PD vs Hackers "Notice of Account Ban Measures"

[Johnnypenso]

I highly recommend you google my username before you continue to read this. From that you can determine the source and whether I am qualified to answer that question. If after that you truly want specific answers to what they did I can supply that.


Personally I probably would have spent less than they did, or at least spent it elsewhere.


As I already stated they did enough already for launch, probably more than any other game out there. Far more than much higher grossing games.


It is not that it "can't" it is more what is the cost (not money cost) of doing so. For one there is the issue of game flexibility. In one-make car races the cars are chosen from a separate data table (as I mentioned in a previous post) so that is easy, you and everyone else get the car specs from the same place.

Doing this all the time would remove all possibility of tuning your cars. As of the 1.06 update there are 1339 cars in the game, each with its own set of variables. With the current editor the are ~484^16= 9.068E42 (9 with 42 zeros) combinations with just the variables it touches, there are much more that it does not touch. That's a much bigger number than can be calculated using 64 bits. If you could have a computer do 3 billion tests per second it would take 3.00e35 (3 with 35 zeros) years to test them all. Of course most of these are invalid combinations, but as you can see even then there would be a huge set to deal with.

They also have the PP system, but they screwed that up by making it a signed int16 so negative PP numbers are possible negating that limitation to lobbies. And getting over 32767 PP is easy, then it becomes negative allowing entrance to any PP limited lobby.

They reduce the load of testing by other means. Right now we see PP, HP, drivetrain, etc. tests and for the most part they keep the lobby fair. Unlimited lobbies are just that, unlimited. They can add tests for common hybrid tricks now that there are hybrids.

With Tuning Prohibited it's easy, the car has a flag that is set if it is modified, the game only needs to check 1 bit to validate the car.

Also note these tests are done remotely, on their server for on line lobbies, for every on line car. Adding more tests puts more strain on the servers too. Moving the checks to the client makes it easy to bypass the tests.

My math is probably wrong but it is only to demonstrate the scope of the issue. Go ahead and correct it if you like.

I hope this helps explains some of the issues PD must contend with and answers your question.

Someone mentioned solutions concerning game save files. As it stands there are no hacks that work directly with the save file. I suspect we will see them soon enough. The current hacks would work even if the saves were cloud based only.

tl;dr;lii

Thanks for the detailed explanation. Maybe I'll give you an example and you can explain why this wouldn't work.

Example 1 - In GT5 you had the problem of bazillion HP cars. If PD had a Spec Check that said, "Does this car exceed 1479 HP (or whatever the known limit was)?

Answer: No >>> go to track.
Answer: Yes>>> "You get nothing, you lose, good day Sir!!". Maybe you get a nice polite warning saying you screwed up, don't do it again, and now you have 2 strikes against you.

Example 2 - There are known parts that can be put on each car correct? No car in GT5 could have a Racing Flywheel for example, it was only available through hybriding. Or Racing SuperSofts and a few other things. If you try to get onto the track online, a simple check is done to see if you have those parts.

Answer: No >>> go to track.
Answer: Yes>>> "You get nothing, you lose, good day Sir!!"

Again, how would a hybrider get around this? Either you have the part or you don't.

You would only check cars entering the track, not the entire garage to simplify things. The game already does this with Room parameters as set by the host, why can't they add another layer or two of known limits, hidden and unseen, and double check cars against that? Even if it takes 10 seconds to get onto the track, it would at least solve the majority of the problems would it not?

 

[ZoidFile]

why can't they add another layer or two of known limits, hidden and unseen, and double check cars against that?

Why don't just use a checksum? If a game file is altered, the server does not accept you. It's one of the oldest methods in computor history.

 

[p3bucky]

Why don't just use a checksum? If a game file is altered, the server does not accept you. It's one of the oldest methods in computor history.

I know no where near as much as FarSide on this, but judging from what Red-Eye said recently, there is a checksum on the save data.

I'm in the last steps in completing the decrypter...

Trying to reverse the checksums now

Along with a picture, which I don't think I can post here.

 

[eSZee]

Why don't just use a checksum? If a game file is altered, the server does not accept you. It's one of the oldest methods in computor history.

Wouldn't that prohibit you from going into a room even if your car was legitimate?

