Explanation of how SE Detects Cheating.

Beep by Sara Rose, FFXI Fan Art, Drawing

Beep – pokes your nose by Sara__Rose!

How is it done?

For those that aren’t technical savvy… just want to let you know about the FFXI logging system.
I can’t say what I’m saying is completely right, but 95% sure they use this method, because I use something like this… at work to do the same thing (finding trends/patterns) to find trends with a bunch of website logs (well in this case, game logs and trends of cheating).

Go take a look at this location below, you’d find files from 0-18/20. Open one up.

C:\Program Files\PlayOnline\SquareEnix\FINAL FANTASY XI\TEMP

Now look at what’s there… those are the stuff that SE Stores on their servers. Basically, all actions, chats performed, are sent and saved. You are sending it ANYWAY (well if you make a movement, you are sending them your new coordinates, so they can forward it to all players beside you to inform your character moved), so they are simply storing what “goes into their server” as record anyway.

Now what’s there?

  • Date/Time
  • Your X Y Z Coordinates
  • What appeared on your chat log.

So what CAN appear on your chat log?

  • Quest item you Obtain
  • Items You Obtain
  • Actions “Disband Party”

Basically… they know wtf is going on just from those log. How would you think they came up with THAT?

Chat Frequency: 210,691
NPC Conversations: 29,485
Parties Joined: 1047
Alliances Joined: 71
Battles Fought: 44,618
Number of times KO’d: 596
Enemies Defeated: 26,535
GM Calls: 0

Those are basically, taking ALL THEIR RECORDS, and totaling it up with a script. Why can’t you see it everyday? Because its in a file stored somewhere… its really just record keeping but thought its fun to make something out of it.

Remember those stats about login times, logout times? Peek Hours? What sells the best on AH? Oh they store everything. From first day.

Why Store?

You know those Air Miles card you use? Well they might give you free tickets, but they are tracking your spending / purchasing habits and… the business buys these “data” just so they could accurately advertise a specific market segments. Your “free tickets” is actually paid by say… your grocery store chain. =) They buy these data and know exactly where people buy groceries, hence locating one near you to take money away from both you and competitors.

Although FFXi’s data don’t seem to valuable, but economist do realize… a game’s economy is a very good simulation of a real-life economy. What happen when there’s deflation? Kclub from 120m to 30m? When prices is dropping, everyone knows to hold cash (when SE draining gil like mad). The data that SE collects might be worth some money some day, because they represent a free market economy… an economy driven by real players. Beats simulation. There’s up’s and down’s. They can test so many features such as… “lets throw serket ring away” and see price drops / elasticity of this high-demanding item.

FFXI Fan Art, Drawing, LovelyDagger, Daggy

Asking is a Risk by LovelyDagger!

So How do they Detect Cheating?

Lets make a few lines of log. We’ll assume the date is the same. I’m going to simulate a POS hack.

*Assuming the landscape is flag, so instead of X Y Z, you only have X Y*

You login to your mog house. Coordinates on map is 20,20. Lets say you move to your left. Here is what you send to the server by your PC.

Time: 00h00m00s Coordinate Change: 19,20
Time: 00h00m01s Coordinate Change: 18,20
Time: 00h00m02s Coordinate Change: 17,20
Time: 00h00m03s Coordinate Change: 16,20
Time: 00h00m04s Coordinate Change: 15,20

SE then can say you moved 4 units in 4sec. Normal Walking Speed. 1unit/sec

Lets say you flee. Your log will look like this.

Time: 00h00m00s Ability Use: Flee
Time: 00h00m01s Coordinate Change: 19,20
Time: 00h00m02s Coordinate Change: 17,20
Time: 00h00m03s Coordinate Change: 15,20

SE then can say you moved 4 units in 2sec. You’re MOVING fast, but since log also shows you used flee, SE knows you use FLEE to move that fast.

Lets say you POS. Your log will look like this.

Time: 00h00m01s Coordinate Change: 19,20
Time: 00h00m03s Coordinate Change: 15,20

SE then can say you move 4 units in 1sec. You’re moving fast but your log ALSO DID NOT SHOW you used any ability, and…there is no such thing in game that you can move that fast (Well again, ignore Z, but if you’re sliding, a rapidly changing Z would also mean its possible, but lets assume its flat for now). They will then from this, FLAG your account for POS.

