|
Post by NexusBlade on Dec 11, 2023 13:20:52 GMT -5
Huge thanks and all the credit to Wolfblood7 for this information, just saw this video and had to share it here. So there's a running theory that someone at Pixonic is helping hackers, and who knows this hacker could be bull「dookie」ting, I guess that will be up to the individual to decide what they believe... however... Hackers appear to have the ability to not only do basically whatever they want with their accounts, but also hack other people's accounts. Changing their stats for starters... all those subtle hackers? Even more obvious ones? Theres a chance it wasn't even them... But another player messing with their stats to get them banned. And additionally they're supposedly working on the ability to access other people's accounts and DELETE stuff from their hangers. Now again... could just be big talk from some lowlife hacker to drum up drama or fear... I'm not sure if I believe it... It's best to be skeptical of big claims like that... However it is worth noting the implicit threat of a hack of that kind. Here is the video in question Again it is worth mentioning that there's no proof of the ability to delete someones gear at this point, and it's questionable how hackers would go about doing that... Though I do know this game doesn't exactly have a high degree of protection from hacking, so I guess time will tell...
|
|
|
Post by 乃ㄥ卂乙 on Dec 11, 2023 14:06:36 GMT -5
I say to Mr hacker - delete everything
Do us a favor
|
|
|
Post by Wolfblood7 on Dec 11, 2023 20:58:23 GMT -5
I definitely don't believe everything this guy said. But the proof for some of it was there with what he showed me.
|
|
|
Post by gus169 on Dec 11, 2023 22:50:40 GMT -5
Thank you so much for your efforts here Wolfblood7 , and for the risk you take in publishing it. I sincerely hope you don't become a target for his 'friends', though I get the feeling that their motivation is more 'anti-Pixo' than 'anti-playerbase'. Fingers crossed. I'm hoping my dorky off-brand hangar can fly under the radar here, but who knows. I certainly annoy some people with it too.
|
|
|
Post by Schquirrelschak on Dec 11, 2023 22:59:11 GMT -5
I definitely don't believe everything this guy said. But the proof for some of it was there with what he showed me. From the speed at which the discord mods removed this, I'd say it's probably more true than anyone would like to admit. (Sigh)
|
|
|
Post by gus169 on Dec 11, 2023 23:07:16 GMT -5
I definitely don't believe everything this guy said. But the proof for some of it was there with what he showed me. From the speed at which the discord mods removed this, I'd say it's probably more true than anyone would like to admit. (Sigh) they posted THAT to the discord? chuckles. poking the bear right in the 「fluffernutter」ing EYE! I hate myself a little for finding that amusing. on the bright side, there's no button saying "hack ****'s account". not that it's impossible, but it's not a built-in option on that one.
|
|
|
Post by Garbage game on Dec 12, 2023 4:07:40 GMT -5
Headline: Non-Profit Altruistic Charity Company: Pixonic; Caught in Scandal.
|
|
|
Post by shadethefluffmech on Dec 12, 2023 13:06:02 GMT -5
Something makes me wonder Is this a threat to pix, the whales, or us? I could see the Tbendies being motivation for it Which would effect 1 and 2 mostly Or is it purely for chaotic anarchy What i wouldnt do to know their true abilities and intentions
|
|
|
Post by titando on Dec 12, 2023 14:30:26 GMT -5
The "hacker" probably works at Pixonic. And they know everything he/she is doing.
|
|
|
Post by Taboga73 on Dec 12, 2023 15:36:59 GMT -5
Could be coincidence or not- Games today have been insane with respect to cheating. Enemy Typhon not taking damage or very little and chewing through bots & titans like butter. Raced across Yamantau to our side beacon and completely unstoppable. Another game same sort of results, this time with an Ophion. Flew across Dead City at breakneck speed and parked on our spawn taking out Blues each second. Fafnir on our team taking no damage and again slicing through the enemy with ease.
Cheating seems to be advancing to MK 3…
|
|
|
Post by Wolfblood7 on Dec 12, 2023 19:16:51 GMT -5
Could be coincidence or not- Games today have been insane with respect to cheating. Enemy Typhon not taking damage or very little and chewing through bots & titans like butter. Raced across Yamantau to our side beacon and completely unstoppable. Another game same sort of results, this time with an Ophion. Flew across Dead City at breakneck speed and parked on our spawn taking out Blues each second. Fafnir on our team taking no damage and again slicing through the enemy with ease. Cheating seems to be advancing to MK 3… Couldn't have said it better. As soon as the update dropped, I've had obvious subtle hackers, beacon hacks, randomly dying at half health, the lot.
