Unbeatable anti-cheat.

[mmmPI]

I like to split cheats into two groups:

• Resource based: Anything that gives you a resource benefit, regardless whether actual resources, unit health, etc.
  These will be detected (in multiplayer) by factorios deterministic nature, as several posters above already mentioned. Note that the server is prevented from using resource based cheats as well.
• Knowledge based: Anything giving you a knowledge advantage without changing the game state, e.g. removing fog of war.
  These are possible: Save the map locally, open it in a second instance of factorio, have fun exploring. A suitably edited client binary could offer the same options live. The debug options (F4) can leak quite a bit if information as well.

Edit: I should add a third kind to the list:

• Scripting: Executing legal actions, but with inhuman speed and/or reaction time.
  Possible using a suitably edited client binary.

I like this approach, it makes sense to me.

What's the point of "cheating" in a sandbox game?

I like that question too, made me think what would a cheater accomplish that would qualify as cheating succesfully ?

And to follow up on the nicely organised list, it is possible to split goals in different groups :

• cheat on multiplayer server
• cheat on achievement
• cheat on speedrun

This is because to me cheating has to do with unfairness towards other players.

1)Cheating on a multiplayer server feels quite easy to me using the 3rd kind of cheat mentionned by Nidan , just use autoclicker and you don't even need an edited binary, that's not a powerful way to cheat, but you will have unfair advantage over players. It could be as simple as "play normal until you have X in your inventory", then press the button to activate macro, and your character builds a pre-recorded blueprint super fast. That would like a TAS (tool-assisted-speedrun) for someone who doesn't know how to properly make a TAS x).

2)Cheating on achievement can be done the same way, but it's even easier, you can just be a bunch of spectators while other people do all the hard work or edit your filesave later on.

3)Cheating on speedrun is much harder ^^ people will ask for runs or replay or videos, and study them, you can find many videos on the internet of cheater being busted in speedruns, learn a lot of math about probability statistics, video montages and so on x)

[Nidan]

2)Cheating on achievement can be done the same way, but it's even easier, you can just be a bunch of spectators while other people do all the hard work or edit your filesave later on.

With a little bit of modding, you can also trivialize the steam/unmodded achievements. Get or make yourself a mod that sets up a situation just shy of getting an achievement, save, load the game without mods and then do the final step.

[Twinsen]

Heh, just stumbled upon this interesting topic and appreciate your praise. The game is not competitive so we don't really make any effort to prevent cheating, just use good code practices.

The deterministic lockstep model is indeed great for preventing incorrect player behavior, like duplicating or spawning items. We even check network inputs for validity before applying them and drop them. That being said, there are probably holes in these checks that at best will allow you to duplicate items or at worst crash everyone's game. Finding them is probably not easy even with the provided PDB symbols, but if you do, we'd be happy to fix them

I feel you didn't really address "map hacks"/"wall hack"/ESP or in general information hacks. Assuming a PVP multiplayer game, it's easy to patch the client to allow you to see into the "fog-of-war". We even have a debug setting that allowed this but we removed it from the Release builds. Take a look at CoveredChunkRenderer::prepare, maybe an early return will allow this : )
There's more debug settings even in Release that give you cheaty information(such as biter attack paths).
Since Factorio is not really a competitive game, these don't really matter, but if it would be, I wouldn't call it's anti-chat unbeatable.
If we were to give clients only partial map information, the model would fall apart quickly or get really complicated really fast. We would like to do this so players joining the map don't have to download the entire map for example; but this would be a different architecture.

[eugenekay]

We even check network inputs for validity before applying them and drop them. That being said, there are probably holes in these checks that at best will allow you to duplicate items or at worst crash everyone's game.

I did some private Fuzz testing of the Networking pieces of the Binaries that I could identify (in the multiplayer handling; I didn’t go as deep as finding all of the curl invocations to check for HTTP/S safety) around the 1.0 Release, to determine if the Daemon was “trustworthy” enough to be allowed to run on a Kubernetes cluster…. It seemed pretty good! I was never able to get any of the functions I tested to decode a network packet without having first properly signed-in to get a user API key - or setting LAN mode. The Client would crash all the time when my packet-injector/capturer would mess with its end, but the Server daemon never crashed from invalid input - just dropped the Client.

I was able to get the server to Reply to a Replay attack - but could not figure out how to get a reproducible Denial-of-Service (Server Crash) to result; the fake-client would get dropped because it did not “catch up” to running the map after a while.

[mmmPI]

With a little bit of modding, you can also trivialize the steam/unmodded achievements. Get or make yourself a mod that sets up a situation just shy of getting an achievement, save, load the game without mods and then do the final step.

Yeah why look for something complicated when a simple thing works x). I noticed Twinsen too mentionned the debug settings that can be used to "cheat", i often forgot it's there but it can be VERY useful in early game !

Made me realize the inconsistencies in my previous description of "cheating" because if every players can use those to get achievements, then you don't really get an "unfair advantage over other player", it's more about cheating, "the rules" or "the system", similar to hacking the game in a technical way.