A story of F2P and the failures of HWID bans

So last night I was involved in an unproductive siege on a VS defended Biolab (nice job VS, really owned our MAX crashes), when we decided there was too much interference at the satellite bases from jump pads and aircraft. My outfit calls for a mass redeployment to Warpgate to pull ESFs and Liberators, to try to clean things up, and prepare for a more organized crash. (we kept losing the satellite bases and could not keep the pressure up)

So I'm main gunning a Lib, 2 other people with me. The aircav gets to the Biolab and starts to clear the enemy, clean out the satellites and suppress the landing pads. We get hit, for a lot of damage. I hear my pilot over Teamspeak.. "What the hell was that?", to which I immediately reply "Dalton, get out of here." A second later, another round goes whizzing by our craft, barely missing us as we take evasive maneuvers. Another Dalton round, and another. I know it's just a matter of time before we eat it. A second later, Dalton round #2 lands and we're respawning at the Warpgate.

I take note of the gunner's name, as I always do. I pull my lib, and we all mount up to head back. We're doing work, suppressing a satellite base, hit 50% health and pull back for repairs. We land on the opposite side of the Biolab, near a friendly satellite base, then wham, Dalton round lands and it's back to the Warpgate to spawn. Same guy killed us again, but this time it was an easy shot on an immobile target. So we are back at the Warpgate, and the third guy pulls our last Lib. This time we're going to be on the look for that Lib. We are heading back, nearing the Biolab, spot the lib flying at high altitude. We are ascending, aiming to Tankbuster him out of the sky, which they see us and immediately flip to expose their belly. Wham, first Dalton shot lands lands, down to 30% health. We take immediate evasive maneuvers, wham, second shot lands and we're dead. Same guy.

So, I pull up a web browser, open planetside universe, search for this guy by name. BR27. 16K/D. Played 19 hours. Alright, something is amiss. I flip back to PS2 and this guy had sent me a tell.. "Hey, check out twitch.tv/suchandsuchstream if you want to see me killing you". Heh, alright. So I load up his stream, dude looks legit. No tell tale aimbot target snapping, etc. But his stream sucks, lots of lag and delay. At this point, I'm thinking this guy is just good. I mean, I'm pretty decent with a Dalton, I know what it is capable of, this is in the realm of possibility for sure. I'm not the one to call hacker just because I died, even if it seemed sketchy. I'm giving him the benefit of the doubt.

So I ask him, "what server did you come from?", to which he replies "I also play TR under alternative_name". So I look that name up.. BR58, 3.35K/D, played 9 days or something. Ok, well that's more reasonable. So I'm watching this guy do his thing, commenting on why his stream is lagging so much, suggesting ways to improve it. He's bumping down the resolution (streaming initially from the in game video capture) to try to get rid of the delay, and eventually I suggest he start using FFSplit instead. 20 minutes or so later, he loads up FFSplit, starts streaming at an initially high resolution/bit rate, and the stream is super laggy, blinking in and out constantly, can't really watch it at all. So I tell him to keep bumping the resolution down, eventually he gives up on FFSplit, and goes back to the in-game streaming option, but at a lowered bit rate. Stream is much smoother now, just really low resolution.

Anyways, so he's talking about his bad internet connection, does a bandwidth test, only has 1MB upstream, etc. But his stream is rolling, watching him Dalton loads of dudes to death, and I'm thinking he is just plain good. Couple other people have joined the stream by now, some people thinking the same as me, some people coming to call him a hacker. One of his outfit mates shows up eventually and attempts to vouch for him, to which the naysayers in the growing crowd of viewers comment on how aimbot can be hidden from a stream, etc. etc.

