Home Trending Latest threads New posts Developer diaries

Please finally deal with the hackers

Jump to latest Follow Reply
  • We have updated our Community Code of Conduct. Please read through the new rules for the forum that are an integral part of Paradox Interactive’s User Agreement.
Hearts of Iron IV 48145 Bug Reports 17176 After Action Reports (AAR)
F

Firefly11_11

Second Lieutenant
19 Badges
May 15, 2018
104
92
  • Hearts of Iron IV: Expansion Pass
  • Hearts of Iron 4: Arms Against Tyranny
  • Hearts of Iron IV: No Step Back
  • Hearts of Iron IV: By Blood Alone
  • Battle for Bosporus
  • Hearts of Iron IV: La Resistance
  • Cities: Skylines - Campus
  • Hearts of Iron IV: Expansion Pass
  • Cities: Skylines Industries
  • Cities: Skylines - Parklife
  • Cities: Skylines
  • Cities: Skylines - Green Cities
  • Hearts of Iron IV: Death or Dishonor
  • Cities: Skylines - Mass Transit
  • Hearts of Iron IV: Together for Victory
  • Cities: Skylines - Natural Disasters
  • Hearts of Iron IV: Cadet
  • Cities: Skylines - Snowfall
  • Cities: Skylines - After Dark
There is a hack out there which allows people to use console and host commands. They can manipulate countries (build facories, boost manpower/stability/war support, release countries, basically anything you can think of).
I have joined 3 consecutive lobbies now where the hacker takes over host commands, prematurely starts the game, and uses his hacks to ruin the game and to crash it. It's super depressing.
The thing also is: they can make themselves invisible in the lobby, so you cannot kick them as host.

There is so much potential in this game. It's a shame it has to be ruined this way. PDX, please take action.
 
  • 3Like
  • 3
  • 2
Reactions:
I agree with the potential. Unfortunately the game just wasn't designed to prevent the client from having the ability to do this. It would have to be a ground-up redesign of most the basic elements of the game iirc. This would be more something to expect in a decade with Hoi5. Just gotta play with people you know.
 
  • 5Like
  • 1
Reactions:
lilcritt said:
I agree with the potential. Unfortunately the game just wasn't designed to prevent the client from having the ability to do this. It would have to be a ground-up redesign of most the basic elements of the game iirc. This would be more something to expect in a decade with Hoi5. Just gotta play with people you know.
Click to expand...
The hacks even allow you to bypass passworded lobbies so no one is safe :/
But its true that the hackers usually target the big open lobbies, because they simply want to ruin the game for as many people as possible.
 
  • 1
Reactions:
Bypassing passworded lobbies is unacceptable. I've never run into that though.
 
It really is a damn shame that literally NOTHING can be done about this. People are now actually paying "hackers" (script kiddies) to not shutdown their lobbies.

If the Paradox devs can't implement anti-cheat within the game to stop exploits - AT LEAST give hosts some more power to monitor who's joining the game. I.e Ability to see STEAM ID's, ability to create a blacklist of STEAM ID's, etc.

There are compensating controls that can easily be creating to at least quell the flow of hackers into lobbies.
 
  • 3Like
  • 2
Reactions:
Ghandino said:
It really is a damn shame that literally NOTHING can be done about this. People are now actually paying "hackers" (script kiddies) to not shutdown their lobbies.

If the Paradox devs can't implement anti-cheat within the game to stop exploits - AT LEAST give hosts some more power to monitor who's joining the game. I.e Ability to see STEAM ID's, ability to create a blacklist of STEAM ID's, etc.

There are compensating controls that can easily be creating to at least quell the flow of hackers into lobbies.
Click to expand...
evidence of paying? and yes they should actually fix the game
 
  • 1
Reactions:
thebigfox said:
evidence of paying? and yes they should actually fix the game
Click to expand...
Evidence? I don't have the screenshots of the PayPal transactions.

It was just another desperate Hoi4 lobby host who was fed up with hackers crashing their lobby, and finally decided that offering a tribute to the hackers was the only option.

It's frankly sickening to see such a massive, popular game be neglected by it's developers, and torn apart by toxic script kiddies.

You'd think.. maybe PDX can allocate .0001% of the profits from hoi4 towards some anticheat - NOPE! Sorry, it's not profitable to help our multiplayer community.
 
  • 2
  • 2
  • 1Like
Reactions:
Congrats. That host just made it profitable to actually continue hacking.

I don't play multiplayer. But that's how those things work in business.
 
  • 3
Reactions:
Ghandino said:
can easily
Click to expand...
Statements like this are why I am glad I am retired as a programmer. Without having seen the underlying code there is no way a random poster on this (or any) forum can intelligently make that statement. Besides, the devs have responded to many of these threads in the past to state that NO it cannot be easily 'fixed'.
 
  • 6
Reactions:
xtfoster said:
Statements like this are why I am glad I am retired as a programmer. Without having seen the underlying code there is no way a random poster on this (or any) forum can intelligently make that statement. Besides, the devs have responded to many of these threads in the past to state that NO it cannot be easily 'fixed'.
Click to expand...
HoI4 uses deterministic lockstep simulation:

Will HOI5 Fix Desyncs?

