The Division BETA Hacking POC - Clientside Ammo/Infinite Ammo
/ suggestion_there_better_be_anticheat_in_th...
Edit: This thread was removed by the moderators of TheDivision subreddit:
Edit #2: UPDATE 2/1/2016: Ubisoft has addressed the issues presented in these videos.
http://forums.ubi.com/showthread.php/...
Here's the copypaste of the thread and the reason why this specific video is here:
I needed to get this information out somehow. I didn't want to post this on Ubisoft forums in fear of getting my account banned for experimenting/using said exploits.
I'd hope the developers are following this subreddit for information.
I'm a reverse engineer and experienced game developer that specializes in most game securities. I love this game too much to see this game go down in flames.
However, without stating anything specific on how to 'cheat' in this beta. It's scarily simple.
Everything from ammo count, level XP, Dark Zone currency, player speed are all CLIENT trusted, and take time to sync via server time.
For example. Infinite ammo is possible by removing the instruction that's responsible for adding/subtracting ammo into your player structure.
Speedhacking is possible by modifying the delta time used in the game's update.
And the speedhacking is possible for said 'invisible people'. If a player that is speedhacking runs ahead of the position stated on the server, because the client trusts the position of the players, you can very well quickly take out an enemy without them seeing you and reclaim the reward/loot.
Things such as extraction times, rogue times, and respawn times are the only thing that seems to be server side.
In the full game, I highly anticipate some sort of anticheat or method preventing any kind of open handle to the application.
I understand that this is a beta but for it to be this simple and with absolutely no way of reporting or having consequences, I'm scared for the full release.
I apologize about the quality and choppiness. I use a crappy HP Elitebook laptop, so I used OBS to record and After Effects to edit these in 30 minutes.
Video of Infinite Ammo/Ammo stored on Clientside
--------------
Proof that it is not a glitch by toggling it on/off and showing proof of bullets actually dealing damage/reclaiming rewards.
--------------
-division_throwaway