10 minutes later, one of the viewers posts a link to a video that Twitch automatically archived, from about 30 min earlier when he was using FFSplit. Fast forward to 5:45, and it shows on screen the overlay messages of the aim bot enabling, aim bot disabling, aim bot enabling, aim bot disabling. Wow. By now, multiple people watching the stream are looking at the video, saying the same thing, call him a hacker, the insults by now are flying. This guy puts the twitch chat room in slow mode (only 1 post per 2 min or something) and starts to hide/delete the archived videos, trying to cover it up, stating outright that he doesn't hack, etc.

Fast forward 30 min, the video is gone, but someone had already uploaded it to youtube and said they were sending it to the SOE support team. At this point, what is done is done. I am however curious of the psychology behind someone who hacked, so I attempt to initiate a civil discussion with this guy, asking why. Chat room is still in slow mode, so this is a fairly unproductive process, so I start sending him tells in game. More or less immediately, he logs off. I continue to state the evidence against him in twitch, once evervy 120 seconds, and eventually this guy just decides to come clean.

He goes on to detail that yes, he uses an aim bot, but only for purposes of "learning how to aim the Dalton", in the hopes that eventually he will become "the best Lib gunner in the game" and go on to getting a "sponsored eSports team slot for PS2" and essentially play video games for a living. Alright, cool to have aspirations and all, but I want to dig deeper. I ask him why, why can't he practice like everyone else, without hacks, learn the natural way? He starts to liken what he is doing to steroids, that this is just a quicker way for him to learn what he would inevitably learn anyways, at which point someone throws out a "Hey this guy is the Lance Armstrong of PS2". So I proceed to talk with this guy for a while.. he's invested some money in the game, but also pays for hacks. He understands the risks of getting banned, but says with the way HWID bans work, that he isn't worried about it, he'll just "go back to his main". I ask what he'll do if that one gets banned? "I'll just make a new account, spend $7 on a Dalton and keep playing."

Well, it's not long before he reports back that his VS character which was recorded using the aimbot, and subsequently supposedly reported to SOE, is banned. Wow, that was fast. A minute later, he sends me a tell on his TR character, "See, I told you HWID bans are easy to get around". Wow, ok. So SOE bans the account that they had evidence of hacking on, this guy does something, and a couple minutes later is playing again. At this point, I'm asking myself, what good are HWID bans AT ALL? It's good that SOE is banning people, but in the F2P world, where people apparently have unlimited accounts, regardless of having been caught and banned, how do you effectively police this, ever?

I've since looked into what hack would give the specific messages being shown in this video, and this is not the first time I've heard of this particular hack. This is the first aimbot hack I ever heard of when I started playing PS2, so it is obviously a publicly known hack. Yet people are still using it, not getting caught. (evidenced by this guy's 10 days of playtime) When they do get caught, it is by the community, and their own slip ups. How can this be a serious anti-hacker campaign, to rely on stuff like this to just temp-ban (in this case, the ban effectively lasted for a whole minute) hackers, who come back immediately and keep playing?

This just goes to show the flaws in the current implementation of F2P, and whatever anti-hacker efforts SOE is actually using behind the scenes. Props to them for not making those efforts public, but at the same time, they don't seem to be terribly effective.

PM me the youtube video, and any evidence (screenshots or video) of him messaging you from his other accounts.

I may be able to help.

I wasn't the one to upload it, and by the time I tried he had already removed it, so I don't have a video to post. Someone out there does, because it got the guy banned in fairly short order.

I did not take screenshots of him messaging me from his other account, because honestly, community enforcement of stuff like this just seems like a complete joke to me. SOE is not employing me to get hackers out of the community, and even if they were, if these HWID bans are all they can do, it simply is not effective.

I'm not here to pass judgement on the hackers, but on SOE's responsibility to get them out of this game. This was mainly to shed some insight on how one particular hacker thinks, which probably rings true with more people in that community. Simple reality is these people have no real fear of being banned, have no worry that regardless of what happens, they'll be able to keep doing what they are doing. And from what I've seen, they're not wrong.

