Dismiss Notice
This Section is READ ONLY - All Posts Are Archived

Wizard Tower Break-in -- Exploit Edition

Discussion in 'Release 11 Feedback' started by Tartness, Nov 1, 2014.

Thread Status:
Not open for further replies.
  1. Jatvardur

    Jatvardur Avatar

    Messages:
    2,020
    Likes Received:
    3,002
    Trophy Points:
    165
    Gender:
    Male
    Location:
    CH

    So locked doors appear to be locked. They are loaded with the level, which is part of the main port. So if that port isn't open then the game doesn't load at all.

    Apart from AA running through walls (which I can see), he can also see other players in their house. Is funny when they are on high levels. Guess you don't go to the bathroom then. :p
     
  2. Sunswords

    Sunswords Avatar

    Messages:
    252
    Likes Received:
    628
    Trophy Points:
    28
    Fast work and good to know! :D I guess the Devs need to keep this in mind when designing levels.
     
    Duke AvorinSwiftslay likes this.
  3. Drocis the Devious

    Drocis the Devious Avatar

    Messages:
    18,188
    Likes Received:
    35,440
    Trophy Points:
    153
    Gender:
    Male
    That's going to make for some really funny and weird PC voyeur films. I'd like to think that there's some sense of privacy inside of a home. I don't want anyone to see me playing with my Time Lord action figures.
     
  4. Sunswords

    Sunswords Avatar

    Messages:
    252
    Likes Received:
    628
    Trophy Points:
    28
    Or a whole bunch of barely dressed Avatars huddled closely and floating in mid-air.

    :eek:
     
  5. Drocis the Devious

    Drocis the Devious Avatar

    Messages:
    18,188
    Likes Received:
    35,440
    Trophy Points:
    153
    Gender:
    Male
    We're also going to want to test this periodically with each release.

    Specifically when stealth mechanics are added.
     
    Duke AvorinSwiftslay likes this.
  6. Jatvardur

    Jatvardur Avatar

    Messages:
    2,020
    Likes Received:
    3,002
    Trophy Points:
    165
    Gender:
    Male
    Location:
    CH

    Here's the walking through walls:

     
  7. Jatvardur

    Jatvardur Avatar

    Messages:
    2,020
    Likes Received:
    3,002
    Trophy Points:
    165
    Gender:
    Male
    Location:
    CH
    Had another thought on possible exploits.

    Possible PVP exploit?
    • We know that players load even when buildings don't. AA said that aggro mobs also load, i.e. he was able to fight.
    • If I'm in the game with all data loaded, and AA is in the game with players loaded and the ability to fight.
    • Does that mean he could shoot fireballs through walls? Given that seeing me "hiding" behind a building is also an exploit.

    I think that might be possible. I also note that NPCs often shoot through walls too.

    We need to test this!
     
  8. Drocis the Devious

    Drocis the Devious Avatar

    Messages:
    18,188
    Likes Received:
    35,440
    Trophy Points:
    153
    Gender:
    Male

    Good catch...Have AA duel you and shoot firearrows and fireballs to see if there's an effect.

    Another exploit would also be to cast a summon spell and then move through a wall where you can't be followed...letting your summoned creature fight your battle while you hang out behind a wall.
     
    Duke AvorinSwiftslay likes this.
  9. Chris

    Chris Tech Lord Moderator Ambassador SOTA Developer

    Messages:
    2,470
    Likes Received:
    27,551
    Trophy Points:
    190
    Gender:
    Male
    Nice! So, since we're completely transparent on things, I'll explain exactly what is happening and why it works that way and what the easy fixes are if we choose to fix it. :)

    When players are in a map, there are some elements that are local to that map, such as creatures, NPCs, traps, common harvestable items, other players, etc. There also things that are shared between all instances of the map. These are things like vendor inventory, rare harvestable items, houses, and house decorations. One server handles the items local to the instance and another handles the items that are shared between the instances.

    We currently consider a connection to the instance server mandatory but tolerate a failure to the shared data server since it could be a point of failure at some point in the future. The only downside of a lost connection is you won't be able to see what vendors have or what decorations are on lots.

    We'll probably leave that rule alone for now and instead add logic so if you log in and you're on a lot that you don't have access to, that it will teleport you off the lot. Much safer fix that doesn't introduce another mandatory connection to the game!

