Are memory or packet scanning tools allowed?

Tags: #<Tag:0x00007fb4d3855928>

Psst Skyrim on PS4 has mods

2 Likes

Wasn’t that through some kind of microtransaction thing? Far as I remember there was a rift between modders over it. And I still doubt you can play 8k resolution with ENB on PS4.

No microtransactions. The catch was it was done thru the game UI and they had to be approved by Bethesda and Sony

1 Like

Excellent point I forgot about that

Fallout 4 too

Imagine working at Bethesda, going through a pile of slooty mod application. Let’s be honest, that’s what the top mod on nexus usually was lol.

1 Like

I’m 99% sure they are still using an MITM to get the colors for the exo posts like this one:

The map client I used to have read game memory:

The shop scanner (before the in-game knowledge-base tabs) I made actually read the items on the stand from memory by walking near it (aka read all blocks from memory, which is why I didn’t make it open source because I didn’t want the block reader abused):

Generally I post what I do on the forum here so they know and they can tell me to stop if they have a problem with it, but they’ve never publicly stated that it’s okay to MITM or read memory. (they have told me in DMs that they will tell me to stop if there’s a problem).

4 Likes

Thank you. That is the answer I was looking for. So a good faith type of policy. Not sure I want to walk that edge yet.

3 Likes

Arenanet also monetized this function haha

Using the JSON grabber in your old Price Harvester still.

1 Like

yeah that’s an MITM. I’ll have that feature in the proxy UI “soon” so the harvester can die completely

3 Likes

Just for those curious what MITM means. It’s ‘Man in the middle’. Instead of passing data server <-> client, it’s now client <-> your snoopy middle man reading/altering <-> server. It’s how for example people used to bypass Adobe subscriptions. But I hope people don’t conflate all MITM as malicious, because it’s just a tool. Like a lot of gray area, hence why I made the topic since MITM is demonized quite often.

What are some types of mods able to be made using information gathered, like positive mods (non exploitive) and negative mods (exploitive)?

Opinion if non exploitive or exploitive is up to the person replying

Just some ideas off the top of my head that might be possible(I don’t know enough about the inner workings). These might not be a good fit for MITM and might be done on client side:

  • Show guild mates/friends names floating in the direction they are on screen
  • Guild ranking by prestige. Something that would collect all beacons, see what guild they belong to and calculate total prestige.
  • Show on the boundless map website what regions belong to what guilds.
  • Meteorite hunt simplifying tools. For example know when a region is “dried up” or what is the possible tier for next meteorite. Ideally tools that would render platform speed farming irrelevant.
  • Player inspection.
  • Wealth calculator.
  • Storage helper. Like search for “seeds” and arrows appear on your screen that point to your storage blocks that contain “seeds”.
  • Crafting assistance.
  • This is probably most complicated and from what I got PMed violates ToS. But assuming you get portal info (from and to coordinates) and tracked coordinates you want to visit. Then you can solve what is known as a graph problem. Specifically what most if not all CS students are familiar with as Dijkstra’s algorithm or shortest path first. This one fascinates me because portals add another dimension to a common problem. This would make visiting places a lot easier for new players. Instead of jumping hoops and crossing fingers you fumble into the right portal, you could just have an arrow that points where to run and what portals to take.

When it comes to negatives. MITM is just an exploratory tool mostly. I’m assuming packet forging does not work and there is server-side validation. It’s not smart to validate everything so with a lot of digging you might find things that are client validated. Like in what order your items are in storage. But it probably wouldn’t be too exciting. Worst case which i really doubt. You can give yourself infinite coins, cubits, plots and resources. Destroy an entire planet (“lie” to a server and say hey I just mined millions of blocks at once). Login as admin. But like 99.9999% if devs here know how to do MMO networking, they know not to make those trade-offs.

If you are a baddie, there are a lot of easier ways to gain an edge. With games like these, they usually find duping and moving exploits with 0 lines of code. Make a peat farming bot or whatever. I’m not a security/reverse engineer type of person professionally so it’s kind of out of my sphere. You might be able to make maybe an XRAY kind of tool that shows where closest diamond is but I feel like that’s probably easier to do client side with no need for MITM.

Packet FORGING is detectable and opens doors to malicious stuff. Packet SNIFFING is I think undetectable and just enables more technically skilled people to understand how the game works and gather info to create tools.

