Just found this posted at the forums at http://www.final-fantasy-online.co.uk

"Many people are beginning to wonder if PSO Episode I & II will be infected with cheaters from day one, but if a recent article on Sega.com is any indication, the new GameCube edition of PSO will be more secure than it's Dreamcast counterpart. Sega is now selling a new SNAP (Sega Network Application Package). Among the advertised features are advanced security mechanisms. Sega also confirmed that PSO Episode I & II will be hosted on servers with SNAP. While we can't be certain how secure PSO Episode I & II will be, it is certainly encouraging to see some additional measures taken against cheaters.

Looks like there at least going to be changing the server protacol then which is good news.

YAY!!! this means that they do care! now we just have to hope that they bother to update it as time goes along...

Not that i like it but...with pso comes the cheaters and the hackers, even though maybe 3% are the only real hackers.

Cheating is inevitable. http://www.pso-world.com/psoworld/images/phpbb/icons/smiles/icon_frown.gif

with this news it makes me wana go out and buy the game now!!!! *sigh* if only it was out already....

WOW!!!

I'm so happy! No more cheaters on PSO! Thanks SEGA!

But...
Wait... SEGA offered a lousy protection against cheaters and hackers...
Wait... SEGA lost the battle against cheat codes (both online and offline)
Wait... GCN Trial Version was actually cheated by connecting a PC to the GCN!

Uhm... I don't trust SEGA anymore. They proved they suck in online gaming support. I want to try the final game before saying "GCN PSO is a safe enviroment".

^_^;;;



<font size=-1>[ This Message was edited by: beatneko on 2002-08-22 09:51 ]</font>

My feelings exactly.

I don't buy it. I'd be really nice if it did prove to be effective, but... not gonna get my hopes up.

The fact that SEGA is trying to sell this kit, developed after the experience of DC and GCN Trial PSO, is amusing.

Think about it: after their customers are all dead or kidnapped, a security company is offering its services to other companies.

Dam... my English really sucks... >_>;;;



<font size=-1>[ This Message was edited by: beatneko on 2002-08-22 11:18 ]</font>

I don't even see any article on sega.com about snap =-_-=.

http://biz.yahoo.com/bw/020522/220021_3.html

Thats a press release with more info

This is the part about the cheating:

Security: advanced encryption ensures that cheaters never win; global authentication system ensures universal identity

http://www.sega.com/business/

info on sega.com

I'm not saying cheating won't happen i'm just saying at least sega is trying...



<font size=-1>[ This Message was edited by: LuvSlave on 2002-08-22 11:52 ]</font>

Take a game like Anarchy Online, Neocron, or any MMORPG out there. They don't encrypt anything, because they know it's useless (what prevent someone to mess up with the network dtaas before they are encrypted to be sent to the server ?)
But, in those games, there's no hacker, even though they run on a completly open system where someone can easily mess up with rogram code, datas, and everything. Only exploiters, who make use of existing bugs in the server (which are few and usualy fixed quickly)

The main difference with PSO, is that the game rules are handled by the server. Client only display the current state of the game world from one particular player PoV. That's why you can't hack anything like item creation, duping, PK where not allowed, etc. like it was possible on PSO.
Of course, in those games, characters are saved on the server as well.

That simple sentence: "Security: advanced encryption ensures that cheaters never win; global authentication system ensures universal identity" proves that Sega didn't understood all that.

They try to secure the client/server communication, but the game should be designed not to trust the client to be hacking proof. Data can be messed up with client side before it gets encrypted, so encryption is utterly useless.

The problem will always be easily traceable back to the fact that the characters are stored client side. Let's face it, once a character is created and stored on a memory device locally, a hacker can do whatever he wants with it, and Sega really can't stop him. Sega can say "I don't think a Spread Needle 60/60/60/60/60 is valid" but a 60/60/60/0/0 *IS* valid (even if the chances of getting one is impossible). Sega can't prevent anything they couldn't prevent on the DC version; psudo-hacked or duped weapons which are NOT rediculously overpowered versions. Actually they *could* by simply serializing each and every item a player picks up, and making it impossible for two items of the same serial to exist in a player's game.

The more important issue is people with agendas. The deliberate BSOD's and related crashing/locking up/freezing/PKing/etc. junk is 500x more of a problem than any hacked item. On the DC, getting such a code was merely a matter of punching in random codes until something happened. PSO expects a certain range of values, and feeding it bogus info outside that range just confuses the heck out of it and this is the result. To lock down PSO, this method has to change. The server simply needs to be told "this can happen, and nothing else can. If I want A, and I get Q, I should know how to handle it." PK'ing is probably easy to deal with online, all they need to do is explain the concept of "friendly fire" to the server. Outside of the battle mode, there's simply no way a character should be able to damage another character. Ever. If the server sees it, it should be able to tell the client "disregard that"..

