2
submitted 1 year ago* (last edited 1 year ago) by ChthonVII@lemmy.wtf to c/guildwars@lemmy.wtf

[This is an amalgamation of three informational posts I made on reddit in the wake of the Peter Kadar and GWReborn account compromises. I’m reposting it here because it’s useful information.]

Part 1, General Best Practices:

    1. Attack surface reduction.
    • a. Don't link your GW1 account to a GW2 account.
    • b. Don't link your GW1 account to an ArenaNet account.
    • c. (So far as I know, unlinking isn't an option, so there's nothing you can do if you've already linked.)
    1. Keep information useful for social engineering out of public view.
    • a. Use a dedicated e-mail address for your GW username that never sends or receives e-mail other than to/from A-Net, and keep this address totally secret from the rest of the world. (It used to be that you couldn't change your username, but I believe you can now.)
      • Since it's easy to forget the credentials for an e-mail account you never use, write them down and store them in your GW DVD case.
    • b. Keep your character names on a need-to-know basis. Use PMs when you need to share your character names, rather than public posts. Maybe don't make high-profile, clickbaity YouTube videos showing your character names.
    • c. Keep your real name secret from everything GW-related.
    1. Don't advertise your wealth. It makes you a target. (As the old country song goes, "never count your money when you're sittin' at the table.")
    1. Defense against brute force, password cracking, and credential stuffing.
    • (FYI: What is cracking? Assume that an attacker has breached an online service and stolen a copy of their user database. If the passwords are properly stored as salted hashes, the attacker must work backwards from each hash to the password. That's cracking. Cracking is stupendously easy for weak, "spaceballs-quality" passwords (< 1 sec), but essentially impossible for strong passwords (not before the death of the sun, even if you could convert the whole mass of the earth into a computer and use the sun's full energy output to power it). Cracking is often more of a threat than brute force, because rate limiting and lock outs can easily stop brute force.)
    • a. As above, use a dedicated, secret e-mail account for your username. (Stops brute force; Useless against cracking because the attacker already has the database.)
    • b. Use a strong password. There is a ton of misinformation about passwords floating about, and most people who think they know how to make a strong password actually don't. So I will cover some basics:
      • i. Password strength does not depend on the properties of the string chosen as the password (e.g., "1 uppercase letter, 1 lowercase letter, etc.), but rather it depends on the process by which the password was chosen. Password strength is proportional to the number of possible passwords the generation process could have created. (So, random strings is a very good password generation process. While, for example, "my wife's first name, followed by her birthday" is a terrible password generation process, because it only has one possible output. Unless you're a Mormon or something, but let's not go there...) This is why "password strength meters" are total crap.
      • ii. The best scheme for generating strong passwords that are easy for a human to remember is the diceware/xkcd system. A few important notes: (a) To achieve reasonable security in a threat model that includes cracking, you need 6 words from the EFF's long list. (b) You need to use a truly random method for selecting words, like dice. Whatever "randomly" pops into your head is not "random" in the sense used here. (c ) You must take the words you roll exactly as you rolled them; you can't reroll a word you don't like or reorder them.
      • iii. Another sound system for creating strong passwords that are easy for a human to remember is Bruce Schneier's scheme. (Note: Schneier later retracted the remark in the link criticizing the xkcd scheme.) Begin with a personally memorable sentence. (Note that this sentence has to be personal to you. It cannot be a quote, bible passage, song lyric, etc.) Condense the sentence into a password by replacing most words with their first letter, or with an abbreviation or symbolic shorthand. For example: "When we went to Colorado in 1988, my brother Greg barfed on me in the car" can be condensed to Www2COin1988,mbGbarfed->mitc. While easily memorized, this is a 28-character password that approximates a random string.
    • c. Never change your password unless you suspect it's been compromised. "Password rotation" is a cargo cult practice that was only ever useful in the context of certain 1970s multi-user mainframes. It serves no useful purpose today. And it's even detrimental because the annoyance of changing passwords tends to make people opt for weaker passwords.
    • d. What about using a totally random string and storing it in a password manager? Theoretically a good idea. The problem is that most password managers are utter shit, and their developers are incompetents and crooks. The only two I can reasonably recommend are PasswordSafe and KeePass (without the browser extension). The following are necessary, but not sufficient, requirements for a trustworthy password manager (a) open source, (b) standalone; no browser integration, and (c ) offline; no cloud integration.
    • e. Never use your GW password anywhere else. More, generally, never use any password in more than one place. Reusing passwords makes you vulnerable to "credential stuffing" attacks in which the attacker tries to use username/password pairs stolen from one online service at multiple other services.
    1. Defense against phishing
    • a. The only place you should ever enter your password is the GW client. Never type it into your browser, or e-mail or text it to anyone.
    • b. The only place you should ever enter a 2FA code is the GW client. Never type it into your browser, or e-mail or text it to anyone.
    • c. The 2FA options available for GW prevent unsophisticated phishing attacks, but you are still vulnerable if you can be tricked into handing over the 2FA code.
    1. About 2FA:
    • a. SMS 2FA is very weak. So weak that it's arguably worse than useless because it may create a false sense of security that causes you to be more careless with your password practices. See [Part 2].
    • b. The authenticator app is significantly stronger. Definitely better than nothing. It has a few shortcomings though: (a) Doesn't protect against phishing, as noted above. (b) Protocol design uses a long-term shared secret, which is bad for the reasons noted in [Part 3]. (c ) Poor implementation of initial transmission for the shared secret. (d) Relies on a smartphone, which are notoriously insecure. Depending on how bad your PC security is versus how bad your smartphone security is, it might be safer to use a PC program rather than a smartphone app. (I'd definitely prefer a program on Linux over any smartphone app. And also a program on Win10/11 over a smartphone app on Android. Not sure about Win10/11 vs. iPhone.) (e) There's a risk of accidentally locking yourself out of your account. (Make sure to write down your TOTP secret and store it in your GW DVD case.)
    1. There are some things that you simply can't protect against. For instance, if someone at support is dead set on getting tricked by social engineering and giving away your account, there's nothing you can do about that.

