Jump to content

  • Log In with Google      Sign In   
  • Create Account

how to prevent save cheating? (for games where saving is NOT allowed)


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
55 replies to this topic

#21 Hawkblood   Members   -  Reputation: 723

Like
0Likes
Like

Posted 03 February 2014 - 12:06 PM

Use encryption to prevent data manipulation. Use save file verification to prevent copying—this can be done by having a “master date-time stamp” file that is located somewhere other than where the save files are. This “master date-time stamp” is a file with each save file’s date-time creation AND modified info recorded. This will work because when a file is copied it generates a new date-time stamp within Windows and any modifications will cause the game to reject it.

Sponsor:

#22 LennyLen   Crossbones+   -  Reputation: 3800

Like
1Likes
Like

Posted 03 February 2014 - 12:16 PM


This will work because when a file is copied it generates a new date-time stamp within Windows and any modifications will cause the game to reject it.

 

These checks can be fairly easily circumvented by disassembling the program and finding the offset for the function that does the check and changing the next instruction to 'return' thus bypassing the entire check.



#23 Hawkblood   Members   -  Reputation: 723

Like
0Likes
Like

Posted 03 February 2014 - 04:48 PM

Most users wouldn't have a clue how to do that. There is no lock that can't be picked. There is no cipher that can't be deciphered.



#24 LennyLen   Crossbones+   -  Reputation: 3800

Like
1Likes
Like

Posted 03 February 2014 - 06:58 PM


Most users wouldn't have a clue how to do that.

 

True, most won't.   but it's far more easier for crackers to bypass checks then to circumvent encryption, and as soon as one has done that they can make it availaible to most users.



#25 dejaime   Crossbones+   -  Reputation: 4027

Like
0Likes
Like

Posted 03 February 2014 - 08:01 PM

True, most won't. but it's far more easier for crackers to bypass checks then to circumvent encryption, and as soon as one has done that they can make it available to most users.

Or simply get a tool to change these dates after the modification.

#26 Hawkblood   Members   -  Reputation: 723

Like
0Likes
Like

Posted 04 February 2014 - 06:58 AM

"There is no lock that can't be picked. There is no cipher that can't be deciphered." The only thing you can do is make cheating a tedious bore so the average player will prefer working within your game parameters instead of trying to circumvent.

#27 TheComet   Members   -  Reputation: 1614

Like
0Likes
Like

Posted 04 February 2014 - 08:29 AM

...unless of course you place the savefiles out of reach of the user, for example an external server (someone mentioned this earlier)


YOUR_OPINION >/dev/null


#28 suliman   Members   -  Reputation: 566

Like
0Likes
Like

Posted 04 February 2014 - 12:01 PM

Thanks all, but i repeat:

 

1. No serverside stuff, too messy and complicated.

2. I dont care about hackers, im not even a pro myself, i just want to deter casual users from being lazy and cheat past hard parts of my game (and make carefulness part of the intended gameplay)

3. Therefore, no encryption needed. I use a binary savefile, thats good enought. 

4. I already said saying "let players do whatever they want" doesnt help me.

 

Hawkblood: Wouldnt you just backup that file as well? And if you want to return to a previous state of your campaign you return the backed up savefile AND the file keeping track of the timestamps?


Edited by suliman, 04 February 2014 - 12:02 PM.


#29 Hawkblood   Members   -  Reputation: 723

Like
0Likes
Like

Posted 04 February 2014 - 12:16 PM

The player would have to KNOW about the time stamp in the first place. Remember, the average gamer wouldn't normally think of keeping track of such things. You also make another layer of difficulty by storing the savegame time stamp info in a file that's not in a folder the player would think to look in (not the "savegame" folder).

#30 Nypyren   Crossbones+   -  Reputation: 4347

Like
0Likes
Like

Posted 04 February 2014 - 12:19 PM

Thanks all, but i repeat:
 
1. No serverside stuff, too messy and complicated.
2. I dont care about hackers, im not even a pro myself, i just want to deter casual users from being lazy and cheat past hard parts of my game (and make carefulness part of the intended gameplay)
3. Therefore, no encryption needed. I use a binary savefile, thats good enought. 
4. I already said saying "let players do whatever they want" doesnt help me.
 
Hawkblood: Wouldnt you just backup that file as well? And if you want to return to a previous state of your campaign you return the backed up savefile AND the file keeping track of the timestamps?


NTFS ADS is likely the only thing that will work for you. The fact that the alternate streams are not copied along when the main file/folder is copied is what will produce the behavior you want.

