Sign in to follow this  
HopeDagger

Clientside maps or send-on-request?

Recommended Posts

As I work on my project more and more, I realize that cheaters/hackers will eventually make an attempt on my game, and I want to be prepared. :) My game's maps are a fairly simple tile-based format, and I'm not sure what the best way to go about supplying clients with map data is. If I store the maps clientside, people will more than likely hack into the maps and be able to change data around, giving them advantages like walking through walls, etc. The only solution I see is sending the maps on-request to the clients from the server. However, this is going to be costing some major extra bandwidth to be constantly supplying map data to players. Even at only 1 byte per tile, sending a mere 50x50 block is 2.5kb. Then stack on more for objects/entities that it needs to receive as well. Any suggestions on a good way to approach this problem?

Share this post


Link to post
Share on other sites
because then the server can confirm that where they want to walk is a valid position. this way even if they hack the local maps, the server won't allow them to walk through walls.

however, i think this may or may not work depending on how movement is done in the game so far. give more info. do you use keyboard or mouse movement? are you constantly sending position updates, or have some sort of prediction going on, or both? is movement tile based or per pixel? can you move diagonals?

i also have been pondering this same question, too, so i'd like to gain something from this discussion as well.

Share this post


Link to post
Share on other sites
the reason his answer didn't really fit your question is that you didn't provide enough data to answer the question correctly. could you describe what you game is? is it some kind of MMO? is it just a 2D single player game?

the reason he said what he said is the following. in a MMO type of game you always want the maps client-side b/c otherwise it's a waste of bandwidth. you prevent people from walking through walls/ etc by having the server check their moves. client presses walk forward -> data goes to server -> server verifies that walking forward is ok -> server updates client position if position is ok -> server tells client its ok to move forward -> client moves forward. now that's a really naive implementation for a great number of reasons, but it's the general base idea. you can do things to make it look better on the client side, but this is how data needs to flow. the server always maintains the actual position and allows/disallows movement, checks that the movement speed is correct, etc. that way even if someone does hack you maps they can't do anything about it b/c the server won't let them cross the walls. if they hack the client so that it doesn't listen to the server then it doesn't matter anyway, since they won't actually be where the client says they are. thus they won't encounter any monsters, won't get any loot, won't see other players, won't be seen by other players (except where the server thinks they are), etc. they'd also then be open to getting killed b/c if a monster spawned where they were (according to the server) the player wouldn't see it b/c the client would draw it in the correct spot on the map (which is not where the player is on the client system). thus the server would mark them dead b/c they don't see the monster, don't fight it, etc. so generally hacking the client just lets you see maps, you don't get any benefit of scouting for enemies, etc.

it doesn't matter at all if people hack and see the maps anyway. if you have any kind of user base one of the first things that gets posted to the internet is maps. so even if people don't hack your data to see the maps they'll have access to that data anyway from people who have played through various areas and posted the info on the web.

-me

Share this post


Link to post
Share on other sites
Also, you should only send information about the world from the server that the client needs to know about. Just make sure to have a buffer so there are no situations that appear where the client isn't able to view data that it should be able view, because it walked away from the designated area too quickly. However, making this buffer of data sent to client as small as possible will mean that any hacking that is attempted on the client will only be able to show the actual data sent to it, ie. what is contained in the buffer. This prevents unlimited view distance hacking etc. to a certain degree, though it should be fairly obvious as well it is more economic for bandwith to not send the state of the entire world

Share this post


Link to post
Share on other sites
Ah, I'm seeing it now. The server needs to be the ultimate authority in the server<->client relationship, so all non-trivial actions/events need to be confirmed by the server ahead of time. Gotchya. I've got a lot of careful programming ahead of me. :)

Thanks for the help!

Share this post


Link to post
Share on other sites
i have a question to throw into the pot.

is there someway to verify that a map file has not been tampered with? i can't really see anyway to do this, besides from the obvious thing which is having the client send the server what his map file looks like, server verifies and sends back either an "your ok" message or the correct map file. however, this isn't realistic, in fact if you were doing this you might as well have the server just send the client the map file regardless, but, then again, perhaps the former would be faster since the server would for the most part be downloading and not uploading, unless a person had a corrupt / hacked map.

maybe the client could send the server how big his map file is, and if they dont match up, it is hacked? however, this doesn't make sence, since if a player wanted to change his local map, it would still have the same amount of data in it, unless you had some strange setup in your map format.

Share this post


Link to post
Share on other sites
the bottom line is that you don't care if the client has a correct map. they installed your game so they should have the correct map. if they've tampered with it then they will probably be unable to play. this is not a problem that your game code should handle. it's a problem that your customer service department should handle. it doesn't matter if a client has changed their maps b/c the only map that matters for the world-state of the game is the map on the server. if the client broke their map, then they need to talk with CS about how to fix it. basically they'll have horrible bugs like hitting invisible walls, being killed by monsters they can't see, etc. the base level of checking you do is to verify that they have the same version of the game as the server (you check a simple version number). if the version numbers don't match, you error out and tell them to dl the patch / start an automated updater. if the version numbers match then they _must_ have the correct map unless they tampered with it. generally you don't make things easy for people who knowingly broke the game.

-me

Share this post


Link to post
Share on other sites
Quote:
Original post by graveyard filla
i have a question to throw into the pot.

To answer your question you could always have the client calculate a hash (like a checksum) of the map, then send the hash to the server. The server could then verify the hash. The problem is that this assumes your client to be trustworthy, which is bad because the client itself could be hacked.