What about Dupes?

All they need to look for, is have the program go through all the logs and look for these.

Time: 00h00m00s System: Long Bow Chairot was defeated by XXX.
Time: 00h00m01s System: You find Macha’s Coat on LBC.
Time: 00h00m02s System: You find Macha’s Coat on LBC.
Time: 00h00m02s System: You find Macha’s Coat on LBC.

Time: 00h00m03s Chat: XXX>> ZOMG THREE DROPS!!!
Time: 00h00m04s Chat XXX>> FUK YA!!!

To ensure there is no error, they will also look for.

Disbands and Join Parties to reassure that they ARE exploiting the bugs.

When all these conditions are met, they flag you.

They do the same for everything. To catch gilsellers, they just use their v1.337 “script” that they already written, find those conditions as described in their posts… and when conditions are met just like the above example, they get flagged.

I can imagine all the conditions they look for in their logs for fish botting, RMTing, AH botting… they are basically “log readers”.

This is WHY you don’t talk about crazy things in FF chat logs. Assume its being read by GM’s! (Scripts are GM’s ok…)

I was a WoW beta tester long ago, and they used to have a debug screen, telling you what exactly is being sent to the server, so knowing how WoW works, I can only imagine the same if not all for FFXi. Also, the above stuff… is pretty simplified. Now imagine SE went much deeper and more ways to track/create a relational database using logs… its much more complicated for them =)

A video to describe yesterday’s bannings!

Yesterday’s Banning

I actually do not think what SE was the most ideal way to solve what happened. It’s like people not getting banned for using AV bugs to kill AV. Its a flaw on design on their part. It’s also like that Chocobo quest bug… people do that quest for large amount of gil… but all those previous bug were mostly exploited by RMT and was never an issue to ban them.

However, this exploit was a little serious, and was exploited by real players. IMO looking at the banning, you either know it (like Valefor with so many banned) or you don’t (like Fenrir). To those that know it, it sucks but your LS doing it… and it’s kinda hard not be a part of it. If my LS knew it, I’d probably take part. We’re probably not goin say “no, you are exploit, firefly out”. It’s a very grey line. I honestly believe a lot of people that got on that list had no intention of abusing it… it was probably helping a friend, helping the LS and you just happen to be there while they were using it.

Now that’s being said, I really think a Perma Ban to anyone who exploited the bug is VERY overkill. I think the community would have gotten the message the same way if everyone just got a Temp Ban.

Blizzard’s Way of Handling Bug/System Exploits

Back then, there was something call “Win Trading”. For those that plays Warcraft 3 ladder system, you would know your rating is always matched with the same team rating. Basically, when a team raises their ranking by only playing a farm team that agrees to lose. So, the common “trade” is WoW is the farm team to be made up of your 2nd or 3rd character of another highly ranked team and they switch. So for example, the cheater Ranked Team A will play Loser Farm Team A for 10 games. Then cheater Ranked Team A will get on their alts and be Loser Farm Team B, losing to the mains from Loser Farm Team A (which are now Cheating Ranked Team B) for 10 games.

The system is very flawless, it randomize opponents among all 10 servers. Well how do you ensure Team A always play Team B? Well they do it at 7am. When nobody is on and nobody to random with, you will always be paired with the same team! There you go =) It wasn’t even a BUG, its exploiting the system (exactly like AV bug).

How did Blizzard handle Win Trading? They track down players who either did that or PURCHASED their Arena Point with Gold, went into their account and delete EVERYTHING they ever got from Arena. (That’s like deleting all your Salvage gear). Although that created a big chat topic, but for those people who suddenly walking around without Arena gear, you obviously knew they were cheater. The talks and gossips they would have gotten from it would have been already a good enough punishment on TOP of their gear lost.

FFXI Style.

It’s sad FFXI is such a great game and don’t deserve the treatment that they are giving to their customers. For people who didn’t take advantage, of course you’d say “yea give them the banstick”, but put yourself in their seat. If your Salvage LS found out…. would you have really done it? Its a very grey zone.

Even Kaeko was part of it, and honestly I think he gave in a lot to the community to deserve such a shitty banstick.

