(Allegedly) Fallout 76 has basically zero anti-cheat or anti-exploit systems - Sensationalist Headlines

https://www.reddit.com/r/fo76/comments/9u71m1/get_ready_for_endless_fun_on_pc/ I am as much a Fallout and Bethesda fan as everyone else, I've sunk around 4000 hours into Fallout4 and have been making mods for about 2 years. So when I got into the PC Beta and it allowed me to download the client and files, I started playing with them. Number 1: There are no server checks to verify models or file integrity. Want to make trees smaller, or player models bright colors to see them easier? Go right ahead, here are the tools to do it! Number 2: Terrain and invisible walls/collision is client side! Want to walk through walls? Open up that beautiful .esm file and edit it. The server doesn't care or check! Number 3: Want to save money on server hardware and make ping a little more manageable? Go ahead and open up client to client communication but don't encrypt it or obfuscate it in anyway. Open up Wireshark while playing and nab anyone's IP you want! Send packets to the server to auto use consumables, all very nicely and in plain text! Even get health info and player location, why waste time injecting the executable and getting nabbed by anti-cheat when you can get all info from the network! Number 4: Want to grief people and be a God? Go ahead and keep looping the packet captured in Wireshark reporting you gave full HP. Why would the server care about something as little and not game breaking like this?!?! It's a great idea to let the client tell the server it's state and the server not check anything it's being told! The possibilities with this are endless and probably able to just give yourself items by telling the server you picked it up! Number 5: Someone in your game being mean? Again have Wireshark? Well let's just forge a packet with the disconnect command in it and knock them offline! Putting mods into the esm is an issue, removing things is not an issue. An increased filesize causes disconnects, not a lower one. I'm guessing this is for all that DLC. They don't want another leak like with FO4 where the DLC leaked and was playable early. The person then uploaded a mod to make the lockpicking easier, the mod was taken right from Fallout 4. Hope this is ok, I think it's important because this sounds very exploitable for malicious purposes.

It was obvious that their security was garbage the moment that video showcasing how frame rate impacts your walking speed. That was the big red flag that suggested they're trusting the client too much, and sure as shit... It's actually amazing how bad it is though, lol. Hats off.

It's almost like they just tacked some netcode onto another game.

This is probably why they didn't mention modding at all during E3, only awkwardly talking about it being a possibility some time later on private servers or the like. Hoping the consumers would just ignore their absence and not consider modding the game due to their lack of prevention or measures in place. Bethesda forgot that their games are so goddamn jank that a great number of people wait for the Unofficial Patches at this point..

Do you think they'll address any of this before tomorrow's beta? I wish I were home to verify that packets are indeed sent in plain-text.

Oh my god. If this is true, this is worse than GTAO from a "wow you made an insecure shit netcode suite" perspective.

No one say thing coming, no sir. Its like its a bad idea to use a game engine that's piles and piles of duct tape and legacy crap, tooled for single-player RPG's.

Sadly the dev team was either hilariously inexperienced or management which generally has a zero fucking clue of the time and effort needed to make a game near solid thinks this can all be done in 2 microseconds. Reminds me of the older versions of roblox where the client and studio were one executable and had a flag that just hid the studio menus trusting everything client side.

jesus this game is like the plague

Definitely not. This is a huge oversight which would take months (at minimum) to fix as we don't know how many things are tied to the unencrypted network traffic (i.e encrypting it all of a sudden and putting in CRC checks for tampering detection could break the entire game etc).

Maybe Bethesda is a little too used to the community thinking things through for them...

oh god. this is just going to be GTA Online again OH GOD

We're going to get some blog post from Bethesda urging the community to make their own Anti-Cheat programs.

I was really thinking of buying this game but this news makes me a little uneasy...

yeah, i don't expect them to magically patch this on a whim. i just meant "will they address this" as in a social media post or something. sadly i'll expect total radio silence on the whole deal

Honestly, it's probably being purposefully left unguarded so Bethesda can see all the ways people are exploiting it so they know exactly what to patch.

This will be the first major bethesda dev game I don't play since Morrowind Mainly because of the lack of NPC towns and such but the lack of security looks like the only feasible version will be a whittled down always-online singleplayer Yuck And Im someone who put 1000s+ hours into Oblivion, Skyrim, and Fallout 3/NV/4

This is going to be like the Mario kart wii item hacks infinite nukes all the time.

I'm guessing this is exactly why Bethesda's E3 conference ended with two entirely and basically nonexistent titles to cap it off, they knew 76 would be a disaster but would somehow sell.

The forgot the first rule of security. NEVER trust the client.

https://www.ign.com/articles/2018/11/06/fallout-76-bethesda-is-aware-and-investigating-a-potential-huge-hacking-vulnerability "Many of the claims in the thread are either inaccurate or based on incorrect assumptions. The community has however called to attention several issues that our teams are already actively tracking and planning to roll out fixes for. Our goal is always to deliver a great experience for all our players. Cheating or hacking will not be tolerated. We know our fan base is passionate about modding and customizing their experience in our worlds and it's something we intend to support down the road.

Oh great, it's gonna be GTA: Online all over again.

I love how modders have made better online experiences like Fallout NV Online and others then the actual game studio itself.

???????????? Aren't they servicing TWO online games? How can they be so clueless?

Although it wouldn't surprise me, I will take an unsubstantiated reddit post with a grain of salt or twenty, because that guy writing sounds like he's full of shit. The only "proof" he provided is a UI mod (not even done by him) which, although technically cheating, is not even close to proving there's no file checks whatsoever. There's plenty of MMOs that allow modding the UI.

yes game has no anti cheat, cheat engine works, unlimited ammo, speedhacks, god mode

Maybe this game will end up being so mindblowingly bad that it will cause an E.T like effect on the current gaming industry and make everything get refreshed to a superior state and discontinue the infuriating greedy idiocy that we currently see in triple A videogames.

tbh I dont think i've ever seen anyone ask for bethesda to make an mmo, only to allow coop with friends which i wish this was.

Oh my god, the nightmare flashbacks to Freelancer's netcode I mentioned earlier are actually true! This wasn't a forgiveable practice in 2000, let alone in 2018!! Bethesda, what are you doing?!

They'd pretty much have to work super-overtime to (and I am talking out of my ass here) have some kind of verification on packets and files. Even if this happens, we're still going to suffer for it - the flipside is that they're going to have to essentially fight modders hacking their games. Cue having your mods verified by Bethesda Creation Club after the games shelf life instead of you know, being free to do as you please. Like I don't care if this kind of stuff crops up a few years after the games launch,but pre-day 1? oh god.