Part 2, Why SMS-Based 2FA Sucks:
[This post was in response to "how did he hacked your mobile phone? xD"]

How to bypass SMS 2FA?

  • Use social engineering against account support personnel.
  • Find a vuln in the ArenaNet Account webpage.
  • Compromise a device on the same network as the victim to route your traffic through so GW doesn't prompt for 2FA. (A router would do nicely, and consumer routers generally have poor security. And ISP-provided modem+router boxes often have publicly known factory default passwords (in addition to poor security).)

How to defeat SMS 2FA?

  • The most common way is to just phish the victim for the 2FA code. However, this method is unlikely to work in the case of GW1 because the standalone GW client is the only place the victim ever expects to enter that code.
  • More likely in this case would be a sim swap. That's when the attacker uses social engineering or bribery to persuade a cellular service provider employee to port the victim's phone number to a new sim card. This is pretty rampant because the security of the whole system depends on the poorly paid, poorly treated, and poorly trained employees down at the Verizon Store to resist social engineering and bribes. Frequently used to steal accounts of cryptocurrency whales.
  • Up-and-coming technique is Lapsus$-style fraudulent EDRs. Turns out there's no fast and reliable way for tech companies to verify that the person submitting a law enforcement "emergency data request" is really a law enforcement officer, so they don't even try. Hit the cellular service provider with a fake EDR demanding real-time access to the victim's SMS.
  • More exotic tricks like using a Stingray or DIY Stingray-like device.
  • Compromise the smartphone. (Not hard. iPhone security is bad; Android security is a joke. Smartphone manufacturers often stop providing patches within a couple years after a model is released, long before consumers stop using them.)

That's not even close to an exhaustive list. Just some common/popular techniques off the top of my head. The rather unfortunate bottom line is that SMS-2FA is so easily defeated in so many ways that it's very nearly useless. Not totally useless, but close to it. There's also an argument that it's actually worse than useless because it creates a false sense of security that causes people to be more careless with their password practices.

Part 3, The Authenticator App Is Better, But Not Perfect:
[This post was in response to "Any compromises in the app authenticator?"]

The things listed above as bypasses are going to work no matter what 2FA method is used. There's nothing your 2FA method can do to stop support from falling for a social engineering attack, and so forth.

Likewise, "compromise the smartphone" is going to work against any 2FA method that depends on a smartphone.

Now on to issues specific to the authenticator app. According to this support page, it's just TOTP. While TOTP is most definitely better than nothing, it has a couple of notable shortcomings:

TOTP's most glaring shortcoming is that you can still be phished. It's a little harder for the attacker because they need to phish the TOTP code in real time, since they expire, but phishing attacks are still totally viable. (In the GW context you can guard against this by making DAMN SURE you never enter a TOTP code anywhere other than the GW client. Never type it into your browser. Never e-mail or text it to anyone.)

TOTP's other notable shortcoming is that it relies on a long-lived shared secret. Obviously, it's bad if your TOTP secret leaks, but the long-lived-ness makes it worse in a couple of subtle ways. First, the attacker can steal the TOTP secret months or years before they steal the password, and it will still be good when they finally get the password. Second, because the attacker can sit on the TOTP secret for such a long time, it can be very hard to figure out when and how they stole it. The nightmare scenario with this is that the attacker breaches (or has already breached) A-Net and gets everyone's TOTP secrets, and then goes about obtaining passwords for high-value accounts, stealing only a couple accounts per day, and no one has the faintest clue how they're getting past TOTP. (Breaching A-Net shouldn't get them the password, since those are supposed to be stored as a salted hash, and that's unbreakable if you do it right and the user's password isn't poor enough to be subject to a dictionary attack. By contrast, TOTP secrets need to stored in plaintext, so there's no protecting them in a breach.)

So we might want to take a looks at how the shared secret is initially transmitted and then stored.

In terms of securing the initial transmission, A-Net could do better. During the set-up, they're sending the shared secret over TLS to your browser. That means that an attack against TLS (Logjam, MitM certificate, etc.) or against the browser (malicious extension, zero-day vuln, etc.) can be leveraged into stealing the TOTP secret. This could be improved by moving this operation to the GW/2 client, thus cutting the browser and its vulnerabilities out of the picture, and using one of the following key-exchange methods to cut out TLS and coterie of not-so-trustworthy "trusted" CAs. (a) User generates the secret, then encrypts it using asymmetric public key built into the GW/2 client, transmits to A-Net. (b) Use some species of Diffie-Hellman exchange to generate the secret.

In terms of storing the secret, well, given the state of smartphone security, a system design that stores a long-term cryptographic secret on a smartphone doesn't seem like a very good idea to me...

(Aside, if you ever find yourself in charge of picking a 2FA protocol for an online service, U2F is a superior alternative that doesn't share TOTP's shortcomings discussed here. Avoid FIDO2 like the plague.)

Finally, a word about usability concerns: If you lose your TOTP shared secret (or lose/break the device containing the only copy), then you've locked yourself out of your account. I suggest writing it out on a piece of paper and storing it in your CD case.

2
submitted 1 year ago by ChthonVII@lemmy.wtf to c/guildwars@lemmy.wtf

This is an easy way to get the Dunes of Despair mission + bonus with lots of time to spare and without cheesing the mesmer boss. It's likely the way the devs intended the bonus to be done. This method is sort of described on the wiki, but not very clearly, and jumbled in with a bunch of worse alternative methods.

  1. Take the low ground in front of the Ghost (Point G).
  2. 2x Forgotten Arcanists enter the main fort at Point 1. Let them come to you, then kill them.
  3. 2x Forgotten Arcanists enter the main fort at Point 2. Let them come to you, then kill them.
  4. 2x Forgotten Arcanists enter the main fort at Point 3. Let them come to you, then kill them.
  5. 2x Forgotten Arcanists enter the main fort at Point 1. Go to Point 1 and kill them.
  6. You may wish to kill the wurm at Point 1 now. Usually it cannot reach the Ghost, but in some unlucky instances the Ghost will pick a position on the throne that's just close enough the wurm can get him. In this case, you will fail the mission if you don't kill the wurm.
  7. 2x Enchanted Bows enter the main fort at Point 3. Go to Point 3 and kill them.
  8. 2x Enchanted melee (random mix of Enchanted Hammer and Sword) enter the main fort at Point 2. Go to Point 2 and kill them.
  9. (At this point there should be over 7 minutes remaining.)
  10. Exit the main fort at Point 2 and go towards Point 4. If you go straight towards Point 4, you will encounter several annoying scarabs, but easily intercept the upcoming boss. You can also hug the outer wall of the main fort, then cut across towards Point 4. This avoids most of the scarabs, but the boss may get away if you cut across too late.
  11. A boss group will exit the side fort at Point 4 and seek to enter the main fort at Point 2. Intercept and kill it. Have a longbow ready to aggro it from afar if it starts moving before you're in position. (Longbow is preferred over flatbow here because of the moving target.)
  12. Go to Point 5 and kill the scarab pop-ups there.
  13. Use a longbow/flatbow to pull the boss group at Point 6 over close enough that you can fight it with your ranged party members standing at Point 5. Kill it.
  14. Killing the boss group from Point 6 triggers a spawn of 3x Forgotten Cursebearers at Point 5, who will seek to enter the main fort at Point 2. However, since you are standing at Point 5, they will immediately aggro and you can just kill them.
  15. Go to Point 6, cross the bridge into the side fort, and use a longbow/flatbow to pull the boss group at Point 7 as close to the bridge as they will come. Then kill them. As soon as the boss group is dead, run back across the bridge.
  16. Killing the boss group at Point 7 triggers a spawn of 3x Forgotten Illusionists at Point 5, who will seek to enter the main fort at Point 3. You should be able to aggro them with a longbow from the bridge near Point 6. (Or flag someone back during the preceding boss fight. Or leave some spirits in their path to delay them.) Be ready to flag heroes/henchmen out of triple Chaos Storm, and kill them. (Again, longbow is preferred over flatbow here because of the moving target.)
  17. Go kill the boss group at Point 8.
  18. (The bonus is now complete. At this point there should be ~1-3 minutes remaining.)
  19. Killing the boss group at Point 8 triggers a spawn of 3x Enchanted melee (random mix of Enchanted Hammer and Sword) at Point 9, who will seek to enter the main fort at Point 1. However, you can get there first by entering the main fort via Point 3. Then either go to Point G to wait for them, or Point 1 to intercept them.
2
submitted 1 year ago by ChthonVII@lemmy.wtf to c/guildwars@lemmy.wtf

[This is an informational post I made on reddit. I’m reposting it here because it’s useful information.]

[Edit: DSOAL-GW1 was updated to r420+gw1_rev1 on 6/26/2021.
The new version includes a fudge factor that makes sounds carry farther, so their diminution with distance better accords with perceived in-game distance. This departs from the authentic “GW sound as originally intended” experience, but most listeners consider it a large improvement. If you don’t like the default, you can change the fudge factor by setting the environment variable DSOAL_ROLLOFF_FUDGEFACTOR to any floating point value between 0 and 1.0. The smaller you set this value, the farther sounds will carry. A setting of 1.0 makes no change to the rolloff strength as set by GW, and thus gives the authentic experience. A setting a 0 totally disables diminution of sound with distance (which sounds terrible and is not recommended). The default setting is one-third (0.333…).

Download link for latest version: https://github.com/ChthonVII/dsoal-GW1/releases/tag/r420%2Bgw1_rev1

[(End of edit)]

DSOAL-GW1 is a fork a DSOAL that has been modified to work with Guild Wars 1. DSOAL is a DirectSound-to-OpenAL compatibility layer that is able to emulate DirectSound3D and EAX in software. Put simply, this makes it possible to activate GW’s “Use 3D Audio Hardware” and “Use EAX” options and to hear GW's sound effects as originally intended.

Some history:
When GW was released in 2005, the audio component of Microsoft’s DirectX API was something called DirectSound. DirectSound had a 3D audio component called DirectSound3D, or DS3D, that could pan and amplify/attenuate sound sources based on their position relative to the camera in the game’s 3D world. PC’s with a high-end Creative sound card also had access to EAX, an extension to DS3D with a suite of hardware DSP effects for occlusion, obstruction, reverb, echo, etc. Like most games of its era, GW’s audio system was designed around DirectSound and DS3D, and owners of high-end PCs could get the “definitive” audio experience with EAX. All that ended in 2007 with Windows Vista. Vista completely broke DS3D and EAX. Rather than fix it, Microsoft deprecated DirectSound and pushed developers to adopt its new XAudio2 API for future games. With DS3D and EAX broken, GW hasn’t sounded “right” in any version of Windows since XP.

Download: https://github.com/ChthonVII/dsoal-GW1/releases/tag/r420%2Bgw1
Source Code: https://github.com/ChthonVII/dsoal-GW1
[EDIT: See this post for test build of next version.]

