I feel I need to elaborate on this more. First of all, data could be stored on BOTH the client and the (cheap) server when they log off. If a hacker is changing stats, they''re either going to do it while the are not playing or while they are.
If they''re not, they would eventually log on. The CGI could compare stats before "letting them in" and not give them the IPs of the honest players.
If they are logged on, other computers in the peer-to-peer network would "see" the instant change in stats when the hacked program sends them out. When an honest client "sees" it, that system could "inform" everyone else to ignore that client.
I''m just coming up with these details off the top of my head, so please correct me if I''m wrong.
Peer-to-Peer as alternative for client-server ?
quote:Original post by Ironside
If some hacker starts on Monday and is level 200,000 on Wednesday and killing all the people who have invested weeks/months/years acquiring their skills and items in the traditional manner, all your traditional players are going to quit in disgust.
I don''t think you''re following the logic all the way through... someone who modifies their character in this context isn''t really a "hacker" per se. First of all, this system definitely isn''t geared toward PvP play... there''s just no two ways about that, I won''t argue with you there. Second, if someone DID kill you, all you have to do is open up your own text editor and restore whatever settings you like. Or, preferably, the game master goes into the editor and edits your character online.
quote:
Why work up the hard way when everyone else is just modifying their characters in the editor you shipped with the game. It is this whole concept of building your characters faster then everyone else that drives people to play these MMORPGS for countless hours.
haha... well, some people actually like the ROLE PLAYING aspect of these games. I think your assumption that building up your character is the only reason to play is a little bit narrow. Why do people play Dungeons and Dragons (non online) then?
Clearly this is a different type of game I''m talking about here. It would be much closer to the pen-and-paper type of game. Think about this... what stops someone from just writing down on his paper character sheet whatever stats and gear he wants? Nothing, really! But the other players aren''t going to want to play with him, and the game master (who is really just another player) isn''t going to allow the character in his campaign. Such a system could work ONLINE also... there''s no reason it couldn''t. In fact, this is very much like what Dungeon Siege and Neverwinter Nights are doing, but without the persistent backend.
quote:
You’re sadly mistaken. What will happen is that people will all max out their levels and experience, play for a few days and get bored because there is no inherent value in fighting monsters or leveling up.
Good! Let those people go! I certainly won''t miss them.
I think you are correct here for the most part... but what you are missing is that some people WILL want to slowly build up their characters within the confines of the game rules, and the adventuring campaigns, and THOSE PEOPLE are who this game is for -- the people interested in role-playing games for the sake of the game, not just getting the best equipment they can get.
quote:Original post by rjahrman
If they are logged on, other computers in the peer-to-peer network would "see" the instant change in stats when the hacked program sends them out. When an honest client "sees" it, that system could "inform" everyone else to ignore that client.
I''m just coming up with these details off the top of my head, so please correct me if I''m wrong.
The problem here, is if me and my guild all croud into one spot in the game, say way out in a field in the middle of nowhere, and we are all members of the same peer to peer group. In fact we make up all the members of the peer to peer group. Then if we all run a hack at the same time, none of the peers will disagree. Even easier, we can just run a program that blocks the packets that alert the server or the other peers of misconduct by one of the peers. If all the peers in a gorup were running such a program they would be free to hack all they wanted.
quote:Original post by Pyabo
I don't think you're following the logic all the way through... someone who modifies their character in this context isn't really a "hacker" per se. First of all, this system definitely isn't geared toward PvP play... there's just no two ways about that, I won't argue with you there. Second, if someone DID kill you, all you have to do is open up your own text editor and restore whatever settings you like. Or, preferably, the game master goes into the editor and edits your character online.
The MMORPG implementation I was thinking of was like the current stock of MMORPG's EQ,AC,UO,AO etc. I think your referring to multiplayer RPG's that are more closely related to tabletop RPG games, where there is a dungeon master and the gameplay is very story driven. I really doubt that this style of game play could support a 3000 player persistent world. But I’d be happy to be proven wrong
[edited by - ironside on March 28, 2002 8:50:06 PM]
What if...
