Pages

Monday, July 17, 2017

High and Mighty (Cheating) Mods

We've all read the new articles and factual accounts of the massively widespread and rampant corruption of power by redditor mods. Whether it's a corporation who has bought the loyalty of a moderator to promote certain products, or a political party deleting posts and peddling propaganda, it's something that permeates all levels of popular subreddits.

But, it happens in very small subreddits as well. It amazes me at just how quickly people can be bribed or corrupted with small amounts of power. I see it in every day life, and power is abused in the most petty of circumstances. But the king of a shit pile, is still a king in their eyes.

It's similar to how cheating works. You're abusing power over another individual. World of Warcraft has a very high number of cheaters (e.g. botters, exploits, hacks), but Blizzard worked on having safeguards in place to prevent cheating as much as possible. South Park Phone Destroyer, however, did not seem to anticipate cheating at all.

The RedLynx/Ubisoft team did a fantastic job on their micro-transactions and payment systems, ensuring that they would securely receive their money quickly. And, they did an adequate job integrating South Park Studio's art into their game. But the rest of the game, especially security and PVP netcode, is a bug-ridden mess. Much like the Achievement system, it seems like PVP was just thrown into the mix as an afterthought. Seriously, who creates client-side authoritative PVP matches these days?

The cheating is so bad in the game right now, that there's practically a 90% chance you'll be faced with a cheater. There are so many cheaters trying to cheat other cheaters, that most cheaters have just given up, and now they're trying to desync the other player so that they win with match instantly when the game starts. And, legitimate players falsely believe that the issues are related to their phone or internet service.

I wouldn't even call it the Wild West, at least there was some order there.. this... is just absolute madness. Some of the early cheaters were pretty sneaky about it for the first month, but most aren't even hiding it any more, and they know that RedLynx/Ubisoft have no tools to monitor, address, or catch cheaters.

It feels like everyone is cheating since the last "hotfix". It was supposed to stop cheating.

What bothers me the most though, isn't the cheaters and complainers on various forums, but rather the long list of hypocrites who are the most vocal advocates against cheating. The ones that doth protest too much. There have even been obvious cheaters that have (hilariously) made PVP Guides, made YouTube videos exposing other cheaters, the ones who "reason" why certain glitches happen in-game, and even /r/SouthParkPhone mods who have been cheating. I don't care if you cheat, but stop trying to fool other people with your lies. That's the aspect I find most annoying. Big deal, you cheat.. now stop being so petty about it, and just accept your role.

I do enjoy, though, when cheaters try to explain why glitches happen. They're quite funny.

So, what kind of cheats/hacks are available today? Since the "hotfix" came out (ie, it's not really a hotfix, it's an update patch), hacking has intensified. The new patch they promised to fix woes really just moves memory addresses around, but the game is still quite exploitable. You can pretty much tweak anything in PVP or PVE.

Many of the hacks and trainers are being passed around within small circles or various hacking groups. I haven't seen too many trainers in the wild, but I see that many cheaters are still using hex/memory editors on their iPhones, Androids, or emulators (like a certain reddit moderator). When you've tested out the hacks on different platforms, you get a pretty good idea of how players are exploiting the game.

Here are some examples of what is currently possible today (using glitches, memory hacking, or pre-made trainers):
  • one very common exploit is a quit-lock glitch. If you pause your game for several seconds during certain periods of PVP gameplay (by changing apps) and loading, you can cause your players' client to crash, giving you an instant win. And typically, you will be rematched with the same player so that you can exploit them again.
  • when you see a player suddenly "explode", two things can happen: you'll receive a window that the game has been interrupted, or you'll see them with 0 HP then suddenly they will jump back up with HP again. In either case, you'll receive a "DEFEATED" window and lose a star.
  • there are also hotkey trainers and scripts that allow you to crash the other player, or speed up your own movement (which is different than the speed-hacking I detailed before.)
  • energy bars can still be altered, giving you unlimited energy or mana (whatever you want to call it)
  • you can set the enemies energy bar to zero, which is helpful in PVE.
  • you can receive locker rewards without requiring to watch an ad, or open an unlimited number of lockers (I haven't tested this myself, I've just seen other users talking about it.)
  • duplicate charge script, when you activate your charge you can trigger it multiple times such as triple AOE damage (that the player never notices, assumes it's a graphics glitch), trigger multiple healing arrows, bombs, or Timmy can summon large quantities of rats. It's not an accidental bug or network lag related, it's an exploit/hack if you see it happen.
  • prevent your units from dying, even if they hit 0 HP. Only way to kill them is with Unholy Combustion or Cock Magic.
  • scripting method to insta-gib your opponent at any point during the game, a simple network injection will do the trick.
  • injection methods allow you to duplicate player drops, so that you can summon 2 sets of a card at a time or my personal favorite: summoning 12 rats instantly. Players are often being told this is a glitch, but it's quite intentional.
  • you can alter your charge time to make it charge faster or allow you to use your ability even if locked out by a spell.
  • you can change the stats on any card, such as giving the character or spell higher damage (+900 hits), AOE or poison damage, more HP, faster attack speed, or faster walking speed.
  • one common card to hack is the Lightning Bolt or Arrowstorm because opponents won't see what level it is, so you can give it a huge amount of damage that gets unnoticed.
  • HP and regeneration are usually tweaked because they don't attract much attention.
In the past, cheaters were _very_ careful with their tweaks, so that they wouldn't get noticed and be reported. Little was known early on about their security mechanisms. But, the developer has made it clear that they have no systems in place to monitor cheating, and must rely on users providing video proof (if you can find out how to report opponents). Yes, it's completely ridiculous. Almost anything about the cards can be edited during PVP matches, but they've just restricted money/cash/etc to be server authoritative (ie, they put all programming emphasis on their payment systems, instead of fair gameplay.)

For example, using injection tricks, you could summon double cards, or cards from other decks. Then, just blame it as a "bug". Or you could make your characters have unlimited HP or regeneration.

But the really sneaky players would tweak their cards just enough so as not to raise suspicion. Like, increasing all card HP by 30%, or all damage by 50%, and give them +15% movement speed. Spells work best, like direct damage or mind-controlling other players for longer periods of time typically allowed. And all of these cheats are completely undetectable at present. I suspect they'll even launch the game like this too, which is a shame.

In some groups I'm involved in, several people already have bots setup in the game too, running on multiple simultaneous Google Play accounts. That's just in case one of the accounts gets reported and banned. They use simple injection to summon "modified" cards, and then just steamroll the opponent. Very little AI is required, since the game AI does all of the work for you! They have been farming PVP locker rewards all day long. They'll likely never be caught either, just wait until a major security patch comes out, and continue using all of their overpowered cards and play legitimately moving forwards. =]

So for now, go crazy. South Park Phone Destroyer has no tools to combat cheating or catch cheaters. Just don't make PVP Guides or be a vocal dick about being against cheating. We all know you're a dick already.

A new update is scheduled for tomorrow, so many of the cautious cheaters will be playing it cool for a week or so, just to ensure that no new security measures have been put in place. But, cheating will eventually resume again since the patch is merely to balance the game and they won't be able to improve cheat protection or detection for some time.