Internet connection manipulations
[video=youtube;-w9hCIi7Urs]http://www.youtube.com/watch?v=-w9hCIi7Urs[/video]
[video=youtube;N_wfv9oQbpk]http://www.youtube.com/watch?v=N_wfv9oQbpk[/video]
[video=youtube;1dC6oInRnCo]http://www.youtube.com/watch?v=1dC6oInRnCo&feature=youtu.be[/video]
[video=youtube;p1mWZTtGWrg]http://www.youtube.com/watch?v=p1mWZTtGWrg[/video]
i have no idea what you are trying to report...
all i see is a bit of lag/desync that meant blocks placed by another took time to show up on your side.
[QUOTE=mrknifey;47456015]i have no idea what you are trying to report...
all i see is a bit of lag/desync that meant blocks placed by another took time to show up on your side.[/QUOTE]
This video shows what player with NO AUTHORIZATION can BUILD in "Blocked" zone.
there is no sound, no explanation, i never saw a ghost of the building part, your building plan isn't highlighted, and it just looks like lag to me. maybe write what the problem is instead of posting vague videos and being rude when people tell you it's not clear.
[QUOTE=mrknifey;47456052]there is no sound, no explanation, i never saw a ghost of the building part, your building plan isn't highlighted, and it just looks like lag to me. maybe write what the problem is instead of posting vague videos and being rude when people tell you it's not clear.[/QUOTE]
Sorry
My Videos ignored for 2 days and do not take seriously this bug
no problem, i've noted you changed it so it says the problem instead, thanks:)
[QUOTE=mrknifey;47456250]no problem, i've noted you changed it so it says the problem instead, thanks:)[/QUOTE]
I threw you a link to the video, you got it?
much more informative, would suggest posting that one (#3)
[QUOTE=mrknifey;47456336]much more informative, would suggest posting that one (#3)[/QUOTE]
place here? Then everyone will use this bug :(
yeah, i'd still post here. other option is [email]contact@easyanticheat.net[/email] (since [URL="http://www.facepunch.com/members/643023"]knubbe[/URL] doesn't have pms enabled) or pm [URL="http://facepunch.com/member.php?u=1"]garry[/URL], but i'd expect he has to ignore most pms, so it might take a while that route. either way, probably worth giving them a step by step instruction on how to do it, as they probably can't read your menus (like me) ;)
to some degree, the more people know how to do it, the quicker it will get debugged thanks to the analytics they kindly provide.
so its basically a bat file that adds the server to the firewalls block list and another bat that removes it? So you can use it to lagswitch and build anywhere?
[QUOTE=Greyfoxzb;47457720]so its basically a bat file that adds the server to the firewalls block list and another bat that removes it? So you can use it to lagswitch and build anywhere?[/QUOTE]
Exactly.
This is the exact same way a lag switch acts. You cut the games connection via windows firewall. It then glitches out and lets you build anywhere (while technically "lagging out"), then if you resume the connection fast enough, it lets the client update the server still (think of the whatever he builds is in a queue, and that queue gets applied when the connection is resume).
This has been and ongoing issue since i started playing this game. Too much stuff client-side still.
i'd suggest you delete the post altogether and report this via mail
im not sure has it been fixed or not but i tried to repeat this and its look like it works but each time i step in building block zone and try to place a block i get kicked from the server with error "connection time out"
in short: u have about 10 seconds after u enable the rule in windows firewall, then ull be kicked
Interesting... thought this was detected server side now. We don't need another Reign of Kings debacle..
I see. Well that explains how I had people build right next to my house to raid last wipe on the server I play on. I'd reported this before to the server admin, but was told there was no such thing...
I have started a response thread containing a much simpler way to do this exploit.
[url]http://facepunch.com/showthread.php?t=1459372&p=47462982#post47462982[/url]
[QUOTE=CBaller420;47459009]This has been and ongoing issue since i started playing this game. Too much stuff client-side still.[/QUOTE]
Indeed. They really trust the client with way too much stuff.
The worst part is, which is something myself and a few others spoke amount months ago, is that you can't really fix a lot of this stuff later on. You need to program a proper authoritative networking model and have security on your mind from the start. You can't just make what you want and then add security later. It just doesn't work like that.
Don't worry, they're going to be remaking Rust from the ground up... it will be a new code, done right, and it will help take care of all the hacking and glitching we've been seeing all these months that comes from a client-heavy game design.