Late game desyncs in multiplayer, even 1v1 and small group games are huge issues. Whats the status on a fix for this? Do other Paradox games have desyncs?
forum.paradoxplaza.com forum.paradoxplaza.com
so for a hacker to, for example, delete someone's army, they will have to somehow make everyone else's game agree that those armies should be deleted, either through an effect, user input, or console command.
To run an arbitrary effect: The RNG is synchronized for everyone in a multiplayer game, so if somehow an effect is run on only one computer, they would just desync.
User input: It's easy to verify who is sending what command in an always-online environment. Checking IP against the player list is easy, and even if the hacker sends commands with spoofed IP or if the game need to support IP switch during MP, a simple public-private key encryption scheme makes it expensive and slow to crack. Someone who has the setup to do such cracks would almost certainly be cracking something lucrative, not trolling random people in MP.
Console command: Well this should be the easiest to fix: just reject console commands executed remotely while in lockstep simulation. Then you'll see the hacker desync themselves without any effect on anyone else.

Of course, it's not impossible that hackers can somehow change the program's state using methods NOT defined by the developers through internet connection. In that case it would be not just a simple cheat issue, but a serious remote code execution vulnerability. I'm fairly certain that this isn't the case as I haven't heard of any cases of hackers stealing people's crypto wallets by playing with them in HoI4 MP or antivirus companies blasting Paradox for the vulnerability.

So yes, it's weird that these particular hacks have not been patched under the current netcode: It shouldn't be possible to propagate commands that a user have no right of to other players in a deterministic lockstep environment.
 
  • 3
  • 2Like
Reactions:
Ghandino said:
It really is a damn shame that literally NOTHING can be done about this. People are now actually paying "hackers" (script kiddies) to not shutdown their lobbies.

If the Paradox devs can't implement anti-cheat within the game to stop exploits - AT LEAST give hosts some more power to monitor who's joining the game. I.e Ability to see STEAM ID's, ability to create a blacklist of STEAM ID's, etc.

There are compensating controls that can easily be creating to at least quell the flow of hackers into lobbies.
Click to expand...
Well, if you know the IP numbers of these unwanted individuals, you can always setup your firewall to block these IP numbers.

Every Windows system comes with the build-in Windows Firewall these days ;)
 
SchwarzKatze said:
HoI4 uses deterministic lockstep simulation:

Will HOI5 Fix Desyncs?

Late game desyncs in multiplayer, even 1v1 and small group games are huge issues. Whats the status on a fix for this? Do other Paradox games have desyncs?
forum.paradoxplaza.com forum.paradoxplaza.com
so for a hacker to, for example, delete someone's army, they will have to somehow make everyone else's game agree that those armies should be deleted, either through an effect, user input, or console command.
To run an arbitrary effect: The RNG is synchronized for everyone in a multiplayer game, so if somehow an effect is run on only one computer, they would just desync.
User input: It's easy to verify who is sending what command in an always-online environment. Checking IP against the player list is easy, and even if the hacker sends commands with spoofed IP or if the game need to support IP switch during MP, a simple public-private key encryption scheme makes it expensive and slow to crack. Someone who has the setup to do such cracks would almost certainly be cracking something lucrative, not trolling random people in MP.
Console command: Well this should be the easiest to fix: just reject console commands executed remotely while in lockstep simulation. Then you'll see the hacker desync themselves without any effect on anyone else.

Of course, it's not impossible that hackers can somehow change the program's state using methods NOT defined by the developers through internet connection. In that case it would be not just a simple cheat issue, but a serious remote code execution vulnerability. I'm fairly certain that this isn't the case as I haven't heard of any cases of hackers stealing people's crypto wallets by playing with them in HoI4 MP or antivirus companies blasting Paradox for the vulnerability.

So yes, it's weird that these particular hacks have not been patched under the current netcode: It shouldn't be possible to propagate commands that a user have no right of to other players in a deterministic lockstep environment.
Click to expand...
I dont know what these things mean but it sounds very interesting and I hope PDX reads it.
 
  • 3Haha
  • 1
Reactions:
jpd said:
Well, if you know the IP numbers of these unwanted individuals, you can always setup your firewall to block these IP numbers.

Every Windows system comes with the build-in Windows Firewall these days ;)
Click to expand...

The problem with this is you don't know until after they've acted that they're a bad actor. By the time the player figures out their IP, then you've already had your game ruined

You could make a whitelist system instead, but that comes with a plethora of other problems
 
Right now there is a hacker going around lobbies and publishing IP addresses (on the first picture i filtered out antisemitic remarks from the hacker).
So apart from being gamebreaking, hacking also causes security issues. PDX really needs to address this.


Schermopname (2239).png
Schermopname (2241).png
 
  • 1
Reactions:
Firefly11_11 said:
Right now there is a hacker going around lobbies and publishing IP addresses (on the first picture i filtered out antisemitic remarks from the hacker).
So apart from being gamebreaking, hacking also causes security issues. PDX really needs to address this.


View attachment 1248352View attachment 1248353
Click to expand...

What's the big deal about IP addresses being published?

As to the hacking: unfortunately so far it seems that the devs don't care, and the player count for HOI4 is actually rising. Which means the current strategy of "let hackers do what they want, focus on single player" seems to be working financially.

I'm hoping someone "Privately" (wink wink, nudge nudge) provides a fix to the hacking as there's no hope for the dev team.
 
Hackers are still going lobby by lobby ruining them. They are invisible on the player list on the left (so you cannot kick them), they spam the channel with toxicity and they change settings which causes the screen to flicker for everyone and the game to freeze/crash.

Schermopname (79).png
 
  • 2Like
Reactions:
You must log in or register to reply here.
Top Bottom
Back