griefingpunkbuster

BOOM!
HEADSHOT!
or…CheatingandSubliminalExploitationinCombatSimulationsandOnlineGamingMikeBondComputerSecurityGroup,UniversityofCambridgeCL,1stJun07(firstpresentedSecurityandProtectionofInformation2007,Brno)TalkOverviewOnlineGamesandCombatSimsWhySecurityMattersinGamingTactics&SecurityTaxonomyExistingKnowledgeSurvey–Unintentionalglitches–Glitches,exploits,cheatsNewTopic:SubliminalExploitsStudyingOnlineGamingGamesandCombatSimsMulti-player,online,team-basedcombatCounterstrike(Valve,Half-LifeMod)Battlefield2(EADice)JointOperations(Novalogic)America'sArmy(USDOD)OperationFlashpoint(BIS)ArmedAssault(BIS)Morerealistic(approximately)JointOperationsJointOperations(2)ArmedAssaultArmedAssault(2)ArcadeversusTacticalTacticalShooters–Worldsimulationmoreaccurate:players,scale,weather,tides–Notaboutwhoshootsfirst,butwhoseeswhofirst.
–No(accurate)firingonthemove–Realisticdamage(oneshotcankill,immobilising/debilitatingwounds)–Valueoflifegreater(norespawn/revival)–MobilityandlogisticsasimportantascombatOverallgoal:successinatacticalshooterreliesonrealworldtactics,notgamemechanicsArcadeversusTactical(2)ArcadeversusTactical(3)FirstPerson3DSelfModelsEntertainmentApplicationsSingle-playerstorydrivenSingle-playerarcadeMulti-playerarcade–humansarejustusedasbetterAIMulti-playerteam-based–playersenjoy+benefitfromgroupingtogether–longtermgroupingsform,leaguesetc.
–8v8upto75v75MilitaryApplicationsRole-playingScenariosandTutoring–Remoteinternetsessionswithin-the-fieldexpertstrainingrecruitsbeforefirstdeploymentCombattacticstrainingLogisticstrainingPublicRelations&Recruiting(America'sArmy)GeneralMentalFitness–DecisionMaking,Reactions,ConcentrationRemoteDroneTrainingWhyCheatingMatterstoGamersOnlinegamingisasport–Everyonedeservesafairchance,alevelplayingfield–cheatingdestroysthisPeopledon'tenjoyanunfairfight–Mis-matchedboxers=nofunTheperceptionofunfairness/cheatingalsodestroysenjoymentIfgamersdon'tenjoyit,theydon'tstayplaying=noexpansionpacksold=nomonthlysubscriptionpaidin(MMOGs)CouldCheatingMattertotheMilitaryLearningtheWrongLessons–Diagnosed(OK…redesignthetrainingtoavoidthosescenarios)–Undiagnosed(Untold,unmeasureddamage!
)NegativePRImage–America'sArmyspreading"USmilitaryvalues"suchascheating/griefing/abuseTacticsandSecurityTaxonomyWe'lllookat–UnintentionalGlitches&Anomalies–DeliberateGlitches&Exploits–GoodOldFashionedCheats–SubliminalExploits/Neo-TacticsMilitaryTacticsSubliminalExploitsAkaNeo-TacticsGame-WorldTacticsExploitsCheatsRealityFantasyGlitchesUnintentionalGlitchesandAnomalies-spoilimmersion/fairness-inspiremaliciousglitchesMulti-ResolutionLandscapeMulti-ResolutionLandscape(2)InvisibilityGlitchesStaleDataDeliberateGlitchesandExploits-areconsideredcheating-spoilthegameformostplayersGamePhysicsExploits"LeanLeftGlitch""LeanLeftGlitch"(2)TeamExploitsCrossCaptureTrick.
InAdvanceandSecure,twoteamseachtrytocaptureeachother'sbasesimultaneously3menfromredteamandblueteameachentereachother'szonesatpreciselythesametimeTotalreds:6menTotalblues:6menTeamExploits(2)CrossCaptureTrick.
