Keeping files safe
Author
How can I make my own pack files or cabs so that my programs can access the files, but the user cannot?
This comes up a lot. Some of the points that are always made:
* It is utterly impossible for you to protect your game data from a determined hacker.
* It's not especially useful to try to protect your game data. Note that many commercial games don't bother to obfuscate their assets in any way, and very few try for any real sort of encryption.
* If you reeeally want to foil people who might want to steal your game data but don't know very much about computers, just put your data in a ZIP file with a different extension or something.
* It is utterly impossible for you to protect your game data from a determined hacker.
* It's not especially useful to try to protect your game data. Note that many commercial games don't bother to obfuscate their assets in any way, and very few try for any real sort of encryption.
* If you reeeally want to foil people who might want to steal your game data but don't know very much about computers, just put your data in a ZIP file with a different extension or something.
Author
Well I already know one way of preventing people from editing the script files and playing online, the server will check the last edited dates on the script files and if they are different from what the server is instructed to check for then it will re-download the files and then log the user in. I suppose your are right, its just that my favorite game is being ruined by people who are just editing the game scripts after they have logged into the server, and I want to try to prevent that from happening, or atleast make it harder.
Quote:Original post by Fixxer
Well I already know one way of preventing people from editing the script files and playing online, the server will check the last edited dates on the script files and if they are different from what the server is instructed to check for then it will re-download the files and then log the user in.
This is moderately easy to overcome, by altering the portion of the code that checks the last-edited dates.
Quote:I suppose your are right, its just that my favorite game is being ruined by people who are just editing the game scripts after they have logged into the server, and I want to try to prevent that from happening, or atleast make it harder.The way you do this is by designing your game not to trust clients to maintain game state. All game state should be maintained by the server, and all changes to the game state should be checked by the server to ensure that they are feasible.
Author
yea like if a user is sending packets that contain the data for 100 new bullets since the last packet was sent (suggesting that the user has edited the script to allow them to shoot at an unreasonable rate, clearly not the rate the game has set) then to auto ban them.
Why auto ban? Just reject the data, send a message to the user and disconnect the client. Keep those subscriptions rolling!
Quote:Original post by Fixxer
yea like if a user is sending packets that contain the data for 100 new bullets since the last packet was sent (suggesting that the user has edited the script to allow them to shoot at an unreasonable rate, clearly not the rate the game has set) then to auto ban them.
Did you ever think about latency? Most games use UDP, and UDP(And neither does TCP) care about the packets you send. If during the update loop 20 packets arrive in 1 giant lump, UDP will just take the data, stick it together and hand it over to you.
You'll then need to filter and split the data. So if latency occurs, you might need to split a bunch of packets and process it. However, if these packets together contain 100 gunfire events, you ban a user that has done nothing wrong.
Just do as many others suggested: Check all the data the client sends to the server on the server aswell. Never trust the client. Just reject the exessive amount of data(So, it might be tuned down to 5 bullets fired, instead of 100). You might want to keep a tolerance filter, so if it happens 10 times per minute, you could kick the user because of possible cheating. Don't ban users because of that, since your game will be so popular noone plays it.
Toolmaker
I'd like to point at stuff like MacroQuest as examples that no game is safe. The EQ security team worked fairly hard to secure the game, including encrypting lots of data in RAM and server-side validation and all that. And Sony are fairly experienced as MMOs go.
Probably the easiest way to pack your game data so that the user can't edit it is just to put it in your own binary format. Not foolproof, but it prevents casual meddling. Of course, casual meddling can be a lot of fun (like tweaking unit definitions in RTS games or weapon defs in JK2 or etc), so keep that in mind.
Anyway, AFAIK the reason most games put stuff in .pak or .cab files is just so that the data is clumped on the HD and can be read faster.
Probably the easiest way to pack your game data so that the user can't edit it is just to put it in your own binary format. Not foolproof, but it prevents casual meddling. Of course, casual meddling can be a lot of fun (like tweaking unit definitions in RTS games or weapon defs in JK2 or etc), so keep that in mind.
Anyway, AFAIK the reason most games put stuff in .pak or .cab files is just so that the data is clumped on the HD and can be read faster.
Use multiple levels of protection. Date checking, file checksums, sanity checking (such as whether a player moves too fast or passes through walls) but don't give an immediate response when you know something has been hacked.
If someone changes something and is immediately found out they will then find their way around your protection system. If instead, the game starts running slower, or they start getting damaged 2-3 times faster than usual they won't immediately know they've been spotted. Most hackers will make a change, test is for a short while then move on. It's a way for them to gain a reputation. If they get a reputation for hacks that don't work then other people won't use their hacks and hopefully other people will be less likely to try to hack your games, or will at least take longer doing so.
If someone changes something and is immediately found out they will then find their way around your protection system. If instead, the game starts running slower, or they start getting damaged 2-3 times faster than usual they won't immediately know they've been spotted. Most hackers will make a change, test is for a short while then move on. It's a way for them to gain a reputation. If they get a reputation for hacks that don't work then other people won't use their hacks and hopefully other people will be less likely to try to hack your games, or will at least take longer doing so.
Here are some links on anti-hacking/cracking
http://www.gamasutra.com/features/20000724/pritchard_pfv.htm
http://www.gamasutra.com/features/20011017/dodd_pfv.htm
http://www.gamasutra.com/features/20000724/pritchard_pfv.htm
http://www.gamasutra.com/features/20011017/dodd_pfv.htm
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
