Sunday, December 29, 2013

Rust, a popular multiplayer survival game available on Steam, Taken down by "Script Kiddies."

Rust, the survival game from Facepunch Studios that has been released on steam as an Alpha/Early Access game is off to a rough start. Plagued with the rigors of surviving it's own popularity, the game has been brought down by an exploit of their network. Unsuspecting buyers brandishing phrases such as, "Kill the hacker!" or "I Demand a refund," like angry villagers would with pitchforks and anything they can use to attack their suppressor.  Unfortunately, the suppressor is largely unknown, and their cries of foul on forums and post replies have encompassed anyone who may be to blame, or not.

Here's some information about what I have been seeing and what all this hubbub is about.  Hackers, DDOS attackers, conspiracy... It's all here below. Skip to section 4 to read about that. Read the rest if you are not familiar with this game and the drama.

1. The Basics

What is Rust?

Rust is a 3d multiplayer game of survival on an Island of the same name, "Rust Island." Here, for no good reason, people have been dropped off with nothing but a rock, a torch, and a couple of band-aides.

You, as one of these unlucky Rust Island inhabitants, must use what resources you can gather, find, build, and craft to survive in a hostile environment. Here, wolves will chase you down, bears will tear you in half, and zombies will eat your face. But these hazards are hardly sweat inducing, compared to the heart pounding thrill of running from, or killing your neighbor. It's a kill for the next guys gear slaughter fest. Gather your resources, build a home, and hope the next guy doesn't find a way to break in while you are offline.  Rust Island is the survivalists dream vacation location.

2. Why is rust so popular?

Rust is popular for a few reasons.  It looks good, it has a challenging premise, it is openworld, it includes player made buildings, and it is multi-player.  It is like combining all the of best features of Elderscrolls or Fallout (Skyrim/Fallout 3,) and Minecraft with the simplicity that even a 6-year old can understand, but challenging and beautiful enough to be enjoyable for hard core gamers at the same time. 

The Pro:

The popularity of this game means many people are willing to pay a humble amount of money, ($19.99) to play the game while it is still in Alpha. Making it very successful for an "Indie" developer.

The Con:

Being popular makes it a target for people who want to cash in on it's success or make a name for themselves.

3. How are people cashing in?

Rust is quickly becoming a hacker's dream.  Cheat hackers are cashing in by selling hacks/cheats to people willing to pay for the chance to feel like a God in game.  There are many easy ways to hack this game and very few options or abilities to prevent hackers.  Alpha games are often subject to this kind of exploitation and that is a good thing.  Facepunch Studios get's the chance to see all the points of their game that needs to be fixed before the full release.  Not such a good thing to the people paying for the game and being let down by the complete unfairness of being killed anonymously in game by players that even the admins of the server can't control or ban.

This is of course, if you can even play the game at all.

4. Why can't anyone log into Rust to play the game?

The game Is playable, but logging into a server and staying connected is not, which totally reverses the first part of this statement. This is because of what is being labelled a DDOS attack on the master server.  DDOS attack is when too many requests are sent to a server for it to respond to all of them, some of the ignored requests may be legitimate.  Which actually isn't exactly what is happening but close enough to warrant the label. 

The problem is that, in order to create a server environment capable of supporting hundreds of players at the same time, Facepunch studios has decided to use network libraries that support this load, but are not exactly bug free. The bugs are being exploited to bring down the servers ability to keep you connected.

How this all works is hard for me to wrap my head around, but maybe you will understand it.

The attacker is, apparently, grabbing the server list from the game master server, then sending mass amounts of "empty" packets to each server.  The network libraries have a bug that causes them to pause a moment when the "empty" packet comes in.  This is only a problem if someone actually sends empty packets to the servers.  When multiple packets are being sent per millisecond, the servers become unresponsive while trying to deal with them.

So, how to fix the problem? 

Garry Newman, the lead developer and owner of Facepunch Studios says that the network libraries provider uLink needs to fix it since their code is too obfuscated (made difficult) to understand or manipulate. I asked the creators of uLink for an official statement on the bug through their website, but have not yet received a response.

Later, Garry said he was working with uLink directly to try and solve the problem, he released a patch, and the game seemed to become playable again for a while, then went back down. 

A person took credit for the attack in france, but I have not been able to verify it. I have read some pretty convincing narratives about evidence that the person seemed to know about the attack and even held a Team Speak "chat," where he laid out his complaints and reasons for his attack. But I don't speak french, so I can't say any of it is true.  Here's a few links, though. Steam Forum Discussion,


Sadly, the ultimate blame goes to Facepunch Studios, and even they acknowledged their blame in the matter.  They made the decision to use the uLink libraries. Garry Newman apologized for this decision, even though he seemed to feel that they had little or no other choices.  You can see his apology and more specific official information at

UPDATE: 12/31/2013

Apparently, the DDOS attacker is the person on the Team Speak chat, but I won't post it here because I don't want to give them any more recognition than they deserve.  You can find out the address of their TS server from the Reddit page on this subject linked above. 

His "group" announced they would let off on their attack for about 12 hours, and that's exactly what happened.  The attack has started up again, however, and Garry Newman of Facepunch Studios has made an appeal for information regarding the attack. Here is the link: Appeal For Information.
Though this appeal has since been redacted and Garry has said they have all the information they need now.  This means that they may very well have enough evidence to make a legal case against this "group." 

More updates to the Rust Game servers have come and everyone is crossing their fingers in hopes that the end of the attack is nigh.

For more updates, please visit the Rust Steam Community Forums, The Trello Page, The Facebook Page, and the Face Punch Studios, Play Rust Community Forums and for official news, the PlayRust Website.

1 comment:

For those that don't use facebook, please comment here.