Jump to content
  • Advertisement
Sign in to follow this  
Butabee

Client side player data

This topic is 2150 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm trying to figure out a way to have player data stored client side while minimizing cheating because I want to avoid any kind of official server.

 

I was tinking about packing player data like inventory and stats into 32 byte buffers and hashing these chunks with sha256. That data would be stored client side.

 

On a player server the 32 byte hash chunks would be salted with the servers 32 byte server key then hashed with sha512 and the 512 hash would be stored in a player server database along with the player data that has been hashed. If the sha512 hash isn't found on the server when it has received altered hash chunks then this could be an indication of cheating.

 

I know there could still be cheating, for instance players on the same server could trade their hash chunks to have the same player data.

 

I think this would minimize player tweaking their stats manually.

 

 

I would like to somehow share player data across servers but I'm not sure how I could do that without just storing player data directly on the client.

 

 

So that's my idea for client side data. I'd like to hear ideas on other ways it could be done. Espicially if there are some ideas on how player data can be shared cross servers.

Share this post


Link to post
Share on other sites
Advertisement

Actually, I think instead of what I mentioned in the first post, I'm going to generate one time use passwords on the server for player data. Once the player logs off the password linked to their player data is sent to the client and a new password is generated when they log on next and the other password is consumed.

Share this post


Link to post
Share on other sites
Sounds vaguely like a session key. Every session the server generates a new unique key, and all further communications rely on the key rather than login credentials. They keys expire fairly quickly (perhaps 30 minutes) and if the session is still active a new key is generated and used, the old is invalidated.

Share this post


Link to post
Share on other sites

I just don't want the player to have to remember login data for multiple servers, since there will be no developer ran log in server or anything.

 

I have a question though... how should I store and exchange the session password?

Share this post


Link to post
Share on other sites

Personally, I think you'd want a DB server that all the other servers can connect to. If you really don't want this master DB server, then each server should have it's own instance of the DB and you have to replicate somehow, but I think the master DB server would be the way to go.

Share this post


Link to post
Share on other sites

I could use a database but then a problem of authority becomes an issue since there's no way to tell who the player data is coming from since the game servers are hosted by any player that wants to host a game.

 

Storing session keys on individual servers and the latest on the client end ensures that only the server host can cheat or cheat for others.

 

I'd like to have cross server characters but I'm not sure there is a way without developer world servers.

Share this post


Link to post
Share on other sites

What attack are you trying to protect against?

 

The most common attack is typically a "RAM scanner" that reads all the memory in your program (while it's running) and finds values to match. For example, if you have 1234 gold pieces, it will look for the value 1234. With a little experimentation, the program can figure out where gold is stored, and then write whatever value you want -- say, 123456789. Once it's done that, the user will "save" the character, and your program and the server will dutifully sign the blob of data that says that the user has 123456789 gold pieces.

 

Also, how can you trust the server signature, if the user is allowed to run a server? The user will run both the client and the server, and hack them together, to make it say whatever they want. And if you use a trusted server to store the account data, then why store it on the client at all?

 

I think the best thing you can do is write a great game, and not worry about cheating initially.

 

If you really, really, want to make some defense, then make stats in the program stored in a class, that stores the value using some scrambling and checksumming, so that the RAM scanner will have a harder time finding and defeating it. If your game is popular enough, then a cheat will still be found, so long term, the only way to prevent user-side cheating is to put rules and storage on a trusted, authoritative server.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!