#31 Azaral   Members   -  Reputation: 463

Like
0Likes
Like

Posted 04 February 2014 - 02:17 PM

I think the more pertenent question, from a game design standpoint, would be if it is a signle player game, then why care? You are only being evil towards the player. It should be an option, not a requirement. The player is not your enemy, they are your friend. If they want to cheat, then so what. The only person it affects is themselves. Save yourself the trouble and time and just simply don't worry about it. That's my opinion at least



#32 Hawkblood   Members   -  Reputation: 723

Like
0Likes
Like

Posted 04 February 2014 - 02:37 PM


The player is not your enemy, they are your friend

I have played some games that I cheated on. I regretted it and lost interest in playing. It's like reading the end of a book and deciding that the ending sucked, so the rest of it must suck as well. Never mind the fact that the parts before the end could have easily turned you misconception of "suck" into "genius". But because you never read those parts, you decide getting the next book in the series isn't worth it. This would be the fault of the individual, but that doesn't stop their opinion.

 

It really depends on how much effort you want the player to go through to cheat-- not "keeping the player from cheating".

 

That being said, I have also played games that had bugs causing the inability to continue without some sort of "cheat" or "work around". But the OP is more of the question of "save game integrity".



#33 Ravyne   GDNet+   -  Reputation: 7498

Like
0Likes
Like

Posted 04 February 2014 - 02:45 PM

So, its impossible to provide security where a malicious user has control of the machine, and while I know that you said you don't want to be told to just accept it, you have no other choice. In a single-player game where there is no interaction between players, then there can be no harm in accepting it, a player cheats and that affects their experience but not the experience of others. Its on them, and there's nothing that can be done about that.

 

However, if there is even brief or tangential interaction between players (even something as simple and occasional as connecting to a server to get the current high-scores list) then you have a starting point as a baseline. One could imagine a scheme that ties the high-score to a time, and obfuscates through encryption both the high score list and the save file (which is checkpointed against the highscore timestamp). This will not outright prevent disconnected cheating, but it will make it a lot of trouble, and for their efforts the dishonest player is still prevented from manipulating their way onto the high score table. This is reasonable security. and if the player never connects to the online highscore table, the program can be made in such a way that it simply reverts to their own personal high-score table--and in this way it respects their right to consume your game without being encumbered by DRM or other activation schemes. One could imagine more complex peer-to-peer schemes that might work similar to crypto-currencies like bitcoin.



#34 Nathan2222_old   Members   -  Reputation: -400

Like
0Likes
Like

Posted 04 February 2014 - 03:25 PM

Let them cheat their way through and then they don't feel like playing it again after the first round
OR
prevent them from cheating their way through and making them have hard fun while playing it and maybe thereby giving it good replay value (if the game was designed well) . . .
. . . i choose the latter.

@suliman: aren't the hackers the people that crack your game and give the cheats to the lazy, 'cheat-through' players?

UNREAL ENGINE 4:
Total LOC: ~3M Lines
Total Languages: ~32
smile.png
--
GREAT QUOTES:
I can do ALL things through Christ - Jesus Christ
--
Logic will get you from A-Z, imagination gets you everywhere - Albert Einstein
--
The problems of the world cannot be solved by skeptics or cynics whose horizons are limited by the obvious realities. - John F. Kennedy


#35 Pink Horror   Members   -  Reputation: 1204

Like
0Likes
Like

Posted 04 February 2014 - 08:04 PM

I'd probably just put a hash for the save file in the registry. Yes, your users could backup the registry entry, but I wouldn't care. (Though I guess I also wouldn't even bother preventing cheating so maybe this isn't good enough for you.) Anything beyond copying files will exclude your regular lazy users from messing around, while many people who know about the registry might also know about things that are more complicated than that, too. I wouldn't really try to compete with the hackers, especially without a server. It'll never work.

 

However, I didn't know about that ADS thing, and if it's simple to implement, I'd try it.

 

If you did use a server, you could simply store hashes instead of whole saves. Still, I wouldn't want to make a game that required an online connection or potentially delete people's saves if they're some issue that prevents the server update when the save game is modified. Any kind of write-in-two-places solution might have to deal with what happens when your game crashes during a save. That's another reason I wouldn't bother with this. Any bug in this system will make people quit your game and complain online about it.



#36 frob   Moderators   -  Reputation: 21493

Like
5Likes
Like

Posted 05 February 2014 - 08:00 AM

However, I didn't know about that ADS thing, and if it's simple to implement, I'd try it.

Doesn't work. A skilled hacker knows to look for alternate data streams.

