Ludia Forums

Purchase maskers?

#1

I just learned of this major problem. We were discussing about how come all of the sudden T**** alliance members have level 30 magna now … and they were nonexistent few weeks ago. Even with donation it’s impossible to get this high in such a short period of time. On investigation, someone saw in reddit thread about purchase maskers. Reportedly, they can buy anything ( thousands of incubators) without getting charged. How true is this ? THIS IS A MAJOR DISASTER IF TRUE!

14 Likes
#2

Ludia- You are losing an enormous amount of revenue if this is true. Why would you allow it? What a foolish business decision. If I was Ludia- i would be furious and take action immediately.

9 Likes
#3

Absolutely insane that this type of cheating is allowed to persist. This has to stop…

5 Likes
#4

Seriously insane. I mean probably more then 50% of Apex had played since beta. And magna or irritator for that matter are extremely rare. It takes ages to lvl one to 30. And now they are popping up like freshly minted dinos

5 Likes
#5

looks%20good

3 Likes
#6

I know spoofer are a problem but they still have to dart stuff and then the accumulation of DNA out paces the coin collecting so have to spend $ = Ludia will tollerate a certain amount if it brings in money…

If this is proven true it might be what finally prompts some tough response from Ludia, no need to buy coins if you can free incubator your way to riches.

… this could crumble the whole game infrastructure. So sad

5 Likes
#7

I really hope this isn’t true as it is really discouraging if it is.

1 Like
#8

Ludia hq - we can’t ban the spoofers because they are paying money still
But … they are using fake money
Ludia …

7 Likes
#9

@Ned can you make sure Ludia is made aware of this highly possible scenario ?

7 Likes
#10

If people on reddit and here are aware of it, wouldn’t Ludia be aware of it earlier? If not, than either they really are that careless, clueless, or need better vigilant staff

#11

We’ve been asking for bug fixes, cheater removal and alliance leader tools for months, with little to no response.

You think they bother to scan social media for cheats?

There is a huge support system for a specific cheat that is making someone other than Ludia $$$, and Ludia has not stopped or slowed them.

2 Likes
#13

I’ve been reading about all kinds of ridiculous stuff with cheaters lately. Its really pathetic that they go to these lengths just to cheat in a game. Definitely makes me lose interest in JWA more and more every day. I wonder how many legit players are even on the leaderboard.

10 Likes
#14

I play 100% legit, because I really enjoy JW Alive and I absolutely loathe players who cheat against real people.

However, there is a Ludia game, Jurassic World - The Game which is single player and…

Let’s just say, I am more than familiar with the shady practice you have just described. I don’t know if it works for Alive, but it 100% works for JW:TG.

If you need help or info on what is that, so you can report L5 scum, I am more than happy to provide data on what that is, so Ludia can detect that better and vanquish the L5 noobs into the shadow realm.

Hit me up in a private message, if you want my help, as I am not allowed to discuss it publicly. :wink:

6 Likes
#15

None of the purchase logic should be client side. It should all be server side. If it isn’t then Ludia actually is stupid.

The only way to exploit properly coded purchase logic is with stolen credit cards and that’s only good for hit and run, not for a long-lived game account.

2 Likes
#16

Not a programmer but was financial QA.

The purchase logic may be server side but the information that feeds it might be client side. You purchase something but the server only knows the ‘cash value’ of it, it does not know the contents until they are sent from the client. It might recognize I opened an incubator but they might be able to send bogus ‘contents’ to the server.

Say I open an incubator with 200 Nunda, it might be able to be changed to Irritator before it is sent, that could be client side.

Like when you dart, that is client and is not recognized until it is sent. I could dart Nunda and the server receives it as Irritator. How would it know if there was no check?

Ludia would have to have a ‘sanity check’ on their end to detect it. If a user records say 1,000 Irritator per incubator, that should throw up a flag. But if it records 50 or 100 per incubator, it might be hard to check for. They would have to do a nightly scan to check for abnormalities such as an overcollection of a certain rare DNA in a 24-hour period.

EDIT: Running a scan in a nightly cycle is no issue, we did it every night to hundreds of thousands of accounts. It compares an account from last cycle to the account this cycle and runs checks for different parameters. If a user account went up 1000 Irritator in a cycle, that would be an anomality. Or if it went up 1000 in a week it would flag that account for review. You would just need someone to look at that cycle report to see if there was any fallout.

#17

Anybody have a picture of this said post from Reddit? Or is this just more “he said she said”. Not denying anything like this may or may not be happening, but is there proof or is it “heard from the grapevine” type of rumor

#18

Although this is the first ive heard of such a thing

#19

@Wwwoodchuck I’m going to be blunt. None of the things you describe should be determined client side. The client should NEVER be trusted. It’s very easy to program this way. The only time client data is used is when it can only come from the client and no other trusted source. Anything else is poor design. If you do otherwise with a game your days of profitability are numbered. If you do otherwise in finance you risk avoidable theft, lawsuits, and reputational risk. (I’ve done software development, risk management, QA, etc. in finance and other domains)

Incubators. Each player has 4 incubator slots all tracked server side. All the client does is say I want to open the incubator in slot x. The server then checks if there is an incubator in that slot, if it can be opened at that time. If it can be opened, the server randomly generates the contents per the incubator type, adds those contents to the player inventory server side and sends that inventory update to the client. The client is not trusted to generate any of the information.

Similar logic is used with spawns. Client says I want to dart spawn y. The server determines if that spawn is still there, if the player has already completed darting it, etc. The darting session begins on the client. The client completes it and sends a DNA amount. Yes, this number is determined client side but it has a maximum value that the server can check based on rarity, VIP status, distance when darting starts. When the client sends the DNA quantity, the server sanity checks it, updates the player’s server side inventory and sends this update to the client. That little bit of trust is a trade-off. It avoids having to communicate with the server for every dart fired. However, it does allow the player to force close their app if they are unhappy with the results of their dart session because it isn’t sent until after the first of the two animations at the end of a darting session.

TL;DR: Nobody who cares about their company (entertainment, finance, services, etc.) programs in a way that trusts client side information that can and should be generated and tracked server side.

4 Likes
#20

In fact, if Ludia wants to hire me to audit their security design… :sunglasses:

1 Like
#21

@ RolandHTG
So what they are describing in the OP is impossible then?