Jump to content

Exploit found: seeing enemy stats while paused


Yekaterina
 Share

Recommended Posts

I was playing a 1v1 and I accidentally found that if I pause or disconnect temporarily, then bring up the summary sheet, that will show both player's stats, including charts and so on. 

image.thumb.png.e9e0ac8c4df3965d267777562c2a436d.pngimage.thumb.png.e5747909d041c1b496223f8277458905.png

 

This gives me a huge advantage, as I can know his strategy without scouting. I can see whether he is training cavs or inf or pure women, then immediately I know what to do. So it is an exploit and  I don't remember this being a problem in A25. You can argue that he can probably see me but then it's basically revealed map... 

  • Haha 1
Link to comment
Share on other sites

Just to be sure we're talking about the summary button in the menu right? It seems to have been there forever.

We can disable it for MP games, I'm not sure how hard it is to remove players if game isn't finished (cc @Freagarach)

public\gui\session\MenuButtons.js:80

this.button.enabled = !Engine.IsAtlasRunning();

The following would disable the menu button for all newtorked games (including LAN)

this.button.enabled = !Engine.IsAtlasRunning() && !g_IsNetworked;

The following would disable it for ranked games

this.button.enabled = !Engine.IsAtlasRunning() && (g_InitAttributes.settings && !g_InitAttributes.settings.RatingEnabled);

 

  • Like 2
Link to comment
Share on other sites

1 minute ago, Yekaterina said:

Nevertheless the host is at a disadvantage because of this. It's easy to disconnect and rejoin for the guest player, and this could foil an early rush. It's a lot easier than scouting

This is the only issue here, disconnect should mean loss of rated game.

Link to comment
Share on other sites

1 hour ago, hyperion said:

This is the only issue here, disconnect should mean loss of rated game.

I think not, because it could be a technical error, e.g. program crash, network problems etc. No one wanted to quit at this point, and the player who disconnected wants to come back and finish the game. But having this summary menu unintentionally benefits the player who disconnected, even if they don't know about the exploit or isn't willing to use it. 

  • Like 2
Link to comment
Share on other sites

1 hour ago, Yekaterina said:

I think not, because it could be a technical error, e.g. program crash, network problems etc. No one wanted to quit at this point, and the player who disconnected wants to come back and finish the game. But having this summary menu unintentionally benefits the player who disconnected, even if they don't know about the exploit or isn't willing to use it. 

It's fine to continue to play a game that is considered 'finished' for the fun of it but the rating points should be issued based on when the game was considered 'finished' first time.

PS: Just a guess, technical error, e.g. program crash, network problems etc would be come a lot rarer if they wouldn't help avoiding point loss ;)

  • Like 1
Link to comment
Share on other sites

14 hours ago, Yekaterina said:

I was playing a 1v1 and I accidentally found that if I pause or disconnect temporarily, then bring up the summary sheet, that will show both player's stats, including charts and so on. 

image.thumb.png.e9e0ac8c4df3965d267777562c2a436d.pngimage.thumb.png.e5747909d041c1b496223f8277458905.png

 

This gives me a huge advantage, as I can know his strategy without scouting. I can see whether he is training cavs or inf or pure women, then immediately I know what to do. So it is an exploit and  I don't remember this being a problem in A25. You can argue that he can probably see me but then it's basically revealed map... 

Usually when you bring up the summary during the game it just shows own stats, that should not change when disconnected or pausing. Especially when it comes to pausing this should clearly be a bug ???.  Disconnecting once, for example to see if an infantry rush u plan to do would work could be a decisive advantage, as a the outcome of the game is frequently decided by such an all in attack. Especially for those players who actualy play this game somewhat competitively this is relevant. Besides  players have claimed that people try to "cheat" in that way. Therefore from my perspective this deserves more atttention than a sarcastic reply. Bringing this is definitly not the result of an effort to "break the game", but just a known issue. This is also not about blaming the devs, but just a try to contribute with constructive criticism.

  • Like 1
Link to comment
Share on other sites

50 minutes ago, MarcusAureliu#s said:

Especially when it comes to pausing this should clearly be a bug ???

