• Advertisement
Sign in to follow this  

Best Security?

This topic is 2619 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello,

I am currently managing a game development. We are building a game, with a Java Server, that communicates with a Flash Client. In all we use, Flash, MySQL, PHP, HTML, and Java. I could use some advice on how to prevent people from using packet sniffers, or other methods, to eventually reverse engineer our game & create a copy of it. Obviously, there is encryption however that only works to a point.

The game will be a browser based MMO/Virtual World. I have been looking into virtualization and cloud computing to see if its possible to host both the client & server both on the dedicated server and just have it displayed via a plugin on their browser, though I cant find much about that method, and I am unsure if that is a good idea.

So please, any advice you can offer would be great. We will also be offering future job opportunities to help secure the game, but first would like to find the best method.

Thankyou,
Riley

Share this post


Link to post
Share on other sites
Advertisement
If your users never have access to your code it would be very hard to reverse engineer. Even if they figure out the packet protocol, that is just a communication system, it tells them nothing of the actual game. I am not a security expert, but I don't think that a game that is entirely hosted on a server is at much risk.

Share this post


Link to post
Share on other sites
Well, the server side, database, and images will be stored on the dedicated server and communicate with a flash client on a seperate web server. I have seen similar games completely copied and released as 'private servers' and I dont fully understand how people are able to do that with multi-million dollar game developments...which makes me worried about how to prevent that from happening.

Share this post


Link to post
Share on other sites
Browser games are trivial to code. They did not reverse engineer it, they just wrote the same game from scratch.
"multi-million dollar game developments" are you sure we are talking about browser games? You can order a custom game (only code, no art assets) of this kind for 50-70k USD.

Share this post


Link to post
Share on other sites
Add value. Release new, minor version updates relatively frequently. A rolling target is hard to match, particularly if your updates contain new features or content that people want. Virtual worlds thrive on the size of their population, these private servers will probably be inconsequential if you can keep the bulk of the players moving with you. You can even try to build in game mechanics that only work with large populations, though you could compromise your overall design by over-indulging this. Make the server contain as much of the logic as possible, which means less can be reverse engineered and would need to be written from scratch.

You can make it hard for third party client/servers to be developed by detecting and rejecting protocol errors. You might randomly delay the disconnect for some number of seconds after the protocol error so the developer cannot reliably link the last message sent to the disconnect. You would have to be careful about things like this as they could impact regular users if you ever release a buggy version yourself.

You can make it more difficult through client obfuscation and protocol encryption, but at some level the client will generate something in memory that a determined adversary can read and interpret before it gets encrypted. You cannot prevent it, but you can discourage it, make it hard to do and marginalise those who choose to play on private servers. Finally, you can take legal action against any private community hosters if they start getting to a significant size. Ensure your EULA contains whatever clauses your lawyer believes necessary so you can legally act against such communities if you want to.

Share this post


Link to post
Share on other sites
If you want to reverse engeneer such game you don't need any "packet sniffers" because to make such a game from scratch you don't even need to know what a packet is :D The most sophisticated thing you would ever need might be AJAX, and that's it...

I don't know, maybe they indeed had stolen their server code. But I wonder what for? How long would it take for a lone programmer to code something like Habbo Hotel (apart from gfx assets and assuming single server architecture only and ignoring code optimization). A month? Two?
Assume you could obscufate the code of your game perfectly and secure your server against hacking perfectly. Would it make any difference? How many clones of Travian or Ogame are there already? Hundreds?

The key problem is gfx, you can't easily create it from scratch. But also it is impossible to prevent the theft of it...

Share this post


Link to post
Share on other sites
So, is it easier to protect the graphics? If they cant find the location of each of the images then how else would they get the images? Can they pull them from the SWF?

In regards to programming this type of game, I've hired over 5 different programmers, and its taken over a year now, and we still havent got it completed. Each person I've hired has been a "professional" freelancer so either I've hired the wrong people or it takes longer than you'd imagine.

Share this post


Link to post
Share on other sites
2D graphics can be captured by simple screen-shots. 3D models are harder, but can also be done. As far as programmers go, did you hire the programmers sequentially? Starting from the work of a previous person is often difficult, especially as the project gets large.

Share this post


Link to post
Share on other sites
I think it would be hard to capture each frame of everything happening without a bunch of players in the environment, etc. It started out sequentially because one programmer couldnt finish the job, then the next couldnt, then eventually we started from scratch and its been worked on from that... But its certainly taken a lot longer than a month and I was hiring who I believed to be professionals...

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement