Are memory or packet scanning tools allowed?

Tags: #<Tag:0x00007fa0d2cf4430>

I know there is BUTT but I’m not sure if that uses memory or network traffic scanning. That’s why I thought I would ask.

The structure of the game is kinda odd for me. Lot of code variables/settings are in JSON which makes it easy to make small mods (GREAT!). However it doesn’t allow to add/alter existing functionality. At least that’s why I assume. .msgpack is also just serialized data I think.

What I would like to do is read the coordinates of new meteorites and player. Then display the distance between them with an overlay application. Or maybe even inject the new meteorite into the players ‘Places’ list. However that can be considered hacking.

So what I’m asking is. How strict is the policy? Is it just luck of the draw on which side you land, like with a lot of the online games out there. Or is the policy a bit more relaxed, ala BUTT app.

BUTT used to use a traffic sniffer tool, but now uses the official Shopping API, so the information gathered is now legitimate.

I would assume that the modification you are proposing would not be allowed on the live universe as it would give an unfair advantage to PC players over PS4 players.


There’s actually already a meteor mod that does this - highlights the meteors and shows distance and meteor level, I believe.

I’m pretty sure if it doesn’t exist you’d be allowed to make such a tool. The devs are generally pretty chill about stuff for the community.

I agree that it gives an unfair advantage to PC players, but lots of such mods are allowed.

1 Like

It doesn’t show the distance. That mod changes an existing setting developers provided (a variable that asks “From how far away should I render this icon?”). And developers are chill enough that they don’t enforce file integrity of said settings. Meaning you can make your own body paints or change the slingbow model and sound to a shotgun etc. Only client side of course.

Unfair advantage is a huge gray area. I would love to make tools geared toward helping community. Like a shortest path to a shop via portals tool. Guild member list. Color blind or deaf aiding etc. Things devs have not had the time to do themselves and which they might never have the time for (not because they are bad people but because this is a business).

Companies will go so far as to use you as a scapegoat and sue you whenever popular opinion changes. For example there was a tool in Guild Wars 2 that allowed to change your loadout quickly. It was widely used and turned into a bannable offense the moment the team got around to implementing the feature (several YEARS later).

I personally think that malicious ‘hackers’ will always find a way to have an unfair advantage. Because there are just too many vectors to cover. You combat that with good game design (which imo Boundless kinda has). You are unlikely to come across the guy who duped, botted, blackmailed or xray’d himself smart stacks of decorative umbris.

I also think that we can’t have nice things because PS4 exists is also silly. Imagine Skyrim never being modded because consoles lacked the capability.

Anyway, long rant short. I just wanted to know what the dev stance is. If they use “unfair advantage” as a point of no return, then that is vague and I’ll refrain from trying.

Psst Skyrim on PS4 has mods


Wasn’t that through some kind of microtransaction thing? Far as I remember there was a rift between modders over it. And I still doubt you can play 8k resolution with ENB on PS4.

No microtransactions. The catch was it was done thru the game UI and they had to be approved by Bethesda and Sony

1 Like

Excellent point I forgot about that

Fallout 4 too

Imagine working at Bethesda, going through a pile of slooty mod application. Let’s be honest, that’s what the top mod on nexus usually was lol.

1 Like

I’m 99% sure they are still using an MITM to get the colors for the exo posts like this one:

The map client I used to have read game memory:

The shop scanner (before the in-game knowledge-base tabs) I made actually read the items on the stand from memory by walking near it (aka read all blocks from memory, which is why I didn’t make it open source because I didn’t want the block reader abused):

Generally I post what I do on the forum here so they know and they can tell me to stop if they have a problem with it, but they’ve never publicly stated that it’s okay to MITM or read memory. (they have told me in DMs that they will tell me to stop if there’s a problem).


Thank you. That is the answer I was looking for. So a good faith type of policy. Not sure I want to walk that edge yet.


Arenanet also monetized this function haha

Using the JSON grabber in your old Price Harvester still.

1 Like

yeah that’s an MITM. I’ll have that feature in the proxy UI “soon” so the harvester can die completely


Just for those curious what MITM means. It’s ‘Man in the middle’. Instead of passing data server <-> client, it’s now client <-> your snoopy middle man reading/altering <-> server. It’s how for example people used to bypass Adobe subscriptions. But I hope people don’t conflate all MITM as malicious, because it’s just a tool. Like a lot of gray area, hence why I made the topic since MITM is demonized quite often.

What are some types of mods able to be made using information gathered, like positive mods (non exploitive) and negative mods (exploitive)?

Opinion if non exploitive or exploitive is up to the person replying

Just some ideas off the top of my head that might be possible(I don’t know enough about the inner workings). These might not be a good fit for MITM and might be done on client side:

  • Show guild mates/friends names floating in the direction they are on screen
  • Guild ranking by prestige. Something that would collect all beacons, see what guild they belong to and calculate total prestige.
  • Show on the boundless map website what regions belong to what guilds.
  • Meteorite hunt simplifying tools. For example know when a region is “dried up” or what is the possible tier for next meteorite. Ideally tools that would render platform speed farming irrelevant.
  • Player inspection.
  • Wealth calculator.
  • Storage helper. Like search for “seeds” and arrows appear on your screen that point to your storage blocks that contain “seeds”.
  • Crafting assistance.
  • This is probably most complicated and from what I got PMed violates ToS. But assuming you get portal info (from and to coordinates) and tracked coordinates you want to visit. Then you can solve what is known as a graph problem. Specifically what most if not all CS students are familiar with as Dijkstra’s algorithm or shortest path first. This one fascinates me because portals add another dimension to a common problem. This would make visiting places a lot easier for new players. Instead of jumping hoops and crossing fingers you fumble into the right portal, you could just have an arrow that points where to run and what portals to take.

When it comes to negatives. MITM is just an exploratory tool mostly. I’m assuming packet forging does not work and there is server-side validation. It’s not smart to validate everything so with a lot of digging you might find things that are client validated. Like in what order your items are in storage. But it probably wouldn’t be too exciting. Worst case which i really doubt. You can give yourself infinite coins, cubits, plots and resources. Destroy an entire planet (“lie” to a server and say hey I just mined millions of blocks at once). Login as admin. But like 99.9999% if devs here know how to do MMO networking, they know not to make those trade-offs.

If you are a baddie, there are a lot of easier ways to gain an edge. With games like these, they usually find duping and moving exploits with 0 lines of code. Make a peat farming bot or whatever. I’m not a security/reverse engineer type of person professionally so it’s kind of out of my sphere. You might be able to make maybe an XRAY kind of tool that shows where closest diamond is but I feel like that’s probably easier to do client side with no need for MITM.

Packet FORGING is detectable and opens doors to malicious stuff. Packet SNIFFING is I think undetectable and just enables more technically skilled people to understand how the game works and gather info to create tools.

Point is. You can not stop a malicious actor. Especially in today’s ecosystem where a program has so many dependencies each a vector. It’s a waste of money. Especially imo with Boundless. This game has no RWT. This game has no tourneys or competitions. This game has no ranking ladder. This game has no PvP. MMO companies know this and whenever there is a “Ban the baddies!” campaign, it is just to appease the public and they pick the low hanging fruit. For example Runescape, World of Warcraft, Guild Wars 2. Public sees bots and thinks that is the most someone is ahead of them. People are happy. Devs are happy. The malicious hackers worth their salt are unaffected. Or maybe a community is outraged because of people being elitist and using 3rd party DPS meter. So they beat the creator, ban the users and appease the crowd. While the guy controlling entire markets goes under the radar and community splinters.

Sorry if the end bit came off as a rant but it’s just a reality of doing what you love. You can try making tools that people enjoy and love just to have it all turned on it’s head the next day. Reason I made this post is to first know if there have been people trying and second to gauge community sentiment. If people want PS4 and PC to be an even playing field I can’t imagine what outrage there would be if PC had mods/tools that for example told you what portals to go through to get to a shop with lowest selling price. Which is a bit ironic because in reality it would level the playing field with people who have been trading since launch.


I would love this

Also I don’t know that portal directions would violate ToS.

Really the only things I know of that are definitely not allowed are:
Trying to see through walls when mining
Hiding grass to make gathering easier
Trying to dupe money or items

From what I understand, the player has to be near the portal for such coordinates to be exposed. Emulating player action (e.g “lie” to the server you are near a portal) is not allowed. Which totally makes sense. But I think there might still be a way without violating ToS. That clause totally makes sense and is pretty standard I believe. I haven’t done any exploration yet, just educated guesses.