[I]The preceding message was brought to you by optimism, early 2014.[/I]
[QUOTE=Adam-2012;47467635][B]Building block bypass (temporary connection blocking)[/B]
[url]http://facepunch.com/showthread.php?t=1459372[/url]
[B]EXE[/B]
[CODE]add_rule.bat
netsh.exe advfirewall firewall add rule name=RUST_BUG dir=out interface=any action=block remoteip=123.123.123.123/32
delete_rule.bat
netsh.exe advfirewall firewall delete rule name=RUST_BUG[/CODE][/QUOTE]
I said in my OP that I included the .bat. You can run that instead.
[editline]6th April 2015[/editline]
[QUOTE=BrockSamsonFW;47466055]Indeed. They really trust the client with way too much stuff.
The worst part is, which is something myself and a few others spoke amount months ago, is that you can't really fix a lot of this stuff later on. You need to program a proper authoritative networking model and have security on your mind from the start. You can't just make what you want and then add security later. It just doesn't work like that.[/QUOTE]
A tamper proof authoritative networking model would not be viable for a game of this scale. Huge lag and very high latency. Generally, fighting hackers is an uphill battle. A good cheat detection system + human supervision is the best solution atm.
Fully authoritative is certainly possible and will likely have better performance in the long run.
The problem is that even once they fix this timeout issue people will just move on to the next weakness. They'll start sending and receiving their own false packets directly. This can also be fixed but requires more logic or security with every single packet, and eventually you reach a point where the extra logic and security is actually using more resources and bandwidth than simply doing the fully authoritative networking model that they should have be using from the start (and which every major game has used for the last 10+ years).
[QUOTE=BrockSamsonFW;47468568]Fully authoritative is certainly possible and will likely have better performance in the long run.
The problem is that even once they fix this timeout issue people will just move on to the next weakness. They'll start sending and receiving their own false packets directly. This can also be fixed but requires more logic or security with every single packet, and eventually you reach a point where the extra logic and security is actually using more resources and bandwidth than simply doing the fully authoritative networking model that they should have be using from the start (and which every major game has used for the last 10+ years).[/QUOTE]
Authoritative in the sense that it would prevent illegal moves, yes. For example, it would make fly hacking, speed hacking and building block hacking impossible. But think about things like aim hacking and seeing through walls. If information about the location of other players is sent to the client, then the latter types of hacks are fully possible. How can the client render other players without knowing their locations? My point is that I doubt that all types hacking can be prevented completely due to technical limitations. And a cheat detection system/ overwatch system (a la CS:GO) is the only thing that can ensure fair gameplay, without consuming a massive amount of server resources.
[QUOTE=1337HACKS;47468746]Authoritative in the sense that it would prevent illegal moves, yes. For example, it would make fly hacking, speed hacking and building block hacking impossible. But think about things like aim hacking and seeing through walls. If information about the location of other players is sent to the client, then the latter types of hacks are fully possible. How can the client render other players without knowing their locations? My point is that I doubt that all types hacking can be prevented completely due to technical limitations. And a cheat detection system/ overwatch system (a la CS:GO) is the only thing that can ensure fair gameplay, without consuming a massive amount of server resources.[/QUOTE]
This is correct. I'm glad to find other people who seem to understand how all of this works.
Even with a fully authoritative networking model you still can't prevent aim hacks, x-ray walls, or similar cheats. You can beat some of them with server rendering (which companies have and continue to try without much success) and you can reduce some of it with clever programming (x-ray walls doesn't help if the server knows you can't see the character and doesn't send you the information about them, for example) but even with all of that you really can't stop something like an aim bot.
It would at least prevent things like super speed, superman jumps, walking through walls or rocks, falling through floors, distance action/looting, resource duping, crafting hacks, and most other things that should be the responsibility of the server. This would go a LONG way towards making the game more secure and cheat-resistant and actually leave them with the time and resources to add the additional security features needed to respond to aim bots and other things that are otherwise impossible to stop.
It's all too late now, of course, which is a shame. They had a chance when they restarted with experimental but they did the same stupid client-side stuff that caused so many problems with the first version :(
I went back and it's bad news for you
[video=youtube;Bve7kLwqQhk]http://www.youtube.com/watch?v=Bve7kLwqQhk[/video]
Sorry, you need to Log In to post a reply to this thread.
