Official Everybody Edits Forums

Slabdrill

Formerly 12345678908642

From: canada

Joined: 2015-08-15

Posts: 3,402

Website

How does the campaign cheat detection work?

It's either harder than i thought it was or I didn't AFK for long enough before hitting the win brick.

relevant post

---

suddenly random sig change

Kaleb

Formerly Kaleb123

From: California of America

Joined: 2015-02-19

Posts: 1,263

Re: How does the campaign cheat detection work?

naw I'm pretty sure it detects if a user has moved a certain amount of blocks and has a certain amount of coins and probably more things.

---

Play one of my old worlds !!

peace

Member

From: admin land

Joined: 2015-08-10

Posts: 9,226

Re: How does the campaign cheat detection work?

naw I'm pretty sure it detects if a user has moved a certain amount of blocks and has a certain amount of coins and probably more things.

ye but u may not fly thru blocks also so its movements and coins (only if needed) and some other things

---

thanks hg for making this much better and ty for my avatar aswell

Vinyl Melody

Formerly BananaMilkShake

Joined: 2016-06-19

Posts: 616

Re: How does the campaign cheat detection work?

If the admins told HERE IN THE PUBLIC what the cheat detections are. OFC hacked clients will make a way around it (if it's possible).

---

Thanks to: Ernesdo (Current Avatar), Zoey2070 (Signature)

Very inactive, maybe in the future, idk.

Mieaz

Member

Joined: 2016-10-14

Posts: 499

Re: How does the campaign cheat detection work?

If the admins told HERE IN THE PUBLIC what the cheat detections are. OFC hacked clients will make a way around it (if it's possible).

they already do, the real question is, can staff make anti-cheat and tell how it works but still make it unbreakable?

It's either harder than i thought it was or I didn't AFK for long enough before hitting the win brick.

relevant post

try dming gosha on discord if he doesn't see this post

---

ee & eeforums gibs me depression

Gosha

Member

From: Russia

Joined: 2015-03-15

Posts: 6,211

Re: How does the campaign cheat detection work?

lol why me.
I don't know how anti-cheat works. i am not a staff member who can look into code
and people who know won't tell because it is stupiud thing to do.

(if it's possible).

sure it is.

Here is an example.

here what hackers are trying to do

but it doesn't work

here is the true way to hack ee

But sure i won't tell how to do it

Tomahawk

Forum Mod

From: UK

Joined: 2015-02-18

Posts: 2,847

Re: How does the campaign cheat detection work?

I would assume it detects (among other things) too-great horizontal/vertical movement speeds, sudden changes in position without a portal (i.e. teleporting), clipping through solid blocks, not responding to gravity, not respawning...

That's what I'd code into an anti-cheat.

---

One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.

Gosha

Member

From: Russia

Joined: 2015-03-15

Posts: 6,211

Re: How does the campaign cheat detection work?

That's what I'd code into an anti-cheat.

this is probably when they did. And it is not really secure. Just like i said, really easy to ignore anti-cheat

Abelysk

Guest

Re: How does the campaign cheat detection work?

I would assume it detects (among other things) too-great horizontal/vertical movement speeds, sudden changes in position without a portal (i.e. teleporting), clipping through solid blocks, not responding to gravity, not respawning...

That's what I'd code into an anti-cheat.

Queue mission impossible soundtrack.

realmaster42

Formerly marcoantonimsantos

From: ̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍̍

Joined: 2015-02-20

Posts: 1,380

Website

Re: How does the campaign cheat detection work?

But sure i won't tell how to do it

OK EVERYBODY WHO WANTS TO HAX

OPEN JPEXS FLASH DECOMPILER, go to EE's swf scripts, go to Everybodyedits.as, CTRL+f and search "cheatDetected", replace "cheatDetected" with "say"

EE anti cheat rejected

---

bgic

Member

From: The Netherlands

Joined: 2015-02-27

Posts: 499

Re: How does the campaign cheat detection work?

But sure i won't tell how to do it

OK EVERYBODY WHO WANTS TO HAX

OPEN JPEXS FLASH DECOMPILER, go to EE's swf scripts, go to Everybodyedits.as, CTRL+f and search "cheatDetected", replace "cheatDetected" with "say"

EE anti cheat rejected

THANKS!

