it's nice seeing someone open with telling everyone that GTA V is some of the most poisoned online gameplay with regards to cheating.
I don't agree with the conclusion that it's because it's peer-to-peer. that's not why -- it's because of lazy developer methods and a lower prioritization of security effort.
the biggest genuine effort that Rockstar puts into anti-cheat effort is an occassional memory-structure shuffle to kick sand into cheat-engine users eyes, and the occassional honey-pot that bans a few hundred people -- and these efforts come after begging Rockstar for years to do something, and the most it accomplishes is selling additional copies of the already dirt-cheap game.
These ban cycles and 'enforced ignorance' to the problem nets them more profit than it would otherwise; disenchanted players play less, reducing infrastructure costs -- and banned players buy another 2 dollar copy of the game -- but it kills user experience outside of single player entirely.
They don't care. I get it, but it sucks -- and it's not some GTA6 thing, they never cared.
Yeah, they absolutely don't care. It cannot be hard to detect griefing and obnoxious cheating by just looking at player behavior. How hard can it be to detect 90000000000 in-game dollars to be added to players, how hard can it be to detect that someone is blowing up everyone in the server, ... They just don't care, and it's a shame because GTA V still holds up as a fantastic game even after all these years.
Rockstar doing something about cheaters on their online experience won't affect a thing for what this post is talking about. The exploit in this post is for FiveM servers, a third-party mod. The interactions on here are not usually peer-to-peer.
>These ban cycles and 'enforced ignorance' to the problem nets them more profit than it would otherwise; disenchanted players play less, reducing infrastructure costs -- and banned players buy another 2 dollar copy of the game -- but it kills user experience outside of single player entirely.
Game devs vehemently deny this but there are games out there with perverse incentives for the game devs regarding cheaters. Escape From Tarkov is another game that is losing many players to the cheater issue while the devs drag their feet addressing the problem, or any problem in that game really. Why would they? Once the devs have legitimate players' money, them playing the game is just costing them money by paying for servers. Banning enough cheaters just frequently enough to buy another copy is how they get recurring revenue. As much as I hate the subscription model taking over everything I think if it was used in games like Tarkov it would be a much better game because it would align incentives to keep players engaged. On the other hand that would probably come with a bunch of dark patterns.
I have a personal conspiracy that Tarkov kept making the early game for new players harder and more insufferable while making the game more easy after you have grinded long enough, (for people like streamers who basically are the advertising) was a decision to get people excited to buy the game watching streamers with their far better experience, then shortly quit by making their experience insufferable.
Is it possible to automate a process that leads to random memory-structure changes, that could be done regularly? How would that look for developement and debugging
CORS isn't related to XSS. CORS actually isn't a security protection at all. It's a way for web apps to explicitly disable standard protections that browsers apply to enforce same origin policy.
You might be thinking of Content Security Policy (CSP).[0] That's the most effective protection I'm aware of for XSS, but it's not very widely used because so few JavaScript libraries are compatible with it.
I can sorta share this sentiment. Luckily (for us) tech seems to be moving in the direction of embedding Chromium everywhere which always leads to some fun exploits :)
A bit off topic but I played a bit of GTA online recently after not playing for years, was really amazed at how little it had developed in terms of core gameplay. Lots of new weapons and vehicles but very little to make a compelling game.
That’s modern gaming now. Once they figured out the concept of the Skinner box it was all downhill
I do wonder if there are statistics on how many of the attempts at creating micro transaction economies fail though. I hope it’s high. I feel like it has to be, but I guess at the same time it’s a question of as long as game sales recoup development costs any micro transaction stuff just needs to cover server and admin costs and then the rest is all profit. But I feel like so many studios go in hoping to recreate Fortnite, Roblox, or gta V and that’s just so unlikely.
serf|2 years ago
I don't agree with the conclusion that it's because it's peer-to-peer. that's not why -- it's because of lazy developer methods and a lower prioritization of security effort.
the biggest genuine effort that Rockstar puts into anti-cheat effort is an occassional memory-structure shuffle to kick sand into cheat-engine users eyes, and the occassional honey-pot that bans a few hundred people -- and these efforts come after begging Rockstar for years to do something, and the most it accomplishes is selling additional copies of the already dirt-cheap game.
These ban cycles and 'enforced ignorance' to the problem nets them more profit than it would otherwise; disenchanted players play less, reducing infrastructure costs -- and banned players buy another 2 dollar copy of the game -- but it kills user experience outside of single player entirely.
They don't care. I get it, but it sucks -- and it's not some GTA6 thing, they never cared.
mavamaarten|2 years ago
usui|2 years ago
lispisok|2 years ago
Game devs vehemently deny this but there are games out there with perverse incentives for the game devs regarding cheaters. Escape From Tarkov is another game that is losing many players to the cheater issue while the devs drag their feet addressing the problem, or any problem in that game really. Why would they? Once the devs have legitimate players' money, them playing the game is just costing them money by paying for servers. Banning enough cheaters just frequently enough to buy another copy is how they get recurring revenue. As much as I hate the subscription model taking over everything I think if it was used in games like Tarkov it would be a much better game because it would align incentives to keep players engaged. On the other hand that would probably come with a bunch of dark patterns.
I have a personal conspiracy that Tarkov kept making the early game for new players harder and more insufferable while making the game more easy after you have grinded long enough, (for people like streamers who basically are the advertising) was a decision to get people excited to buy the game watching streamers with their far better experience, then shortly quit by making their experience insufferable.
usr012384|2 years ago
unknown|2 years ago
[deleted]
was_a_dev|2 years ago
Jerrrry|2 years ago
I know XSS is dying due to CORS and DLL injection is mooted by ALSR, that API's are usually authenticated and authorized, but damn...
I wish there was a more collective place to showcase modern exploits, they just hit nice in the feelies.
rainonmoon|2 years ago
mtlynch|2 years ago
CORS isn't related to XSS. CORS actually isn't a security protection at all. It's a way for web apps to explicitly disable standard protections that browsers apply to enforce same origin policy.
You might be thinking of Content Security Policy (CSP).[0] That's the most effective protection I'm aware of for XSS, but it's not very widely used because so few JavaScript libraries are compatible with it.
[0] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
nullpt_rs|2 years ago
shitlord|2 years ago
unknown|2 years ago
[deleted]
curiousgal|2 years ago
nullpt_rs|2 years ago
padjo|2 years ago
hellotheretoday|2 years ago
I do wonder if there are statistics on how many of the attempts at creating micro transaction economies fail though. I hope it’s high. I feel like it has to be, but I guess at the same time it’s a question of as long as game sales recoup development costs any micro transaction stuff just needs to cover server and admin costs and then the rest is all profit. But I feel like so many studios go in hoping to recreate Fortnite, Roblox, or gta V and that’s just so unlikely.
Alifatisk|2 years ago
“amountt: $('#transferval').val()”
But great dive into FiveM! Had no idea it came bundled with Vue.
mgl|2 years ago
And this is also our fault, e.g. due to the explosion of dependency hell in npm libraries.
This is probably the best intro to modern supply chain attacks and detection techniques, just shared with my team this week:
https://youtu.be/3pLfkutz1x8
(edit: removed youtube tracking)
unknown|2 years ago
[deleted]
dns_snek|2 years ago