Seriously, SE should sometime take a look at their competition (like Blizzard) and see how they handle things. I mean SE FINALLY learned what it means to listen to the gamer… what they really want instead of “following their 10 year FFXI game development plan, which is boring as hell”. Look, they are finally consider implementing “One-Time Password”… great, another thing that Blizzard already had. How about some friendly GM who does things (which Blizz already have). Maybe consider BitTorrent someday for the PC Client? Windower took them such an epic long time to implement… I won’t say Blizzard invented everything, but they for sure look around and see what’s good, and copy the good stuff into their game. They have 11.5m subscribers. Whatever they are doing, they are doing something RIGHT.

Odin, FFXI, Kaeko

I don’t want Kaeko to get banned =(

Mai Few Cents

They don’t deserve this treatment. First of all it’s just a game, people come on to escape reality, to log out from RL to enjoy their second life. Things shouldn’t be that SERIOUS. Yes, exploiting bugs is pretty bad and you are gaining an advantage… but think of it like this. If they really knew they would and can get banned over it, you’d think people with 7 relics would use it? Obviously a lot of people misjudge where SE draws the line. A lot of people uses Windower. We know anyone can get banned over Windower… but a lot of people see this risks as something do-able because… we calculated the risks… and you feel it is something SE won’t care about.

There was a better approach to all this, and shouldn’t have give people this type of no-warning perma-ban treatment. Just delete their Salvage gear… good enough… if they feel its that necessary.

FFXI is a good game, with an extremely good community… deep down my heart…. I’d still love FFXi over WoW… but they got to give me a reason to keep playing. Banning friends is the last thing they want to do on top of all this MMM crap they put out… I really hope a few of those list would escape from this perma-ban (consider 500 perma 450 temp, more than 50% will be gone T_T) including Kaeko… because I just love what he writes AND A TARU!! :D:D

PS: The video above is pretty… much explains what happened. And yea I really don’t want to see you guys in this pixelated game call World of Warcraft… so stay there =)… back to Mai Naxxramas 25man Raid Tank-Throw Boss :D

8 Responses to “Explanation of how SE Detects Cheating.”

  1. Shaya says:

    I gotta say I don’t agree with your reasoning. You say “you think people would have used this exploit if they knew they could get banned” ~ this exploit worked in Nyzul, Salvage AND Sandworm, people were not only getting triple loot but also triple cells (to make runs easier), or triple money drops (alexandrite, Sandworm drops which are mostly all sellable). Obviously these people (the ones who took the most advantage and eventually got permabanned) figured they were doing something wrong, otherwise the people who were duping things wouldn’t have gone to such lengths to keep it undercover. SE has banned people from taking advantages of exploits in the past, no reason why this case should be different.

  2. Maiev says:

    But there’s also those that got banned for tagging along…

    They all knew there’s a possibility of getting banned (yes, doing something weird … obviously doesn’t feel right). But there are those that’s just tagging along =)

    Also… the fact that “banning for exploits” wasn’t really something SE really do. They usually patch and move on… unless they are admitting it in chats. You know even the title of the thing says “Handling Misconduct”… I haven’t see that before in POL news.. so that’s what I mean… it didn’t seem like SE would take actions for exploit abusers until today.

    I just feel sorry for those that’s tagging along. I’m pretty sure there are :3

  3. Shaya says:

    Yea, but then again.. how many posts for “I didn’t know I was doing something wrong” versus people who realize it was an exploit and respect and accept the consequences for what they did… Sure, it could show someone did something bad, but in a lot of cases, they knew the risks, and they obviously took great care that SE wouldn’t find out ~ IF THEY THOUGH IT WAS OKAY< then why the need for secrecy?


  4. Anexia says:

    I tend to agree with you–some sort of punishment was needed, but banning was over the top methinks.

    And thanks for an explanation of how SE found who was using the glitch! I knew what the glitch was–getting duplicates of gear–but had no idea how that works or how SE went about figuring out who did it.

  5. Kaeko says:

    First off, thank you for the kind words. I expected to be laughed at pretty hard when this came out, but if anything, this experience has been met with nothing but uplifting comments and appreciation towards me. Sorry if this comment is too long, Maiev.

