Reader Submission #65 – No Online Mismatch Detection in Assetto Corsa

After a brief interlude to discuss our upcoming V8 Supercars league, it’s back to what we do best here at, and today we’ve received a Reader Submission from Iker G., drawing attention to a pretty crippling problem with Assetto Corsa’s current online infrastructure… but I won’t spoil it.

acs 2015-12-05 18-39-08-21

Hi! I first wanted to thank you for your work. I enjoy reading the blog very much, and I have learned a lot things just by reading your entries. I wanted to contact you because I’ve found one huge mistake in Assetto Corsa that I don’t know if you have already talked about. 

You see, I come from GPL and rFactor, and I’ve been used to seeing and experiencing a lot of mismatch errors when trying to race online. This has always been because of some physics file mismatch between the server and the files in my hard drive. This has also prevented cheating. Which is good. 

On Thursday, I updated my build of Assetto Corsa to the latest version (1.3.7) and decided to try and enter our rented server, which was outdated with version 1.3.4. To my surprise, it let me join just fine, though several physics tweaks had been made. I thought that it might be because those set of cars and the track had remained the same throughout the 3 versions. Still, I thought it was very strange. 

So yesterday I found out that F1 Classic is updating the horrible physics of the illegal 1967 mod for AC, in an attempt to hurt the sales of that thief that sells the conversion as his own. I installed the new physics, and headed to test them offline. It got quite boring after a while so I decided to look for a server that had the 1967 cars. I found one server that had the original physics, and concluded that it wouldn’t let me join. But it did. I had a new set of physics just installed and I could happily join and race against people with much slower cars, though they looked the same.

The mod can be found here:

The physics update can be found here:

I called some of my friends and told them to install the vanilla mod, and to try and join me in the server. We could all join and race together. What happened is that I could fly past people in the same car because of the new set of physics. No warning, no mismatch. I could literally cheat my way to victory. 

After some testing, I have found out what the problem is. Inside each car there is a data.acd file that contains the physics for that particular car. But some mods have a data folder instead, with the physics files inside. The game reads both formats just fine, BUT, it only checks for the data.acd file when you try to join an online race. So if you set up a server with a mod that uses the data folder instead of the ACD compressed file, the game doesn’t check the files inside the data folder and lets you in. 

This is a huge mistake, one that lets people cheat online and ruin your AC experience. There are quite a few mods using the folder structure, so I imagine there’s no real competition with any of those mods. I could literally make my 1967 cars behave like the 2015 ones and the game will let me join and race against other players. 

I thought that if you made this public in your blog, it would reach a wide range of people and hopefully Kunos will patch it in the near future. I really want to like this game, but each week I find something like this that drives me nuts. What a piece of unfinished crap that Kunos is selling us. And more DLC coming next week. 

Thanks for reading, and thanks again for you blog. 


Wait, hold on a second. You’re telling me that any car using a full-on data folder with multiple simple text documents governing car performance instead of a singular compressed/encrypted data.acd file can be opened up in notepad and given the Junkman engine upgrade? And these cars can be used online in any server as there’s currently no infrastructure to detect mismatches?

How, exactly, was this ever given the thumbs up? This was the kind of stuff that caused problems in Monster Truck leagues for Rigs of Rods, and we only ever figured it out because one kid no older than thirteen signed up for an event and had a truck rev to 20,000 RPM on the starting line. And it was sort of understandable in that situation. Rigs of Rods, and now BeamNG, are these little open source physics playgrounds meant for dicking around. A lack of any mismatch detection functionality was a bit pointless; they weren’t competitive games to begin with, it just sort of turned out that way.

Yet Assetto Corsa is a $60 title with multiple premium DLC packs, a next-generation console release on the horizon, and for the PC it was billed as this ultimate modding platform. Now we have a situation where the game is indeed a modding platform, but driving anything other than the official Kunos content online can lead to widespread instances of cheating, and there isn’t even a way to detect it.

The ride never ends.


54 thoughts on “Reader Submission #65 – No Online Mismatch Detection in Assetto Corsa

    1. Kunos has built a house of cards which is now crumbling pretty hard. And yes, the results are hilarious to watch.

      The game is a fucking travesty to be honest.


  1. Servers can choose to run without it, that’s not the same as “it’s not possible”. You just have to put the data/ folder of the mod car in the same place you put the data.acd of the original content on the server and it’ll scan from that instead.


