Sick :/
So I finally managed to catch a cold this year [sad]. And I was so glad that I hadn't got sick for the whole winter.
And I really want to play Elder Scrolls IV: Oblivion. I'm going to get it at the first chance when I get free time. That would be when the term is over in 1 week.
So here comes some technical discussion:
What kind of things can you do to protect an online game from hackers? I'm talking about hackers who make things for leveling up faster, getting more game money, and things like that. Not the kind of hackers who steal/destroy data.
What most of games try to do is to hash check the binaries and the memory to detect tampering. And also have some sort of monitor process who kills the game if you attach another process to it (debugger/scanner/...)
And of course, the good old method of encrypting the packets.
So.. what else would you do? I guess the safest thing would be to make the client "dumb" and do all the work on the server side, so no one would alter client data, but that just puts too much pressure on server.
Another way I was thinking of was to somehow send a "verifier" to the server. Now I don't mean a hash by this, but something to "prove" that the action done by the client is genuine, and the server would cut you off if that action didn't make sense in the sent context.
Here is my example:
User uses a "jumphack" and jumps 100 points up (let's say the default jump is 10 points)
So the client would send the server a packet saying the user is now at the new location 100 points above. And the "verifier" would say that the user jumped to perform this action.
Then the server looks at this and figures out that this doesn't make sense to jump 100 points with a single jump, so it basically sense a "bullshit!" packet back to the client.
If the client tampers with the verifier too and says "jumped 10 times" instead. The server would see that you can indeed jump 100 points if you do 10 jumps, but it would also question why the client took so long to inform the server of all the jumps. So say your last packet was 2 seconds ago, the server would say that there is no way you could have jumped 10 times in the past two seconds, and then send you off again.
What do you think?
And I really want to play Elder Scrolls IV: Oblivion. I'm going to get it at the first chance when I get free time. That would be when the term is over in 1 week.
So here comes some technical discussion:
What kind of things can you do to protect an online game from hackers? I'm talking about hackers who make things for leveling up faster, getting more game money, and things like that. Not the kind of hackers who steal/destroy data.
What most of games try to do is to hash check the binaries and the memory to detect tampering. And also have some sort of monitor process who kills the game if you attach another process to it (debugger/scanner/...)
And of course, the good old method of encrypting the packets.
So.. what else would you do? I guess the safest thing would be to make the client "dumb" and do all the work on the server side, so no one would alter client data, but that just puts too much pressure on server.
Another way I was thinking of was to somehow send a "verifier" to the server. Now I don't mean a hash by this, but something to "prove" that the action done by the client is genuine, and the server would cut you off if that action didn't make sense in the sent context.
Here is my example:
User uses a "jumphack" and jumps 100 points up (let's say the default jump is 10 points)
So the client would send the server a packet saying the user is now at the new location 100 points above. And the "verifier" would say that the user jumped to perform this action.
Then the server looks at this and figures out that this doesn't make sense to jump 100 points with a single jump, so it basically sense a "bullshit!" packet back to the client.
If the client tampers with the verifier too and says "jumped 10 times" instead. The server would see that you can indeed jump 100 points if you do 10 jumps, but it would also question why the client took so long to inform the server of all the jumps. So say your last packet was 2 seconds ago, the server would say that there is no way you could have jumped 10 times in the past two seconds, and then send you off again.
What do you think?
0
Sign in to follow this
Followers
0
2 Comments
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now