    BTW, thanks for pointing this out! I'm happy to see that the game still worked as expected with that connection blocked! :)

    Chris
     
  10. Drocis the Devious

    Drocis the Devious Avatar

    Messages:
    18,188
    Likes Received:
    35,440
    Trophy Points:
    153
    Gender:
    Male

    This is just another one of my stupid questions...but couldn't you code the logic so that the check on permissions is done first before someone enters the lot at all...thus blocking them in the first place and not creating a need to teleport them? I know that this is simulated "real time" and the server and client are not truly instantaneous, but it seems like just allowing someone to get in there at all is a bit of an exploit that could impact immerssion, the feeling of having a sense of privacy in your home, and possibly has an impact (though greatly reduced) on PVP.

    I know these are hard choices to make, I just wanted to through this out there to you to ponder.
     
    Duke AvorinSwiftslay likes this.
  11. Jatvardur

    Jatvardur Avatar

    Messages:
    2,020
    Likes Received:
    3,002
    Trophy Points:
    165
    Gender:
    Male
    Location:
    CH
    Many thanks for the reply!

    • How would that affect seeing other players on the other side of a wall / house?

    This is currently true according to Avatar Acid. Definitely an exploit for PVP, since you could see an enemy and plan accordingly (unfair advantage)


    • Is it possible to shoot through walls with the current build?

    Not tested this yet, but an obvious advantage! :)




    Yep, we are pretty glad it turned out like that too. Although it is still early days so you guys could have fixed it. :)
     
  12. Chris

    Chris Tech Lord Moderator Ambassador SOTA Developer

    Messages:
    2,470
    Likes Received:
    27,551
    Trophy Points:
    190
    Gender:
    Male

    Our preference in most things related to cheating is to silently log stuff like this on the server and let people think they are getting away with it. If we don't start finding any failure cases on the shared data server then we can move it to be a required connection as well. The fear was since it is shared with everyone in all instances of a scene, it could be a point of first failure in high load situations with high . We can re-evaluate when we get a bit closer to a live state and see if it still feels like a risk to make the connection required.
     
  13. Drocis the Devious

    Drocis the Devious Avatar

    Messages:
    18,188
    Likes Received:
    35,440
    Trophy Points:
    153
    Gender:
    Male
    This probably goes beyond what you're willing to say today...but using this type of exploit (or the ones that people think they're getting away with that you're just logging)...would that constitute a lifetime ban once we go live? (regardless of pledge or money spent). And what about guilds, is there any type of guilt by association for things like this? I mean if the same guild keeps using the same exploits do you ever consider just banning them all?

    I have a deep rooted sense of fairness.
     
    Duke AvorinSwiftslay and Chris like this.
  14. Chris

    Chris Tech Lord Moderator Ambassador SOTA Developer

    Messages:
    2,470
    Likes Received:
    27,551
    Trophy Points:
    190
    Gender:
    Male
    No idea on what type ban we would levy for something like that. We have discussed the topic of banning for backers who paid more than a base pledge and how to deal with them. Lots of ideas but if I throw any out then I think this thread will go off track quick. Just know that we have multiple ways we can enforce bans since we can do things like simply block players from being able to play with other players for an amount of time.

    Also, there is a lot of grey area in what is "cheating". This one is something explicit the player has to do outside the game, so it is pretty black and white if they are toggling it on and off but less so if they just have it off. Not game destroying though but still would result in some punishment if used and not reported.

    Until we're closer to live, we really just want people to come forward with this stuff so we can either fix or track it depending on the issue.
     
  15. Tartness

    Tartness Avatar

    Messages:
    913
    Likes Received:
    1,514
    Trophy Points:
    105
    Gender:
    Male
    @Chris - thanks for getting back to us here! I suppose it isn't very likely that a user will log in, save up enough gold, and then try to buy a house without first discovering there is an issue with his game but if a check could be run when someone tries to buy a plot to prevent that money loss on a failed purchase that would be great. I can see that generating issues for you guys in the future.

    If anyone is available in about 3-4hrs then I will be available to test out some PvP stuff related to this. Reply here or drop me a PM.
     
  16. TheMadHermit

    TheMadHermit Avatar

    Messages:
    645
    Likes Received:
    3,359
    Trophy Points:
    93
    @AvatarAcid That's how you test!!! Well done Sir!
     
  17. CaptainJackSparrow

    CaptainJackSparrow Avatar

    Messages:
    811
    Likes Received:
    1,561
    Trophy Points:
    93
    Captain Jack agrees! But Captain Jack would like to see this tried with a boat, or houseboat! Fancy a swim?
     
  18. stile

    stile Avatar

    Messages:
    2,664
    Likes Received:
    5,447
    Trophy Points:
    165
    Gender:
    Male
    Location:
    United States, Indiana
    Lord Baldrith and AvatarAcid like this.
Thread Status:
Not open for further replies.