  2. Maybe you should have found a source who actually runs an AC server before you went to press, cause this is wrong. It’s possible to misconfigure a server and there is one bug in the mismatch detection system, but other than that it works. The bug’s pretty straightforward: if you try to match versions against an empty file, it’ll let you in regardless of what the user’s version of the file says. So mods that don’t bother to include ABS can have SUPER LEET HACKERS add abs to them.


      1. I think it’s a much smaller problem than RF2’s massive content mismatches making every online race an ordeal of “download 10 gigs of mods that you’ve already got”, yes. People cheating by adding ABS to some hypothetical mod car that didn’t have it? Not exactly a deal breaker. People are using the ABS-assist anyway if they want ABS on cars that don’t have it; if the server wants to avoid that they disable assists fully, which brings this back to 0 problem.


  3. PRC: “AC has no online fixed setups!”
    PRC: “AC has no way of preventing people joining mid-race!”
    PRC: “AC has no online mismatch detection!”

    All completely incorrect information. Everything is there in the server settings. Zero research, zero corrections when proven wrong. You make Kotaku look like journalistic gods.


  4. “I thought that if you made this public in your blog, it would reach a wide range of people and hopefully Kunos will patch it in the near future. I really want to like this game, but each week I find something like this that drives me nuts. What a piece of unfinished crap that Kunos is selling us. And more DLC coming next week.”

    How is the fault of Kunos and not the fault of users? All cars officials and mods are supposed to have encrypted data files when released. When they don’t have, they are actively putting themselves at liability in an online race. The solution is to have encrypted data file as is the norm. This isn’t a bug, just some people trying to denigrate Kunos, instead of those people looking in the mirror.


    1. Then it should not let you set up a server with no encrypted files. It’s very easy to patch and it prevents this from happening. The guy here just installed some new physics and went to play online and discovered this serious flaw. It is a flaw, if there is a way to set up servers with no mismatch detection, then there will be cheaters playing your game. If someone new enters one of those servers without knowing, the impression he gets is that this game is crap.

      They need to rethink and fix this. There’s no way servers with no mismatch detection can be justified in almost 2016. I know it is not Kunos’ direct fault, but they need to stop this possibilty from happening.


      1. more talk about kunos that should do this and that.. but I haven’t seen anyone talk about modders needing to encrypt their released mods. Why you guys don’t question modders that aren’t encrypting the Data for people to race fairly online. I think most modders do, but there are some maybe current or old mods that have open Data.


      2. “Then it should not let you blahblahblah”

        In rf and GTR2 we turned off the mismatch detection uncountable times while working on physics.


  5. I guess I can submit same kind of reader submission about rF2 with full of disinformation and you will publish it without hesitation?


  6. I don’t think this is technically correct.

    I believe its down to the server owner to configure the server in the proper manner.


  7. Are you guys serious?

    Kunos has to make sure that there is as little room as possible for cheating. I know eventually someone will find a way to cheat, but this was just accidental. He didn’t want to cheat.

    It shouldn’t be left for modders and players to fix their mods. Kunos should never allow this to happen, for their own good.


    1. I meant it shouldn’t be left for players to deal with that structure problem. Why not force you to use the compressed file? Why not check both by default?


    2. Are YOU serious?

      There is nothing to fix. If a server wants to avoid cheating, then he has to configure the server properly, or use encrypted content. Or just trust that people won’t modify open Data files. How on earth is this Kunos fault? When Kunos already provides a measure to avoid cheating but some people just ignore it.

      This is like blaming Valve for joining a non-VAC server and complain there are cheaters, when the alternative is to join VAC secure servers. Of course people can also cheat in secure servers, but that’s because cheating is a million industry where the ultimate cheats are very expensive and private. Because you will be quickly banned if you play in a VAC server with already identified older cheats. But that’s another story, for another game.


      1. But suppose I’m a new guy. I join some servers with my newly purchased AC and see people cheating all the time. The impression I get is that this game is crap. Is it also my fault for no going thruough forums and learning whick servers to trust and which not? How do I even know which servers are good and which no? They all look the same and appear in the game.

        It may not be Kunos’ direct fault, but it is very easy to stop this. The server, by default, will check for the data encrypted folder. If it can’t find it, then it won’t let you in. And of course, it shouldn’t be possible to set up a server with cars that don’t have the data encrypted file.