Point is. You can not stop a malicious actor. Especially in today’s ecosystem where a program has so many dependencies each a vector. It’s a waste of money. Especially imo with Boundless. This game has no RWT. This game has no tourneys or competitions. This game has no ranking ladder. This game has no PvP. MMO companies know this and whenever there is a “Ban the baddies!” campaign, it is just to appease the public and they pick the low hanging fruit. For example Runescape, World of Warcraft, Guild Wars 2. Public sees bots and thinks that is the most someone is ahead of them. People are happy. Devs are happy. The malicious hackers worth their salt are unaffected. Or maybe a community is outraged because of people being elitist and using 3rd party DPS meter. So they beat the creator, ban the users and appease the crowd. While the guy controlling entire markets goes under the radar and community splinters.

Sorry if the end bit came off as a rant but it’s just a reality of doing what you love. You can try making tools that people enjoy and love just to have it all turned on it’s head the next day. Reason I made this post is to first know if there have been people trying and second to gauge community sentiment. If people want PS4 and PC to be an even playing field I can’t imagine what outrage there would be if PC had mods/tools that for example told you what portals to go through to get to a shop with lowest selling price. Which is a bit ironic because in reality it would level the playing field with people who have been trading since launch.

2 Likes

I would love this

Also I don’t know that portal directions would violate ToS.

Really the only things I know of that are definitely not allowed are:
Trying to see through walls when mining
Hiding grass to make gathering easier
Trying to dupe money or items

From what I understand, the player has to be near the portal for such coordinates to be exposed. Emulating player action (e.g “lie” to the server you are near a portal) is not allowed. Which totally makes sense. But I think there might still be a way without violating ToS. That clause totally makes sense and is pretty standard I believe. I haven’t done any exploration yet, just educated guesses.

(not commenting on anything else here, just this line), wouldnt actually be possible per-say, the closed-storages dont send any data to the client until interacted with so wouldnt be able to search in those, and client is only sent “nearby” storage entities even if open so wouldnt be able to tell you about seeds that are >X m away

5 Likes

You could do it by making your own database of all portals

Even if you could make a tool to tell us X region is on a cooldown(2hrs iirc) it wouldn’t make platforms irrelevant. If anything it would make them more relevant. People use them to see where they land better and to traverse easier not just to spawn them. And next tier wouldn’t matter as the size of the meteors are dependent on the amount of people when the meteor is triggered. But knowing a zone is on a cooldown before even going there would me you’d save the hunt leader coin as they wouldn’t be opening a portal to a zone on a cooldown.

Dunno what exactly you mean by this one. But you can already inspect other characters and see their skills etc.

1 Like

Assuming I know a where a storage unit is (X,Y,Z). Assuming the contents is only exposed when opening. You can still store the data locally whenever you interact. Wouldn’t be an ideal solution but still better than nothing. Major shortcomings off the top of my head are:

  • If you changed storage contents when the tool wasn’t running, there would be data mismatch.

  • There would be data mismatch if storage is shared and another player change the units contents.

The tool would rely on a database to query info and interactions just update entries.

1 Like

I’m going to share a perhaps unpopular opinion.

I’ll start by saying I have the utmost respect for people who have so far used third party tools for the benefit of the community, and they have done so in a way that is consistent with the following moral belief.

Nobody should be encouraged in any way shape or form to download third party software of any kind. Every download of an executable should be seen as a risk that jeopardizes your privacy and your information.
Every download of an executable should be taken with the utmost scrutiny, let alone running that executable. No matter how much a community has vetted something, or how trustworthy anyone claims to be. In general, in society, we should be teaching people NOT to take this risk. And we should not be rewarding downloads. Even in the hypothetical (and likely) situation where every hypothetical boundless mod is a good thing and not malicious in any way, we have done something unfortunate–we have taught people (who may come from various ages and backgrounds) that it is okay to just trust strangers and download stuff.

I am going to also address “but Alwin, what about X which already exists” concerns.

  • In the case of grabbing exo colors, a small group of willing individuals do the work and take the “risk”, then share the info over forums, so that no one else is encouraged to download and run the executable
  • In the case of meteor mod, it is indeed unfair during gleambow, but mostly beneficial to non-modders during normal meteor hunts. Personally I do not encourage people to download the (very useful) tool, but to edit files manually and use Steam verification to reset. From my POV I read the python code and I believe reading/understanding 100% of the source code is sufficient vigilance to download and run something, which is not something everyone is readily equipped to do.
  • In the case of several third party websites, indeed website-based security concerns exist, and I am not an expert on that. But I believe that there is a somewhat less dangerous risk there. And importantly, none of the Boundless third party websites prompt you to download software.

So, aside from the “fair or not fair” questions, I just think the tools should not be available, even if I made the outrageous assumption that there is 0 risk in the tools themselves. It encourages a behavior I think we should discourage.

8 Likes