Possibility to cheat with replay file.

[bald_eagle]

The information in the replay file can be used for cheating.

Just reading the file can show you that there are enemy fighter in 10 km region. You can write a little script that listen on the file and beep when it find enemy plane name.

Another option is to have 2 PC with shared storage and playing the replay file on the second PC which will show you the Icons on enemy planes.

 

I haven't tested those options myself. But the content of the file should be encrypted with the key written at the end of it. Or some other measure to prevent cheating.

 

[=VARP=Cygann]

I am not much concerned by this in IL2 due to my faith in this community.

 

However, finds like these that are actually making it simple for some people without honor to actually do it easy should also be 'encrypted' by sending it as a private message/mail to some developer  (I went on this forum for whole other reason and yet your post title attracted me enough to read about it, now imagine what those actually looking for this stuff do).

 

Just saying, if this was some other community, this post would be free guide for kids on how to become a cheater even if they were not up to this point.

 

But nice to report possible exploit, just maybe not this open in detail.

 

S!

[bald_eagle]

This kind of vulnerability is not that important. There is no life or money on the line. So there is no reason to be private on this issue.

There is a decent chance that my analysis of this vulnerability is wrong. I haven't tested it ( more then opening replay file in text editor ) and I am not going to invest in it more then this thread.

[=VARP=Cygann]

This kind of vulnerability is not that important. There is no life or money on the line. So there is no reason to be private on this issue.

 

 

Uff, this is really epic black and white way to look at things, and my remark was not even directed at you, you did great for pointing it out along with viable way to fix it.

 

But if everyone looked at this the way you do, no game would even bother with anti-cheat efforts, there is almost never life or money on the line with any other MP game either.

Yet, stating exploits openly on forums are not allowed with quite a few of them, you can check that easy on forums of more popular games if you don't believe my word on it. 

 

Reason behind it is, if it spreads, it hurts community (and with that money influx if you wish), highly cheated games lose player base faster and die out.

 

Like I said, I don't have such fears for IL2 as people hare are more mature and possibly more honorable then on some Call of duty and clones and alike.

But, one can never be too careful, no need to make it simple for those few rotten apples among us (if they did not exist, Devs would not have waved the ban hammer once already, and yet they did).

[bald_eagle]

viable way to fix it.

Actually, the solution I proposed is flowed. For 2 reasons that I can think of. But I won't bother to state them .

[curiousGamblerr]

This is really the kind of thing you should PM to the devs rather than posting publicly. 

[II/JG17_HerrMurf]

Agreed. Why post cheats for the weak of heart to latch onto?

[=TBAS=Sshadow14]

yes i think its also against the rules..

you should have pm'ed the devs.

now about 1-2% of this forum base which is maybe 50% of the player base will now be trying every way to exploit this issue in replays.

IL2 already has enough cheaters (please no more)

[SYN_Haashashin]

This is going no where good as it is. If you have a tested info about the issue please send it to the devs by PM.

 

Remember:

7. Comments containing profanity, personal insults, accusations of cheating, excessive rudeness, vulgarity, drug propaganda, political and religious discussion and propaganda, all manifestations of Nazism and racist statements, calls to overthrow governments by force, inciting ethnic hatred, humiliation of persons of a particular gender, sexual orientation or religion are not allowed and will result in a ban.

17. Spreading false or harmful information about the product is prohibited and will be deleted by forum administration. Claiming ignorance of the subject to justify harmful or obviously untrue info will not be tolerated.

 

Locked.