        Just my thoughts here. I think this is a problem and that it has to be fixed somehow.


  8. A new guy “won’t” get mods that don’t have encrypted files. And what if people want to run a server with open files? There can be various reasons, that the people who host the server and its clients, don’t know how to encrypt it. I don’t even know myself. But again, a new customer is 0.001% likely to get some random non-encrypted mods and join a non-encrypted server. You’re making this a bigger deal that it should it. And with the chance, other people are using this opportunity to shit at Kunos and AC. ffks, be reasonable, people.
    Some new customers who are not experienced at driving or racing will also think of fast guys as they might be cheating, even if the server is secure and the fast guys aren’t cheating.


  9. Hi guys!

    I’m Iker Garay, the source for this post. I want to make clear that I am in no way a fanboy of any sort trying to shit on Kunos. I bought the game, and the two dream packs as well. We host races in CampeonatoPDLR with both AC and rF2.

    With that out of the way, I wanted to apologize if my last paragraph sounds a bit too harsh. I don’t want AC to fail, I don’t want Kunos to disappear or whatever other reason you may be thinking. This is just something that happened to me and my friends and that I believe it can be fixed, and it should.

    I’ve been reading the comments above and it seems there is a consensus that this is an isolated case and in no way representative of the whole AC experience. I agree on that, but still, this shit can still happen. Someone above already mentioned the possibilty of limiting the server set up to only encrypted files. How about a warning whenever you enter an insecure server? Something like “You are joining a race with no mismatch detection. Enter at your own risk”. Maybe some kind of color difference in the list of servers? Black for up to date and secure, blue for outdated and green for insecure?

    I mean, something should be done. It’s not as if the whole AC experience is now ruined. I wanted my findings posted here to try and get a better AC experience, not to ruin it. I think these kind of things must be reported and fixed. That will help both Kunos and their consumers.

    My submission was honest, and in no way I tried to disinform. If James thinks it’s not up to standards, my apologies, delete it if you must.

    Thanks for reading and happy racing.


      1. I did not say that. What I said is if that a server is not configured correctly to detect and ban cheaters, it should be either banned from the server search, tagged with some color or icon, or a warning message should appear upon entering. With outdated, I mean the remote server installation. Another color tag would do.

        AC is a mod platform as well an oficcial content sim. More effort has to be done to ensure that even with mods, the racing is clean. I just don’t think that it is so difficult to improve what we have now. We should report and ask for a better product, I don’t think that is nowhere near hating or fanboyism.


    1. Seriously?

      You paid money for a substandard illegal mod which wasn’t configured properly, and this is somehow the fault of Kunos? You’re a fucking joke.

      You’re supporting the cancer that’s stalling the gaming industry by paying for illegal mods, then you complain that you don’t get what you want when you want it? Hilarious.
      I’m glad you got stung, you deserved it. And the cum stain who provides links to these illegal mods is worse than you.

      So much ignorance and so many lies on this…. ‘blog’ pfff

      Go and learn how to configure a server before showering us with your ignorance.


  10. Actually now that I think of it, I like it.

    You could run a most awesome fantasy league ever, where every competitor has means to push the envelope of car performance (cheating?) and compete against other similar entries. The races would come down to pure driving and reaction skill, because all the vehicles would end up with second realm abilities.

    It would be like Olympic games with doping allowed!

    Of course, this will get fixed and everything is boring again.


  11. I like your suggestion:

    “How about a warning whenever you enter an insecure server? Something like “You are joining a race with no mismatch detection. Enter at your own risk”. Maybe some kind of color difference in the list of servers? Black for up to date and secure, blue for outdated and green for insecure?”


  12. From the anonymous in one of the first posts:
    “Servers can choose to run without it, that’s not the same as “it’s not possible”. You just have to put the data/ folder of the mod car in the same place you put the data.acd of the original content on the server and it’ll scan from that instead.”

    So means this “issue” isn’t an issue after all? So even if the mod isn’t encrypted, but the server host puts the open Data folder in the Server folder, then clients need to have the same Data so to not create a mismatch, even with non-encrypted car?


    1. What I understand is that if the host puts the data folder instead of the encrypted file, it will look for those files. But then again, if the player encrypts the data and the host has the data folder it should let him join.

      Some other user has reported that there is a bug in the mismatch check and that if the server tries to find either the data folder or the data.acd and the player doesn’t have it, it will let him join regardless.