I don't know why Sega's even fighting this. One stupid option could end this charade.. The ability to host a local game outside of their network. But then they wouldn't get their precious $5 or whatever a month. They'd just get alot of annoyed customers with currupted characters thanx to cheaters and Sega's lack of ability to deal with them.

Well at this time, all we can do is wish... If we are lucky, SEGA will do its part and do its part well if their games are any indication. Like they say, you can't built a city in a day, so SEGA taking a step, is the first step to building a free of cheating online gaming society. I'm hoping for the best.



<font size=-1>[ This Message was edited by: Lloyd on 2002-08-24 17:08 ]</font>

This is a inline quote

"Sega can say "I don't think a Spread Needle 60/60/60/60/60 is valid" but a 60/60/60/0/0 *IS* valid (even if the chances of getting one is impossible). Sega can't prevent anything they couldn't prevent on the DC version; psudo-hacked or duped weapons which are NOT rediculously overpowered versions. Actually they *could* by simply serializing each and every item a player picks up, and making it impossible for two items of the same serial to exist in a player's game."

Serialization of items are not a viable option for SEGA. As I noticed, Sonic Team seems to go cheap on server design with the intention of saving on maintenace money. Keeping such a big and dynamic database would be really expensive. Also it's not hack proof as you can think of ... All depends on how much data is stored for each weapon. Just wonder how much storage space they would use for this ... I'm sure they're angry enough for having to keep a hash(sample of savegame data for identification) of each player savefile to fix the duping by savegame copy.

"The more important issue is people with agendas. The deliberate BSOD's and related crashing/locking up/freezing/PKing/etc. junk is 500x more of a problem than any hacked item. On the DC, getting such a code was merely a matter of punching in random codes until something happened. PSO expects a certain range of values, and feeding it bogus info outside that range just confuses the heck out of it and this is the result. To lock down PSO, this method has to change. The server simply needs to be told "this can happen, and nothing else can. If I want A, and I get Q, I should know how to handle it." PK'ing is probably easy to deal with online, all they need to do is explain the concept of "friendly fire" to the server. Outside of the battle mode, there's simply no way a character should be able to damage another character. Ever. If the server sees it, it should be able to tell the client "disregard that".. "

Actually this seems to be more of a client problem than server. This communication is made in a client-to-client basis. The server doesn't handle this directly, as you might think. The server basically control the items, map keeping, and monsters alive/dead condition. Also the text messaging. If your client lags from server, you cannot talk but still you see people walking and shoting ... etc. But still you can'ty talk or gety items. So if someone mess his client to sent you bogus data, and your client program is dumb enough to accept it, shit will happen.

"I don't know why Sega's even fighting this. One stupid option could end this charade.. The ability to host a local game outside of their network. But then they wouldn't get their precious $5 or whatever a month. They'd just get alot of annoyed customers with currupted characters thanx to cheaters and Sega's lack of ability to deal with them."

This is the side effect for their going cheap with server policy ... http://www.pso-world.com/psoworld/images/phpbb/icons/smiles/icon_smile.gif
Too bad the cheating spoiled the japanese player community as well... They have to change their server policy if they want to keep cheating down to levels we can bear...

P.S.: Before you guys think wrong about me (I know some people here think I'm a cheater) I'm not a cheater. I am just interested on how the game engine and the server works. It just happens the nformation I want to learn flows on hacker community.

Sooo basically were all screwed if we go online no matter what? That there is nothing sega can do to stop the cheating unless they decide to actually spend money? That can't be right.

I hope it works, but I'm still going to take a wait-and-see approach. In the mean-time, it's Anarchy Online for me.

theres gotta be a way to stop dupers and hackers they did with diablo 2 on pc why cant sega do the same thing.[quote]have no limitations as a limitation nothings impossible

if possible could someone e-mail a list of all legit weapons armor and items for the xbox version?this would be greatly appriciated.

Wow you bumped a year old topic O_o

Must...resist...HUmar n00b sterotype...

On 2003-06-30 13:34, Broken Hope wrote:
Wow you bumped a year old topic O_o



no kidding! it certainly is funny to see old posts in retrospect ... Gamecube having improved servers and countermeasures against hacking/cheating ... ha!

Yes, well, you don't usually expect them from an exploit in the game.