Why we should stop boxing on Mangler

If someone thinks 6 constitutes an army, then they may have bigger problems than what happens in a video game.

Well considering half this thread is someone arguing that anyone who boxes 6 should be instantly banned...

I don't disagree with you, but that's where the conversation is at.

With a deep enough sample size, which does not have to take all day (again, used 50 actions in my example), youre right, theres no way to have a false positive.

All of your "varying speeds" theory crafted situations do not apply, as once again, the game and the recording software all parse it in frames anyhow. If anything, this would cause false negatives through spoofing, not false positives. My point from before is the amount of labor equity needed to spoof that would require more resources than simply doing it by the rules, on 6 (or more) potato-spec-PCs.

Tl;DR - They could make it "cost intensive" and/or "labor intensive" to spoof this - if they wanted to actually ban the rule breakers, but this would cost them money - the real elephant in the middle of the room in these conversations.

And the making of that money causes them to look the other way on how it compromises the game system.

If only DBG hired you, maybe my wife and I wouldn't be randomly disconnected from time to time when we are each just playing one toon from hitting the same hotkey at the same time.

Wait wait wait... You're talking about the same character firing abilities at the same time-delay?! you do realise in-game macros/socials are totally acceptable, Right?

The best way to fix boxers is to make key dungeons into instances

I think you're confusing boxing and bots.. two completely different things.

Boxing is people playing, by themselves multiple chars. Bots are crap. They're automated, no one at the keys and they're doing things all by themselves. Really need to stop mixing up the two terms.

This is called “opportunity cost.” “Labor equity” is being paid for working for a company with partial ownership of that company instead of money.

This is all fairly moot as we’re talking about entertainment. Hackers who do what you’re describing view it as a meta game. They’re playing, not working. If they wanted to appply these skills for profit, they wouldn’t be playing Everquest. There’s one group selling bot software for eq. It manipulates eq’s memory and is detectable. Those folks are toxic, go get them. These are not the same boxers that have home grown set ups. The bot makers discord is public. You can join it without buying anything (I did). It’s not as populated as I expected, but there are a non-trivial number of users.

Scripts that key broadcast, parse logs, spam keys, etc (no packet capture or memory scanning) is an afternoons worth of work (min viable product) for someone with 10+ years professional dev experience. There’s a lot of these folks playing EQ compared to general populations. You’re over estimating how difficult this is and missing the point that the person doing it is playing a meta game, not working. When you write these things yourself, you can do things with random delays, random ordering, random skipping, random duplicating, etc and adding those features wouldn’t take much longer to write than this post did.

Running six computers to play six characters within truebox rules isn’t terribly difficult. It takes a bit of practice, but that’s it. You drastically overestimate how much skill and time this takes. It’s little more than sit and spin + buttons. I do it stoned, and I’m by no means the best or most experienced.

The vast majority of boxers do it for fun. Have a look at RMT backmarket krono sites. See how many unique krono sellers there are? Compare that with the huge (apparently) number of boxers running around. There’s a very big disparity between those two quantities.

Key broadcast detection is crap. There are endless ways around it, and it snags false positives. The other day I was 2 boxing two chanters in an AE group and manually spamming 1-4 on each char with either hand. I didn’t make it through the first pull before I was kicked — playing with zero automation. It’s have been easier to script and that script wouldn’t have had issues with key broadcast detection that my feeble wet-ware was prone to. The more intrusive you make this stuff, the more it disrupts legit players and nudges them toward the dark side. Have we learned nothing from DRM?

Give the boxers our own new server (starting in classic), now that the trueboxers have their own. Even though I bet the true box cry babies would still find reasons to complain about it.

I'd love to run the mage/mage/mage/necromancer/enc/dru dream in classic. Not because I'd waste my time RMTing (you make less than minimum wage farming Kronos in this game, not a good time investment.) But rather, it would be extremely fun to do so!

I've spoken with multiple people who won't even touch the new servers due to "True Box". DBG really missed the bullseye on this one.

Tried being group friendly last night. I ooc'd looking for group individually for my druid and my bard and I was planning on playing either one when offered a group. No offers......so I ended up boxing on the Trainor Hill in Crushbone. From then on I ooc'd looking for more people to join me and had no takers. I guess the experience was too slow there with the limited mobs. So not all boxing is evil.

Precisely and exactly zero of what was said discussed bots. What WAS actually discussed was the difference between multi boxing and single boxing with virtual.