---

guys help how to mark all new posts as read?

nvm found it lol

Gosha

Member

From: Russia

Joined: 2015-03-15

Posts: 6,211

Re: How does the campaign cheat detection work?

But sure i won't tell how to do it

OK EVERYBODY WHO WANTS TO HAX

OPEN JPEXS FLASH DECOMPILER, go to EE's swf scripts, go to Everybodyedits.as, CTRL+f and search "cheatDetected", replace "cheatDetected" with "say"

EE anti cheat rejected

Lol.
Just lol

If you did at least some kind of analysis you would find that it's a useless code
It was added by mrshoe or Chris and it is not used nowadays

Ee anticheat is server-side.

____

Btw is it was a legit working code it would be fun to see players saying that with "say"

Different55

Forum Admin

Joined: 2015-02-07

Posts: 16,575

Re: How does the campaign cheat detection work?

they already do, the real question is, can staff make anti-cheat and tell how it works but still make it unbreakable?

Any system that relies on obscurity to stay safe is not a good system to begin with.

---

"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

LukeM

Member

From: England

Joined: 2016-06-03

Posts: 3,009

Website

Re: How does the campaign cheat detection work?

they already do, the real question is, can staff make anti-cheat and tell how it works but still make it unbreakable?

Any system that relies on obscurity to stay safe is not a good system to begin with.

I guess the problem is that the current way EE works doesnt really support any reliable cheat detection, due to the fact that nothing is timestamped, so it cant really be checked

hummerz5

Member

From: wait I'm not a secret mod huh

Joined: 2015-08-10

Posts: 5,853

Re: How does the campaign cheat detection work?

they already do, the real question is, can staff make anti-cheat and tell how it works but still make it unbreakable?

Any system that relies on obscurity to stay safe is not a good system to begin with.

I guess the problem is that the current way EE works doesnt really support any reliable cheat detection, due to the fact that nothing is timestamped, so it cant really be checked

When discussing cheat detection we commonly go back to that idea of recording and playing back movements. Would timestamps prevent that anyhow? I imagine we could have the bots just detect when the first message was sent and then properly send the timestamps reflecting when they started moving?

---

thanks HG, HG, HG, HG! anatoly, zumza! zoey!

LukeM

Member

From: England

Joined: 2016-06-03

Posts: 3,009

Website

Re: How does the campaign cheat detection work?

▼Different55 wrote:

they already do, the real question is, can staff make anti-cheat and tell how it works but still make it unbreakable?

Any system that relies on obscurity to stay safe is not a good system to begin with.

I guess the problem is that the current way EE works doesnt really support any reliable cheat detection, due to the fact that nothing is timestamped, so it cant really be checked

When discussing cheat detection we commonly go back to that idea of recording and playing back movements. Would timestamps prevent that anyhow? I imagine we could have the bots just detect when the first message was sent and then properly send the timestamps reflecting when they started moving?

I think the current problem is that you cant calculate the physics on a 'hack detector' exactly the same as the client would do, as the time taken to send the messages / the small variations in the clients tick speeds slightly change where you should be (this is now easy to see when using the gravity effect, as other players seem to slowly get further away from where they should be)
This means that there is no way to know exactly where they should be, which means there is no way to know if their client is 'lieing' about where they are
If there were some sort of timestamp, you could know exactly what tick they are on, so be able to check their movement exactly to see if it is correct (instead of the current way, which is to try to see if the messages are likely to be correct), which would be an effectively unbreakable way to detect hacks

Gosha

Member

From: Russia

Joined: 2015-03-15

Posts: 6,211

Re: How does the campaign cheat detection work?

I think the current problem is that you cant calculate the physics on a 'hack detector' exactly the same as the client would do, as the time taken to send the messages / the small variations in the clients tick speeds slightly change where you should be (this is now easy to see when using the gravity effect, as other players seem to slowly get further away from where they should be)
This means that there is no way to know exactly where they should be, which means there is no way to know if their client is 'lieing' about where they are
If there were some sort of timestamp, you could know exactly what tick they are on, so be able to check their movement exactly to see if it is correct (instead of the current way, which is to try to see if the messages are likely to be correct), which would be an effectively unbreakable way to detect hacks

There are some other problems which sould be fixed.
Look in my post with pictures.
Even if you create 100% perfect anti-cheat it still will be possible to hack by just "ignoring it" and play on your rules
They should fix that aswell

capasha

Member

Joined: 2015-02-21

Posts: 4,066

Re: How does the campaign cheat detection work?

