How to Stop Game Hackers?
Author
Hola,
I am working on a massive multi-player online game and am nearing the alpha test phase. A recurring problem I''ve noticed \w such games is that a cracker will inevitably use SoftICE, Windows Trainer Creator, or some other debugger\hex editor to make their own personalized version of the game. I beleive Ultima Online solved this problem by holding all game data on the server. This is not a feasable option \w my game as it is has fast paced "twitch" gameplay. Does anyone have any suggestions on how to prevent people from hacking the game data, then cheating, and ultimately ruining the project I''ve spent so much time on? Any help is much appreciated.
Nick Caldwell
MIT c\o ''03
nvc@mit.edu
The only way to prevent illwilled people from tampering with the game data is to have your data where they can''t get it. Unfortunately this means to have the data on the server. Diablo II will also use this technique to prevent cheating.
I beleive you can CRC check the data? If the check fails then kick the person out of the game and format his hard drive.
Anybody skilled enough to hack and mess with your data is probably smart enough to look for CRC''s. They aren''t that hard to calculate, I have a calculator sitting on my desktop for it (for working on my data files, not for hacking games. What''s the fun of cheating?) Really the only way to prevent it is do keep character and item data server side, which isn''t actually that big of a hit. From working on a UO emulator, I found that for a UO-style game, a P266 with a 56k modem was capable of handling about 30 people without an exorbitant amount of lag. Remember... only data server side, graphics and other bandwidth-hogs stay on your machine.
-fel
-fel
Well
this solutiom may be really arbitery (im not sure it is legal, so chek out).
If your game need to be register (like most pro games) add this this rule in the agreement. Any one who will be find gulty of using a trsiner...or another way of cheating will find is accont(s) deleted and will not be able to create another one...
If you make this on some pepoles, cheater will think it twice vefore cheating, but has i told you im not sure this is legal, but it should be.
this solutiom may be really arbitery (im not sure it is legal, so chek out).
If your game need to be register (like most pro games) add this this rule in the agreement. Any one who will be find gulty of using a trsiner...or another way of cheating will find is accont(s) deleted and will not be able to create another one...
If you make this on some pepoles, cheater will think it twice vefore cheating, but has i told you im not sure this is legal, but it should be.
One way to solve this would be to monitor stats at a regular interval. Make some calculations on basically what is possible for stat increases. If someone is breaking the rules set their character to be a level 1 with 1 hitpoint or something similar.
Would it be possible to use a key-based encryption scheme that would require a validated server-side key to access game data? If you store game data on the server until connect time - and then transfer it all at once, it could be encrypted at the client side until the session is complete, at which point it would be deleted. If the server key is non predictable, this will make a hacker''s job a LOT harder.
There are some advantages to holding the world on the server side - its a lot easier to make changes, as opposed to shipping a patch to every player!
There are some advantages to holding the world on the server side - its a lot easier to make changes, as opposed to shipping a patch to every player!
Most of these super cooooool overgod hackers are 12 year-old boys who are using hacks made by others, I mean people who are stupid enough to spoil others game. I would propose to use Delisks way, it is great, but let players vote, make some sort of black list, everyone who hacks get''s their IPs and names on this web page, then people can vote for or against him. Believe me, they''ll get nuked by those who are fustrated by their hacking. They nuked me once, after that I haven''t cheated anymore...
Time comes, time goes and I only am.
Time comes, time goes and I only am.
Author
While keeping the data on the server will work for smaller games, my system is setup for about 500 players per server (with a distributed server architecture to boot). So each server would be responsible for hit validation, collision detection, motion, etc, while at the same time having to deploy individualized data packets for each of the players. Needless to say, the computational resources required to do this are excessive. I''d prefer the server to simply handle data packets and not calculations that the client could better handle.
I do like Delisk''s solution though. The only problem would be stopping people from registering multiple times, perhaps I could use the hard drive serial number as an identifier?
I don''t think Bracket''s idea would work b\c the data would have to be decrypted on client side, and the enterprising hacker could simply tell SoftICE(or his debugger of choice) to find data when it is readable form.
Thanks for the input.
Nick V. Caldwell
MIT c\o ''03
nvc@mit.edu
I do like Delisk''s solution though. The only problem would be stopping people from registering multiple times, perhaps I could use the hard drive serial number as an identifier?
I don''t think Bracket''s idea would work b\c the data would have to be decrypted on client side, and the enterprising hacker could simply tell SoftICE(or his debugger of choice) to find data when it is readable form.
Thanks for the input.
Nick V. Caldwell
MIT c\o ''03
nvc@mit.edu
Just a word of warning. I''m pretty sure that is illegal for you to identify a user by his hard drive serial number, since it would compromise his personal integrity.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
