Jump to content
  • Advertisement
Sign in to follow this  
Nairou

Resource verification

This topic is 5130 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

In designing the pak system for my game engine, I'm wondering how far I have to take security issues, to what extent I have to hide it from the user for it to be effective. For example, I intend to use MD5 to verify that none of the original game pak files have been modified (modifications are to be supported through separate pak addons). Obviously, in order to perform these checks, I need to store a list of pak files to be checked, along with their correct MD5 values. My question is, do I need to try to embed this data within the game code, to try to prevent tampering, or is the idea sound enough to just store this data in a file? If the stored values are modified, yes it could allow the player to run the game with modified resources, but if the client is forced to send in the calculated (not stored) MD5 values to the server, they wouldn't be able to go online with their modified game. All of this is obviously moot when it comes to hard-core hackers with network packet modification, but I don't really know what to do in that case anyway. Any thoughts?

Share this post


Link to post
Share on other sites
Advertisement
Rule of thumb: never trust the client. Sending the calculated MD5 to the server is probably about as good as you're gonna get, but like you said, it won't protect against packet modifcation, nor if they decompile and find your MD5 function and disable/modify it. But short of a premade program to do so, I doubt 99.9% of the players will know how to do that.

What you could do is tie it into another critical function in your program, or better yet, have the client download the routine in a DLL from the server to prevent tampering altogether. Even that can be stopped, but it makes it just that much more difficult. Include in the DLL a unique code to verify it was indeed the proper DLL that generated the number, and not one that was substituted.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!