Installation:

  • Copy dsound.dll into ONE of the following two locations:
    • (1) The Guild Wars installation directory where GW.exe resides.
      • On Windows 8 or 10, you may need to make changes to the registry for dsound.dll to be loaded from this location. See here: https://www.indirectsound.com/registryIssues.html. Try setting the reg entries for DirectSound, DirectSound8, DirectSoundCapture, DirectSoundCapture8, and DirectSoundFullDuplex.
      • At least some versions of Wine simply will not load dsound.dll from this location no matter what you do. Use the other location if you encounter this problem.
    • (2) The system directory for 32-bit .dll’s. On modern 64-bit Windows computers, this is C:\Windows\SysWOW64\. (Yes, that is correct.) On ancient 32-bit Windows computers (or 32-bit Wine prefixes), this is C:\Windows\System32\. If dsound.dll already exists in this location, then MAKE A BACKUP before replacing it.
  • Copy dsoal-aldrv.dll to the same location you put dsound.dll
    • Note: This file is just a renamed copy of soft_oal.dll from openal-soft. I’ve included version 1.21.0 because versions 1.21.1 has a crash bug with custom .ambdec files. If you want to keep an eye out for updates, here is openal-soft’s website: https://openal-soft.org/
  • Copy alsoft.ini to the Guild Wars installation directory where GW.exe resides.
  • Copy the hrtf_defs and presets folders to C:\users\<your username>\Application Data\openal\. [Edit: On newer version of Windows, Application Data has been replaced by AppData\Roaming. Use that instead.]
  • Create the directory C:\users\<your username>\Application Data\openal\hrtf and extract all of the .mhr files from HRTF_OAL_1.19.0.zip into that directory. [Edit: On newer version of Windows, Application Data has been replaced by AppData\Roaming. Use that instead.]
  • Make the following edits to alsoft.ini:
    • (Note: Lines beginning with a # symbol are comments/examples that are ignored. If you want a setting to take effect, make sure there’s no # symbol.)
    • sources can be set to any power of two between 128 and 2048. Because of GW’s idiosyncratic approach to DirectSound buffers, only half of these will actually be used. Unless you’re trying to run GW on a toaster, leaving this at 2048 is recommended.
    • The choice of resampler is a matter of taste. Cubic has many fans. See this video for a comparison: https://www.youtube.com/watch?v=62U6UnaUGDE.
    • If you have four or more speakers, using an ambisonic decoder is highly recommended. See instructions below.
    • If you use headphones, using HRTF is highly recommended. Some people even describe it as “mind-blowing.” See instructions below.
  • On Windows, it may be necessary to add -dsound to GW’s command line.
  • On Wine, set the library override for dsound to “native, builtin.”
  • Launch GW, hit F11 to bring up the options menu, and it should now be possible to enable “Use 3D Audio Hardware” and “Use EAX” in the sound tab.

Ambisonic Setup (recommended for systems with 4 or more speakers):

  • Disable any virtual surround software, equalizers, compressors, crystalizers, etc. on your PC.
  • Consult C:\users\<your username>\Application Data\openal\presets\presets.txt to determine which preset best matches your speaker layout.
  • Use a tape measure to measure the distance from each speaker to your listening position. Then edit the speaker distance values in the preset accordingly. The unit is meters.
  • Edit alasoft.ini as follows:
    • Set channels explicitly if your speaker setup isn’t automatically recognized.
    • Set hq-mode= true.
    • Set distance-comp = true.
  • Set the path to your preset for the appropriate speaker layout. For example: surround51=C:/users/billybobobbubba/Application Data/openal/presets/itu5.1.ambdec
  • Use forward slashes (/) instead of backslashes ().
  • Quote marks aren’t necessary even if there’s a space in the pathname.

