Anti-dupe system (the ID thing) - why could it work, and how?

Stoviron · 2017-10-08 14:17:53 UTC

Adding unique ID to every looted item seems to be quite popular idea, yet still considered “too hard to implement and unclear”.
Let’s have a fresh approach!

Duping - what is it, why do we want to fight it?

Duping is basically duplicating items exploiting the game mechanics. Why is that bad?

It spoils economy - valuable and hard to get items are duped and sold to other players. It makes them way easier to get, therefore they often become cheaper. It isn’t even the end, however I won’t explain how does the RotMG economy work.
It breaks Terms of Service - that’s self-explanatory.
It leads to limitations - duping is responsible for some items being soulbound and abandoning the unsoulbound weekend idea.
It increases the gap between dupers and honest players - honest players work hard to obtain their beloved items while dupers just make a copy of another one.

What’s that ID system?

Many people suggested to assign ID to every looted item. For example:

Player loots potion of speed. It’s the first potion of speed looted, so it gets an ID of 1.
Another player also loots potion of speed. It is now second potion of speed, so it gets an ID of 2.
The next player loots potion of speed with id of 3.

System should register every drop and put it into a database, so it will know which IDs are still free. For example:

Player drinks potion of speed #2. The system registers, that it no longer exists and clears the entry in database.
Another player loots potion of speed. We have #1 and #3 IDs in use, so the new potion of speed gets the lowest possible ID of 2.

That way the highest ID of potion of speed will correspond to the highest amount of potions of speed existing at the same time and therefore won’t cause problems due to number being too high.

How does it prevent from duping?

While duplicating potion of speed, both old and new potion of speed will have the same ID, let’s say #2. Provided that both potions of speed are in the inventory of the duper, system dedects that there are two identical items with same ID, and simply deletes one of the items. Since they are the same object it doesn’t matter which one will it be.

What if both objects weren’t in the inventory, let’s say one was in the chest?

Theoretically, there can be a situation where duper leaves one copy in chest before the system managed to detect there are two items with same ID.

One way is to scan duper’s vault in search of items with same ID as items in player’s inventory and delete one on his way to nexus (or wherever).

Another way is to delete every item with the same ID when one of them dissapears/changes owner (if it changes the owner, new owner will still have the real item while other items disappear).

How does it work? Or does it?

Let’s imagine a situation when duper clones potion of speed #2. He leaves one copy in the chest while quickly escaping to the nexus or whatever, confusing the system not to detect there are two potions of speed with ID #2. However as soon as he drinks/sells/throw out the potion of speed, all potions of speed #2 disappear and raise player’s speed by 1/spawn potion of speed #2 in the buyer’s inventory/spawns potion of speed #2 in pbag on ground.

As long as all data is stored on the database, it can be accessed by the server to check if everything is all right. To lower the number of operation the server has to process, it would check for duplicates only in specific situations and only in limited space. Additionally it could check the whole database once a day/week, whatever, to kill all dupes that somehow weren’t detected earlier.
So… I think it would work and it wouldn’t be really that hard to implement.

What would community gain?

Basically: more stable economy and probably some soulbound items would become unsoulbound. Also, the crime rate would lower!

TL;DR

The ID system is way that could prevent duping, it only have to be approached well! Also, most of the process can take place outside of the flash, so it isn’t really the problem!

I could write some more examples and explantations, however I didn’t want to make the text ridiculusly long. If you have any doubts about the system, I’ll try to dispel them!

Retro · 2017-10-08 14:19:47 UTC

deca = lazy
id system = too much time

Septagram · 2017-10-08 14:29:02 UTC

the only problem i see with this is that ppl can duping and instead of seeing the items as having the same id it just gives it a higher id

Messaged · 2017-10-08 14:33:16 UTC

Deca has an automated reply system and the players make all the sprites and dungeons. Do you think they have the time for that? Deca just bought realm for quick and easy money. They’ll just perma ban you and give you 0 explanation to what you’re banned for, even if you didn’t get banned for that reason. Don’t waste your time on DECA GAMES.

