DOTA is Defence of the Ancients for any non-gamers (like me!) in our community. It is often used as a word.
The cat-and-mouse battle between game makers and cheat makers has seen plenty of inventive twists and turns over the years. Even amid that backdrop, though, Dota 2 stands out for a recently revealed "honeypot" trap hidden inside the game's memory buffer.
In a blog post this week, Valve revealed the existence of this trap, which was released as part of an earlier update to the game. Valve says that update included "a section of data inside the game client that would never be read during normal gameplay." But that memory could be read by third-party cheat tools that used exploits to sniff out (and share) internal data normally invisible to players.
To activate its honeypot trap, all Valve had to do was watch for any accounts that tried to read from that "secret" memory area, an event that would lead to "extremely high confidence that every ban was well-deserved," according to Valve.
(Score: 2) by bzipitidoo on Sunday February 26, @05:28AM (4 children)
If a game is so dull that a dumb bot can successfully work the controls and actually progress faster than most if not all humans, that could be a sign the game isn't very good. The MMORPG genre in its current incarnation has gotten really old. They're some of the mechanics and almost none of the real role playing of the old school pencil and paper role playing games. One of the best parts of having a human game master is that this person can respond intelligently to a far wider and more diverse variety of player actions and plans than has thus far been programmed into a computer game.
As for MOBA, I think of such things as aim bots as not much different than the military use of the latest tech.
(Score: 5, Funny) by Anonymous Coward on Sunday February 26, @07:54AM (2 children)
I also agree that chess isn't a very good game. 😉
(Score: 4, Funny) by Ox0000 on Sunday February 26, @01:05PM (1 child)
It isn't; the graphics suck. Not enough polygons. That's not why I bought that top end graphics card from a bitcoin miner.
Also, the game has bugs all over: the knight never renders on my horsey, real estate keeps shifting on the board, and the peons never do what they're asked.
One thing that keeps me playing is that even though the queen lacks serious boobs, as any female protagonist in a game should have, I do think the bishop is shagging her, so at least there is _some_ intrigue.
(Score: 2) by Freeman on Tuesday February 28, @03:10PM
I hear Battle Chess is awesome. Lots more boobs too, at least 4, one for each queen.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by richtopia on Monday February 27, @03:27PM
Oh yea, video games never hide data from the user that could be revealed to the player allowing more informed decisions. Just like real war - you always know exactly where your opponent is at all times. Drones are just useful for taking selfies with those opponents.
(Score: 0, Insightful) by Anonymous Coward on Sunday February 26, @02:41PM (4 children)
This doesn't really make sense to me. IF I wrote cheating software for DOTA2 why would I scan all the memory for data? If I want to cheat I would just scan the places where I know there are relevant changes that I'm interested in. So the people that made this cheat-tools (or trainers or whatever they should be referred to as) must be bad or lazy or it's some kind of duplicate data that somehow looks or acts interesting but does nothing, but then once again they should have been able to figure that out that this part of memory while changing and looking interesting doesn't actually do anything.
(Score: 3, Interesting) by Ox0000 on Sunday February 26, @07:03PM
ASLR: Address Space Layout Randomization (but explicitly done by the process's author, rather than the kind the kernel provides).
As the author of the process, _you_ may know that range 0xDEAD to 0xF000 inside your memory space is honeypot, and that you won't access it, but someone else may not. Next time you run, you change the offset of the dead space to keep the cheat guessing.
In order for them to know what's in it, they also have to actually look at it, and thus access it, tripping the wire...
These cheats are playing a catch up game, always and by definition. So they _have to_ resort to understanding the entirety of the memory.
(Score: 1) by khallow on Monday February 27, @01:13AM (2 children)
Indeed. Perhaps there were relevant changes in those off limits locations?
(Score: 0) by Anonymous Coward on Monday February 27, @03:45AM (1 child)
That could very possibly be the case. After all if you have a honeypot you have to make it interesting otherwise nobody would be looking or falling into it. That said all my cracking and training knowledge are from the 8 and 16bit era so whatever they do today is of little interesting to me and I have not really kept up to date. But the basic principles and methodology should be similar, just a lot more convoluted. But the only way someone half competent would fall into the this kind of trap is if something in the pot was interesting enough, perhaps they are duplicating interesting values in there and they somehow appear to be relevant and they can't tell the real from the dummy trap values. Add all the other usual protections and perhaps they just got lost in all the checksums, duplicates, references, encrypted and various dummy values in there.
