OverParse: the sort-of-retrospective

by AJ "Tyron" Martinez @ worldsbe.st • September 3 2016

It’s been a few months since OverParse, my damage log reader for Phantasy Star Online 2, was officially deemed ban-worthy: that anyone found using it was in danger of Unspecified Administrative Action. There was a bit of a scuffle at the time, and most players abandoned OverParse entirely, fearful of losing their accounts.

I don’t blame them. I was pretty scared too. Confused and upset, mostly, but definitely a little scared. I didn’t want to be responsible for a mass ban wave, even by association. So don’t take me blindly at my word: it’s your account, and only you can decide what risks you want to take.

With that said, we’ve had some time for the dust to settle, and all signs point towards one thing: right now, using OverParse, or any non-destructive game utility, isn’t actually that risky at all.

It’s a bold claim to make, especially amidst the Western Fear Aura that pervades the English PSO2 community. We’ve always been guests on the Japanese servers: tolerated, but hardly welcomed, and SEGA does their best to make it very clear. People are wary, and they should be! After all, GameGuard still detects our alternative launcher as a hacking tool.

The stuff of nightmares for every English player, the dreaded Error 816 ' harbinger of a ban.

Set that aside for a moment, and let’s look at what we know. What’s gone down in Life After OverParse?

#1: Right now, GameGuard doesn’t even detect OverParse

During the final stages of OverParse’s development, it was added to GameGuard’s blacklist. This was defeated in less than 48 hours by two hobbyist programmers. Good work, guys. What are we paying you for again?

All jabs aside, GameGuard used a handful of different methods to detect and block OverParse. As each measure was defeated, they tried a new technique, until apparently just…giving up. As of right now, OverParse and its related tools can only be detected via checksum, which is trivial to bypass and impossible to keep updated. I even provide instructions in the PSOWorld thread.

In any case, after the final update, which has defeated GameGuard for some time now, SEGA made its announcement about third-party tools. It’s hard for me not to see it as reactionary. Can’t block it? Just scare everyone out of using it. No problem.

#2: PSO2’s technical team isn’t so hot

Blocking OverParse isn’t impossible, of course. There are ways to keep this cat-and-mouse game going forever: in theory, SEGA could silently roll out a new GameGuard definition update, automatically ban anyone who triggered that particular rule, and repeat the process until we gave up, purging by fire. A lot of companies do this sort of thing. Often, it works ' and many players fear that SEGA will do the same.

Of course, SEGA doesn’t have a great track record of technical competence.

PSO2 is blown wide open. Anyone with the right tools and a baseline level of interest can basically bend the game over their knee: there’s very little server-side validation, GameGuard is woefully inadequate as a client-side solution, and SEGA doesn’t seem to have the technical team to deal with it. In fact, parsing tools sometimes catch hackers that SEGA missed!

(For obvious reasons, I won’t go into detail on this. I know it makes these claims fall a little flat, but I’ll ask you to trust me on this one. If you’re really interested in the specifics, you can almost certainly work it out on your own.)

yeah, seems legit

GameGuard has its own history, and everyone who’s ever dealt with it has probably gotten a taste of that firsthand. Even with full administrative access and a whole suite of invasive scanning tools, it’s still famous for turning up false positives, while missing things that should be obvious red flags. Trusting a flaky automated tool with peoples' accounts runs the risk of mass false positives, and with the skeleton crew that SEGA’s apparently developing with, they probably don’t have the resources for much manual auditing.

If SEGA can’t stop actual cheaters, a harmless log reader is probably going to be okay.

#3: SEGA doesn’t care what you do, as long as you do it privately

In the immediate aftermath of the announcement, there was a lot of speculation about a mass ban wave, like the fabled “gaijin purges” the NA community likes to nervously joke about. It hasn’t happened yet. In fact, as far as I know (and I’ve asked around), nobody has been banned simply for using OverParse—not even me, the guy who fucking made it. And advertised making it publicly, both on PSOW and in my Arks Card.

There are a few players who have had their accounts suspended, with screenshots on Twitter or imageboards to prove it. However, every single one of these players was publicly posting or sharing their damage information, which is a little dumb. These are the types of people who shame underperforming players, spearhead community blacklists, or mass-report anyone who doesn’t live up to their standards.

With that, plus SEGA’s usual “don’t ask, don’t tell” approach to third-party utilities, it’s not hard to reason that those things are the problem: not players who just want information, but players who use that information as an excuse to act like shitheads. That behavior is what prompted the announcement in the first place: there will always be people that use damage data in stupid, nonconstructive ways. If there was a way for me to stop it, I would’and believe me, I think about it often.

At the end of the day, I can only speculate. That’s all anyone can do: SEGA sometimes behaves in ways that make no sense, with no transparency and no line of contact to our fragmented English community. So at the end of the day, if account safety is your number one priority, you should probably try not to break the Terms of Service. (This also means you shouldn’t be playing the game if you’re not in Japan, though…)

But if you’re like me, and you find the game more fun when you can compete and improve, hey. Give it a shot. What are they gonna do, ban you?