Archived

This topic is now archived and is closed to further replies.

Nitrogenycs

Security in OpenSource Engine?

Recommended Posts

Nitrogenycs    130
Hello, is there a way to make an Open Source Engine secure? For example somebody could change the line playerHealth=100 to playerHealth=9999 and have a big advantage in gameplay. I thought about making a checksum for the .exe/elf file, but since it''s open source everybody is able to see how the checksums are generated and thus able to modify it. Is there a way to solve it? Perhaps use some kind of md5 integerity checking on the exe and using the resulting value as a key for de-/crypting communication with other machines? But i guess this won''t work either. Any ideas? -Nitro Thank you for answers! P.S.: Can somebody of you recommend a good book (I already took a look at the book recommendations here at gamedev.net) which covers network architecture in games? Preferrably one which does not mess with the details such as how to initialize a socket etc., just the high-level part.

Share this post


Link to post
Share on other sites
Cybertron    122
Having the source would make it MUCH easier to hack since all the safety measures are visible

I would either make the network/security part closed-source or make sure everybody is using the EXACT same program

Using both would be good. No one can hack the network code and if they change the game then it will detect it. I am sure the users will understand not having the network code, thats what they did for Freespace2

[edited by - Cybertron on August 14, 2003 3:30:40 PM]

Share this post


Link to post
Share on other sites
Cipher3D    340
Just google it - however, most books also cover some API, but they''re a lot that have extensive converage on networking architecture. For networking architecture that is relevant to games, look in Game Programming Gems (1-2-3-(4?)) - they''re sure to have some good articles that talks about high level networking architecture. Just my 2 cents.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster   
Guest Anonymous Poster
If you''re in a client-server environment, make sure that the server has authority over the clients. When the client sends in his input, check it to make sure his moves are legal. In a shooter type game, deal with damage, health, ammo etc on the server so the client can''t hack it.

In a perfect world with infinitely fast network connections, the client should just send keyboard/mouse to server and then display whatever the server tells it to. No game logic on client means there''s nothing that the player can hack. Practically this only works for turn-based games, MUDs and such. But it''s worth it to go as far as you can in this direction.

Also, you should only send clients the information that they''re supposed to have. If you can''t see damage to other players in the game, don''t send health numbers across the network because only cheaters will be able to use them. If another player is too far to be seen or heard, don''t send their position or other info. (This will reduce bandwidth usage too...)

Share this post


Link to post
Share on other sites
Leffe    301
Note: With the GPL(nice opensource license, check it out, it''s pretty nice) you only have to distribute the source if you distribute the binary. Which in turn means that you do not have to distribute the source to your server.

Share this post


Link to post
Share on other sites
Nitrogenycs    130
The project should be totally open source if possible, but obviously it''s quite impossible to do that.
Let''s say we decide to make the important network part closed-source and just provide a .lib/.a for it (so people can still compile). One would still be able to modify the playerHealth line, re-compile and link to the network part. If he manages to crack the checksum thing (which should be easy even if u choose a hard cipher; he may analyse the network traffic) he can use a modified cheating game. Or is the thing i am asking for simply not possible?

-Nitro

Share this post


Link to post
Share on other sites
cbenoi1    484
> Or is the thing i am asking for simply not possible?

Total security is impossible, more so if you give away the source.

As stated above, an autoritative server can decide what actions are permitted and what part of the game world gets updated from the player''s pov. But in your typical FPS you can''t avoid "aimbots", those little nasty in-between network protocol enhancers that compute the other player''s head position and change your rifle''s orientation for the perfect shot. Stats gathered by the server can help detect this and kick out the buggers. But then again, nothing prevents a malicious gamer from putting up a server that favors his clan or himself.

In an RTS/RTT game players work in lockstep, each running the exact simulation and exchanging pre-scheduled commands. It''s basically a mouse clicking festival so there is a gain to be made by adding intelligent super-macros to cram commands in a rapid packet burst. Cheating would take a while to get noted as the gap between simulations widens and commands fed into the simulation engine begin to look abnormal.

If you stick with player commands rather than game state in the data exchange, you stand a better chance of detecting when the game has been compromised.

-cb

Share this post


Link to post
Share on other sites