Security in OpenSource Engine?
Author
Hello,
is there a way to make an Open Source Engine secure? For example somebody could change the line playerHealth=100 to playerHealth=9999 and have a big advantage in gameplay. I thought about making a checksum for the .exe/elf file, but since it''s open source everybody is able to see how the checksums are generated and thus able to modify it. Is there a way to solve it? Perhaps use some kind of md5 integerity checking on the exe and using the resulting value as a key for de-/crypting communication with other machines? But i guess this won''t work either. Any ideas?
-Nitro
Thank you for answers!
P.S.: Can somebody of you recommend a good book (I already took a look at the book recommendations here at gamedev.net) which covers network architecture in games? Preferrably one which does not mess with the details such as how to initialize a socket etc., just the high-level part.
Having the source would make it MUCH easier to hack since all the safety measures are visible
I would either make the network/security part closed-source or make sure everybody is using the EXACT same program
Using both would be good. No one can hack the network code and if they change the game then it will detect it. I am sure the users will understand not having the network code, thats what they did for Freespace2
[edited by - Cybertron on August 14, 2003 3:30:40 PM]
I would either make the network/security part closed-source or make sure everybody is using the EXACT same program
Using both would be good. No one can hack the network code and if they change the game then it will detect it. I am sure the users will understand not having the network code, thats what they did for Freespace2
[edited by - Cybertron on August 14, 2003 3:30:40 PM]
Just google it - however, most books also cover some API, but they''re a lot that have extensive converage on networking architecture. For networking architecture that is relevant to games, look in Game Programming Gems (1-2-3-(4?)) - they''re sure to have some good articles that talks about high level networking architecture. Just my 2 cents.
If you''re in a client-server environment, make sure that the server has authority over the clients. When the client sends in his input, check it to make sure his moves are legal. In a shooter type game, deal with damage, health, ammo etc on the server so the client can''t hack it.
In a perfect world with infinitely fast network connections, the client should just send keyboard/mouse to server and then display whatever the server tells it to. No game logic on client means there''s nothing that the player can hack. Practically this only works for turn-based games, MUDs and such. But it''s worth it to go as far as you can in this direction.
Also, you should only send clients the information that they''re supposed to have. If you can''t see damage to other players in the game, don''t send health numbers across the network because only cheaters will be able to use them. If another player is too far to be seen or heard, don''t send their position or other info. (This will reduce bandwidth usage too...)
In a perfect world with infinitely fast network connections, the client should just send keyboard/mouse to server and then display whatever the server tells it to. No game logic on client means there''s nothing that the player can hack. Practically this only works for turn-based games, MUDs and such. But it''s worth it to go as far as you can in this direction.
Also, you should only send clients the information that they''re supposed to have. If you can''t see damage to other players in the game, don''t send health numbers across the network because only cheaters will be able to use them. If another player is too far to be seen or heard, don''t send their position or other info. (This will reduce bandwidth usage too...)
Note: With the GPL(nice opensource license, check it out, it''s pretty nice) you only have to distribute the source if you distribute the binary. Which in turn means that you do not have to distribute the source to your server.
Author
The project should be totally open source if possible, but obviously it''s quite impossible to do that.
Let''s say we decide to make the important network part closed-source and just provide a .lib/.a for it (so people can still compile). One would still be able to modify the playerHealth line, re-compile and link to the network part. If he manages to crack the checksum thing (which should be easy even if u choose a hard cipher; he may analyse the network traffic) he can use a modified cheating game. Or is the thing i am asking for simply not possible?
-Nitro
Let''s say we decide to make the important network part closed-source and just provide a .lib/.a for it (so people can still compile). One would still be able to modify the playerHealth line, re-compile and link to the network part. If he manages to crack the checksum thing (which should be easy even if u choose a hard cipher; he may analyse the network traffic) he can use a modified cheating game. Or is the thing i am asking for simply not possible?
-Nitro
> Or is the thing i am asking for simply not possible?
Total security is impossible, more so if you give away the source.
As stated above, an autoritative server can decide what actions are permitted and what part of the game world gets updated from the player''s pov. But in your typical FPS you can''t avoid "aimbots", those little nasty in-between network protocol enhancers that compute the other player''s head position and change your rifle''s orientation for the perfect shot. Stats gathered by the server can help detect this and kick out the buggers. But then again, nothing prevents a malicious gamer from putting up a server that favors his clan or himself.
In an RTS/RTT game players work in lockstep, each running the exact simulation and exchanging pre-scheduled commands. It''s basically a mouse clicking festival so there is a gain to be made by adding intelligent super-macros to cram commands in a rapid packet burst. Cheating would take a while to get noted as the gap between simulations widens and commands fed into the simulation engine begin to look abnormal.
If you stick with player commands rather than game state in the data exchange, you stand a better chance of detecting when the game has been compromised.
-cb
Total security is impossible, more so if you give away the source.
As stated above, an autoritative server can decide what actions are permitted and what part of the game world gets updated from the player''s pov. But in your typical FPS you can''t avoid "aimbots", those little nasty in-between network protocol enhancers that compute the other player''s head position and change your rifle''s orientation for the perfect shot. Stats gathered by the server can help detect this and kick out the buggers. But then again, nothing prevents a malicious gamer from putting up a server that favors his clan or himself.
In an RTS/RTT game players work in lockstep, each running the exact simulation and exchanging pre-scheduled commands. It''s basically a mouse clicking festival so there is a gain to be made by adding intelligent super-macros to cram commands in a rapid packet burst. Cheating would take a while to get noted as the gap between simulations widens and commands fed into the simulation engine begin to look abnormal.
If you stick with player commands rather than game state in the data exchange, you stand a better chance of detecting when the game has been compromised.
-cb
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