Wed still catch it, and they COULD if they wanted, plain and simple. Of course, when we tell you how to detect the difference, someone will theory craft a scenario that can beat it in a vacuum, but there is one very important thing to note here. While we can play this game all we want on the forums, in reality, no one would be informed of the method(s) used to detect. They would receive an email stating it was determined they were breaking the rules. If there are 15 different things that can be done to detect this, everyone running cover for (and parsing words on the forums about) 1-14 methods would be caught. The people who knew about all 15 would be very few and far between. Fact: Most of those "hackers" you speak of are script kiddies on a good day. They arent META, and simply use what is handed to them by those who are.

This would remove most of those breaking the rules. The reason this does not happen as stated previously, is not because it cannot be done, but because of the loss of revenue that would occur if it was. What still cannot be denied (and hasnt even really been addressed) is how the game system itself is compromised when companies have to choose between compromising the original game system and making more money.

This is why I favor having a server for box-how-you-want, and a no-box-at-all server. People could even bounce between the two, farming Krono on their box server while actually getting their classic experience on the other.

The most amusing thing about this thread is its very existence in light of the pre-launch blabbering about Selo being the "race" server where all the mythical "racers" and "Krono farmers" etc would be thus leaving Mangler as a pristine utopia for those playing the game "as it was meant to be played"

The entire history of TLP servers has been an ongoing demonstration that wherever the game is played "as it was meant to be played" there's going to be a strong presence of RMT and all the related issues.

If you have people locking down the now obsolete "camps" to farm things to sell it's pretty obvious that someone is buying.

Been grouping with people all weekend. Have I seen some boxers? Sure. But being able to get camps right now is not problem because of boxers ruining your life. In classic there are certain level ranges that only 1-2 spots are “the best” and everyone wants the best. Oh but there are picks now!? Sure but 3 picks of Unrest still is only 3 MR camps. When you have 40+ people per pick, zones are just too overcrowded. Same with LGUK, boxers are not stopping me from grouping named, too many players are.

Maybe this boxer apocalypse happens eventually, but current problems are over population. Wish we could spawn more picks, but I don’t want servers to crash either.

So if anyone knows a good spot for level 35 that doesn’t have 400 people in it...let me know.

This. Just give boxers a Non-Truebox server and see what happens. If it becomes a wasteland of greed and grief, then so be it, we can say case closed.

Firstly, we know a lot and can take pretty good guesses at the rest. This isn't novel territory; it's all been done before. The methods are known. DBG ain't cutting new trails.

We can discount Big Data / AI / ML solutions, DBG simply doesn't have Valve scale resources. DBG isn't capable of having automated behavior based analysis.

We can discount active hacks detection to some extent because DBG raised the white flag on it and negotiated a truce with the creators of the very old semi-active hack software. Even if DBG were to fight this, it'd be a cat-and-mouse game of detect the cheat / defeat the cheat detection. DBG has to give us the client and we can inspect it to see what's happening. Those devs have done a good job at keeping this software off truebox servers.

As for the new active hacks that are being sold for profit. Most of these can be cat-and-moused as above, some can't. Some drastically alter the information sent to DBG servers, and if those features are used, should be trivial for DBG to detect. The users of these new active hacks aren't getting banned (or if they are, they aren't talking about it, so, they almost certainly aren't). DBG has either given up or is slow playing it. I'm hoping for the latter, but my guess is the former. For all the merits of the previous paragraph, all it did was create a market gap which is being filled by another player. This new player doesn't have the ethics of the devs in the previous paragraph and, if left to his/her/their own devices, stands to do more harm than the cheats in the above paragraph.

DBG tries to keep EQ out of VMs in the most basic way possible. If you have decent AV software, it will detect this and freeze EQ as this behavior of VM detection looks like malware. There are a lot better and more reliable ways to detect if you're running in a VM and these methods have been published by both malware developers and security engineers. DBG put forth the absolute minimal effort here and could have done a much better job with just a tiny bit more work. @DBG I'm an engineer at VMware (check the IP this is posted from to verify. Or linkedin.). I'll give you my insights on this for free if you ask. I don't like cheaters either.