Back to your original post, I don't see why sending the map to the client is such a bad thing, as long as the client is able to cache the maps. Compress the maps before you send them if you want. This would let you have pretty dynamic worlds (assuming your game is some sort of mmog, otherwise I don't guess it'd be that important).

Still, I'd say do what others have suggested and have the server verify every nontrivial thing each client does. Don't trust the client at all. Trust. No. One.

Share this post


Link to post
Share on other sites
hi guys,

thanks for your replies, and to the OP, sorry if you feel im hijacking your thread.

@ Paladine

hmm.. that makes sence [smile]. however, it would be nice to somehow detect if the client has a tampered map. at least in my situation.

for example, in my game (a 2D persistant online RPG), i use the mouse for movement. when a player clicks, he tells the server " this is where i am, this is where i clicked". the server then calculates velocity, makes up for lost time using the timestamp, and then moves the player at this rate.

now, this system will work perfectly if no one cheats. however, if for example a player decides to go into the map file and start removing walls, there will be some major problems. the solution to this is simple - every once in a while, the server sends "this is where you are" to the client. the client will then lock to this position. voila, what the client sees no longer effects where he can move, since the server is now boss over his movement.

however, the "once in a while" part is the issue here. hplus recommended 30 seconds for a good time. this sounds pretty good to me too. however, 30 seconds seems a little too long, for example, 30 seconds is more then enough time to walk through a wall, kill someone, and then have the server bounce me back to where i am supposed to be. if i changed it to something like every 5 seconds, this would increase bandwith.

i was thinking if i had a way to verify the clients map is not corrupt, i could keep it at 30 seconds.

EDIT: hmm, i just figured out something. let's say im a player of my game and decide to go into all the map files and remove all the walls. now, im standing at the edge of a wall... i click the other side of that wall, and proceed to move through this wall... now that im on the other side, i quickly click somewhere else to move - now where i am and where i clicked is a legitamate spot, and when the server sends me my position, i will still be on the other side of the wall... i guess i will somehow have to immediately see if they are walking through a wall, and if so, then send a packet saying "hey you cheating bastard, you can't do that, go here". again, veryfing map integrity could help here.

@ BradDaBug

could you please explain what a hash is, and how it works? i'll google now, but it doesn't sound like a very nice keyword [smile].

about sending the map data, this seems to me like a bad idea. my map files are actually rather large - each tile can have up to 5 different layers, and each layer has about 6 different members. my map files are pretty big - close to or more then a MB on a decent to large sized map. yeah, this seems way too big for a 2d game map, but, a .zip compression of one of these map files works wonders - reducing a 700k map file to 1.4k !

theres one huge advantage i see about this method though. if the client never has a copy of the map files, then maps could be dynamic - players could buy houses and place them for example. hell, there could even be destroyable terrain. but, like i said, isn't sending these map files just way to expensive?

one way around it that i could see, is have a "base" map that clients stored on their machines. the base map contains a basic map, without the dynamic parts - the dynamic parts are then streamed to the clients when they are within range, things like player palced houses and stuff. this could reduce bandwith and still allow dynamic maps.

thanks again everyone (and sorry again to the OP).

[Edited by - graveyard filla on November 10, 2004 4:19:42 PM]

Share this post


Link to post
Share on other sites
Quote:
Original post by graveyard filla
hi guys,

thanks for your replies, and to the OP, sorry if you feel im hijacking your thread.


It's only bad if *you* feel that you're hijacking my thread. :)

Quote:
EDIT: hmm, i just figured out something. let's say im a player of my game and decide to go into all the map files and remove all the walls. now, im standing at the edge of a wall... i click the other side of that wall, and proceed to move through this wall... now that im on the other side, i quickly click somewhere else to move - now where i am and where i clicked is a legitamate spot, and when the server sends me my position, i will still be on the other side of the wall... i guess i will somehow have to immediately see if they are walking through a wall, and if so, then send a packet saying "hey you cheating bastard, you can't do that, go here". again, veryfing map integrity could help here.


This won't be a problem if your server is doing the check-work when it receives a movement request from the client. The server will check the pathway between his position and where he clicked, and if a wall blocks the way than the server won't give the client the signal to move there. Simple as that; just don't let the client make decisions on its own. ;)

Share this post


Link to post
Share on other sites
Why would matter if the client tries to walk through a wall? As long as the wall is there on the server the character shouldn't go through the wall; that's why you check everything. They might be able to walk through a wall on their machine, but the server and other clients should have it right no matter what.

Sending maps on request wouldn't work by itself because they could still hack the client to use whatever data they want. (Am I overestimating the hackers? It doesn't matter because the more you assume that they can do the more you protect against.)

There may be other reasons to send map data, though; this just isn't the solution to that problem.

Share this post


Link to post
Share on other sites
Quote:
Original post by graveyard filla
EDIT: hmm, i just figured out something. let's say im a player of my game and decide to go into all the map files and remove all the walls. now, im standing at the edge of a wall... i click the other side of that wall, and proceed to move through this wall... now that im on the other side, i quickly click somewhere else to move - now where i am and where i clicked is a legitamate spot


The client should NEVER tell the server where he/she is. The server should always know and TELL the client whenever the client wants todo something. If its just a hobby game then probably not worth worry about but if your seriouse I would change your game to work like so. The server runs the simulation and the so does the client, but whenever the client does something (or every 30 seconds) the server TELLS the client where he/she is. So for your walk example the client says "walk past that wall" on the server the client stops at the wall but on the clients maching he keeps going. Now the client clicks "kill that guy" but the server says "your here, your not close enough" and the client will snap back to the right position and never be allowed to kill anyone. The client makes requests to the server and the server TELLS the client whats actually going on.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this