafting exploitation) is not possible in Diablo 3. Well.. there is sort of a way to still do it, but it's rather annoying and relies on a certain measure of random generation by the server. Plus, Diablo's Warden system will be checking for file modifications.

Anyways, F&F beta players are discovering that the client is doing a lot of little combat tricks in order to keep the flow of combat and mask latency issues. Unlike WOW, which is more turn based in hit and damage calculations, Diablo 3 seems to be taking some liberties with client side damage calculations. Maybe this is just part of the beta test and things will change when it goes live? Who knows.

There are more details here that help explain.
F&F sources have it that Blizzard are using a new method of client/server communication that provides a secure and tamper-proof method of using the local client to handle its own calculations, while sending the data to the server for verification.
This is really good news for hackers.. it's something different, interesting, and a new challenge with some hefty financial rewards. :)

Even during bad latency, combat damage and related calculations are still being calculated on the client end so combat action and fighting appears seamless (and enemies can die) even with terrible latency.

This means that there's a client element involved, and if there is, it can be manipulated or exploited. For example, injecting swing count or damage numbers in the packet stream to increase DPS.

If I was designing the game, the approach that I would use would be a "forward thinking algorithm" where all of your combat damage is already pre-calculated several steps ahead by the server. This could be very easily done in all MMOs to reduce latency, and it's the approach I would take to improve client speed and response time (it's actually more of an illusionary effect) while simultaneously retaining security of data.

For example, you know how the D3 server streams map data to the client as territory is explored? Well, it could also be streaming (pre)randomly generated combat damage data to the client in preparation for all upcoming damage. Say, for example, 100 hits in advance of the actual combat. Even if your connection is experiencing heavy lag, both the client and server knows what damage and identical outcomes to all future combat will be. This way, the data can't be manipulated locally else it will fail security checks.

If this is true, it might also mean that drops are randomly calculated in advance too. :)

It's very clever, but it opens up some new challenges for Blizzard. For one, it means that future hit data would be pre-cached somewhere in memory (so players could essentially determine future damage and make adjustments to exploit it). Knowing future rolls would also allow a player to "reset" the stream to get better loot, but I doubt they would allow this.

That's if "future data" is actually streamed; no one has investigated this yet to confirm. However, if damage IS calculated by the client without a simultaneous server check (maybe there's one within a set period of time?), then latency hacks to adjust DPS will definitely be possible.

Can't wait until someone digs deeper into the client server packet stream. Maybe that D3 Emulator team might discover the truth during their investigation. :)