|
|
|
Post by linearblade on Dec 13, 2023 0:39:39 GMT -5
I was about to say the same thing. Glad it wasn’t just me thinking that. Ps: it wasn’t that subtle lol
|
|
|
Post by linearblade on Dec 13, 2023 1:24:43 GMT -5
I definitely don't believe everything this guy said. But the proof for some of it was there with what he showed me. FYI: as a programmer who’s made a tidy profit hacking over the years on the side, I can explain some of the things he’s doing, for clarity’s sake When he says “spy” he means: “we have a man on the inside selling information, and possibly access to or creating credentials for api calls.” This is made clear when he says “waiting for admin access”. So it’s likely an engineer (programmer) or sys admin. The game api access is not really a hack, so much as it’s the ability to access the same tools the game client uses. Things that you could do with local access (your account only). Probably get any offer you want, even if not visible etc. if pixonic does server side limiting then not possible. With admin api access, the doors open a lot more, basically whatever you want. Api access plus admin credentials would basically let you do anything you want outside of the combat portion of the game. And this could be easily accomplished simply by having their guy give them a copy of their “swagger” (a common method by which most programmers use to describe and organize documentation of their project ) Admin credentials could be created, possibly semi anonymously, and they would be hard to find unless someone checked user accounts daily on the system. Covering your tracks is very difficult however because everything is usually logged. But if they created an account, and waited 6 months (probably much less), then they could let the the old logs get cycled out safely and that aged credential would be anonymous at that point. Regarding the movement hacks: so games generally cannot tell how you got to a location on the map, you essentially tell the server where you are and the server takes your word for it. Since there is so much stuff flying across the screen, War Robots probably relies on a “trust based system” and uses UDP packets. Regarding invincibility, this can be achieved by editing the projectile vector (trajectory) internally.you see the bullet hitting, and the game tracks all the locations of bots locally for you, but the receiver says it’s a miss, so no damage is reported back. Alternatively, he could simply deny the reporting of damage to the server. It’s sort of like playing watching an audit or a vote in the USA. The election official says “it wasn’t rigged”, and you are suppose to believe them. Alternatively you can think of it like a paintball game where you get hit but decide to not stand up and report it, because you can hide the hit in some fashion My guess is that War Robots works this way , in order to minimize the server communications So how do they do this? It’s likely someone working at pixonic with access to their “git repository” has reported the parameters for functions to the hacking group. On a windows system the app would use a series of DLL to offload libraries and organize the game. Other OS work in the same way. Anyone can load these libraries. But if you don’t know the parameters to a function then you have to start guessing., or be able to write in assembly (for simplicity, machines read 1 and 0, but assembly is basically human readable 1 and 0, and it translates back and forth) To edit the program directly they can modify the binary itself (tedious, but very doable) , they can edit the memory allocated to the game when it starts, also doable, or interfere with the network traffic (probably the easiest of the 3, but least effective , because you can only modify what the game client reports back to the server (he hit me , he didn’t hit me, etc) However if they have access to the git repository, then they. Can quickly write modules to use the same DLL etc that the game uses and make alterations. They can also compile the game or parts of it. And then quickly acquire the memory registers, test etc)
|
|
|
Post by linearblade on Dec 13, 2023 1:30:35 GMT -5
When you wonder “why” would an inside guy screw pixonic:
The average salary for overseas developers are low. Like 20-40 bucks an hour. These people know the reason they are hired, it’s because they are cheap. In the case of American corporations, They also know they were hire to carelessly replace the local American labor. (Basically they know the company has zero loyalty to the employee)
So loyalty is basically zero. Because the developer is ripping the consumer off, the employee gets paid peanuts and has no expectation what so ever they will be kept on in bad times, and in good times they will get some free pizza and beer
Much of the time, the company isn’t managed by a properly salaried manager, and ownership is totally run by business guys with zero programming acumen.
Corruption sets in fast becsuse it’s easy to do whatever you feel lile with little repercussions
|
|
|
Post by linearblade on Dec 13, 2023 1:39:09 GMT -5
Once the parameters to access the api or internal client DLL (also basically an api) it becomes very difficult to dislodge hackers, without introducing random junk data to function calls etc,l.
So basically they do some basic gimmickry to alter memory locations etc of in game read / write memory , change protocols etc.
This lasts a few days until someone finds the new locations (security thru obscurity)
If pixonic truly wanted to fix this, they would invest serious time and effort in logs analysis introduce replay recording ala StarCraft 2, or plain old slow the game down and force everything thru the server.
That ship has sort of sailed with all the super fast 「slow」 robots out there these days tho, and the smart programmers who did the heavy lifting are likewise gone , so they are left with trash coders who punch a clock because they are underpaid
|
|
|
Post by Jeb on Dec 13, 2023 9:08:46 GMT -5
the smart programmers who did the heavy lifting are likewise gone , so they are left with trash coders who punch a clock because they are underpaid I think turnover explains everything that's changed about the quality of the game in the past few years.
|
|
|
Post by TerrorStorm on Dec 14, 2023 1:55:25 GMT -5
Once the parameters to access the api or internal client DLL (also basically an api) it becomes very difficult to dislodge hackers, without introducing random junk data to function calls etc,l. So basically they do some basic gimmickry to alter memory locations etc of in game read / write memory , change protocols etc. This lasts a few days until someone finds the new locations (security thru obscurity) If pixonic truly wanted to fix this, they would invest serious time and effort in logs analysis introduce replay recording ala StarCraft 2, or plain old slow the game down and force everything thru the server. That ship has sort of sailed with all the super fast 「slow」 robots out there these days tho, and the smart programmers who did the heavy lifting are likewise gone , so they are left with trash coders who punch a clock because they are underpaid 1st: Thanks Wolfblood7 for the video. 2nd: linearblade... question for you. What is the endgame here? If PIX is essentially a bunch of underpaid, unmotivated, hourly workers with some Execs over them making a lot of money where does this go? These guys seem to have no issue cranking out endless content. I think we all feel the game is going downhill pretty quickly but is there an endgame to this? Under these circumstances does it eventually implode or does it carry on for ever (get worse??) It looks like you've seen this in other games. Where do you feel like War Robots is going?
|
|