Hi,

alright, there is another speedhack around, just have one player now on Cargame.nl S2. Driving RB4, sensibly or stupidly, decide for yourself. First time just flew through a grid and crashed all GT2s in front.

Maybe CG tried to ban him on the server but it did not work and he's now back again. So more replays. (2013-07-10 16.00-17.00 CEST races on Cargame.nl S2)

Player: soaresmatheus1996

First replay is quite clear, just watch him on the start.
Other replays are when he managed to get back again and is still using the hack.

So I guess it would be nice to have another security update of LFS.

Thanks Scawen

He already got permabanned on the server so he's not coming back, but it would be nice to see his account banned aswell. This kind of behaviour is retarded and pointless.

after doing some checks on replays from when he has been on our servers(mrc) i noticed on a couple of occassions he used the speed hack so hes also been banned from all our servers

thanks

mrc bish

Does anyone know how the speedhack actually works?
A quick google (and search on here) didn't find much useful info - some people claimed (way back in 2008) that the master server was fixed to stop the hack from working.

Not sure how many cycles of hack and patch there have been since then, but the hack is working at present.
I've seen people speedhacking in the last few weeks, in a really unsubtle way which made it massively obvious that they were doing it. (This was mainly on the CG servers, which I believe are all 0.6H.)

I'm intrigued to know how it works, from a programming point of view.
However, I'm even more intrigued to know why it hasn't been permanently fixed - is there something impossible about it? That would be a real shame, though it's hard to believe we couldn't find a way.

My fear: if someone does it subtly enough they will go undetected...

Quote from Neilser :

Does anyone know how the speedhack actually works?

This currently speedhack add some "power" to engine, it using Engine Damage to do it. Default value is 1 (the engine is not damaged). In normal situation this value aims to 0, but when someone want to use it as a speedhack he must incrase value (and lock it). So value 1.2 = +20% to engine power.

Quote from Neilser :

A quick google (and search on here) didn't find much useful info - some people claimed (way back in 2008) that the master server was fixed to stop the hack from working.

This fixed speedhack was added rotation to wheel spins.

Quote from Draggo :

This currently speedhack add some "power" to engine, it using Engine Damage to do it. Default value is 1 (the engine is not damaged). In normal situation this value aims to 0, but when someone want to use it as a speedhack he must incrase value (and lock it). So value 1.2 = +20% to engine power.

This fixed speedhack was added rotation to wheel spins.

OK, thanks. How did you find this out? (Regarding either of these techniques.)

I'm confused about the engine power idea - what I've witnessed recently didn't look like a steady excess of acceleration (or speed), but more like a fairly regular supply of small "bumps" in speed, almost like the car was repeatedly being bump-drafted by an invisible car. (This was typically around once per second or thereabouts; sometimes quite a bit slower.)

Quote from Neilser :

what I've witnessed recently didn't look like a steady excess of acceleration (or speed), but more like a fairly regular supply of small "bumps" in speed, almost like the car was repeatedly being bump-drafted by an invisible car.

Sounds like lags,as LFS client receives packets with car locations that are different then your client calculates to be from normal full throttle acceleration.

Hmmmmmmm, OK, I will compare with other cars in the replay to make certain the "hacker" had implausibly good acceleration and/or speed. He did claim it was lag, LOL.

However, I could swear I read somewhere in this forum that LFS transmitted position, speed & acceleration in the position packets (and maybe the 3rd derivative of position too), in which case that shouldn't happen. It could only happen if LFS only used position and speed...

Motivation for cheaters is usually that they want to troll/annoy others.
I think best protection is that most servers in LFS are either private or have admins.
The guy from first post would likely have been kicked anyway, cheat or not, for the crashing already. Crash around for an evening, then get banned, totally worth it.

Quote from Neilser :

Quote from Draggo :

This currently speedhack add some "power" to engine, it using Engine Damage to do it. Default value is 1 (the engine is not damaged). In normal situation this value aims to 0, but when someone want to use it as a speedhack he must incrase value (and lock it). So value 1.2 = +20% to engine power.

This fixed speedhack was added rotation to wheel spins.

OK, thanks. How did you find this out? (Regarding either of these techniques.)

