Brute Force Keylocks

I just want to make sure people (and devs if they are not already) aware that it appears that people have figured out how to brute force code locks using a script. There was an older version of this that took a few seconds each attempt, but this new script can brute force your code locks very quickly. There needs to be some kind of server side check or mechanic added to force the delay of entry because an exploit like this really is game breaking. There is speculation that all code lock entry verification is done client-side, which means abusers can inject code combinations rapidly. Forcing a server side check would hopefully break that script.

Edit: Said ‘Key’ meant ‘Code’

+1 if this is actually the case this is a game breaking issue… You could build to get around this but its really a nasty issue.

If they use a combo of speed/jump hacks and brute force there’s really no building to get around it that I can think of unless you go all keys (yuck).

Using stairs and turning 'em with a hammer works pretty well to make a “door” that only the owner of the building can use. You don’t need a single lock if you go for that. Of course they could c4 or axe that, but its no easier/harder than an actual door.

Obviously there is a ton of hacks out there and some are just over the top (a flying no-clipper is impossible to stop), but guys playing it “safe” that have only the lock breaker can be stopped with that.

The thing with the lock hack is that worse case, it can look like you had a lucky guess and got it. Someone unlocking your door is plausible, however unlikely, so it’s kind of a stealthy hack.

Right technically there is a 1/10000 shot to guess the correct digit, so it is plausible someone got lucky. This wasn’t the first time I’ve seen evidence of it though.

I have the Prod mod installed, so I am able to see who is authorized to what tool cupboard, who placed what wall or floor. I would have originally thought I was raided and the raiders built everything back, but that doesn’t make sense as my master tool cupboard is in an armored room and my Prod tool confirms I am still the only one authorized to it, so there’s technically no way they could have rebuilt around the areas potentially blasted by c4 (which there was no evidence of) since they did not have building authorization after everything was back in place. I have several wood storage units with code locks on them, but they were emptied of items while the original lock and combination still remain in place on them.

A few others have reported similar events, and I’ve confirmed with the prod tool that their armored tool cupboard only has those in question authorized to it. So something funky is going on with the code locks.

If I’m missing some piece of logic I’d be happy to know. I really don’t like to call “hacker” unless I cannot think of anything else plausible.

What about forcing a break of 1 minute after 5 wrong tries? That would solve the whole issue and wouldn’t harm anyone who doesn’t use the hack…

If that check was enforced server side that would work Sheytan, but if the checking is done client-side, the hacker can still get around it just like how they are able to get around the (short) pause we have while entering codes in the legitimate way in game.

It has to check server-side somehow already no?

But seriously. even a simple mouse script could achieve this quite fast. We need some kind of delay after X number of attempts.

I would think so too Brex, so there are two options that I can think of (with my limited processing capacity).

  1. Everything is stored client-side and is checked there sending a true/false to the server for door entry each attempt (if this were the case they could just send the true return value and gain entry without checking for codes)
  2. They are being checked server-side, but an exploit has been discovered that allows checks to be sent at a much more rapid pace. If this is the case, it should be something that can be logged with some dev tools.

But yes, some kind of n+1 delay server-side could help prevent this type of attack from occurring.