I would think they might have burned a few accounts in the creating of the cheating tool but why would you leave that in the final product? You should have figured it it was a trap or nonsensical by that time or eventually. Perhaps it depends on what method they used to accomplish their goal. Either you monitor all memory for changes of interesting things, such as lives or resources or something. You play, look at the values, back into the game and die, look at the values again until you zero in on the interesting things and then you look at code for that in the memory and then you tweak it so life or whatnot isn't decreased, you can add resources or the location of enemies is not hidden or whatever. Or if you don't go that route cause DRM software these days doesn't like it when you run debuggers and memory monitors you try to decrypt and dissemble code until you find interesting things and then you change them and try them. You might fall into the trap. But you shouldn't keep falling into the trap if what you did think was going to happen doesn't happen, over and over and over again. That would just be bad and sloppy work. So something interesting must be happening in the honeypot for there to be any takers.
Perhaps as noted by Ox0000 above they use some kind of dynamic or random memory allocation and the location of the interesting bits just keep changing. Perhaps changing constantly. But then you should really notice that and it still doesn't explain why you would go poking around inside the trap after that. Perhaps the location changes constantly and randomly and they just have to monitor all, or a certain few ranges of, memory at all times and for certain values and changes in values and then I guess if you duplicate things into the trap then that could trigger. But wouldn't they (valve) then need some kind of table or way of knowing what is the real and honeypot zone so they don't go into the honeypot zone and self-trigger? If they have it, you should be able to figure it out to.
It could also just be a poor article where they don't actually explain, or understand, things, which is why I said it didn't make much sense to me -- "a section of data inside the game client that would never be read during normal gameplay". If there is a section of data in memory that never gets read or used then why would I go there looking? I might trigger something if I poke around in there but if it yields nothing interesting then in the end it becomes irrelevant. It should never trigger as interesting again then and you would just leave that alone. That just seems sloppy and bad.
Still the only reason I would see that Valve would disclose this now is that the makers of the cheat have gotten onto their game, 40k cheaters busted and they figured it out either by code or perhaps all those lawsuits had to disclose it in legal papers.
(Score: 4, Insightful) by legont on Monday February 27, @04:01AM
Let me try...
Suppose during the game one gets a treasury box that randomly gives one of ten grenades of different flavor to the player. It does it by accessing one of 10 memory spots. However the software is written as such it can't return the grenade number 5. It does exist in the memory though and once cheater gets it, it is proven they is a cheater.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 3, Interesting) by turgid on Sunday February 26, @07:11PM (1 child)
Isn't that what a lot of commercial software licenses say these days? Don't look at the binary? That always used to be part of the fun of getting a new piece of software, to hexdump it and then disassemble it to see if you could figure out what it was doing (spoiler: no). Then, filled with awe and wonder you would be inspired to become a software developer.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Informative) by Freeman on Tuesday February 28, @03:14PM
As a Server/Client kind of system. The only way you could get your hands on the server software is by hacking Valve directly. Pretty sure that's against all kinds of laws.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1, Touché) by Anonymous Coward on Wednesday March 01, @08:33AM (1 child)
Seriously, letting someone have that level of access to your computer to play a game. No. There are lot of other games to play, and other things to do.
(Score: 3, Touché) by turgid on Wednesday March 01, @06:31PM
Is the correct answer!
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 0) by Anonymous Coward on Thursday March 02, @09:19AM (1 child)
I recall buying a game a long time ago with a driver that was for DRM. I never played it. Looking back I don't see why they made such a big fuss about it. That was in the 1990s. I have given up on modern video games. I just don't play them. It's just not worth it. Who knows what else they can do with their intrusive DRM.
I don't care about achievements.
The playstation 4 doesn't have free to play online so I just don't play online. Given I have spent decades playing online games it would have been really good. I'm just not willing to pay more money per month for it. Maybe if they made games free and just used subscriptions to pay for them. I don't even connect the ps4 to the internet. It works as it is.
I have stopped giving money to games. I have found other things to do. There is more to life than this. Good luck to those who want to put up with this crap. I have moved on.
(Score: 2) by Freeman on Thursday March 02, @02:41PM
Not all companies do that. There's a newly released game called Planet Crafter for example that is available on GOG as well. They've had multiple content updates and just released an update, I think yesterday. It's very much a slower paced, adventure/survival/crafting kind of game, but it's quite nice. My kiddo has played it some too and generally likes it. Especially once progression has been made into the animal stage. Picking up larva and hatching out butterflies is cool. The new update added fish, which sounds like it may be just as awesome. Kiddo loves animals.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"