I'm working on a multiplayer game at the moment and all of the logic is in Lua. Since the code is essentially data (script files) the game would have to checksum the script files in order to ensure they are not manipulated before connecting to the server.
This gave me the idea that perhaps the server can send the scripts to the client (even bytecode rather than plain-text) when the client is connecting. This makes any updates in the scripts invisible to the user.
Have any other games done something similar to this before? Are there risks that I am not seeing?
Scripted multiplayer games...
Quote:Original post by c_olin*anything* on the client can be modified, no matter how many tricks you apply to try and prevent this.
Are there risks that I am not seeing?
The only actual solution to this problem, is to make the server authoritative, and treat the clients as dumb input/output terminals.
Author
Thanks for the response.
I'm not really looking at this for a way to prevent hacking, but a more convenient way to handle the scripts.
I'm not really looking at this for a way to prevent hacking, but a more convenient way to handle the scripts.
Quote:Original post by c_olinYou mentioned doing this because otherwise you would need to checksum to check for modifications. Apart from the fact that the checksum itself can be falsified (with a variety of methods), you either (a) don't care about modifications, because the server enforces the rules, and modifications only hurt the player who modified, or (b) you don't care about modifications, because, well, you don't care.
I'm not really looking at this for a way to prevent hacking, but a more convenient way to handle the scripts.
There are pretty much zero cases when checking for modifications (or otherwise attempting to prevent them) results in a benefit to you...
Yes it is a good idea to send it and it will help somewhat. But it will always be possible for somebody to reverse engineer your checksum, it is up to the developer to make doing so as complicated as possible. This stands true for a large number of cheat prevention methods. Think about game install keys and other DRM methods as well as online scoreboards - there is always a way to mess with them.
I believe counter strike source sends the client config files aswell as checksums on client-side resources to attempt to prevent some cheating, valve have to keep altering the methods to force cheaters to finds new ways round the defences and catch people using out of date techniques. But essentially, they can always reverse engineer what is running on their local machine (the servers are user-run too so they can see what is going on there, but both parts of the puzzle are not essential to perform a successful crack).
Check this article out.
Basically, checksumming the resources will quickly turn away inexperienced cheaters - but it only takes one successful breach to spread the word around. There is a whole field of work to tackle this, and it spreads far beyond game programming as you might imagine - not just cracking, but stealing software secrets and looking for exploits too.
I believe counter strike source sends the client config files aswell as checksums on client-side resources to attempt to prevent some cheating, valve have to keep altering the methods to force cheaters to finds new ways round the defences and catch people using out of date techniques. But essentially, they can always reverse engineer what is running on their local machine (the servers are user-run too so they can see what is going on there, but both parts of the puzzle are not essential to perform a successful crack).
Check this article out.
Basically, checksumming the resources will quickly turn away inexperienced cheaters - but it only takes one successful breach to spread the word around. There is a whole field of work to tackle this, and it spreads far beyond game programming as you might imagine - not just cracking, but stealing software secrets and looking for exploits too.
Either your game has no users, and cheat prevention is not important, OR your game is popular, and at least one skilled player will create a cheat, which all others can download, and cheat prevention is not possible.
You should design your system to be server authoritative if you want to enforce rules. You should design your game mechanics to reduce the impetus for cheating if possible, and/or a social dynamic in the game that penalizes cheaters, or make them all play against each other, leaving non-cheaters alone. There exists no purely technical solution except for closed hardware systems like the Xbox or arcade cabinets.
You should design your system to be server authoritative if you want to enforce rules. You should design your game mechanics to reduce the impetus for cheating if possible, and/or a social dynamic in the game that penalizes cheaters, or make them all play against each other, leaving non-cheaters alone. There exists no purely technical solution except for closed hardware systems like the Xbox or arcade cabinets.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