MandyS · 2017-10-08 14:36:37 UTC

I like the idea, but… wouldn’t such a system check every time a pot (or item) is dropped cause a wee bit of a slowdown of the system? We already have a lot of lag problems.

Stoviron · 2017-10-08 14:37:06 UTC

New IDs would be assigned only to fresh drops (and if needed items in chests will have their IDs assigned during the realm generating). Any other operations - throwing away, trading, anything would keep the ID unchanged.

Stoviron · 2017-10-08 14:39:10 UTC

Sounds reliable.

Stoviron · 2017-10-08 14:44:17 UTC

It could be limited to the most valuable items so that it doesn’t slow the system too much. Also in real-time it could only check whether there are duplicates in player’s inventory and all other duplicates eradicate once a day or something.

AznPwnage · 2017-10-08 14:47:30 UTC

Reading your explanation… no.

You would use GUID, generated at random - not a normal number sequence.

… so where else do you think it’s stored? In a ledger?

Who dictates when such a “situation” occurs?
Also there would be no need to “scan” for duplicates - any item generated by the code would have a unique id. Every item which doesn’t has been generated by a dupe.

Idk whether you have any technical knowledge, or if it’s a very rudimentary knowledge, but your words make it seem like you’re not very knowledgeable in technical implementation.

The game has been through various iterations and owners, many different dev teams. As is the norm, especially with projects that have grown massively in a short time - the code base is a hot mess. It may be organized to some extent, but it isn’t exactly possible to just say “yeah! Let’s add numbers to items!”, and it’s done in the next week. No. A basic implementation of any feature, no matter how small and simple it may seem to the end user - it’s a culmination of various code writers, testing teams, etc.

There are higher priorities than battling duping; and let’s be honest here - it’s grown into an industry of its own. And shutting down duping may have a detrimental effect on the game’s stats.

Stoviron · 2017-10-08 14:56:21 UTC

Why should duplicated item have no ID then? Isn’t it duplicate of an another object maintaining all the old object variables including ID?

Craftable · 2017-10-08 16:14:43 UTC

This has been a long-suggested concept. If someone’s a good flash coder perhaps they could throw their hand at developing some sort of betatype system like this. Its clear from the past 2 companies this feat was either impossible or unpractical.

ReiHokaido · 2017-10-08 16:44:27 UTC

Fuck man, only giants like steam can afford to ID everything…
And the requests to the server whenever someone drinks or equips something…
“IS THIS VALID YES OR NO”
“IS THIS VALID YES OR NO”
“IS THIS VALID YES OR NO”
"IS THIS VALID YES OR NO"
Deca’s servers can’t handle it

Toastrz · 2017-10-08 20:23:09 UTC

You’re right that it would take a lot of time, but I wouldn’t say the hesitation is done out of laziness. With a system like this in place, the game would be creating hundreds of unique items every passing second. That would put immense strain on a Flash game like this. Also, as you said, it would take a lot more time than how the OP is making it out to be. The loot drop system, Nexus shops, player trading, all of these systems revolve around items, and they would require major rewriting to make functional.

The only way a system like this will ever be feasible is once the game is moved away from Flash, at which point things will need to be rewritten anyway so it would be the perfect time to implement. The servers would probably need to become seriously powerful as well if the game wants to stay playable.

Samcw · 2017-10-09 01:40:32 UTC

It doesn’t even have to do with flash. It’s mostly a back end change and the back end is written in c++. Without knowing the back end code we can’t help. And of course deca wouldn’t just release their back end code…

Samcw · 2017-10-09 01:58:02 UTC

The devil is in the details. You just outlined the easy aspect of a uid system (and some of your design is kinda redundant). Issues not addressed:

What situations? You have to come up with an ad hoc list of situations that don’t put too much strain on the server. It also doesn’t help that realm has different servers all over the world. A duper may immediately move one account to another server so you would need different servers talk to each other a lot.