Don't get me wrong, I want all of the hackers out of the game, but getting rid of 1 hacker, even if a screenshot from his other account could do that, is not going to solve this issue. SOE needs to man up and come at this from a different angle, because their current approach is apparently not working.

Oh good detective "poobah" is on the case. We are saved.

I give this thread, half an hour before it disappears in the mist.

Why? I went out of my way to not mention any names, not mention the names or URLs for any hacks, not even mention the overlay text the hack was displaying that would allow inquisitive players to track it down. This is merely a testament that the current enforcement in PS2 is more or less a joke, and they need to step up their game. SOE closes threads for a number of reasons, but so far, I haven't seen them closed simply to cut off some potentially bad publicity.

Well, that too is a legitimate issue, I don't know why they would hard delete character profiles like that. I work for a software development company, and one of the golden rules to handling user based deletions, is to NEVER LET THEM DELETE ANYTHING PERMANENTLY.

But I guess if this does get closed or deleted, hopefully it makes it back to someone who gives a smidgen of a care. I did not expect that posting this thread would result in a resolution of the problem, but we have to start somewhere.

Lol, tell that to dear old SOE, the innovators of gaming.

Anti-cheats do not work. Simple as that. If you can be bothered to put enough effort in you can circumvent any system out there, you need something that is to a 'league' standard (i.e. something used in a CS league for example) to be of any effect against your run of the mill stuff.
Ex: Punkbuster is pretty much worked around by any decent cheat
VAC can be worked around, what takes some effort is lowering detection due to the delayed ban system. IIRC the best of the best actually work as a device driver to do this.

However, we can suggest parameters such as:
Turn speed of mouse
Ratio of headshots
KDR
Amount of reports
et al.
This could all be combined with a 'Reddit style upvote system' that SOE appear to be fond of. The higher the parameters, it increases the player in the system so that cheaters can be identified quicker. However, this won't stop the cheaters who adopt a more subtle style.

Meh, PB...

I have a personal friend that is a coder and can get stuff like this bumped to the front of the line.

If there is legitimate evidence, I can just forward it to him to look at, and he can do whatever needs to be done from there.

The issue with this is that some people are better than others.

I personally have a headshot ratio of almost 40%, which some people find ridiculous, or impossible, etc.

KDR can be grossly inflated by stricly bombing in a Liberator and logging off whenever the slightest sign of danger arrives.

Mouse speed? My sensitivity is near the max. I'm pretty sure some people will play even higher.

Just some ideas for parameters - there would be more and there would be no bias between them. Of course, it wouldn't be an autoban system per se, but would highlight some *potential* cheaters. Nothing beats a human.

I mean that's cool and all, but that happened last night and his VS account was banned. Then he un-did the HWID ban or whatever, and was back on playing his TR character again. Maybe his TR character gets banned, then what? He makes another one? Ultimately, nothing gets accomplished.

I don't believe they are even using HWID bans. Do you have any source for this?

It was always my understanding that the bans were account based, just like other SOE games.

I do but you need priviledges to see it.

SOE will never be able to ban hackers, all they have done is delay the hackers by making their framworks not work for a while, it will work by next week.

Yeah, I agree. A highlight system and a human GM that actually plays the game and lives on the server would be perfect.

Unfortunately, this is SOE. So, we get CSR's from India who respond to a ticket (which has to be submitted out of game) 4 hours to 1 week later, and don't even play the game.

Good luck getting these people to hire, or even accept volunteer GM's.

Well, just what this hacker told me. I think I established a fairly good report with this guy, and he told me that he couldn't log into his TR character until he 'un-did the ban', but who knows, for all I know this guy was just lying to my face. There is evidence of the existence of HWID bans on various hack forums, (which I've read in my research in the past 12 hours) so I think it is a legit thing.

HWbans are easy to spoof, these guys are even going for Mac address bans, the funniest to fool.

This is correct. HWIDs are notoriously easy to change, and it would not surprise me if they released a HWID spoofer/changer soon.