There is a reason the so called Ticks in movements exists. A way to detect cheats.

Zumza

Member

From: root

Joined: 2015-02-17

Posts: 4,656

Re: How does the campaign cheat detection work?

BY MAGIC!

---

Everybody edits, but some edit more than others

LukeM

Member

From: England

Joined: 2016-06-03

Posts: 3,009

Website

Re: How does the campaign cheat detection work?

▼destroyer123 wrote:

I think the current problem is that you cant calculate the physics on a 'hack detector' exactly the same as the client would do, as the time taken to send the messages / the small variations in the clients tick speeds slightly change where you should be (this is now easy to see when using the gravity effect, as other players seem to slowly get further away from where they should be)
This means that there is no way to know exactly where they should be, which means there is no way to know if their client is 'lieing' about where they are
If there were some sort of timestamp, you could know exactly what tick they are on, so be able to check their movement exactly to see if it is correct (instead of the current way, which is to try to see if the messages are likely to be correct), which would be an effectively unbreakable way to detect hacks

There are some other problems which sould be fixed.
Look in my post with pictures.
Even if you create 100% perfect anti-cheat it still will be possible to hack by just "ignoring it" and play on your rules
They should fix that aswell

Wait... so the current anti-cheat relies on client side code?
If so, thats a bad idea

For there to be a perfect anti-cheat it would need to be running on the server, not the client, because then there would be no way at all to bypass it

Gosha

Member

From: Russia

Joined: 2015-03-15

Posts: 6,211

Re: How does the campaign cheat detection work?

Wait... so the current anti-cheat relies on client side code?

nonono ofc not.
it's server-sided
I'll tell anyone about this exploit after it get fixed.

Tomahawk

Forum Mod

From: UK

Joined: 2015-02-18

Posts: 2,847

Re: How does the campaign cheat detection work?

I'll tell anyone about this exploit after it get fixed.

Become a white hat and sell the info to NVD for gems.

Or to whoever's in charge. Idek anymore.

---

One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.

Gosha

Member

From: Russia

Joined: 2015-03-15

Posts: 6,211

Re: How does the campaign cheat detection work?

I'll tell anyone about this exploit after it get fixed.

Become a white hat and sell the info to NVD for gems.

Or to whoever's in charge. Idek anymore.

i reported it to ee staff when i figured out that cheat was working.
They are aware.

XxAtillaxX

Member

Joined: 2015-11-28

Posts: 4,202

Re: How does the campaign cheat detection work?

they already do, the real question is, can staff make anti-cheat and tell how it works but still make it unbreakable?

Any system that relies on obscurity to stay safe is not a good system to begin with.

I know you're trying to sound deep and intellectual but there's logical boundaries and exceptions to security techniques.
In this scenario the goal is to reasonably distinguish human activity from automated activity, which is entirely different from normal, less infallible security applications.

Everybody Edits is (or was) a sandbox game, which means implementing inherently non-sandbox features like campaigns defeats the original sandbox concept.
I'm not advocating for this system at all, however I'm aware that if they openly expressed the techniques used, it'd significantly become easier to evade detection.

If you think security through obscurity is never warranted, you're ignoring many services that heavily rely on it for their business.
Let's take Google for example, which keeps their market share by obscuring the excellent Google search algorithm, the YouTube algorithm to prevent manipulating trends and views.
It even protects forums like yours by providing ReCaptcha, which uses additional obscured functions that determine whether the activity is being done by a bot or a human, much like the goal of campaigns.

---

*u stinky*

LukeM

Member

From: England

Joined: 2016-06-03

Posts: 3,009

Website

Re: How does the campaign cheat detection work?

If you think security through obscurity is never warranted, you're ignoring many services that heavily rely on it for their business.
Let's take Google for example, which keeps their market share by obscuring the excellent Google search algorithm, the YouTube algorithm to prevent manipulating trends and views.
It even protects forums like yours by providing ReCaptcha, which uses additional obscured functions that determine whether the activity is being done by a bot or a human, much like the goal of campaigns.

I guess there would be some exceptions where methods not relying on obscurity are not possible, but when they are, what diff said is true

Also, I don't think using ReCaptcha is a very good idea, I'd guess that it would be waaaaayyy easier to solve with a computer than the previous Captchas