Phantasmal Quest Editor

[Mylandra]

Any technical info about the game can be used to improve cheats. And cheating is only discouraged, you will only be banned for deliberately harming the experience of others. We're trying to do the opposite here.

I don't really care about being banned, it's simply not a forum to discuss those things imo
If they were external apps not affecting the client directly, then maybe, but they aren't.

Even if you want to keep cheaters from getting even better, a little video wouldn't hurt, would it? Please satisfy my curiosity, man. You can't go around talking about this awesome tool you made and not even show us...

It's got nothing to do with keeping cheaters from getting better. I used to be top community member on the cheater forums before they became extinct many times over. Although I was sharing only basic stuff since the board community was basically non-existent and the posts are lost everytime there's a wipe which doesn't really motivate you to make the same posts over and over.

And also I just don't understand how cheating is even possible in this game anymore. Some simple sanity checks on the server would counter most cheating, no?
I know the server decides which monsters spawn and it decides which items drop. That's about the end of my knowledge when it comes to the protocol. Even if clients decide which monsters get hit (could a client say it hit every monster in the room 50 times in 1 millisecond?), it would be impossible to get more xp or items than is reasonable.
You could of course write a perfect bot that just runs around rooms and kills everything, picks up the items and feeds 10 mags at the same time. Make it's behavior indistinguishable from a player and you broke the game. The only way to counter this would be to ask players captcha-like questions every now and then or e.g. remove all monsters from a quest except for one rappy to see if they notice.
Am I correct in thinking that cheating outside of the perfect bot scenario is only possible in a very minimal way unless a server is very, very trusting of its players?

Under normal circumstances, it takes a bot about 5 minutes to levelup to 200 on a 1x rate exp server (Most servers have a much better exp rate) and if correctly built bypasses all anticheats in place on every single server. If you add another 5 minutes you are fully geared assuming you have the right section ids to farm everything(That's literally excluding the fact you can multithread this into a huge botnet). However, if you activate both at the same time, it is much less assuming you can fetch all the items you need from a single section id (or if you only want uber characters and items).

Alot of the uber cheats rely on server exploits and/or improper server validation. The truth is, this game was originally made to run without a server and save the character files locally. And thus, using UDP (to lower server and bandwidth costs), the clients would then connect to each other and send packets between each other to sync the game with the leader. The leader would contain all the infos and relay important parts to the other players.

The server was later improved bringing along TCP to relay the packets between the clients. And starting with BB, the server began filtering packets by adding server validation and saving the character files on the server. The problem is, the game is still fully client sided and doesn't care too much about the server. Aside from the added server validations, there's nothing preventing a player from messing up other people's computer by relaying carefully crafted packets and whatnot. As you can guess, cheating can occur in the same way if validations aren't properly made by the server or someone abuse a flaw in the code which can be reviewed by anyone due to open source and is partially the reason why the people who updated the source don't want to hand their own source. If they did, people would abuse the new exploits due to new server features. The server base was easier to make relaying everything without looking at its content, proper validation takes a long time and still isn't complete on any of the servers currently online.

The server for instance does not decide which monster the client should spawn, it's part of the file in your game folder. The very same happen when the server sends a quest to the client, the whole file is sent so the client can parse everything. By that point, the client already knows which monster spawns where, where are the rare monsters and if there are any, where the boxes are, npcs, everything. The monster ids are also generated by the client which the server tries to mimic so it can validate which monster was hit/killed. For instance, when I released the first version of the enemy editor years ago, people could use it to spoof the type of monster they killed and could get shitload of red boxes easily (There were also features to insta kill everything for mega mass loots, xp leach to get full xp without hitting/killing anything). It's kinda a good thing at this point I stopped and never released the later versions that allowed you to instantly spawn all the monsters on the map and the integrated autoloots and such(I'm letting you guess the tool currently has a bot feature). Schthack later took the time to reverse how the ids are generated and apply that rule to the server to fix the exploit which is a good thing in a way because the economy was a complete mess at that point. The server basically just gives some experience when a client says he killed a monster and relay to other clients which makes the monster die on their screen and they tell the server if they hit the monster and should get experience at that point. These are just examples, but the whole game works this way to give you basic understanding about how it works.

Anyway, I feel this is a bit off-topic but if you have some questions you can pm me or whatever instead.

 

[Wilhuf]

Thanks for the explanation, your post seems to corroborate my suspicions. It's a horrible protocol and all the servers just implement it in the most straight-forward way possible and afterwards add ad-hoc protections against easy exploits. It's a shame that one smart script kiddie can ruin things for everyone.

But if it wasn't for this very trusting attitude, we probably wouldn't have any servers to play on. Because as you say, doing things properly would easily take 3-4 times as long. I'm glad that in Tethealla at least the really annoying exploits that crash clients etc are (mostly?) countered. I'm sure people still manage to cheat their way to high levels and top gear, but at least that doesn't impact others as much.

And yeah, we should get back on topic. So far I've been working on the new developer's wiki with several others: http://sharnoth.com/psodevwiki/doku.php?id=start, so I haven't had that much time to work on the quest viewer. But I still managed to make it possible to switch between areas (e.g. Pioneer II, Forest 1, Forest 2) and display all the NPCs as cylinders on a 3D map.

There are still two problems though. The editor positions some NPCs in the wrong spots because it doesn't detect all map sections correctly yet. I'm working on this and it will probably be done tonight.

The other problem is that I can't seem to map all episode II area ids and area variant ids to the correct *c.rel files, if anyone has any tips on this, please share them! For example, dragon and tower ids are not mapped to the correct files yet.