Jump to content
  • Advertisement

Archived

This topic is now archived and is closed to further replies.

Blue_H

Cheating: server-side vs. client-side issues

This topic is 6251 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I have a question, but I need to preface it with where I''m coming from and what got me thinking about this. I play the online multiplayer half-life mod, counter-strike. In the Counter-strike community, cheating is a very common occurance, and I like many other people grew sick of it. Then came along a software package called Punkbuster (www.punkbuster.com), which runs as both a client side and server side program, and essentially detects client side if any cheats are running, and if so, reports back to the server and you get booted. So this was great news until one day I''m playing in a Punkbuster monitored server and I see this guy blatently cheating, I suppose to show that Punkbuster isn''t fullproof. So I began working on a few ways to get cheats to work without Punkbuster catching me. I succeeded in finding several ways, and reported them to Tony, the programmer of Punkbuster and he has fixed them since. That''s where I''m coming from, now on to what got me thinking about this. In older games (for example, Quake 2) there were cheats written for online multiplayer deathmatch games of Quake 2. For example, the aimbot was a big player. My understanding of how it worked was that it simply looked up player coordinates that were stored client side and was thus able to know where everyone was and could shoot people with perfect accuracy. In slightly newer online multiplayer games, such as half-life, there are aimbots out there, but they work differently. You take solid colored models and overwrite the default models in your game, then you run the aimbot program which essentially searches the screen for that solid colored model, and sends mouse events to move your crosshair over the enemy, and once your crosshair is over that particular solid color, it fires. I''ve kept up with the new cheats that come out, and to my knowledge there is no aimbot program for half-life or any of it''s mods that works like the old quake2 aimbot. Naturally that makes sense since everything is stored server-side in half-life, right? Well, that makes sense, but if everything was stored server-side, how do opposing players get drawn on your screen? I mean, that info has to be stored client side, or there''s no way to know where other players are in the game. I am nowhere near advanced enough of a programmer to figure this out, but I''m sure somewhere out there there is some hacker who is smart enough to figure out how to get the coordinates of other players from the client side data that is used for drawing other players. So what don''t I understand about the whole client-side vs. server-side issues related to cheating in online games? The player coordinates must be stored client side for the purpose of drawing the players on my screen, right? Perhaps someone could explain where I''m getting off track in my thinking about this.

Share this post


Link to post
Share on other sites
Advertisement
Guest Anonymous Poster
In either case the coordinates are must be stored at least temporarily. Some cheats work by reading the packets you get and figuring out what the coordinates are. I doubt if many actually look in RAM to see where the coords are. So encrypting the packets is one way to get around that type of cheating.

The difference in Server vs Client Side storage is a storage issue, not a transmission issue. It doesn''t help against the type of cheating you describe. In either case you can intercept the packets, read them, and do something clever with the data you get.

Server side storage is about things like keeping track of inventory, hitpoints, etc. For example in Diablo 2 your character stats are kept on the server, whereas in Diablo 1 they were local. In Diablo 1 you could edit your character file, in Diablo 2 you can''t get at the character file directly because it is not local. The best you can do is send packets to the server that fake certain things happening. (Like, you can try to trick the server into thinking you just picked up a pile of gold) But the server side stuff can go farther and actually keep track of things like character positions and other details. So it may not be possible to tell the server "I picked up some gold." Instead it may work like this:

you: "I tried to pick up some item."
server: "There is no item around you to pick up, nothing happens."

What I am saying is that the positions of gold piles and other such details may also be server side. In the extreme case all you can do is tell the server about very basic actions, (like "I am trying to move left") and the server will tell you what actually happened. So it might say "You can''t move left because there is a wall there" or it might say "you moved into a hole and fell." You have no control WHERE the hole or wall is and you can''t lie about it because the serve doesn''t listen for that type of info.

Another example is something like playing fighting games online with something like Kaillera. All that gets transmitted is the input I think. In that case you can''t lie about your hit points or the move you are doing, the best you can lie about is what your input was. (You may be able to change your hit points, but it won''t be reflected on the other players game) The only info you get is your opponents input, so there isn''t a lot of cheating you can do. (You could, for example, make it so that everytime you opponent pressed towards you you did a fireball, but they could be in the air at that time. You don''t have any high level information about what action they are taking)

So what it boils down to is stored data vs packet tampering. With a very server oriented game the packets will contain less info and the server will not rely on packets for much high level info, so it limits what you can do. But to stop things like reading the packets and faking mouse movement server side storage won''t help you. You can ALWAYS try to read packets and send fake or altered packets back. To stop that you need something that deals with transmission security.

Share this post


Link to post
Share on other sites
That''s perfect reasoning, and why it''s impossible to make a cheat-proof game.

I don''t think cheating is nearly as rampent as some people claim. The few people I''ve played against who were clearly cheating, really needed to, so it wasn''t much of an issue. Hell, I (and many others) play Quake3 Instagib without cross-hairs to make it harder, and people say we''re cheaters...

When I first starting playing I thought everyone cheated - then I got better.


"Aimbot! Improves your aim, but not your game!"(tm)

Magmai Kai Holmlor
- Not For Rent

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Try playing Diablo 1...EVERYONE cheats. It''s sad. The people who are willing to cheat are also generally the people who play the most...cheating is a real issue, especially in RPG type games where part of the point is collecting stuff, raising levels, etc. It isn''t so bad in Quake because you can always just quit and find another game, but it really suck in a persistant game like EQ.

Exploiting bad logic can also hurt those games alot, regardless of whether it is actually "cheating." (For example, killing guards in town because they give you a lot of xp)

In general to avoid cheating you need to store some things server side and encrypt packets. That goes a pretty long way. Once you have done those things people are going to have to either hack the servers or start doing crazy things like looking at the actual RAM. There is always a way but there are also ways to minimize cheating. Just compare Diablo 1 and 2. I''m sure people can cheat in Diablo 2 but I don''t think it is nearly as bad as in 1.

Share this post


Link to post
Share on other sites

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!