I do not know details about this in LFS, and imo no point to discuss it too much.

But generally such things use similiar principles and one technic is memory hacking. All programs or game keeps their data in Memory of computer.
It is possible for other programs to read (and edit) the same memory space.

Finding out where to look is first step. So say in a game you want to give yourself more money:
You start the game and look in memory of game if there is variable that has same known value as your current money.
Watching memory like that is similiar to what programmer might do when searching for a bug.
Then you try to change values. It might not always work, maybe the same variable/value appears in several places. (It might find the Money-variable used to display Money, but not the one used for calculation, or whatever)
Eventually you find the adress and then can write a program that does it automatically.

The operationsystem and game can do some things to make it harder, for example randomizing the addresses of memory. Or adding more checks. But any check can be fooled.
(basically anyone with access to a Computer can controll anything that happens on it.)

Another thing is that over the years many tools (for games in general, not just LFS) have been made that automate the above process.
So most cheaters do not have to be very skilled or even know programming anymore, just download and click around. (Sometimes called "script kiddies")

(I think this is quite vague but if a mod thinks this should not be discussed then just delete it. I think sometimes players wonder how it is done and that gives cheaters way too much 'respect' or attention for their nonsense.)

Quote from Eclipsed :

Sounds like lags,as LFS client receives packets with car locations that are different then your client calculates to be from normal full throttle acceleration.

Quote from Neilser :

Hmmmmmmm, OK, I will compare with other cars in the replay to make certain the "hacker" had implausibly good acceleration and/or speed.

Phew, you had me doubting myself I've now checked carefully. The particular hacker I saw a couple of days ago was NOT reaching stupidly high speeds, but his car was repeatedly hopping forwards while he had the throttle on, but never stepping backwards under braking (or sideways while cornering) - not consistent with lag. Also his engine note and speed reading were hopping around while this was going on, and finally his forward/backward acceleration reading (F9) was generally -0.1 or more (i.e. accel backwards) even while accelerating forwards, and while other cars he was keeping pace with were showing small positive readings (e.g. +0.03). So yes, I'm very very certain he's hacking, though I don't know how.
However, I don't think "speedhack" is a very good name for what he's doing - maybe "positionhack" is part of what's going on.
I also found older replays with hacking going on: some had the same guy (different car); another had some other idiot doing the same stuff but in a much more exaggerated fashion so it was really unambiguous (crash, then catch and pass quick cars one corner later, plus reaching silly speeds). I didn't check which LFS version was in use for each of these replays (is this possible?).

Quote from Gutholz :

I do not know details about this in LFS, and imo no point to discuss it too much.
[snip]
(I think this is quite vague but if a mod thinks this should not be discussed then just delete it. I think sometimes players wonder how it is done and that gives cheaters way too much 'respect' or attention for their nonsense.)

Indeed, I know how hacking works, in general. However it's much easier to cheat if you don't have to make it work online, in communication with both a master server and a remote dedi server over which you have no control, and which ought in principle be able to detect rather a lot of your trickery. I'm surprised and a bit disappointed that the LFS server can't detect these cheating clients.

My motivation to discuss it at all here is primarily to help us get rid of it. Understanding how it works is also of interest to me (as a programmer) but I don't want to assist others to hack. I suspect though that anyone who looks hard enough will find "script kiddie" answers out there, as you say, so discussion here shouldn't hurt the LFS community, though providing excessive detail about how the hack works probably wouldn't be very prudent

Maybe if LFS have a feature like flushing /refreshing memory (car data or physics, on practice /race) after the cheater ALT-TAB /switch back to LFS, it can prevent /reject any applied hack, maybe...

LFS alredy has this feature, but -> https://en.wikipedia.org/wiki/Pointer_(computer_programming)

It's so obvious it doesn't matter much. There was some major problem earlier, I used it during an official league race to prove my point. Quite some people thought it was weird I all of a sudden became alien but even with this 'subtle' cheat (it are cheats) little lags where noticeable. But in a way it was very hard to prove that it wasn't lag but a cheat. It gets tricky if some cheat like that shows up.

This whats going on for the last years is annoying but it's so stupid that you cannot take it seriously.

what is aston?

Quote from TehThanasisP1 :

what is aston?

The track