alt="EverQuest Teleportation"

src="http://www.tentonhammer.com/image/view/195510">In my href="http://www.tentonhammer.com/features/everquest/hacking-eq-part-one">previous

article we took a look at some of the hacks taking place in style="font-style: italic;">EverQuest. These

cheating players were immediately affecting my enjoyment of the game,

and also having a profound negative effect on the server community. I

needed to see what could be done. Were fixes even possible or was the

game just too old? How were these guys doing their cheating anyway?







I called up Sean "Rogean" Norton, who is the administrator of Project

1999, an emulated server that attempts to recreate the game experience

of 1999. The operators of P99 too, had had some problems with hackers

on their emulated server, so I wanted to get some insight as to how

this was happening and what could be done about it.







With Rogean was Project 1999 developer, Jim "Haynar" Seamans. Haynar

had formerly worked on ShowEQ,

which is one of the third party programs some use to gain an unfair

advantage by circumventing some of EverQuest's designs.







"ShowEQ sniffs packets and displays the location of all mobs in the

zone. You can also track spawn timers and players," Haynar explained.

While this may not seem like a major cheat at first glance, keep in

mind the players who opt not to use these third party programs, which

are generally accepted as a breach of the End User License Agreement

set by SOE, are at a severe disadvantage. These 'standard' players have

to track their mobs manually as well as keep track of their own spawn

timers which greatly increases the complexity of the game.







alt="EQ teleportation"

src="http://www.tentonhammer.com/image/view/195511">As both

Haynar and Rogean work on Project 1999 I wanted to make sure their

combat against hackers was applicable to the fight SOE faces in the

commercial game.







"It's the same code, really," Rogean said. "It's a very similar setup.

We have a disadvantage compared to SOE, though, because we have no

control over the client. We cannot make any modifications to the client

itself, as that would be a copyright violation. So we aren't easily

able to put anything in that will either prevent the hacks or detect

them."







Though the job may not be as easy as it could be, the team has found a

way to put a stop to the hackers.



MacroQuest is another hacking tool some cheaters use to perform some of

the operations explained in Part One of this series. Rogean told me how

they've stomped out the problem on the emulated servers.







"MacroQuest actually hooks itself into the client " Rogean began, "and

becomes part of the client process and it will start taking over

functions. Like any other program, MacroQuest is coded in such a way

that it expects certain behaviors. For instance, when MacroQuest

receives a specific packet it will try to read a certain variable

within the packet. That variable is never over a certain size. There's

no reason it would ever be over that size. If that variable were to

become over that specified size it would cause the program to overflow

and MQ would attempt to read memory that is out of bounds and get

access violations, causing it to crash.







So when we figure out the variables that MacroQuest is interpreting

incorrectly, we can send packets to the client and see immediately if

the client crashes. If it does, then we know that player was using

MacroQuest."







The catch? This technique cannot be used on a large scale in the

commercial version of EQ for several reasons. First, as with any report

players make against a hacker, a GM would have to get involved and find

the alleged user online with MacroQuest running, then send them the

packet to see if they crash or not. Secondly, MacroQuest

itself can be updated quickly and easily enough that this technique

would no longer work as soon as the MQ developers were to find out it

was happening.







"If SOE was crashing clients left and right it would be fixed in a

week," Haynar suggested.







"We use the buffer overflow very selectively," expanded Rogean. "We

could do it on entire zones at once, but we only do it when we know

we're going to catch someone. And our rules are if you get caught using

MQ you'll be permanently banned. We make players think twice about

using cheats. We've banned thousands of accounts already. They know it is

not tolerated so most of them will never use it.







"But SOE has a lot more options available to prevent its use

because they have direct control over the game client. Years ago they

had implemented a code in the client that detected if someone was

cheating. They caught a lot of players that way. MQ eventually fixed

it, but that's the sort of thing SOE could continue doing."







So why is preventing hacks such a challenge to begin with? Why doesn't

SOE just put in code to detect the use and ban the players? Rogean

explained further why it's so difficult to prove someone is cheating,

particularly when it comes to warping across a zone.







"Warping has always been a problem in EverQuest. There are so many ways

that a client can legitimately get across a zone. The server cannot

assume all cases of fast travel are automatically hacks. What if the

client lagged out where the player lost internet connection for a few

seconds? It would look like a warp or a speed hack to the server."







It was becoming clear to me at this point that hacking issues may not

be a simple fix. However, the team at Project 1999 had the drive and

desire to find a solution that worked for them. It may not be a

solution that could work for SOE but given that Sony has an upper hand

with the ability to manipulate the client itself, surely something

could be done.







I knew at that point I had to talk to Sony to find out what they could

do to prevent the hacking that has been going on. There are also rumors

on the various forums suggesting SOE would not ban accounts as it would

mean a loss in revenue and I wanted to see what SOE had to say about

those accusations.







Check out Part Three as I talk to Thom Terrazas,

Producer of EverQuest, about the hacking in the game and what he and

the development team plan to do to put a stop to it.

