Hello, I am new to the community and probably my questions have already been replied on previous Discord messages or on Forum topics which I was not able to locate. In case there are relevant clarifications please link me the URL of those so I will not waste your time.
Just quick “Bio” of my-self so I can justify the points related to my questions and my ability to understand (at-least on high-level I hope) any relevant technical related answer can be found below:
My gaming experience:
I have been playing games for the past 13 years and I was initiated to MMORPGs at the age of 12 with LineAge2 (back on C3 era-patch). I have been playing several MMORPGs and I never enjoyed any other tittle that much as LineAge2 (that is why I am still playing it on private servers). During those years (since the release of C4 patch) I have played on numerous private servers and official NcSoft servers as well. The main issue that was always “killing” a server was the third-party tools or bots.
Please note that I have played several other genres and MMORPG tittles.
My understanding of InfoSec and bot software products:
Please note that my studies are on Computer Science and Information Security and for the past years till now I work as an Application Security Engineer. Thus, I hope I will be able to understand any relevant technicalities referenced in your answer.
In addition to the above, I have also created my own LineAge2 private servers and developed relevant anti-bot solutions for those servers (well those controls partially worked).
My questions:
Since LineAge2 and probably Ashes of Creation are based on similar “type of grind” (at least on my understanding – I have not played the game) , I would like to ask some questions related to the above issue and some clarifications to information that you have shared with the community.
As referenced on your
wiki page and your
interview with AsmonGold, Ashes of Creation will implement a behavior analysis anti-bot control/s in addition to EasyAntiCheat (since I do not have access to the game I base my hypothesis related to EasyAntiCheat usage on
forum/support posts).
Based on my knowledge bots can “understand” the game world and relevant entities on it via the following methods:
1. Computer Vision/Image processing (e.g. usage of OpenCV library for the bot “to understand the game-world”)
A bot that makes use of computer vision algorithms cannot really include several functionalities and I would limit those to the following:
• NPC detection and gathering of relevant information such as it’s name
• Heath Points and Mana detection and monitoring (self)
• Heath Points detection and monitoring (NPC)
• Mouse and keyboard emulation
In my point of view, those kinds of bots would not be considered as harmful for the project, since a player could use them to kill mobs spawning near them on a really small area with a slow pace.
At least on my understanding, with the use of such a powerful engine such as Unreal Engine 4 you probably include much detail in order to “confuse” the relevant computer vision algorithms that could be used as a bot solution.
2. Direct Memory Access – (e.g. locating and reading values from memory addresses on which the game saves the
information and forwarding the values to the bot)
A bot that could read and write directly to the memory of the game could actually be coded to perform any action into the game-world.
For this type of “attacks”, you have implemented EasyAntiCheat as a security control.
What actually EasyAntiCheat does (on high-level not including all its functionalities of course) is via the usage of
ObRegisterCallbacks intercepts API calls that grant access rights of a process to another process in order to identify and prohibit an application to read or right to the relevant memory sectors.
The current trend of bot developers is to create custom Drivers (which actually are the highest in the “hierarchy of a computer”) and integrating the bot to those drivers. Of course, EasyAntiCheat has several features that prohibit the usage of such drivers (e.g. do not allow the game to run while unsinged drivers are present) but bot developers are known leverage vulnerabilities of known and trusted drivers in order to hook their bot software product.
In addition to the above, there are several methods to bypass ObRegisterCallbacks and EasyAntiCheat(e.g. elevation, lsass.exe). Thus, there will never be a “complete” solution in order to “fight” bots from reading directly into the memory and only behavior analysis could get close to that.
3. Code Injection – (e.g. changing the game binary or injecting an external DLL into the game binary)
As stated above, for this type of “attacks”, you have implemented EasyAntiCheat as a security control.
EasyAntiCheat is known to implement several anti-injection controls to the game in addition to direct memory access controls (in order for a bot developer to understand the game-world and script the relevant functionality access to memory will probably be required).
What additional controls have you implemented in order to “incommode” the bot developers from code injections? – Will you obfuscate the game assembly with a hard to reverse obfuscator or there are performance issues that arise in case of obfuscation?
4. NetCode – (e.g. intercepting and then analyzing the network data stream between the client and the server)
I am not going to list the technics (e.g. reversing the netcode, custom winsock service provider) with which a malicious user could intercept and analyze the traffic and create a bot software since I am pretty sure you are aware of those.
I would like to ask if you are going to implement some kind of controls relevant to this point (except encryption of course)?
Behavior analysis:
On my understanding (as described above), the only feasible way to “fight” against bot software is via the behavior analysis.
Based on your
interview with AsmonGold and
your wiki page you will or have developed several behavior analysis algorithms in order to identify probable gold-sellers and gold-buyers (real money trading).
On your interview you mentioned metrics related to current player gold, in-game trades etc.
Are there any algorithms that will be developed in order to identify (behaviorally) bot players and not only RTM abusers?
Just a clarification, I am not referring to metrics such as x types of mobs killed by character in a specific timeframe, but for more advanced solutions such as the below:
o Traffic Analysis including the below points or several other:
• Command timing
• Regularity tests
• Magnitude of Traffic Burstiness
• Reaction to Network Conditions
I will not analyze the above-mentioned techniques or ways that those could be implemented to any game, since this is a public forum and could be possibly be accessed by bot developers.
Lastly, will you perform any type of penetration test in order to validate that your controls against bots are not easy to by-pass and enhance those controls?
I would gladly provide a more in-depth analysis and some of my ideas in a more private environment or even in this thread (in case you have no issue with that).
PS: I am sorry for the long post, but I really want this game to succeed and not get ruined by bots. Sorry for any technical inaccuracy that may be included into my post, but I had limited time in order to write this post.
PS2: I am sorry for the terrible lay out, but the forum editor (based on BBCode) is not the best available.
