The Division hacks can’t be fixed “without complete rewrite” says netcode dev

The Division Dark Zone guide

After footage of a supposed client-side hacking tool for The Division surfaced earlier this week, an experienced network developer has expressed concern over whether the exploits can even be fixed.

Need an MMO without quite as much cheating going on? Here are the best MMOs on PC.

Glenn Fiedler has shipped several multiplayer titles in his 18-year career as a networking programmer in the games industry, including Titanfall, Mercenaries 2 and starting triple-A development at Irrational Games in 2001 with Freedom Force and Tribes.

In a blog post written on Sunday, Fiedler explored some of the issues of The Division’s latest round of exploits and glitches that have hit mainstream news since Ubisoft’s last patch.

From an outside perspective, seeing most of the glitches they appear as just that; glitches which can be fixed. However one exploit that caught his eye was a YouTube video (since set to private) in which a player alters parameters and values in a code editor.

“This issuper bad news,” Fiedler wrote. “Because here we have a client-side cheat program that is poking memory locations and giving players infinite health, infinite ammo, and teleporting players around the level.”

What Fiedler believes from this, though he has no insider knowledge of The Division’s netplay structure at all and is working from deduction, is that the game uses a trusted client network model to parse each player’s data in the shared world.

This is a model which is sometimes used for console games, where tinkering with software is much harder and less commonplace, but almost unheard of on PC.

“I sincerely hope this is not the case, because if it is true, my opinion of can this be fixed is basicallyno. Not on PC. Not without a complete rewrite,” Fiedler wrote. “Possiblyon consoles provided they fix all lag switch timing exploits and disable players moving and shooting while lag switch usage is detected (trusted client on console exclusive games is actually more common than you would think…), but not on PC unless they completely rewrite most of their netcode and game code around a server-authoritative network model.”

Fiedler goes into greater detail of the work required in the blog post, but essentially systems employed by competitive FPS games like Overwatch and Call of Duty do not allow anything important for the gamestate to be determined on the client side.

He says he was first made wary of Ubisoft’s approach to multiplayer when hackers in the closed beta found ways to alter some of their own weapon values.

In a statement at the time, Ubisoft said: “We are aware of the cheating issues in the closed beta on PC. The team is fully committed to providing solutions against this and a system will be in place to ensure a fair experience for players when the game is released.”

Fiedler says this had his ‘network spider senses tingling’ as the company simply ‘solved’ that problem by saying they would implement more server-side checks.

“To me this displays a fundamental misunderstanding of how FPS games are networked.”