      It may be possible to put both the data.acd AND the data folder in the remote server and this way secure it. But how many people even know of this?

      Anyway, I myself have the 1967 mod installed, the vanilla version. It comes with the open uncompressed data folder. So the server host must have those files installed as well. The submitter clearly stated that he had installed a new set of uncompressed physics, and it still would let him join.


      1. That’s exactly what happened. Both the vanilla version of the mod and the updated one have unencryped physics. I assume the server host has the vanilla unencrypted version of the physics. I have different ones. My friends and I could both join with different physics without any warning or mismatch.

        The only thing I can think of is that the server host encrypted the folder, and due to the bug some anonymous reported in the comments, the server tries to find a file that doesn’t exist and lets you join.

        Either way, it’s an open door for cheaters. If the host has an encrypted file, it should only let people with the exact same file to join, even if that is no one in the world. If he encrypted the folder on his own, nobody should be able to join that server. If he didn’t encrypt anything and the data folder is open, then it’s clearly an issue with the mismatch check, and anybody can cheat.

        I’ve checked the server manager options and the sever_cfg.ini and I can’t find any setting to change the mismatch options. There sure is one, as a lot of people have mentioned, but it certainly isn’t visible nor explained in the manual portion of the server manager. Don’t you think this should be better explained, and set up in a safe manner by default?

        I bet most of the people running servers haven’t noticed anything and some cheat is taking advantage of it.


      2. So you are saying that for example if you decrypt the Data for huracan gt3, you can join servers hosting huracan gt3 with encrypted Data? And what if you alter that opened Data files, can you still race in that server with locked Data files?


      3. Uplosd the data folder (or ACD) into you server the assettocorsa/server/content/cars directory. Whatever you put in there will be checked by the server. The host whose server you were using had clearly not configured his server properly and thefore allowing cheating.


      4. 2nd anon here, you misunderstand.

        The client sends checksums of files in the car folder: the encrypted data if it exists, otherwise everything in the data folder as individual checksums.

        If the server has copies of these files, it requires a matching checksum – if they all match, you get in. Anything the server has will be checksummed against the client, unless the server has a blank file. Obviously files that the server doesn’t have will be approved without looking.

        This is both positive and negative – when used intentionally it’s a positive – you can leave out the ‘cameras.ini’ for example and allow users who’ve customized their camera positions to join anyway, as that’s purely a visual change (it only affects the F6 “gopro” style cams anyway). When used unintentionally, it may mean that cheaters have access to features that modders left out of their mod – drs.ini is the only one I see that’ll give a performance advantage.

        It’s not comparing the actual contents of the files, just checksums – so if you send an encrypted file that you made yourself, it’s almost guaranteed to fail because the server will be looking for individual data files.


      5. The bug with blank files is: If the server contains a blank file (eg. “digital_instruments.ini”, file size 0KB – lots of mods don’t use this since they don’t have digital instruments) then the checksum algorithm doesn’t run, and a user could have sent any checksum and it’ll allow them in. Most of the files in a mod can’t be blank or it just won’t load into the game, really it’s just the handful – digital_instruments.ini, electronics.ini, drs.ini, suspension_graphics.ini, wing_animations.ini – that are frequently blank. Of these, digital_instruments.ini, suspension_graphics.ini and wing_animations.ini are purely visual – they add the digital dash, set certain suspension component positions, and write the names of the animation files used on wings. electronics.ini contains ABS and TC – if a server allows these but a car doesn’t have them, you could add them. drs.ini identifies the wings that can have drs activated and the changes it makes (eg. -10 degrees for 20 seconds)

        It’s thus better to (a) encrypt the physics (preferred since then there’s only 1 file to checksum and it’s never blank) (b) add comments to those files before distributing, so they’re not blank.


      1. I don`t understand why i keep getting mentioned in stuff like this…guess i made quite the impact on someone`s life eh? :’)

        But you`re on to me man. I hate AC so much, with 300+hours in it, i really feel the need to post this under a false name. Makes me feel better you know, after a quick wank and a rant it really takes away that cloudy feeling you if know what i mean?


  13. What your reader submitted was a request for Kunos to patch an illegal mod. Like that’s ever going to happen.
    There’s nothing wrong with the game stopping cheats joining servers, but why let the truth get in the way of a story eh?


Ratio of vowels to consonants will be monitored. Post at your own discretion.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s