IS? Islamic State? Sry no terrorists allowed in Lost Ark.
Follow this:
On the hackerâs PC, they are generating packets in order. i.e. âClick NPC1, press âGâ 3 times, Move to coordinate X, Click NPC2â (over simplified, just for this example.) Itâs the order that the game is designed for. Canât really generate those out of order (and why would you?).
So, those packets are all sent to the server in order, but they arrive in a random order, so that, for example, Click NPC1 and Click NPC2 appear 2 ms apart (an impossibility) because Click NPC1âs packet was just delayed for whatever reason.
But, the packet can (and should) contain its creation time (if not, they can add it). This isnât something the hacker can realistically spoof because they have no idea what order the packets will arrive. When the server gets the packet, it should ignore latency for the âbot checkâ (it has to honor it for game performance.) The bot check ignores the packet latency and order, and just records the data it is looking for - Click NPC1 & Click NPC2. It logs when those actions happened on the server side using the creation time in the packet. Since the bot is speedhacking, the times will be shorter than possible.
Anyway, thatâs just one example. That catches speedhackers (even real players using speedhacks). The bigger issue, IMHO, is the bot scripts and actions they repeat identically. That is the admittedly harder part to implement, but more directly stops botting/scripting. And no, they canât trick it with rng timers. Bots are designed for economy of scale. so even if programmed with a little RNG, they will still be the same class, doing the same actions, in the same order, via the same pathing. SG doesnât need to measure time for this, only the action order, type, class, etc. so that RNG timers wonât protect the bot from detection. And running alternate paths would still generate one âfarmâ running path A, and one âFarmâ running path B, and all the code cares about is that more than 1 character/account runs the same profile identically, so no amount of variation in the bot scripts will save it unless they can figure out how to make every single instance of the bot run significantly differently than every other instance of the bot.
In addition, SG can code to detect âlegitimate player actionsâ, and flag the account with those as well. If enough of those actions are present, that account is protected from banning. For example (JUST AN EXAMPLE) going afk for 10 minutes, opening the map while moving because you forget where youâre going, Mounting but then using the teleport (I do that all the time), etc. Again, just EXAMPLES not meant to be hard-fast âThis means youâre a real playerâ. They should be things that would be very inefficient for bots to do to make maximum profit.
3 test bots later and they will have the delay timers down, update the scripts and you wasted a month of development sync tables for nothing.
Which donât work at all.
1 Like
I mean worst case you force them to stop the speed hacking, you still have 100,000 bots just now they complete the script more in tune with the average player.
Its becoming quite obvious that trying to code something to rid ther world of bots is almost an impossible, if not expensive and ongoing task
Why is nobody talking about âdeterrents?â (real deterrents, not just taking gold rewards from rapport npcâs etc)
On going deterrents will or should make it not a financial viable thing to do, and when the bots only goal is making real money they should move onto the next game
Honestly, speedhacking isnât the bigger issue, its the script ârepetitivenessâ and as long as that doesnât care about timers (just action order, class, pathing, etc.) then they realistically canât script around it. Even changing their scripts daily will earn the accounts a ban within 3 hours (or less) of implementation, because the security just finds matches, regardless of what those matches are.
The problem is the type of game Lost Ark is, itâs a damn near mobile that a basic auto clicker could handle a great portion of your day to day activity.
So what youâd end up with when you start comparing scripts against automation checks is legit players who are just grinding getting banned⌠Then AGS has more support tickets to deal with than before. Same issue with 2FA.
Automation tools creating email/steam accounts can also mimic 2Fa numbers, but the average player with a 2fa issue having to contact AGS will be a nightmare
1 Like
Packet editing is childâs play if you know what youâre doing. For this exact reason, you probably shouldnât be caring about packet creation time or date server-side. Next.
As with the above, identifying something thatâs identical each time itâs executed is programmatically trivial. Next.
Again, youâre thinking about all of this too narrowly, which tells me youâve never touched an enterprise-level application back-end at all. What happens when the bots start using different classes? More time and money implementing the logic for all of the classes, or maybe just the one they started using because itâs quicker and wastes less dev time.
Please, stop and think about the logic behind all of your proposed âsolutionsâ before you post them.
2 Likes
I am trying not to be too specific, but if you coded a bot to interact with NPC1 and then move to NPC2, and I know (as a human) exactly how you coded that bot, and I then tried to do the exact same thing, I would fail, because there would still be differences between me (class, pathing, items equipped, my normal inefficiency as a human in clicking, what points on the map I clicked on to move (slightly different pixels than the script) so that I would register as a non-match to the bots.
Irrelevant. All the detection cares about is seeing two repeats of the same thing. If you had 10 bots on a Zerker and 10 bots on a Bard, all 20 get banned because the 10 zerkers scripts match each other and the 10 Bard scripts match each other.
Do you know why we donât have âpacket timesâ in this kind of stuff? Because client time is unrelatable, untrusted and not in sync with anything.
the more client is mistrusted the owner more lag sensitive the program becomes. This is just the way it is. If server donât trust the client for movement at all every time you move a single pixel you need to wait your pingx2 for your client to refresh.
And nothing is free. Checking and more importantly logging takes computation resources. Considering how often movement is done by all the players you can imagine uncontrolled logging will cause.
Any solution needs to balance those factors. It isnât as straight forward as log everything mistrust everything. Otherwise the âcureâ might kill the patient.
I donât care about that, I just need to take TimeB - TimeA and get a delta. It doesnât matter what timezone or relationship it has.
You donât log everything, just things the devs decide to use as their tools for measurement, and they can change those at will. They only need to log a few sets of actions (maybe 15-20) in the early zones (the Pridehome âmountâ quest you get at the start is just one example).
What about a bot with random pathing, humanizing algorithms and anything you can dream off. Your approach will not work.
Cool story bro. How do you figure out random (truly random, mind you) pathing? Iâll accept even psedocode.
Isnât that what I said? It need to be balanced and not just a log everything sort of system.
Sorry, my bad.
So the second I point out exactly why what you said wonât work, it becomes irrelevant? Cool, keep flipping the narrative every time someone points out why youâre wrong.