DBG tries to keep EQ out of sandboxes such as sandboxie by looking at hardware address (mac addresses). Trial and error makes this obvious enough. We know that DBG keeps the hardware addresses cached server side and associated with either account / character. You can, for instance, camp account A on box 1 and quickly log in to account A on box 2. If you do this and try to log another account on to box 1, you'll trigger the server side detection of 2 chars/accounts having the same hw address. It seems they keep this association separate from other EQ functionality and poll for it. If you make a few more observations and make some assumptions along usual software patterns, there's an obvious attack vector here that would defeat the hw address protection. I haven't seen this documented elsewhere, and I'm purposefully leaving a key piece of information out. @DBG you know where to find me if you want me to expand.

DBG raised the white flag on passive pack inspection. This is used by the very very very old linux tool for mapping. DBG could defeat this by adding TLS to the wire protocol, but they don't. The computational load is minimal for it, and theres no reason to believe implementing this would be difficult. The only conclusion we can draw is DBG doesn't mind that this happens.

I haven't used this knowledge to violate the rules nor have I RE'd EQ object code or wire protocols. Public information + being a dev at VMware and having access to those resources makes it painfully obvious what's happening. No theory craft required. I do, however, like to know what I'm talking about, and avoiding talking about it isn't really possible bc whiteknights will hunt boxers such as myself down in game and grief us. I've had to learn all of the above to defend myself from the likes of you.

Four times since I started six boxing about 2 months ago, I've had white knights such as yourself harass me for nothing more than running with my 6 chars with /follow and 75 speed mounts. That's all it took to convince FOUR people such as yourself that I'm cheating beyond any doubt. One of these individuals not only cursed, but cursed at me with racial slurs (I'm a middle aged, middle class, agnostic, mostly-white mutt in the US. Can't get that experience anywhere else...). I didn't report him, but maybe I should have. "No one would use DBG wolf mounts if they had fancy crate mounts." was his reasoning. I stopped and summoned the wrulons. He moved the goal posts (Is there a white knight goal post moving instructional video I'm unaware of) and changed his argument that I obviously used my ill gotten gains from botting to be able to afford those mounts. /sigh /ignore

You don't have this information because you sit on the forums and make things up all day and spray your half formed ideas like a firehose at boxers. We boxers spend sooooo much more effort defending ourselves from the likes of you than you do understanding the very things you're whining about.

I just said this on the official forums logged into my main account. I'm practically inviting DBG to put my play under a microscope and/or ban me for giving information they'd rather have private. To the latter, I'll take that risk. There's nothing new here that the cheates don't already know. I learned a lot of it from reading information they published.

So the people on the outside have all this information on how the system works, because its not novel stuff and its all been seen and done before, but none of us (the same people on the outside) could ever know for sure if it is happening or not because its so vague and mysterious?

Seems legit.

Or more like, a direct contradiction in logic any objective observer sees from a distance, in these narratives which clearly favor one side (who somehow has all the information they could ever need) while the other could not possibly know for sure (due to the vast and mysterious techniques the script kiddies use while thwarting detection).

In typical forumite fashion everyone who disagrees with how RMT impacts the game system is supposedly a "white knight" - yet ironically its those justifying it hand over fist quoting the letter of the rules like a skipping record every time some other suggestion or feedback is provided.

That word, I do not think it means, what you think it means. /princess_bride_01.jpg

LOL. I haven't read the rest of the thread yet (should be a gem) but I just wanted to say... Wow.

I guess you know how the game is supposed to be played... by everyone.

Ok. I'll play. Neither of us can possibly know who's cheating and who isn't with absolute certainty... We should both shut up.

Which way do you want? Neither of us have complete and perfect information so neither of us is qualified to discuss it? It's fair to discuss it based on the information we can gather and each of our positions will be judged based on the citations and evidence we can provide?

You're playing both sides of the fence here. You're on the wrong side of the Dunning-Kruger effect. You don't know enough to know what you don't know.

Keep in mind, a few posts back, you asserted "Wed still catch it, and they COULD if they wanted, plain and simple." You've provided no technical information about how you can catch <unlinked pronoun, presumable key broadcasting>, yet you're completely sure DBG can catch this. This is laughable.

Suppose I have an application on a box that is also running everquest. This application opens a socket an listens for key broadcasts from command and control server. When this application receives a key boardcast, it first randomly delays then adds the desired key's scan code to HID consumer page where EQ can pick it up. How are you or DBG going to detect this? Even if DBG did something like implement an NTP client inside the EQ client and use it to stamp keypresses, which is about the best they could do to get around network lag issues or forged system clock issues, it would still fail to the above use case.

Solb?