Rather than randomly checking the stats of all the game''s players, it only checked those in the current peer-to-peer (P2P) group. If stats were fake, it would notify only those in the player''s P2P group.
Secondly, the model of a P2P group would be different. There could (in theory) be up to 20 or so players in one group. The group would have a "leader computer."
When players move enough so they switch groups, the leader of the new group would check with all the other leaders to see if they''ve ever hacked.
As for a hacker claiming that another person is cheating, I think I figured out a solution to this. When a computer is accussing another of cheating, it could request a list of every place the player got gold, hp or anything else lately. Depending on how you set this up, it could solve the problem.
Then there''d be the problem of a hacker becoming a leader. However, the "leader computer''s" only powers are to let people into a group and say whether or not a person has hacked. In terms of letting people into a group, the solution could be to give a client the ability to "protest" a leader not letting them into the game. The client could notify every leader and send them the list of data, and if a majority of the leaders say the leader is unfairly stopping them the other leaders could instruct every player to ignore that member (or better yet tell the cheap server to delete them).
See if you think this will work.
Rather than randomly checking the stats of all the game''s players, it only checked those in the current peer-to-peer (P2P) group. If stats were fake, it would notify only those in the player''s P2P group.
Secondly, the model of a P2P group would be different. There could (in theory) be up to 20 or so players in one group. The group would have a "leader computer."
When players move enough so they switch groups, the leader of the new group would check with all the other leaders to see if they''ve ever hacked.
As for a hacker claiming that another person is cheating, I think I figured out a solution to this. When a computer is accussing another of cheating, it could request a list of every place the player got gold, hp or anything else lately. Depending on how you set this up, it could solve the problem.
Then there''d be the problem of a hacker becoming a leader. However, the "leader computer''s" only powers are to let people into a group and say whether or not a person has hacked. In terms of letting people into a group, the solution could be to give a client the ability to "protest" a leader not letting them into the game. The client could notify every leader and send them the list of data, and if a majority of the leaders say the leader is unfairly stopping them the other leaders could instruct every player to ignore that member (or better yet tell the cheap server to delete them).
See if you think this will work.
quote:Original post by rjahrman
What if...
Rather than randomly checking the stats of all the game''s players, it only checked those in the current peer-to-peer (P2P) group. If stats were fake, it would notify only those in the player''s P2P group.
The real problem here is being able to prove if stats are fake. Without an absolutely trusted version of the gamestate (like on a server) there is no way to conclusively prove if stats are fake or not.
quote:
When a computer is accessing another of cheating, it could request a list of every place the player got gold, hp or anything else lately. Depending on how you set this up, it could solve the problem.
The hacking client could spoof the list, generate a list of random places where it acquired the stats. The underlying assumption here is that the Client must tell you the truth about something. In actual fact the client can and will lie about everything if necessary.
quote:
The client could notify every leader and send them the list of data, and if a majority of the leaders say the leader is unfairly stopping them the other leaders could instruct every player to ignore that member (or better yet tell the cheap server to delete them).
Again here you still have to trust the other leaders. Say the hackers got to be in leadership positions in a majority of the peer to peer sessions? they would again have full access to the gamestate. Also these decisions are very difficult to make, typically they require human supervision, as in the leaders actually voting, as opposed to the leaders clients making an automated decision. If you do rely on player run security your game becomes unscaleable again, because for every 20 players you add to your game, you need to have another "trusted" leader, like a GM or someone employed by to keep things "fair"
There''s a reason the big Online game makers use Client Server. They are very smart guys, you can be sure they considered the peer-to-peer model and found it wouldn''t work.
One thing I would like to say is that you absolutely could implement a massively multiplayer game with the methods described above. It would be playable and scaleable but it wouldn''t be secure. If your implemented a more prose focused game, or story focused game then this may be acceptable for you. But you could not implement a game like AC, UO,AO, EQ in this fashion because players invest so much in building their stats and characters and hacking would absolutely undermine the value of advancing your character which is predominantly what these games are about.