There are also plenty of other performance issues. Searching through items for a given ID is an expensive operation. There are ways to make it fast with an appropriate data structure but it’s not as simple as you think. Often a seemingly simple idea requires tons of effort to execute in a large distributed computer system

RubeII · 2017-10-09 05:36:02 UTC

I wouldn’t hold my breath either.

Or maybe, just maybe the technical stuff wasn’t that important afterall, and other factors played a more important role here. Making all UT items soulbound is a very convenient way to shutdown mules (why still tolerating them, uhh so clever), and thereby forcing players to buy vault chests, or getting frustrated as fuck in no time.

Yes. But who said this problem needs to be solved globally anyways? There are only so many actions where items are changing ownership. Is it really necessary to take all items/uids into account? Do items even need a persistent uid? I really don’t think so. In the end, you just need to have a secure trade (or transaction) between exactly two parties.

Samcw · 2017-10-09 07:14:51 UTC

Changing ownership is not the only way to dupe. Back in 2012 or 2013 you could dupe just by opening two clients at the same time by exploiting concurrency.

Of course a good implementation wouldn’t scan through all items but to narrow down to, say, people who just traded/vaulted. My point is that retrofitting UID into the system is not as simple as OP put it.

AFAIK trades are 99.99% secure. The infamous oryx dupe took advantage of rollback (crash recovery). It’s not enough to just have a secure trade. Let me elaborate further since it looks like you have a technical background:

With so many things going on, the server can’t afford to store any change (e.g. looting a dex pot) persistently. Instead these changes are only stored temporarily in the memory and can be lost if the server crashes for whatever reasons. From what I observed the server would do a persistent write (i) every minute or so; (ii) when you return to the home screen; (iii) the server hasn’t heard from you for a while (15 sec?). Oryx dupes worked as follows: (1) player A gives items to player B; (2) player B returns to home screen; (3) duper forces a server crash so player A’s data would “regain” the items since A’s data haven’t been stored persistently.

Of course now Deca has patched oryx dupes (by storing recent trades I believe). But with so many ways your game data can change chances are that you can still dupe.

Alysian · 2017-10-09 07:20:52 UTC

Don’t even think duping’s happening much anymore.

Craftable · 2017-10-09 07:41:43 UTC

Its driven back underground. Hell, the original duping method was released in an unlisted youtube video, being spammed in USW only for hell to spiral loose about a week after.

Skandling · 2017-10-09 11:03:19 UTC

If it were easy they would have done it already. Really, they’ve invested so much time in anti-duping methods, introduced changes that have inconvenienced and pissed off players, and still reportedly haven’t fixed it so are losing money because of it. If they could have solved duping already with IDs they would have done so long ago.

Problem is introducing IDs would be very hard. It’s one thing to introduce them from the start. It’s another thing retrofitting an existing code base, one which reportedly is not of very high quality. Apart from the sheer difficulty it has two obvious downsides.

One is cost; objects on a player are stored as numbers. Right now these seem to be shorts (16 bit – 2 bytes) so very compact) but they make up most of the data stored for players on their servers. Just look at the dump of data returned by MuleDump. Adding IDs to every object would increase the storage significantly, by at least 3x as much (4 extra bytes). All this has a cost, for storage and network transmission.

The other is the disruption. IDs would in theory stop all duping, but they would do this by interfering with some sorts of in-game transactions (as duping works through in-game transactions). What if IDs stopped some legitimate trades, or even made them fail by e.g. deleting objects. The deletion might be right according to the ID database, but it’s your UBHP that suddenly vanishes.

And for any new system there will be hackers out to exploit it, looking for any flaw, trying to break it in unexpected ways. Especially in this case, if it disrupts their business model based on duping.