(Allegedly) Fallout 76 has basically zero anti-cheat or anti-exploit systems - Sensationalist Headlines

https://youtu.be/mpc3l2aVEXU

Holy fuck I didn't think anyone could fuck up multiplayer as bad as Rockstar but yet here comes that legend Bethesda telling me to hold their beer while they put on the best mp shit show that has ever exsisted thus far.

Finally. You can now force your huge tiddie mods into other people's Fallout.

I doubt it'll allow downloading and remote execution. It's beyond "Really bad" if it does. Like, security vulnerability bad, not just a shitty game.

Can't believe I thought this game is going to be good. What a trash.

Maybe it will defy all expectations and become the next Counter Strike 1.6 and the reason why it looks so bad now is because Bethesda made it look like shit on purpose because Bethesda is too scared of becoming the most successful modern videogame company.

well they don't have a lot of time to fix it then

at this point it honestly would not surprise me if the game just gets totally pulled a month or two after release a la Ride to Hell Retribution

As others have said, Bethesda needs to get a proper foundation first (ie engine).

Seems their idea is to compete with Fortnite so certainly they wouldn't do that

Makes me laugh when remembering the whole 'Quake' networking fluff going around. Not really sure what exactly of that they are still using from that! I missed the FPS-movement speed shennanigans, but that indicates they're clearly trusting the client for movement -- I'd consider that almost completely contradictory to 'Quake' inspired networking... Clearly they're trusting the client's word for a lot more than just that, if some of those claims are true. If they've structured things out with any sense of sanity, hopefully they can pull of a mad scramble to obfuscate and integrity check the transport layer, not that it does anything for the more accessible and most abusable attacks claimed here.

TESO is all Zenimax online studios, not Bethesda

So I'm being passed around this image in regards to someone looking at the code for the anti-cheat of Fallout 76. https://files.facepunch.com/forum/upload/207991/a52735ae-4c5b-47e7-b674-3d5e9916cac2/97248919EB59F064119C35841D3D6E97DFF24796.png I really hope this is a joke, or there's just more to the code that isn't being shown.

I love how it's flagging cheat engine too the creator of CE themselves laugh at people that use it online, it's the most blatant with detection and least effective for online unless you STRAIGHT UP have health and ammo all as clientside info like the program is strictly used for offline games.

Mind you, I'm no programmer, so most surely I'm misreading some of this, is it looking for those exe names by looking at the currently running processes list and then flagging them if it's a match? Because if so, that's a "WarZ private server set up and managed by a team of prepubescent kids" level of incompetence.

Well that's a reason to play on console...I guess?

It's true, playing on PS4 is looking better all the time.

Although CE can be used to find offsets and memory structs - which can then be moved into "undetected" external tools. Happens a lot with GTA because for some reason - CE isn't detected at all, so you can use cheat tables and debug memory structs for external tools (infinite ammo offsets etc) to your heart's content!

I highly doubt that single screenshot is the entire anti-cheat logic... windbg for example is a common tool that any windows engineer would be running

I'd confirm but I don't want fallout 76, I don't see why anybody couldn't at least find the strings in a hex editor in short time.

This is most likely fake tbh.

I will say there are some examples of letting the client handle movement at the very least which have worked out in the long run. World of warcraft, at least back in in the day (and I presume now) handled terrain collision detection on the client, and there was a high-profile situation where a guild carried out a model replacement exploit on their clients to allow them to skip to C'thun's boss room by falling through what would have normally been floor. The primary difference here being that WoW is an actual MMO and carrying out server side collision and movement calculations would probably be prohibitively expensive for thousands of simultaneous players, and people responsible for the sort of shenanigans above get banned in short order because blizzard wrote an actual fucking anti cheat for their game.

Yeah, not trying to shit on client trusting netcode at all, purely pointing out that it is of note because "Quake" style netcode was a term being thrown around. If you're ignoring the uh, really neat "VM" and gamestate management there, a fairly defining feature is how little the client is trusted (but how much the client predicts!), which you can see in games and engines that have used it as a reference in their own netcode design. See: Source. Trusting the client (in the sense of client-authoritative networking) is definitely not a hard and fast no-no. I'm not even sure if it'd be a that bad of a thing for something like Fallout 76. Reasonable player count, not too player-versus-player focused, most player-server-entity interactions probably have only a single primary player involved. Those aren't the points usually demanding a strict, server-authoritative solution. It is a common sight in "coop" style multiplayer, versus something like a competitive arena shooter. Just means an ongoing arms race (like Blizzard has had to deal with!) to more and more accurately identify and flag people that are cheating via e.g. speedhacking or thanks to the plain transport, packet injection for location setting etc.

I used it on escape from tarkov once before to purchase multiple items for the price of one. Totally expected to be banned but I suppose it was close to wipe and not worth the trouble. Has since been patched. It's a cool tool to mess with. EFT essentially did the same thing at first before fixing the vulnerability. They just flagged/blocked anyone that had it running along with the game. Considering that Bethesda probably has less experience with anti-cheat than Battlestate Games, I wouldn't be surprised if this was real.

As an update, I saw earlier that other people were sniffing their connections today, and all this is basically lies. I'm not saying everything is great, but they do at least encrypt the connections and whatnot.

Did I code this anti-cheat

Oh fuck, you gave me flashbacks to leaving Planet Manhattan after joining a new server, and 40 alien battleships were just at spawn. Good times.

Heh, nice one, we all know Bethesda doesn't patch anything.

The division had this sort of issue at launch as well and they shaped it up fairly well in the end. I feel like bethesda should easily have the budget to bring in external contractors to improve security, its not like the game isn't already a massive success in terms of pre orders.