This is absolutely amazing how fucked up the Division's netcode is. Almost all stats (excluding currencies and health) are calculated and stored on the client, and server just accepts it without any checking. You can have unlimited ammo in a mag, super-speed (this, actually causes players to go invisible also), any desired critical chance, no recoil, unlimited medkits and nades and so on and on. And this is not just lack of anticheat, it is global networking architecture fuckup. I highly doubt that this will be fixed any time soon after release. You probably might wanna stay away from PVP area while this problem is present. Pic of me with unlimited mag: http://puu.sh/mQClm/81f67ceeb4.jpg PS. Sorry for my english.
Recorded a gif for proof: http://gfycat.com/ConstantWatchfulChicken
Link to original post: https://www.reddit.com/r/thedivision...with_cheaters/
OP of another thread https://www.reddit.com/r/thedivision..._in_the_final/ recorded some videos which can give you understanding on whats going on. Check it out.
Hello The Division Subreddit.
I needed to get this information out somehow. I didn't want to post this on Ubisoft forums in fear of getting my account banned for experimenting/using said exploits.
I'd hope the developers are following this subreddit for information.
I'm a reverse engineer and experienced game developer that specializes in most game securities. I love this game too much to see this game go down in flames.
However, without stating anything specific on how to 'cheat' in this beta. It's scarily simple.
Everything from ammo count, level XP, Dark Zone currency, player speed are all CLIENT trusted, and take time to sync via server time.
For example. Infinite ammo is possible by removing the instruction that's responsible for adding/subtracting ammo into your player structure.
Speedhacking is possible by modifying the delta time used in the game's update.
And the speedhacking is possible for said 'invisible people'. If a player that is speedhacking runs ahead of the position stated on the server, because the client trusts the position of the players, you can very well quickly take out an enemy without them seeing you and reclaim the reward/loot.
Things such as extraction times, rogue times, and respawn times are the only thing that seems to be server side.
In the full game, I highly anticipate some sort of anticheat or method preventing any kind of open handle to the application.
I understand that this is a beta but for it to be this simple and with absolutely no way of reporting or having consequences, I'm scared for the full release.
Due to people such as /u/CaptainDegenerate claiming that I have been spewing false information, I gladly provided proof of my claims in these three videos below stating that everything I have said about how the player structure's information is in fact client side and not backed up by the server.
I apologize about the quality and choppiness. I use a crappy HP Elitebook laptop, so I used OBS to record and After Effects to edit these in 30 minutes.
I also apologize if this isn't enough proof for some people. Can't appease everyone
Video of Infinite Ammo
Proof that it is not a glitch by toggling it on/off and showing proof of bullets actually dealing damage/reclaiming rewards.
Video of Speedhacking
I apologize to the innocents I killed in this video. You were killed in the name of science ♥
Proof that it causes the 'invisible player' glitch and desync on the server. Enemies disappear/death locations are different than what the client sees.
Proof that the video isn't sped up since the delta time of the game doesn't affect the UI speed at the beginning of the video.
Proof that the game is in fact speedhacked/desynced showing the rogue timer stuck at 00 when toggled off.
Proof that the desync can cause glitches where the client can be stuck upon an object during vaulting cover since the server thinks the client is standing on ground.
Proof using speedhacking while extracting items does in fact work and allow the cheater to receive items in their stash.
Proof of respawn time being server-side due to the inability to respawn towards the end of the video even though the rogue-respawn time running out.
Video of Rank Information being client-side
Proof of that the information can be changed on the fly, including proof of vendors declining purchases.
I'm sorry but if you DO work at Ubisoft viewing this post, I assure you that "division_throwaway" isn't an account ;3
Wow I didn't realize this would get this much attention and front page.
I have to stress something I'm getting a lot of messages about:
DON'T CANCEL YOUR PREORDER YET.
This is a BETA, the game doesn't release until another month, Massive and Ubisoft can easily fix this upon release or in a later patch.
Possible solution/temp problem.
To everyone blaming netcode: The netcode is mostly referred to as that part of the code that handles data transfer from client to server. When people talk about 'bad netcode' they most of the times mean that the game is lagging, shots do not register and you die behind cover. This can be fixed by changing tickrates, values and other performance tweaks to the client-server communication.
Most of the times it's just adjusting stuff until 'it feels right'. That's the time when you have the least error while still compensating ping and calculating times.
Back to topic: The game currently does no server side checks to what the client reports. This is commonly used system to detect cheaters. Client and Server both calculate what would happen, when the client tells the server something that does not fit into the calculations of the server, he corrects it. In case of anti cheat, the client gets banned if what he reports falls under cheating violation. That means for example more ammo in a clip than there should be.
So to sum it up: It is not too late for them to 'change the netcode' because
first: they do not need to change it. Hit registration and everything seems to be fine and
second: They only need to switch on the server side checks, this can be done with one button press and was probably disable in beta due to many reasons:
Money, server do cost something
It's not finished, server side checks still cause bugs/issues
To delay cheaters, they now can not check and develop cheats that get not detected by anticheat because there is no anticheat. A minor problem in a beta that's only one weekend and everything gets reset. They do not want to give them any heads up.
So to everyone who is freaking out and thinks Ubi just "forgot" the anti cheat: They are probably not. This is just a naive way of thinking. They do some fairly big work at Rainbow 6: Siege to fight cheaters, you won't expect they just forgot it in Division (and no I do not want any replies telling me how Siege is riddled with hackers, this is just spread by a vocal minority online here on reddit and is clearly not representative with the state of the game. Ask some high ranked players and you'll see they rarely met any cheaters)
edit: Oh and to add one thing:
Invisible people are affected by a beta bug and in fact not cheating.
OFFICIAL RESPONSE FROM UBISOFT
Guys, so you're aware the things discussed here are not in fact hacks or cheats, but merely abuse of glitches that exist in the game currently. These glitches are currently being worked on by the team