Of course, but that's not what happens with vanilla 0ad. I can't reproduce it. The stats are only ever shown if the game is considered finished. It's trivial enough to change the code to always show it if people want to cheat.

About connection issues, the threads listed by @Genava55, we have driver bug and powersave issues. Anyone playing competitively is expected to fix or workaround such issues. In fact everyone who drops every ten minutes and isn't inclined to fix it is an annoyance for other players. So yuo may call it sarcastic, but for me this belongs into the realm of netiquette.  

Link to comment
Share on other sites

4 hours ago, sternstaub said:

Does not matter. If the game will go to release someday, such small things must be fixed.

Unless whole mp will be overwritten so noone computes and holds all info about entities of every player, this will continue to be an issue no matter how much security fixes will be done, the data will be always available for the experienced JavaScript programmer to obtain.

  • Like 1
Link to comment
Share on other sites

39 minutes ago, Silier said:

Unless whole mp will be overwritten so noone computes and holds all info about entities of every player, this will continue to be an issue no matter how much security fixes will be done, the data will be always available for the experienced JavaScript programmer to obtain.

I actually had the same thought in the back of my mind. Because per design, even the things within FOW must be stored on each machine for creating equal sim.

Edited by sternstaub
Link to comment
Share on other sites

38 minutes ago, Silier said:

Unless whole mp will be overwritten so noone computes and holds all info about entities of every player, this will continue to be an issue no matter how much security fixes will be done, the data will be always available for the experienced JavaScript programmer to obtain.

There is a huge gap in the required skill between simulating a disconnection and extracting compiled information from JS

  • Thanks 1
Link to comment
Share on other sites

16 minutes ago, Stan` said:

 Can you clarifiy whether it's on disconnect or on pause? I cannot reproduce on Pause, but I see you have modded the interface

It was a disconnect. After coming back and pausing, I could still see it. But if you just randomly pause the game then you can't see it. You must lose connection first. 

Link to comment
Share on other sites

On 27/02/2023 at 6:34 PM, Genava55 said:

There is a huge gap in the required skill between simulating a disconnection and extracting compiled information from JS

Autociv or @Yekaterina own gui mod are "exploits" on another level as they give even more advantage than this disconnect trick to see stats in competitive play. About disconnect, whether intentional or not, the important bit is to communicate to fix you network if you have issues. In the maybe 200 to 300 games I played over network I have yet to see this issue even once. So the attitude of it's normal to have such issues bugs me.

Link to comment
Share on other sites

1 hour ago, hyperion said:

Autociv or @Yekaterina own gui mod are "exploits" on another level

I disagree with this claim. I believe that my mod is not an exploit but a personalised customisation of how the game looks. As a child I disliked the colours yellow and green, so it really annoys me to have to play on green grass with green trees that have overshadowing canopies that covered up my units. So I decided to shave all of them for cleaner look and more optimised placements of storehouses.  On top of that I made other things look more visible. You are welcome to use it, and I have advertised it to many people before but few liked it :(  It's more adapted to my personal preference and it makes the game more enjoyable and convenient to play for me. It helps me to perform to my best level but it doesn't hurt anyone else in any way. If you don't like it, just don't use it. 

Similarly autociv is created to make hosting easier. My favourite feature is showing only 1 corpse, which massively reduces lag and it's easier to see how many living units you have. I believe that @nani didn't intend to cheat neither. 

1 hour ago, hyperion said:

fix you network if you have issues

sometimes it is related to country. For example from Asia to US will have long ping times. Luxembourg only connects well to German hosts...

Link to comment
Share on other sites

3 hours ago, hyperion said:

It makes you more competitive

It does. You think more about micro, how many unit per tree, optimising eco, micro fights, ... But I play mostly casual games now, but I still need it because I added the dark mode ground which is comfortable to my eyes. 

2 hours ago, Stan` said:

non hacky version of it in vanilla.

Please define non-hacky

 

Autociv allows easy change of civs without bothering the host as well as corpse removal, which are nice to haves

It's not cheating

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...