Edit:
My post on Trendy net.
http://forums.trendyent.com/showthre...l=1#post250732 * was removed due to illegal content*
(jezus I just noticed they have a typo in NET *correction* it's supposedly Trendy Entertainment :P)
Hey all, I'm posting this due to the "shock" I got last weekend concerning the Steam game Dungeon Defenders.
The last few weeks, I started seeing "shops" (games with a shop) with items that seemed to stretch a bit further than what could be accomplished, in terms of stats and/or damage. I also encountered more and more "OP" characters ingame.
The game advertises with the lines that it has now installed "Steam cheat protection", or something along those lines, and that it's actively banning "hackers".
Sadly, there are no hackers. Nothing gets hooked into the game during playtime at all. No processes get violated, Steam anti cheat can't prevent "hacking", because the game itself is built to read items into memory and save the game only occasionally. This last part is where it starts going wrong. Instead of directly writing items from and into the database, it uses the clients (PC's) local memory to keep track of items and it only occasionally saves them to the database.
The reason for this is probably to prevent too much stress on the servers, but it makes it extremely easy to "hack" any existing statistic in the game. To see what was possible, I employed a pre-built memory editor to alter statistics on weapons and gear. I'm currently at work, but I can testify that I am equiped with a Crystal Tracker-type of weapon that does about 250.000.000 damage per shot, has a fire rate of, to prevent lag, 6 shots per second and 12 projectiles. We could virtually hack this item to have 128 stats on all available modifications, including resistances (on a weapon).
For the record, I'm against cheating. I play my games completely clean, unless it's a single player game and I'm just fucking around in the console after clearing it. I'm not holier than the pope, but I prefer fair play. I have not used these hacked weapons in an open game, but can testify that it's saved to the database and active in any game I join.
I'm posting this, because (a.) I want to put the developers to shame and (b.) I want to warn people before they buy the game. The game is fun. Play it with friends, play it solo, but realize that the community is polluted by item hacks and even the official forum has items being offered that cannot be real.
I'm aware that I could be banned from Dungeon Defenders, hopefully not from steam, based on this post and the "hacking", but the fact that they only write items to the database from MEMORY occasionally without any form of protection or check, means that the game is written extremely badly and open to many forms of cheating.
Edit: Examples:
========= Response from a moderator on the Trendy Ent Forums, that does not work for Trendy Ent *shrug*=================
Edited in for completion and to make sure nothing is left out.Originally Posted by Finally
- I agree with the argument concerning hosting. The client is being run client side (PC) and a player hosts the game on his machine. This is correct, by all means and does indeed make it harder to enforce an anti-hack policy, but by no means impossible.
- I do not understand what's meant by "VAC does a delayed ban and will be removing the easy/common hacks you talk about in the first wave. so these programs will no longer work." Common sense would dictate that if VAC was already functioning, it would remove the items as soon as the first wave, but it won't stop these programs from working at all. It takes 6 seconds to make a godly weapon out of nothing. It takes more time to remove it.
- Yes, my account will likely get banned.