 

[OdeFinn]

If PD put piece of code in game with database of all possible legit variations counted for every car, what checks car data against it,which are updated on every start from net, no matter if CFW user changes that database and drives offline with changed car check data.
Every car change/entering on online it sends car setup data to PD's "validating server" what have all possible variations for that car counted already(practically same database what you have locally on PS3, but located to PD's server so no changes can be made, better if generated on different way, so no hacker can learn locally what kind of database there is online), and if it accepts car as legit it may go on track, if not it bans/penalties/etc. Same on TT's and other LeaderBoard challenges.
They have to put some SSH (not heartbleeded ) encryption to that validation check to avoid CFW users to send fake information to that validation server, and they can change SSH encryption key on every update to keep hackers busy if they want to keep that validation check reliable.

Hopefully they put better code on transmission check this time, last time (GT5) they resets legit cars transmissions if those are done by tweaking (tranny trick) final gear.

 

[SavageEvil]

I'm sure that they could institute a server side function that will sweep rooms and flag any user who has entered the course with car who's PP doesn't match any known configuration in the game database. Now that user is flagged and now PD will be on alert for this user and wait for any complaints about said user and it would be nice if they also used replays to see the infractions before passing out bans and warnings.

All the cars in GT6 have a neutral(default) setup, and the game knows all the parts than can be applied and modifications that can be done and all the limits therein. Everything is linked by hex codes and when hex codes do not match flag goes up. Although I don't care if you mode or hack, just that PD should really try to keep this stuff under control and actually implement a mediator and allow them to have their fun but if they begin to affect other legitimate players then bring action. I say give them their own place to do their thing, and you might get ideas about what to add to the game. Police them to keep the people in line.

Setup a code to copy user car data when they do Seasonals, and I mean down to the hex identifiers so you can judge if they got their times legitimately.

Anyone know why they are going after hackers, did something happen in a Seasonal or something? I am still confused as to why this is the talk of the week.

 

[Chrunch Houston]

I'm sure that they could institute a server side function that will sweep rooms and flag any user who has entered the course with car who's PP doesn't match any known configuration (A) in the game database. Now that user is flagged and now PD will be on alert for this user and wait for any complaints about said user (B) and it would be nice if they also used replays to see the infractions (C) before passing out bans and warnings.

All the cars in GT6 have a neutral(default) setup, and the game knows all the parts than can be applied and modifications that can be done and all the limits therein. Everything is linked by hex codes and when hex codes do not match flag goes up. Although I don't care if you mode or hack, just that PD should really try to keep this stuff under control and actually implement a mediator and allow them to have their fun but if they begin to affect other legitimate players then bring action. I say give them their own place to do their thing, and you might get ideas about what to add to the game. Police them to keep the people in line.

Setup a code to copy user car data when they do Seasonals, and I mean down to the hex identifiers so you can judge if they got their times legitimately.

Anyone know why they are going after hackers, did something happen in a Seasonal or something? I am still confused as to why this is the talk of the week.

Why not just ban them after A and get if over with? PD barely has enough employees to keep the game up and running, much less the time to watch replays of hackers before handing out bans.

 

[GTP_CargoRatt]

I don't know why there is this discussion about whether or not banning hackers can be done. Wasn't it done? Or did I miss something?

Yes, it was done, but they are just coming back within minutes because of PD's weak attempt at banning them. Account banning is not a very effective way of banning someone.

 

[Chrunch Houston]

Yes, it was done, but they are just coming back within minutes because of PD's weak attempt at banning them. Account banning is not a very effective way of banning someone.

But isn't that all that matters? No hacked cars in online lobbies.

I don't care if they hack offline.

 

[GTP_CargoRatt]

But isn't that all that matters? No hacked cars in online lobbies.

I don't care if they hack offline.

You totally missed it. They create another account and they are back online, with their hacked cars. You don't seem to understand, its account banning, not console banning. They get banned and in less than 15 minutes they are back online with hacked cars. Also, if I remember the conversation correctly, the account that got banned can easily be re-assigned to another account, so that person isn't even losing anything, it just turns out to be a small inconvienence for a minute.