HRTF Setup (recommended for headphones):

  • Wearing headphones, watch this video (https://www.youtube.com/watch?v=VCXQp7swp5k) to determine which HRTF preset works best for you. (It varies according to head size and shape.)
    • Note: Plug in your headphones before you load the youtube webpage.
  • Disable any virtual surround software, equalizers, compressors, crystalizers, etc. on your PC. (See the above video for examples.)
  • Edit alasoft.ini as follows:
    • If your headphones aren’t automatically detected, explicitly set channels = stereo and stereo-mode = headphones.
    • Set frequency = 44100 or frequency = 48000 depending on the frequency needed for your chosen HRTF preset.
    • Set hrtf = true.
    • Set hrtf-mode = full.
    • Set default.hrtf to the name of your chosen preset, minus the “.mhr”. (For example: default-hrtf = irc_1007_44100)

Troubleshooting:
Set the following environment variables:

  • DSOAL_LOGLEVEL=2
  • DSOAL_LOGFILE="C:\blah\blah\blah\DSOAL_log.txt"
  • ALSOFT_LOGLEVEL=3
  • ALSOFT_LOGFILE="C:\blah\blah\blah\ALSOFT_log.txt" (Use a real directory that exists, and you have write permissions for, rather than C:\blah\blah\blah\.) If a log file isn’t being created, then the corresponding .dll isn’t getting loaded. The .dll files may be in the wrong place, or you may need to fix the registry entries or add -dsound to GW’s command line. If all else fails, try installing to the system directory. The ALSoft log will show whether your .ini file and any presets for ambisonics or HRTF are getting found and loaded.

Credit:
The overwhelming majority of the credit for this belongs to Christopher Robinson (kcat) and the other openal-soft developers who have spent years working on open-alsoft and dsoal. They built a fricking transcontinental railroad; I just laid the last mile of track to hook up GW station.

Comparison to Other Methods of Restoring DS3D+EAX:
There are other options for restoring DS3D and EAX functionality, but DSOAL is generally superior.

  • Most listeners prefer the quality of DSOAL’s emulated EAX effects to that of Creative ALchemy.
  • You can’t legally obtain Creative ALchemy without buying an expensive sound card.
  • Wine Staging’s EAX emulation only implements features up through EAX 2.0.
  • IndirectSound implements DS3D, but not EAX.

Using DSOAL-GW1 for Other Games:
Will DSOAL-GW1 work for other games besides Guild Wars? It will probably work, but provide no benefits over mainline DSOAL, and possibly hurt performance a bit. DSOAL-GW1 is only useful if a game shares GW’s rather idiosyncratic approach to DirectSound buffers. This might be the case if you are experiencing missing sounds after a few minutes of gameplay when using mainline DSOAL and your log file is full of errors that say, “DSBuffer_SetLoc Out of software sources.” If you try DSOAL-GW1 and your log file is full of warnings that say, “Assigning a source for software buffer that was previously deferred as per Guild Wars hack,” then DSOAL-GW1 is probably not suitable for that game.

-- Chthon

2
submitted 1 year ago by ChthonVII@lemmy.wtf to c/guildwars@lemmy.wtf

[This is an informational post I made on reddit. I’m reposting it here because it’s useful information.]

For some reason, probably to do with the anniversary event, I've found myself explaining the use case for elemental weapons, and the suckiness of sundering weapons, multiple times in the past week. So I decided to port my martial damage spreadsheet to javascript, with a nice pretty interactive graph that visually illustrates the comparative strength of the weapon prefix options. Please feel free to link to this the next time someone asks about weapon prefixes: https://chthonvii.github.io/guildwarsmartialdamagecalc/

The TLDR for those too lazy to look at a graph:

  • When a festival is going on, a decade weapon is the best all-around weapon.
  • When a festival is not going on, a vampiric weapon is the best all-around weapon.
  • When a monster has an elemental weakness, using the appropriate elemental weapon yields a very large damage boost, often even outperforming decade weapons. There is a very easy DPS boost to be had by simply bringing any elemental weapon on switch and using it when attacking Warrior class foes. Serious players can reap even larger DPS dividends by consulting the wiki to identify the most common elemental weakness(es) in a given zone and putting the appropriate elemental weapon(s) on switch.
  • Sundering is utter trash. There exists no achievable set of parameters for which sundering outperforms vampiric.
2
submitted 1 year ago* (last edited 1 year ago) by ChthonVII@lemmy.wtf to c/guildwars@lemmy.wtf

[This is an informational post I made on reddit. I'm reposting it here because it's useful information.]

This post is intended as a linkable resource for quickly and easily responding to the "can I play GW on a X?" posts that seem to pop up once or twice per week. (There are two in the top six posts right now.)

