Sign in to follow this  

Scripted multiplayer games...

This topic is 2543 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm working on a multiplayer game at the moment and all of the logic is in Lua. Since the code is essentially data (script files) the game would have to checksum the script files in order to ensure they are not manipulated before connecting to the server.

This gave me the idea that perhaps the server can send the scripts to the client (even bytecode rather than plain-text) when the client is connecting. This makes any updates in the scripts invisible to the user.

Have any other games done something similar to this before? Are there risks that I am not seeing?

Share this post


Link to post
Share on other sites
Quote:
Original post by c_olin
Are there risks that I am not seeing?
*anything* on the client can be modified, no matter how many tricks you apply to try and prevent this.

The only actual solution to this problem, is to make the server authoritative, and treat the clients as dumb input/output terminals.

Share this post


Link to post
Share on other sites
Quote:
Original post by c_olin
I'm not really looking at this for a way to prevent hacking, but a more convenient way to handle the scripts.
You mentioned doing this because otherwise you would need to checksum to check for modifications. Apart from the fact that the checksum itself can be falsified (with a variety of methods), you either (a) don't care about modifications, because the server enforces the rules, and modifications only hurt the player who modified, or (b) you don't care about modifications, because, well, you don't care.

There are pretty much zero cases when checking for modifications (or otherwise attempting to prevent them) results in a benefit to you...

Share this post


Link to post
Share on other sites
Yes it is a good idea to send it and it will help somewhat. But it will always be possible for somebody to reverse engineer your checksum, it is up to the developer to make doing so as complicated as possible. This stands true for a large number of cheat prevention methods. Think about game install keys and other DRM methods as well as online scoreboards - there is always a way to mess with them.

I believe counter strike source sends the client config files aswell as checksums on client-side resources to attempt to prevent some cheating, valve have to keep altering the methods to force cheaters to finds new ways round the defences and catch people using out of date techniques. But essentially, they can always reverse engineer what is running on their local machine (the servers are user-run too so they can see what is going on there, but both parts of the puzzle are not essential to perform a successful crack).

Check this article out.

Basically, checksumming the resources will quickly turn away inexperienced cheaters - but it only takes one successful breach to spread the word around. There is a whole field of work to tackle this, and it spreads far beyond game programming as you might imagine - not just cracking, but stealing software secrets and looking for exploits too.

Share this post


Link to post
Share on other sites
Either your game has no users, and cheat prevention is not important, OR your game is popular, and at least one skilled player will create a cheat, which all others can download, and cheat prevention is not possible.

You should design your system to be server authoritative if you want to enforce rules. You should design your game mechanics to reduce the impetus for cheating if possible, and/or a social dynamic in the game that penalizes cheaters, or make them all play against each other, leaving non-cheaters alone. There exists no purely technical solution except for closed hardware systems like the Xbox or arcade cabinets.

Share this post


Link to post
Share on other sites

This topic is 2543 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this