Sign in to follow this  
Stormtrooper

Game assets in an online world

Recommended Posts

I'm creating an online game and am at the point of deciding how to keep the game's graphics n such so that people don't modify them to get an unfair advantage. What I was thinking is use PhysFS to store the assets in zip files. When the client connects to the server, it sends the MD5 hash of the zip files to make sure they haven't been tampered with. This is, I think, how the Quake engine does it. But, my only concern is, isn't it easy just to send the hash from another program to trick the server into thinking the client has valid files when infact they've been modified? One problem I see is if there is an update to one file, the entire archive has to be updated instead of the one single file. Could I hash the data directory instead of archives? I'm not too worried about people stealing my assets...I don't have a lawyer to do anything about it if they do.

Share this post


Link to post
Share on other sites
Since you aren't too worried about it there are a couple of relatively easy things you could do with your files. In the end though if someone really wanted to get to the data then they could.

1. Just rename the file extension of your zip files to whatever you want like a .stf for stormtrooper format lol, this will keep the computer illiterate out of your assets which by and far is most people.

2. Encrypt all of your files, this has the downside that when you load anything you are going to have to spend the time to decrypt the file.

3. Create your own binary file format!

4. Speaking of Quake I belive there are acctually tools out there for creating your own .pak files if you want.

Thats just off the top of my head and I'm not the most qualified person to answer your question. I do believe that the first suggestion will keep most people from snooping though.

Share this post


Link to post
Share on other sites
Cannot be done. Period. Accept that, and stop wasting time on a non-issue.

The easiest way to bypass each and every test is to simply put a proxy OGL or DX DLL on the system, and modify the textures as they get sent to the graphics card. The tools for these are available, some of them might be even open source.

See "analog hole", and movie industry's multi-billion dollar investment into trying to unsuccessfully solve this problem. Unless you have dedicated and secure hardware, it cannot be done. On secure hardware, the task becomes just a bit harder, but again, not impossible.

As an example, in a FPS type of game, the easiest way to cheat like this, is to make wall textures semi transparent (add 50% alpha to them), and to emphasize character textures by painting them red. In addition, you do not execute fog commands. Presto, nowhere to hide, and every player sticks out like a sore thumb. There's videos on youtube showing how this works. Non-intrusive, doesn't require programming, cannot be detected, takes some 10-20 minutes and requires an application the can edit DX textures..

Other example, footsteps got modded so that they are much louder and more distinct - this way, cloaked/invisible players were given away from a mile.

Last vector of attack is the packet stream. Wireshark/ethereal can snoop for data that gets sent, and could provide an external map or similar information. Again, non-intrusive, undetectable and effective.

The only way to secure an online game, is to limit the data the client has at any given time to bare minimum. Once you do sent the data, you've lost control over it.

Share this post


Link to post
Share on other sites
I know its impossible to completely prevent it from happening...but I can at least try to discourage the 95% of my audience that probably won't hack if it requires more work than just digging into the game's directory.

My game is 2D...so changing the graphics probably isn't big enough deal anyway. No possibility of seeing through walls or need to make player's more obvious.

Share this post


Link to post
Share on other sites
Don't bother. Even if 95% of the people who want to hack your game assets will stop as soon as they realize it's not trivial, the other 5% will not stop. Of those 5%, if even one figures it out, there's a good chance he'll make the hack available to everyone on the net, thus providing a hack to 100% of the people who want it. The answer, as Antheus already posted, is to design your game in such a way that information the client shouldn't have (such as who's behind that wall) isn't sent to them until it's absolutely necessary.

Share this post


Link to post
Share on other sites
The main thing to do is to verify all client actions on the server, and don't send any unnecessary data back to the client. That is write the server as if anyone could write their own client to play the game (which they can by reverse engineering your client).

You could also encrypt / compress / checksum the game data files and communications to make it a bit harder for a casual user to modify them then as well, but it won't fix the real problem.

The other option is to go the other way, and make it easy for anyone to replace the graphics, and maybe even encourage them to do so. Is it going to make that much difference to the gameplay if they do?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this