Why not check the increases in stats against the game itself?
If you say, have 15 monsters, who give 1 exp * level, and the player suddenly jumps 5000 EXP.. you just have to check..
if(newexi > possibleExp) { ignore client; }
And if the client kills a monster, worth 14 exp, they''d gain the actual exp.
You could implement the same thing for levels and stats.
If((level == 1) && (hp > 30) { ignore client; }
Why wouldn''t you just have a legitimate check against the stats that are changing, etc.. Especially if the stats / skills are allocated in a Diablo 2 style. Obviously the total amount of stats shouldn''t exceed the amount alloted per class, per level, and if it does... then boom, you have a cheater.
If you say, have 15 monsters, who give 1 exp * level, and the player suddenly jumps 5000 EXP.. you just have to check..
if(newexi > possibleExp) { ignore client; }
And if the client kills a monster, worth 14 exp, they''d gain the actual exp.
You could implement the same thing for levels and stats.
If((level == 1) && (hp > 30) { ignore client; }
Why wouldn''t you just have a legitimate check against the stats that are changing, etc.. Especially if the stats / skills are allocated in a Diablo 2 style. Obviously the total amount of stats shouldn''t exceed the amount alloted per class, per level, and if it does... then boom, you have a cheater.
quote:
Good! Let those people go! I certainly won''t miss them.
I think you are correct here for the most part... but what you are missing is that some people WILL want to slowly build up their characters within the confines of the game rules, and the adventuring campaigns, and THOSE PEOPLE are who this game is for -- the people interested in role-playing games for the sake of the game, not just getting the best equipment they can get.
Yes, and that is why only 5-10% of the EQ population actually roleplays. Unfortunately these 5-10% aren''t gonna get the bills paid. You have to cater to the lewt hungy whores as well.
In any event, I dont care who your end audience is, cheating must be prevented. Persistent world or not. If you release a game that everybody cheats in and no body wants to play, do you really think they''ll buy your next game the next time around? Is your company going to stay in business?
-=[ Megahertz ]=-
quote:
Good! Let those people go! I certainly won''t miss them.
I think you are correct here for the most part... but what you are missing is that some people WILL want to slowly build up their characters within the confines of the game rules, and the adventuring campaigns, and THOSE PEOPLE are who this game is for -- the people interested in role-playing games for the sake of the game, not just getting the best equipment they can get.
Yes, and that is why only 5-10% of the EQ population actually roleplays. Unfortunately these 5-10% aren''t gonna get the bills paid. You have to cater to the lewt hungy whores as well.
In any event, I dont care who your end audience is, cheating must be prevented. Persistent world or not. If you release a game that everybody cheats in and no body wants to play, do you really think they''ll buy your next game the next time around? Is your company going to stay in business?
-=[ Megahertz ]=-
Well, 5% of EQ players is around 20,000 players. You don''t think 20,000 paying players could support a game financially? I think you''re wrong there. No, they probably couldn''t support a 400,000-player system, but that''s not what they''d need to do.
Well, to those pie-in-the-sky dreamers starting their P2P MMORPG, Ironside is completely right. There is just no way to make that system secure. Period. That''s why I proposed the Zero-Security system... but really, it *is* a different kind of game from EQ, AC, and UO.
(If you could create a secure p2p system though, then I think you''d have some fundamental new concept that previous generations of Computer Scientists had overlooked. Hey, more power to ya)
Well, to those pie-in-the-sky dreamers starting their P2P MMORPG, Ironside is completely right. There is just no way to make that system secure. Period. That''s why I proposed the Zero-Security system... but really, it *is* a different kind of game from EQ, AC, and UO.
(If you could create a secure p2p system though, then I think you''d have some fundamental new concept that previous generations of Computer Scientists had overlooked. Hey, more power to ya)
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