 

[p3bucky]

You totally missed it. They create another account and they are back online, with their hacked cars. You don't seem to understand, its account banning, not console banning. They get banned and in less than 15 minutes they are back online with hacked cars. Also, if I remember the conversation correctly, the account that got banned can easily be re-assigned to another account, so that person isn't even losing anything, it just turns out to be a small inconvienence for a minute.

Yep. Just a quick resign and RTM your new PSN name in the place of your old and it's good to go. And you can keep doing that as many times as you want. So they're only offline for however long it takes them to finish the intro of the game on their new profile.

 

[ToyGTone]

PNuTButR
I received my notification in French even though I have my first language set as English and I'm in the UK. Anyone else get this?

AudiMan2011
I got the notification in French as well when I was randomly browsing things.

Same here.

and its the same here for my two psn account.

 

[Vic Reign93]

So to sum it in up in an odd analogy, PD is shutting the door on the hackers but forgets that the hackers have a sledgehammer.

 

[GTP_CargoRatt]

So to sum it in up in an odd analogy, PD is shutting the door on the hackers but forgets that the hackers have a sledgehammer.

Actually, they're not even shutting the door, just an ill attempted at swinging it closed. But yea, that's pretty much it. 👍

 

[Johnnypenso]

But isn't that all that matters? No hacked cars in online lobbies.

I don't care if they hack offline.

You totally missed it. They create another account and they are back online, with their hacked cars. You don't seem to understand, its account banning, not console banning. They get banned and in less than 15 minutes they are back online with hacked cars. Also, if I remember the conversation correctly, the account that got banned can easily be re-assigned to another account, so that person isn't even losing anything, it just turns out to be a small inconvienence for a minute.

@Chrunch Houston this is why it pays to read the entire thread As I and others have said, including the hackers themselves, this move on Sony's part is nothing, zero, and does nothing to stop or change hybriding in any way. It's just lip-service to the uninformed to give the impression that something was done, when it wasn't.

 

[PNuTButR]

and its the same here for my two psn account.

This is a strange recurring issue.

 

[TurismoBad]

How they will be "back in no time" if this is an auto ban caused by a bot check ? PD is not scanning 2 million accounts manually and then decides to ban people.

If they use another account they will be banned again immediately.

I'm not into hacking so I may be missing something obvious.

 

[Dodzzz]

You need National A License to enter open lobbies..

 

[GTP_CargoRatt]

How they will be "back in no time" if this is an auto ban caused by a bot check ? PD is not scanning 2 million accounts manually and then decides to ban people.

If they use another account they will be banned again immediately.

I'm not into hacking so I may be missing something obvious.

You are. First off, it doesn't appear to be auto banning but more of people being reported and then PD investigating. And no, they will not be banned immediately if they use another account, It is not a console ban. Did you not read anything that I, or others, have previously posted?

 

[p3bucky]

How they will be "back in no time" if this is an auto ban caused by a bot check ? PD is not scanning 2 million accounts manually and then decides to ban people.

If they use another account they will be banned again immediately.

I'm not into hacking so I may be missing something obvious.

Like I said before, a quick save resign and then switching the PSN names within the game data and your save is usable on a different account. And only the people who got reported were banned. If you went into private lobbies or stayed offline you didn't get banned. I switched my save over to a different account and haven't been banned yet despite going online. And I did that the same day all of this started, so it's not an auto ban.

 

[TurismoBad]

You are. First off, it doesn't appear to be auto banning but more of people being reported and then PD investigating. And no, they will not be banned immediately if they use another account, It is not a console ban. Did you not read anything that I, or others, have previously posted?

Nope but I should've.

Like I said before, a quick save resign and then switching the PSN names within the game data and your save is usable on a different account. And only the people who got reported were banned. If you went into private lobbies or stayed offline you didn't get banned. I switched my save over to a different account and haven't been banned yet despite going online. And I did that the same day all of this started, so it's not an auto ban.

Got it. Impressive game design/anti hacking measures

Might try some hybr...ehm..I mean hacking is bad!

 

[HBR-Roadhog]

I suppose they could do a patch that would encrypt the save data to make it more difficult for hackers. They could ban the console but that would be a drastic measure. Without knowing how they are hacking the data I couldn't say what other measures could be taken. I know some PC games I have played in the past check the game data files when you go online and if they have been altered in any way you are prompted to update your files and not allowed online if you decline. That would seem to be an ideal solution if possible.

 

[FarSideX]

Example 1 - In GT5 you had the problem of bazillion HP cars. If PD had a Spec Check that said, "Does this car exceed 1479 HP (or whatever the known limit was)?

Example 2 - There are known parts that can be put on each car correct? No car in GT5 could have a Racing Flywheel for example, it was only available through hybriding. Or Racing SuperSofts and a few other things. If you try to get onto the track online, a simple check is done to see if you have those parts.

These checks are possible. Every check that is added also adds more load on the servers. Checks are done when you enter the track, you can see the delay there now. Much of the delay is just network delay and waiting for your turn to be tested. As tests get longer the number of users in queue to be tested increases, making the wait longer, increasing the queue length, on and on.
For PD to add more checks they needed to see what was being done with hybrids and then test for the most damaging parts of it so the server load is not unmanageable.

Again, how would a hybrider get around this? Either you have the part or you don't.

Well this all depends on what one wants to achieve.
Currently PD has only banned hybriders that have been reported. Myself I applaud them for that choice as I don't want to see hybriders spoiling the game for others, just as I don't like to see anti-hack Nazi's spoiling the fun for the hybriders. The current method works for both groups.
It is possible to completely bypass the checks they currently use. If hybrids are completely blocked than the only option is to bypass all the checks. But that will make it a far worst problem when people start to abuse hybrids by taking them into lobbies and can bypass the PP and HP limits as well.

You would only check cars entering the track, not the entire garage to simplify things. The game already does this with Room parameters as set by the host, why can't they add another layer or two of known limits, hidden and unseen, and double check cars against that? Even if it takes 10 seconds to get onto the track, it would at least solve the majority of the problems would it not?

As I stated above this is already done, it is just a balancing game between number of tests and server load.

A note about checksums:
I see a lot of people asking why a checksum isn't used to prevent hacks. Checksums are great for detecting corrupt data, not so great at preventing hacks. They only check that data is exactly the same as when it was stored, not much help here.

 

[OdeFinn]

@FarSideX that server load goes unmanageable is just 🤬, data amounts what that check per player needs is approx same as amount in this message, did you just get afraid of that kind check?

Few VM servers dedicated for "validating" would be enough for whole GT6 online operations.

 

[Chrunch Houston]

big snip (click above to see what was cut)
Well this all depends on what one wants to achieve.
Currently PD has only banned hybriders that have been reported. Myself I applaud them for that choice as I don't want to see hybriders spoiling the game for others, just as I don't like to see anti-hack Nazi's spoiling the fun for the hybriders. The current method works for both groups.
It is possible to completely bypass the checks they currently use. If hybrids are completely blocked than the only option is to bypass all the checks. But that will make it a far worst problem when people start to abuse hybrids by taking them into lobbies and can bypass the PP and HP limits as well.

As I stated above this is already done, it is just a balancing game between number of tests and server load.
I see a lot of people asking why a checksum isn't used to prev
A note about checksums:ent hacks. Checksums are great for detecting corrupt data, not so great at preventing hacks. They only check that data is exactly the same as when it was stored, not much help here.

You had me up until that statement.

You are saying that all of the people that have been banned so far have all been reported, and then, all have been investigated by PD employees, and found to be hackers and then banned.

I call BS on that theory.

When I buy a new car, and take it in to get it upgraded, the garage (or whateveryouwanttoclallit) knows what I can or can't add to it.

I see no reason why PD can't check to see if a car is legitimate when it tries to go online just like @Johnnypenso said.

Sure 13 hundred something cars would take a while to check, but not one.

 

[Azure Flare]

1. Introduce spec check
2. If you don't pass with that car you can't join a legit server
3. ???
4. No hybrid issue

But nobody profits?

 

[Johnnypenso]

These checks are possible.
For PD to add more checks they needed to see what was being done with hybrids and then test for the most damaging parts of it so the server load is not unmanageable.

There was plenty of hybriding in GT5, I'm sure if they did a little planning they could have used that data to figure out where to start and get a jump on things. There's no excuse for a car with more HP than an X1 maxed out to ever appear in an online lobby. Or for one with negative PP, or massive increases in grip, or aero on a car that doesn't come with aero, or a 4wd chassis on a 2wd car.

Currently PD has only banned hybriders that have been reported. Myself I applaud them for that choice as I don't want to see hybriders spoiling the game for others, just as I don't like to see anti-hack Nazi's spoiling the fun for the hybriders. The current method works for both groups.

According to the hybriders themselves, the current method doesn't work at all. They just do a copy and paste of another PSN ID and they are back in business.

It is possible to completely bypass the checks they currently use. If hybrids are completely blocked than the only option is to bypass all the checks. But that will make it a far worst problem when people start to abuse hybrids by taking them into lobbies and can bypass the PP and HP limits as well.

Am I interpreting this correctly by saying that if I host a lobby and set a PP limit of say 500, combined with an HP limit of 600, you can still get around that with a hybrid? In other words you could get a 650HP car with 550PP into that lobby?

As I stated above this is already done, it is just a balancing game between number of tests and server load.

OdeFinn below seems to think this would be a piece of cake. What do you think? Are we talking 30 seconds to get onto the track or adding a few milliseconds or what?

@FarSideX that server load goes unmanageable is just 🤬, data amounts what that check per player needs is approx same as amount in this message, did you just get afraid of that kind check?

Few VM servers dedicated for "validating" would be enough for whole GT6 online operations.

But nobody profits?

Imagine PD releases this statement before the game is released:

We have instituted extensive checks and balances into the game to prevent hybrids from entering our TT's and any online lobby, whether alone, with friends or with random people. We gathered extensive data from GT5 and are determined to make GT6 a game that is free from online hackers.

So what happens then? February 15th someone tries to enter a lobby in a Civic with 3000hp and gets kicked out and PSN ID banned. He makes a thread on GTP and soon everyone knows you can't get into lobbies with hacked HP cars.

February 21st someone tries to enter a lobby with a 4wd Honda Civic...same thing..boot and ban. He adds to the thread from the 3000 hp Civic guy.

Yes hackers may eventually find a chink in the armor it's almost inevitable. But the initial message will inspire confidence and perhaps boost sales. The subsequent events will also inspire confidence and good PR. If the system is broken eventually, PD could have someone on staff solely dedicated to gathering intel and keeping an eye on things, visiting lobbies etc.

 

[Gravitron]

Whether you guys believe him or not, he's not going to be able to prove things with sources, we don't allow pointers to HOWTO's.

Do what he suggests and google his username and you will probably find out he knows what he's talking about.

EDIT: And before yet another person calls me a hacker sympathizer, the research I've done has been to prevent cheating. It takes one to know one.

 

[FarSideX]

You had me up until that statement.

You are saying that all of the people that have been banned so far have all been reported, and then, all have been investigated by PD employees, and found to be hackers and then banned.

I call BS on that theory.

Yes I am saying that everyone that got banned were all reported. As far as the rest, I don't know what PD did past that. This has been confirmed by a large group of people with not even a single instance of a ban or non-ban that would say otherwise was reported. Your denial is just speculation I assume?

When I buy a new car, and take it in to get it upgraded, the garage (or whateveryouwanttoclallit) knows what I can or can't add to it.

I see no reason why PD can't check to see if a car is legitimate when it tries to go online just like @Johnnypenso said.

Sure 13 hundred something cars would take a while to check, but not one.

It's is not just one car, it's every car online, every time they enter the track. Hybrids are made from legitimate parts in GT6 unlike the power limiter, etc in GT5. The stuff that was blocked in GT5 is still blocked in GT6. Engine swaps, power limiter, ballast exploiting, all that is still blocked.
When I take a Hybrided car into the garage (or whateveryouwanttoclallit) it does not complain because the parts are legit, I can still swap them in and out with the garage. The garage code does not detect the hybrid.

 

[Johnnypenso]

Whether you guys believe him or not, he's not going to be able to prove things with sources, we don't allow pointers to HOWTO's.

Do what he suggests and google his username and you will probably find out he knows what he's talking about.

EDIT: And before yet another person calls me a hacker sympathizer, the research I've done has been to prevent cheating. It takes one to know one.

Googling his name won't answer any of my questions though I'm not asking for howto's, just trying to find out what is and isn't possible, without divulging how something is done.