    Anyways, my personal take on this is that we are all at the mercy of SE the instant we break any form of ToS, which for me and many others, is essentially the instant I log on due to windower usage. Forget smart marketing, it is their game and we’re just along for the ride. My only responsibility as someone that does break ToS, is to make sound judgment calls and predict what SE will not tolerate vs. what it will. Because SE does not communicate with players or even hint, this requires very sound judgment.

    There are a great number of bugs in this game still active. I think readers would be surprised to realize have been and still are active methods of duping in FFXI. They are just not so widespread. The one that is still currently functioning I immediately knew not to use because I felt that SE would immediately ban anyone that used it because it involved both gil (which affects economy) and was somewhat complex. The salvage dupe bug was actually quite simple and many have done it on accident (at least the first half of the bug involving party buffs).

    Using this bug was very bad judgment on my part, but in my opinion, not due to it being somehow ‘morally wrong’, but because I incorrectly judged SE’s response. I suppose this sounds like a half-***ed apology but this is truly how I feel. I will own up to whatever happens to me, I just really don’t believe in the moral high-house others take. Based on other reports on BG awhile back, if you participate in the ‘exploit’ and tell the GM, you can be jailed trying to be the boyscout. There is just no way to easily convey what you know without adding risk to your own account.

    The term “exploit” gets brought up so many times on my blog. If there was a way you could search for this word in the comments I’ve received, you will see this word come up a lot. When I solo’d Apollyon NW, I was told my kite path, which tricks a bad AI to the point where you can get a 8 second cast off, was an exploit. When I solo’d Bhaflau Remnants, I was told deaggroing LBC was clearly an exploit and my kill was invalid (even got my own alla thread). When I was lucky enough to kill AV via the KC DRK cheese, I was told this was an exploit.

    When I posted explanations of the previous AV kill methods, I was told they were exploits despite the fact they were found on complete accident, one of them after a mind-numbing 30 hour duel with AV by a LS on my server. The other was found by accident again, and was even debated to be the ‘true’ or ‘intended’ method given SE’s cryptic script when AV spawns (something about showing thy virtues). Some claimed that AV’s virtues were its pets and that killing them repeatedly would weaken it (which it did). Turns out, oops, exploit. Ninja patched with no warning or POL explanation. The recent PW kill even, many dismiss it as an exploit based kill because it involves logging off. As people involved in rigorous endgame, we may think some of these claims of exploitation are hilarious and unfounded, but remember, SE listens to premier sites who believe and start these claims, and any avid endgamer knows to avoid premier sites like the plague if you want the best information.

    A very small population of players progress the metagame of FFXI. This is not a statement of arrogance, but a fact. What was arrogant on my part, as one of these players, was to believe that my judgment on what was a serious exploit or not would be considered or taken more seriously than the more casual player who just uses the information we learn, teach, and progress. The average player, especially on premier sites like Alla have spoken, and I am in the minority. Many others in the highest tier NM LSs or ‘pioneers’ of game mechanics and strategy may be or are gone now. There is an undeniable arrogance on our part for believing we were above the public outcry of the general playerbase.

    This experience has been a humbling one. If I come back, I won’t completely avoid exploits (because the definition of it is so nebulous), but I will be more careful. Sometimes you have to take calculated risks in order to progress. Such is none more evident than on AV/PW. I thank you again for the kind words and can say sincerely, and humbly, that I am not above the playerbase, regardless of anything I have done in this game.

  6. Etain says:

    “But there’s also those that got banned for tagging along…”

    In the US (dunno know about Canada laws), if you witness a crime because you’re with the people who committed the crime at the time and you DON’T report it, you’re considered guilty by association, and can be prosecuted and considered an accomplice to the crime.

    Is that much different here? How many people that got banned “by association” went and reported the bug the moment they witnessed what was going on?

    I’m pretty sure no one that got banned here is 100% innocent. I do agree, however, that it seems borderline ridiculous how SE handled this by just handing out bans left and right. Now, if some of those people had strikes against them on their account for whatever reason (MPK, harrassment, etc.), then yes, I can see a ban being handed out. Honestly though… you can’t tell me that these 400+ were all guilty of that? I agree that deleting ALL the Salvage gear AND ALEXANDRITE of the offending parties would have been a better, and possibly more reasonable solution here… but this is SE.