InAdvanceandSecure,twoteamseachtrytocaptureeachother'sbasesimultaneouslyRateofcapturerelatedtoratioofredsvsbluesproportionofteaminzoneTotalreds:6menTotalblues:6menRedsinzone:50%Bluesinzone:50%TeamExploits(3)CrossCaptureTrick.
InAdvanceandSecure,twoteamseachtrytocaptureeachother'sbasesimultaneouslyRateofcaptureproportionaltoratioofredsvsbluesproportionofteaminzoneTotalreds:6menTotalblues:4menRedsinzone:50%Bluesinzone:75%2guysquitOtherExploitsGlitchingthroughWalls.
Driveavehiclerightuptoawall,hitthekeytodisemark.
Youappearthefarsideofwall.
"DolphinDiving".
Constantlychangepostureasyoumove.
Bulletspreadiscalculatedbasedonposture,butthereisnospreadatallduringposturechange.
CardefaultpassengerexitpointsdefaultpassengerexitpointsGoodOld-FashionedCheating-usesspecialsoftware-canbefoughtwithAV-styletools"WallHacks"SubliminalExploitsaka.
"Neo-Tactics"-exploitemergentgameproperties-areusedunwittinglybyplayers-aremistakenforcheating-are"mistaken"forgenius-matterjustasmuchascheatingRelatedWorkonNetworkFactorsversusPerformanceM.
Dick,O.
Wellnitz,L.
Wolf"AnalysisofFactorsAffectingPlayers.
PerformanceandPerceptioninMultiplayerGames",http://www.
research.
ibm.
com/netgames2005/papers/dick.
pdf,NETGAMES2005G.
Armitage,"SensitivityofQuake3PlayerstoNetworkLatency",Postersession,SIGCOMMInternetMeasurementWorkshop,SanFrancisco,Nov2001S.
Zander,G.
Armitage,"EmpiricallyMeasuringtheQoSSensitivityofInteractiveOnlineGamePlayers",ProcAustralianTelecommunicationsNetworksandApplicationsConference(ATNAC2004),Sydney,December2004UbicomInc,"OPScore:AMetricforPlayabilityofOnlineGameswithNetworkImpairments",http://gamer.
ubicom.
com/pdfs/whitepapers/IP3K-DWP-OPSCORE-10.
pdfY.
W.
Bernier,"LatencyCompensatingMethodsinClient/ServerIn-gameProtocolDesignandOptimization",ValveIncFirstShooterAdvantage1.
SoldiersA&Bfaceoff,withasmokescreenbetweenthem.
2.
Whenthesmokeclears,eachseestheotherandopensfire3.
Bothplayershaveequalreactiontimes,butdifferentconnectionlatenciesSoldierAServerSoldierBHumanreactiontimeHumanreactiontimeSmokeclears150mslatency50mslatencyResult:Bwins(statistically)FirstShooterDebunkedIntacticalshooters,peoplerarelyreacttoacentralsynchronisedevent.
Instead,oneplayercausestheevent.
SoldierAServerSoldierBHumanreactiontimeHumanreactiontimeSmokeclears150mslatency50mslatencyResult:Bwins(statistically)FirstMoverAdvantageAandBfaceoffaroundacornerBstaysstill,AadvancesAgets"clientpredictionbenefit"–hestartstomoveassoonashepushesforwardkeyAseesBfirstAhasaworsepingthanBA'sfiringinstructionstakelongerthanB'sButA'svisualadvantageoutweighthisAwins(statistically)ABAlatency:150msServerproctime:25msBlatency:50msClienttemporalbuffering:200msBseesAafter150+25+50+200=425msAseesBinstantly,canshootafter150msFirstMoverAdvantage(2)SoldierAServerSoldierBHumanreactiontimeAstartstomove50mslatency150mslatencyResult:Awins(statistically)AseesBAfiresonBFrameroundingTemporalBuffering(200ms)BseesAHumanreactiontimeBfiresonA50mslatency150mslatencyAstartstomoveSemi-AutoAdvantageAutoFireVectorAutoFireVectorAutoFireVectorCableModemPacketBufferAutoFireVectorAutoFireVectorAutoFireVectorAuto-fireisavector…spread3bulletsalongapathbetweenA->Bat0.