TLDR Version:

Can I play GW on...

  • ...any remotely modern device with an x86 or x86/64 processor and a Windows operating system? YES.
  • ...any remotely modern device with an x86 or x86/64 processor and a Linux operating system? YES.
  • ...a Steamdeck? YES.
  • ...any remotely modern device with an x86 or x86/64 processor and a MacOS operating system prior to Catalina? YES.
  • ...any remotely modern device with an x86 or x86/64 processor and a MacOS operating system Catalina or newer? YES, BUT only if using the paid version of Crossover, PlayOnMac, or a custom-built wine.
  • ...a Mac with an M1 or M2 processor? NO (and there is no hope it will ever work in the future).
  • ...a Mac with an ancient PowerPC processor? HELL NO.
  • ...a Chromebook with an x86 processor? YES, BUT it requires some advanced setup.
  • ...a Chromebook with an ARM processor? NO, barring very extreme measures.
  • ...a device with an ARM32 processor? NO, barring very extreme measures.
  • ...a device with an ARM64 processor? NO, barring very extreme measures, and then only if the processor supports the ARM32 instruction set.
  • ...a Raspberry Pi? See "device with an ARM64 processor."
  • ...a virtual machine on x86 or x86/64 hardware? YES BUT, only if your hardware and host OS support and are configured for PCI passthrough.
  • ...a cloud gaming service? YES, BUT only some of them (notably NOT GeForce Now) and the lag will be awful (and there is no hope it will ever not be awful).

Further Details:

  • What is a "remotely modern device"? Definitely anything manufactured in the past decade. And probably most things manufactured in the past 15-20 years too. There are two basic requirements:
    • An x86 or x86/64 processor. Pretty much anything from the last 20 years will do.
    • A sufficiently powerful GPU.
      • Integrated graphics from 2011 (Intel HD 3000) or newer should be adequate.
      • A discrete graphics card from ~2005 or newer should be adequate.
  • What's the deal with Catalina? Apple removed the 32-bit system libraries in Catalina. Crossover subsequently implemented a "32 in 64" solution for running 32-bit programs using 64-bit libraries. (Which was a truly herculean feat.) This functionality will eventually be incorporated into wine and its derivatives (e.g., PlayOnMac), but it hasn't yet (as of the end of 2022). (Though it appears patches are available on github if you want to try building it yourself.) It doesn't help that the lead developer for wine on Mac died in late 2020. (Someone please let me know when "32 in 64" hits mainline wine so I can update this post.) [Edit: As per u/hazyPixels, it works on PlayOnMac.]
  • What's the deal with M1/M2 Macs? These are ARM64 processors that do not support the full ARM32 instruction set. While it's possible to get the game to run using a combination of Crossover and Rosetta2, the performance is beyond abysmal (5-10fps at best). The root of the problem is that Rosetta2 translating x86 to ARM64 is just dreadfully inefficient, and there's nothing that can be done to fix it. [Edit: The Apple Game Porting Toolkit doesn't change this equation. It sorta works for GW2, but GW2 is a 64-bit program.]
  • Chromebook? Be very careful that you get a model with an x86 processor and not an ARM processor. You can then switch it to Linux mode and install wine for running GW.
  • What are these "extreme measures" for ARM devices? Replace the OS with Linux, install Box86 and dependencies, install x86 wine binaries in Box86. For more details, search the internet for Box86+wine installation tutorials.
  • What's PCI passthrough? It's a feature that enables a virtual machine to use the host machine's discrete graphics card. Without it, the virtual machine must use a generic virtual GPU, which results in really awful performance. PCI passthrough requires (a) hardware support in the CPU, motherboard chipset, motherboard BIOS, and discrete graphics card, (b) having two graphics cards installed (or being willing to use integrated graphics for the host OS), (c) software support from the host OS (note that MacOS does NOT support it), and (d) a ton of painful set up. For further details, search the internet for tutorials.
  • What's up with GeForce Now? It's nVidia's fault. Supposedly they're working on it, but no ETA as of the end of 2022. (Someone please let me know if/when they get it working so I can update this post.)
  • Is the situation with cloud gaming lag really that hopeless? Yes. It's a matter of fundamental physics. It cannot be overcome. Cloud gaming has always been a fatally dumb idea from the outset.

ChthonVII

joined 1 year ago