    Now for the Sandworm dupers… I dunno. They’re guilty on two fronts with duping and then taking advantage of people through the economy. Maybe they should have gotten suspensions/bans for that (in addition to losing Salvage gear) but I dunno.

    This whole thing is a holy disaster, which could have been avoided if ego-centric e-peen’ers had reported this bug AS SOON AS IT HAPPENED instead of covering it up and keeping it quiet to get epeen+1. Coulda, woulda, shoulda.

  7. Tuufless says:

    Well, according to Lordwafik, someone in his Salvage group actually _did_ report the bug to the GMs.

    Their response?

    “We know about it but aren’t doing anything for it since we’re too busy on our newer MMO.”

    So then what?

  8. Maiev says:

    @ Kaeko.

    Again, thanks for dropping by. I’d thought Kaeko only surfs the BG forum but I guess I’m wrong. =)

    I have to agree to the fact that… I myself would have also incorrectly judge SE’s response to this exploit. For the longest time, all the other exploit was just patch and move on (would only ban if it involves gil)… If I heard this exploit, I would be more than tempted to at least try it.

    I’m a fan to a lot of stuff that SE don’t like… done all sorts of things in the past lol… and having the same personality as you (love to test and make progress… well I used to), I would probably be in the same hole as you now.

    The word exploit reminds me of “3rd party programs”. It’s so horribly used by a lot of players. I’ve read your Apollyon NW solo, although it is a bad AI… I do not think it’s an exploit simply because maybe that WAS programmed in there… intended to be like that. A specific kitepath is also a kitepath… you are still taking damage, the monster still got all of its abilities, and you can take damage. I do not see a stupid AI walk path as an exploit.

    The deaggroing LBC was part of the deaggroing mechanism of the game. Again, I do not think it’s an exploit.

    Also, back in those days around 2003, BLM that magic burst on Fafnir would get amazingly amount of hate, and we all know logging off clears hate. How about the whole KC dark zerging. They capped haste on Rune Chopper for a reason… maybe they thought people were “exploiting” the weapon? What about blinking while you do JA so you can move around? (which a lot of people do). I’ve seen enough people blinking during Provoke on mobs, just so they can run and provoke. I guess most melee who blinks before the JA should be consider using an exploit (I don’t know if you’re exploiting or actually changing EQ for WS). So IMO the word exploit is really what SE think to which extent of abuses of their shitty PS2 Emulator of FFXI for PC is acceptable. Not what the playerbase thinks… because obviously some exploit are just straight up acceptable.

    Regarding people giving you a hard time on your strat being an exploit, I remember when I released vids of soloing, I love people hitting on me for using distance plugin, saying it wasn’t legit enough… although everything is recorded to their face. It only tells me a lot of people just love to shit on your accomplishment. It makes them feel better when they are indifferent from you (who is someone that’s really awesome), or what you did didn’t count so you and whoever are now indifferent.

    Regardless, most of us are violating the ToS everyday. Windower, in chat talking about illegal stuff, 3rd party, exploit.. I even wrote a whole guide on Windower macros (which is teaching people how to exploit it even more) but the idea is to really think what SE think it’s acceptable and what’s not. Like you said it’s a calculated risks. I have my own, you have your own, and you just happen to miss that calculation. It doesn’t make those that haven’t got the stick clean or innocent. Of course yours is harder to decide, because as a person who wants to be a pioneer in strat, you got to test shit out… and it puts your account at risks… when you try “weird” things.

    But regardless, I’d still admire you at your achievements and contribution to the community. Although your AV strategy seems crazy to read (when I read it, I am like WTF face lol), but the fact that you try to move the game forward (the fact you’re sharing your findings too) is something that you should be pround of… bringing something fun to kill for everybody, and trying to progress in this game, whereas 99.9% of the player are just too lazy to do anything, wait for a strat to pop on BG, repeat and rinse.

    Your enmity research was more exciting to read than Version Update Details. I remember getting a few IM’s on the same day asking if I’ve read your Enmity research. It was astonishing. I wish I had a Scholar (so I’d actually understand your findings). So I’d just like to say thanks for the contribution and really hope you really get a temp, because I.. and many others would like to see people like you who try to progress in this game and not sit kill Fafnir for another 4 years to get Ridills.

    Good luck with your account. I feel you’d make it through this one! =)


Leave a Reply