I think the more pertenent question, from a game design standpoint, would be if it is a signle player game, then why care? You are only being evil towards the player. It should be an option, not a requirement. The player is not your enemy, they are your friend. If they want to cheat, then so what. The only person it affects is themselves. Save yourself the trouble and time and just simply don't worry about it. That's my opinion at least
how to prevent save cheating? (for games where saving is NOT allowed)
The player is not your enemy, they are your friend
I have played some games that I cheated on. I regretted it and lost interest in playing. It's like reading the end of a book and deciding that the ending sucked, so the rest of it must suck as well. Never mind the fact that the parts before the end could have easily turned you misconception of "suck" into "genius". But because you never read those parts, you decide getting the next book in the series isn't worth it. This would be the fault of the individual, but that doesn't stop their opinion.
It really depends on how much effort you want the player to go through to cheat-- not "keeping the player from cheating".
That being said, I have also played games that had bugs causing the inability to continue without some sort of "cheat" or "work around". But the OP is more of the question of "save game integrity".
So, its impossible to provide security where a malicious user has control of the machine, and while I know that you said you don't want to be told to just accept it, you have no other choice. In a single-player game where there is no interaction between players, then there can be no harm in accepting it, a player cheats and that affects their experience but not the experience of others. Its on them, and there's nothing that can be done about that.
However, if there is even brief or tangential interaction between players (even something as simple and occasional as connecting to a server to get the current high-scores list) then you have a starting point as a baseline. One could imagine a scheme that ties the high-score to a time, and obfuscates through encryption both the high score list and the save file (which is checkpointed against the highscore timestamp). This will not outright prevent disconnected cheating, but it will make it a lot of trouble, and for their efforts the dishonest player is still prevented from manipulating their way onto the high score table. This is reasonable security. and if the player never connects to the online highscore table, the program can be made in such a way that it simply reverts to their own personal high-score table--and in this way it respects their right to consume your game without being encumbered by DRM or other activation schemes. One could imagine more complex peer-to-peer schemes that might work similar to crypto-currencies like bitcoin.
Let them cheat their way through and then they don't feel like playing it again after the first round
OR
prevent them from cheating their way through and making them have hard fun while playing it and maybe thereby giving it good replay value (if the game was designed well) . . .
. . . i choose the latter.
@suliman: aren't the hackers the people that crack your game and give the cheats to the lazy, 'cheat-through' players?
OR
prevent them from cheating their way through and making them have hard fun while playing it and maybe thereby giving it good replay value (if the game was designed well) . . .
. . . i choose the latter.
@suliman: aren't the hackers the people that crack your game and give the cheats to the lazy, 'cheat-through' players?
I'd probably just put a hash for the save file in the registry. Yes, your users could backup the registry entry, but I wouldn't care. (Though I guess I also wouldn't even bother preventing cheating so maybe this isn't good enough for you.) Anything beyond copying files will exclude your regular lazy users from messing around, while many people who know about the registry might also know about things that are more complicated than that, too. I wouldn't really try to compete with the hackers, especially without a server. It'll never work.
However, I didn't know about that ADS thing, and if it's simple to implement, I'd try it.
If you did use a server, you could simply store hashes instead of whole saves. Still, I wouldn't want to make a game that required an online connection or potentially delete people's saves if they're some issue that prevents the server update when the save game is modified. Any kind of write-in-two-places solution might have to deal with what happens when your game crashes during a save. That's another reason I wouldn't bother with this. Any bug in this system will make people quit your game and complain online about it.
However, I didn't know about that ADS thing, and if it's simple to implement, I'd try it.
Doesn't work. A skilled hacker knows to look for alternate data streams.
Trivially, the RAR compression format knows about ADS. Compress the files with RAR before moving the file out of NTFS format and the data is preserved. There are also a large number of utilities that will split and merge ADS if you need to transfer the files through other means.
All of this is pointless for a single player game.
No matter what protection is used it takes only one attacker in the entire world to figure out how to break it. The harder you make it the more fun it will be for them and the sooner they will break it. Once they do break it, they put it on their blog and maybe even write up some scripts to do the work. After that even the least skilled person can follow the instructions. For a single player game it is pointless. Just run the data through a stock encryption algorithm and call it good enough.
I wouldn't try to simplify fun as a consequence of challenge. I have played hours and hours of GTA using cheats, and I still love playing it, with or without those cheats.Let them cheat their way through and then they don't feel like playing it again after the first round
Not even starting to talk about elder scrolls games, which I ended up memorizing several console commands...
Challenge is fun, but so is experimentation. Usually, games have enough challenge, but not enough experimentation; onboard cheats adds a lot of experimentation to a title.
I am one of those who finds changing games' rules quite fun. If, by any means, there is a protection to bypass, I'd probably have an even better time.The only thing you can do is make cheating a tedious bore
In my case, the only way to make exploiting boring is making it easy.
Let them cheat their way through and then they don't feel like playing it again after the first round
OR
prevent them from cheating their way through and making them have hard fun while playing it and maybe thereby giving it good replay value (if the game was designed well) . . .
. . . i choose the latter.
@suliman: aren't the hackers the people that crack your game and give the cheats to the lazy, 'cheat-through' players?
OR they fail and fail and fail and since they can't do anything but start over or give up, they give up and call your game crap out of frustration.
Doesn't work. A skilled hacker knows to look for alternate data streams.However, I didn't know about that ADS thing, and if it's simple to implement, I'd try it.
Trivially, the RAR compression format knows about ADS. Compress the files with RAR before moving the file out of NTFS format and the data is preserved. There are also a large number of utilities that will split and merge ADS if you need to transfer the files through other means.
While I agree that it's pointless to try to implement foolproof client-side protection, no utility I've tried on Windows (7zip, WinRAR, Windows built-in .zip) has correctly detected my test ADS on my folder. I haven't tried ADS-on-file.
(Edit) Nevermind, missed some required command line arguments. Now it's finding it properly. The option is also available in the GUI in the 'advanced' tab as "save file streams".
So, here's really the one thing that game designers forget and which is especially true of single-player games: Try as you might to corral and funnel players into the experience you've imagined, you don't actually get to decide how any player plays your game, or how they have fun doing it.
You can put all the fun you want into a game--probably you'll end up putting some extra in that you didn't even know about--but ultimately you don't control how people take that fun back out. Who are you to tell anyone else how they should have fun in their own hard-earned free time? Especially when their fun doesn't unfairly infringe on other players' fun. Just stop worrying about it and let them eat cake. Whatever smorgasbord you've laid out through considerable effort just doesn't interest them right now, perhaps it will later. In the meantime, focus on making the best smorgasbord you can for those that want to experience it in a way closer to what you expect.
I mean, imagine if the creators of Final Fantasy 7 had said "Sure we've got this Chocobo Race thing, but this is an RPG and if people sit around racing birds all day, they'll never enjoy our grand RPG vision, so lets limit the number of Chocobo races they can do." What harm is there in letting them have fun in the way they want to?
I'm not saying that players should be able to do absolutely whatever they can imagine, or that you should enable every conceivable desire. I'm saying to make the best game you know how, and not worry if someone has fun taking it outside the box you so firmly want to place it in. The box is unnecessary and brittle, and all the time you spend trying to build a stronger box will only leave you with a significantly weaker game inside a slightly less brittle box.
Spend your time to best effect, and let your players do the same.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