3secondintervalsResult:Packetstaketimetoexecute,cannotbecompressedTimeUDPpacketBulletshotSemi-AutoAdvantage(2)SCableModemPacketBufferTimeSSSSSSSSSSSSSSSSSSemi-autoisapoint…fireonebulletatpointA,instantlyResult:Packetscanbeactedoninstantly,socompressduringmodembufferingunderlaggyconditions(whenbufferfull)UDPpacketBulletshotQuantisedApproachAdvantageIncomingJetAIncomingJetBIncomingJetCMoral:AttackfromthepointsofthecompassDefenderDefender1.
JetApproaches2.
Defenderhearsjetwhenitentersrange3.
DefenderaimsandfiresstingerWheredidallthescreenshotsgoThisstuffisusuallytoosubtletophotographIfitwasobvious,itwouldalreadybewellunderstoodDoesindustryknowaboutitDoesitactuallyexistCoveringFireAdvantageLightningAdvantageLightningAdvantage(2)LightningAdvantage(3)StudyingOnlineGamingIshardIt'stherealworldoutthere–youcan'tjusthitpause–recruiting64playerswhowilldowhatthey'retold–youneedaccesstoexperiencedplayersnotnovices–youneedrealisticnetworkconditions(cablemodemsnotacademicnetworklinks)Thecommunitydoesn'twelcomediscussionofcheatingmethods(gamedevdriventaboo)Liveexperimentsmayfallfoulofanti-cheatingdetectionsoftware(Punkbuster)GettingtheNetCodeGamedevelopersarelegendarilysecretive.
Theyworkfor5yearsinsecretonsomegame.
NetCodeisagamesdev'scrownjewels…it'sthecoreIPabouthowacompanymakestheirgameplayableThereareoneortwoopensourcenetcodestacks.
ButyouneeditforTacticalShooters,notforarcade.
Theyworktotallydifferently(movementspeedrangeisanorderofmagnitudelarger)NovalogicneverevendebuggedtheirownNetCodeproperlyafterintroducingapatchwithnewvehicles(motorbikes/choppers)Butno…Ihaven'ttriedaskinganyway.
IprobablyshouldMyTestingConfigurationServer+ClientClient"PlayandServe"TrafficShaperBandwidthLimitsUpstreamLatencyDownstreamLatencyPacketLossExperiment1:800msupstream(clienttoserver)delayexposesfirstMoveradvantagetohumaneyeBetterConfigurationServer+ClientClientA"PlayandServe"TrafficShaperTrafficShaperTrafficShaperClientBTheInternetI/O,networkandvideorecordingOtherclientsConclusionsTheonlineworldisaverydifferentplacetoreality,strangeandsinister–Triestodeceiveyouthatitisconsistent–Breaksthefundamentalassumptionsofscience–NotevencausalityissacredIfyouopenyourmindtounderstandit,youcanmanipulateittoyouradvantage(likeNeo)Traditionalstudyofcomputergamesecurityhasfocussedoneliminatingcheating,buttheperceptionofcheatingisevenmoreimportant.
TheremaybeconsequencesformilitaryuseIsariperesearcharea(andyougettoplaygamesallday!
)MoreInformationBoom,Headshot!
http://www.
cl.
cam.
ac.
uk/~mkb23/research/Boom-Headshot.
pdf–Includesliteraturesurvey–Includesmoredetailedexplanationofgamemechanics–MoresubliminalexploitexamplesMike.
Bond@cl.
cam.
ac.
uk