 

Trivially, the RAR compression format knows about ADS. Compress the files with RAR before moving the file out of NTFS format and the data is preserved.  There are also a large number of utilities that will split and merge ADS if you need to transfer the files through other means.

 

All of this is pointless for a single player game.

 

No matter what protection is used it takes only one attacker in the entire world to figure out how to break it. The harder you make it the more fun it will be for them and the sooner they will break it. Once they do break it, they put it on their blog and maybe even write up some scripts to do the work. After that even the least skilled person can follow the instructions. For a single player game it is pointless. Just run the data through a stock encryption algorithm and call it good enough.


Check out my personal indie blog at bryanwagstaff.com.

#37 dejaime   Crossbones+   -  Reputation: 4027

Like
0Likes
Like

Posted 06 February 2014 - 01:58 PM

Let them cheat their way through and then they don't feel like playing it again after the first round

I wouldn't try to simplify fun as a consequence of challenge. I have played hours and hours of GTA using cheats, and I still love playing it, with or without those cheats.
Not even starting to talk about elder scrolls games, which I ended up memorizing several console commands...

Challenge is fun, but so is experimentation. Usually, games have enough challenge, but not enough experimentation; onboard cheats adds a lot of experimentation to a title.

The only thing you can do is make cheating a tedious bore

I am one of those who finds changing games' rules quite fun. If, by any means, there is a protection to bypass, I'd probably have an even better time.
In my case, the only way to make exploiting boring is making it easy.

Edited by dejaime, 06 February 2014 - 02:18 PM.


#38 Azaral   Members   -  Reputation: 463

Like
2Likes
Like

Posted 06 February 2014 - 02:33 PM

Let them cheat their way through and then they don't feel like playing it again after the first round
OR
prevent them from cheating their way through and making them have hard fun while playing it and maybe thereby giving it good replay value (if the game was designed well) . . .
. . . i choose the latter.

@suliman: aren't the hackers the people that crack your game and give the cheats to the lazy, 'cheat-through' players?

 

OR they fail and fail and fail and since they can't do anything but start over or give up, they give up and call your game crap out of frustration.



#39 Nypyren   Crossbones+   -  Reputation: 4347

Like
0Likes
Like

Posted 06 February 2014 - 02:43 PM

However, I didn't know about that ADS thing, and if it's simple to implement, I'd try it.

Doesn't work. A skilled hacker knows to look for alternate data streams.
 
Trivially, the RAR compression format knows about ADS. Compress the files with RAR before moving the file out of NTFS format and the data is preserved.  There are also a large number of utilities that will split and merge ADS if you need to transfer the files through other means.


While I agree that it's pointless to try to implement foolproof client-side protection, no utility I've tried on Windows (7zip, WinRAR, Windows built-in .zip) has correctly detected my test ADS on my folder. I haven't tried ADS-on-file.

(Edit) Nevermind, missed some required command line arguments. Now it's finding it properly. The option is also available in the GUI in the 'advanced' tab as "save file streams".

Edited by Nypyren, 06 February 2014 - 02:50 PM.


#40 Ravyne   GDNet+   -  Reputation: 7498

Like
6Likes
Like

Posted 06 February 2014 - 02:43 PM

So, here's really the one thing that game designers forget and which is especially true of single-player games: Try as you might to corral and funnel players into the experience you've imagined, you don't actually get to decide how any player plays your game, or how they have fun doing it.

 

You can put all the fun you want into a game--probably you'll end up putting some extra in that you didn't even know about--but ultimately you don't control how people take that fun back out. Who are you to tell anyone else how they should have fun in their own hard-earned free time? Especially when their fun doesn't unfairly infringe on other players' fun. Just stop worrying about it and let them eat cake. Whatever smorgasbord you've laid out through considerable effort just doesn't interest them right now, perhaps it will later. In the meantime, focus on making the best smorgasbord you can for those that want to experience it in a way closer to what you expect.

 

I mean, imagine if the creators of Final Fantasy 7 had said "Sure we've got this Chocobo Race thing, but this is an RPG and if people sit around racing birds all day, they'll never enjoy our grand RPG vision, so lets limit the number of Chocobo races they can do." What harm is there in letting them have fun in the way they want to?

 

I'm not saying that players should be able to do absolutely whatever they can imagine, or that you should enable every conceivable desire. I'm saying to make the best game you know how, and not worry if someone has fun taking it outside the box you so firmly want to place it in. The box is unnecessary and brittle, and all the time you spend trying to build a stronger box will only leave you with a significantly weaker game inside a slightly less brittle box.

 

Spend your time to best effect, and let your players do the same.






Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS