Defeating memory editors
Author
I hope this is the right forum to place this message in.
I am wondering if there are any other efficient methods to defeat memory editors (a program where people can change the values of variables at their discretion). The only way I know of blocking this in a multiplayer game is to make everything server side so the client just acts as a terminal while the server does everything except getting the user input. Are there any other solutions to stopping this?
Thanks
Unfortunately no, it''s fundamentally impossible to maintain the integrity of anything you put on the client machine. You have it right, the only way to maintain the integrity of the game as a whole is to put all the logic and state on the server side and make the client an input and drawing console. 
Even then there are ways to exploit the client, such as the counterstrike driver hacks that make walls transparent.
--
Eric
Even then there are ways to exploit the client, such as the counterstrike driver hacks that make walls transparent.
--
Eric
but the funny thing in the hl/cs hacks is that you dont need to use modified drivers. you simply hook the client.dll (ok not simple to do, thanks to crc checks and the like) which gives you access to all the player positions that the client knows about in a prefectly accurate driver indepenedent (read direct3d, opengl, or software renderer) way of displaying players behind walls and "helping" the player send input to the server (aiming, autofire and such). of course legitimate resons include, winamp players, irc clients, and other non cheat things that draw to the screen. there is only ONE way to ensure the client does not install cheats or use exploits. never let the client connect in the first place. because data he dont retrieve is data he cant modify for cheating purposes. best bet, let the admins deal with some of it. try to make your code a bit bloated when dealing with memory, try to encrypt stuff, try to figure out if things loaded in yoru address space should not be there. unfortunatly all these things only slow the hacker down. this is because you MUST trust the os and the player to some extent. since the os can even lie to you (by saying certain apps are not running or that certain files dont exist) through the use of hook system dlls which firther makes things difficult. dont mget me wrong though, this applies to any os that you can use. including linux and windows. though windows makes things a bit more difficult because it is not oen source nor as well documented as linux. this does not say linux is not a secure os, because it is fomr a network perspective or someone trying to log in remotly. but if the person has root acces, they can simply recompile the os to suit their needs.
long story short, there is no gaurunteed way to ensure no hacks at all expcept by never releasing the software.
long story short, there is no gaurunteed way to ensure no hacks at all expcept by never releasing the software.
Actually, a really smart server would make sure it never sent the position of a player to another player if there was an opaque object between them. A driver hack can''t help you if the graphics system doesn''t render the players hidden behind walls.
-Daedalus
-Daedalus
I had a very simple system which would use things like checksums and stuff internally, but to make things a lot more difficult, the variable which stored the checksum could store 1 of three different checksums, with the correct checksum type being stored in another variable (unencrypted). What this meant was that a conventional program couldn''t change a value (because this would change the checksum), but if all three checksums were figured out, then there would still be a matter of finding the variable which told it which one to use. Basically, the person had to know what they were doing.
Also, having checksums which "overlap" in the game loop, since the checksum has to be recalculated and checked at some stage, there is a tiny window of opportunity
Trying is the first step towards failure.
Also, having checksums which "overlap" in the game loop, since the checksum has to be recalculated and checked at some stage, there is a tiny window of opportunity
Trying is the first step towards failure.
Daedalus- true, but it''s unrealistic to think the server can calculate the potentially visible set for every client at every moment. Even if it could, a quick client movement would cause things to pop suddenly into view out of nowhere. Obviously undesirable for a game.
A couple of other people have mentioned checksums or encryption to secure the client. Internal checksums and other cruft do absolutely nothing to improve the security of your application. It inconveniences you, adds many more places for you to make a mistake and introduce a bug, doesn''t impede a good hacker at all, and can have only negative effects on the end user''s experience. Not only is it not worth trying to secure your software''s internals, it''s counterproductive to do so unless your software is stored on a dedicated, secure hardware device (assuming such a thing existed).
--
Eric
A couple of other people have mentioned checksums or encryption to secure the client. Internal checksums and other cruft do absolutely nothing to improve the security of your application. It inconveniences you, adds many more places for you to make a mistake and introduce a bug, doesn''t impede a good hacker at all, and can have only negative effects on the end user''s experience. Not only is it not worth trying to secure your software''s internals, it''s counterproductive to do so unless your software is stored on a dedicated, secure hardware device (assuming such a thing existed).
--
Eric
I quite like the Tribes 2 method of only sending the client data about players who can be seen or are in VERY close proximity to the clients player which makes look through wall type cheats worthless...
Convict@Large
Convict@Large
Problem is, it''s far from trivial to calculate exactly whether something is visible or not. Just think about a situation where the other player is behind some kind of grating.
I don''t agree that checksums are worthless. There should be at least some protection. Apart from that, it''s quite a good preparation for an additional - and in the long run better - method to prevent or detect cheats:
Use external programs.
Those programs could periodically check whether the running game executable (in memory!) is still sane and unmodified. The external program could use exactly the same techniques that are used by the cheating tools to defeat them. To be really efficient, it''d have to work based on small codelets (just a few hundred bytes) which are dynamically downloaded and installed. That way, you can quickly react to new cheats and defeat them (either preventing or detecting them to kick the cheater).
Now if a cheater were to circumvent the games own checksumming algorithm you''d know that something''s wrong. The game''s internal checksumming would stop people from truly accidently showing cheating behaviour (like going online with modified models).
cu,
Prefect
I don''t agree that checksums are worthless. There should be at least some protection. Apart from that, it''s quite a good preparation for an additional - and in the long run better - method to prevent or detect cheats:
Use external programs.
Those programs could periodically check whether the running game executable (in memory!) is still sane and unmodified. The external program could use exactly the same techniques that are used by the cheating tools to defeat them. To be really efficient, it''d have to work based on small codelets (just a few hundred bytes) which are dynamically downloaded and installed. That way, you can quickly react to new cheats and defeat them (either preventing or detecting them to kick the cheater).
Now if a cheater were to circumvent the games own checksumming algorithm you''d know that something''s wrong. The game''s internal checksumming would stop people from truly accidently showing cheating behaviour (like going online with modified models).
cu,
Prefect
Convict@Large you are so smart. maybe all games should use that system. oh wait a second, every mulitplayer game worth its bandwidth does. the problem lies in the fact that in tribes2 the level to player size ratio is larger so players behind walls are less likly to be in the potential visible set. though the fact remains, aimhacks work quite well due to the distance one can see in the game.
checksume are not toatly useless. the trick is not to try and prevent all hacks, but make it a much of a pain as possible for the hacker. simple checksums will prevent 80-90% of so called hackers to create cheats. granted only one cheat needs to be avaiblible publicly for ppl with no skills to use it. the harder you make the hack to create, the less likly multiple groups will release hacks and less likly they will become widespread.
use external programs? that is the WORST method of cheat protection. external programs, just like your game, can be patched. look at pb, it was hacked reguarly. granted they only released updates once week if even at that pace. it did keep more ppl from cheating, but then again it was more thrilling to cheat on a pb server since most ppl though you could not cheat on them. the screen shot feature was useless, in fact it created a major problem since they had too allow voodoo2/voodoo1 video cards to work with the game. this meant no screen capturing would work correctly in an extrenal program unless you did some fancy tricks (which obviusly they could not get to work since i dont think the screen shot feature ever went out of beta). hackers used this as an advantage, simple send screen shots back to the server that looked like they were taken on a voodoo2 board, (which in some cases meant just denying the screen shot request) and you would not have to worry. though the tried and true method was to just hook directdraw (since thats how pb took its screen shots) and turn off visible cheats on your screen, after pb took the shot, you turned your cheats back on.
external programs also have the overhead of having to use windows functions to check things as well as use extra cpu and extra bacndwidth. the windows functions for readin memory of another app are a bit slow, and can esily bring a fast system to its knees (this is why pb "lagged" players). this overhead reduces enjoyment for legit players and leads to very cumbersome interface to the game itself (why do you think the pb team decided to quit after valve denied them the access (and money) they wanted to continue on the project).
this is not to say that all external methods are bad, it is to say that they are more difficult and dont work as well as is the same work was applied to the actual game. in fact, how will your extrenal program detect that it has been patched? or even better that windows is returning the real running apps/memory that you are trying to check and not some fake stuff that the hacker knows yoru progam wants to see.
it all comes down to trying to make it hard for the hacker to create things and then when he gets it working you change things to make him have to do all the work over again. unlike you however, he is allowed to modify system files (like the kernal32.dll) and do other low level tricks you cant do simply because you would be breaking the law (searching the harddrive for instance without consent is breach of privacy). NOBODY in there right mind woudl install ANY software that would modify system critical files just to play a game in a "cheat free" enviroment.
just for a pondering, go see the 13th floor. its not based on cheating or games, but on the idea of simulating a world on a computer. and how you truly dont know what goes on, beyond what the world tells you. for instance, how do you handle cheat detection on hardware that is being emulated? now at the hardware level the hacker has control fo the system and controls EVERY aspect of what your game is allowed to do, all without yoru knowledge (the OS level hacks are one step below using hardware emulation). dont think hackers wont resort to hardware emulation either, espicealy with free x86 emulators like bochs starting incorporate VMWare style emulation that uses the hardware cpu to decode and handle instructions.
cheat prevention sound difficult and it is. you should really try finding some cheat development forums and read up on what your up against.
checksume are not toatly useless. the trick is not to try and prevent all hacks, but make it a much of a pain as possible for the hacker. simple checksums will prevent 80-90% of so called hackers to create cheats. granted only one cheat needs to be avaiblible publicly for ppl with no skills to use it. the harder you make the hack to create, the less likly multiple groups will release hacks and less likly they will become widespread.
use external programs? that is the WORST method of cheat protection. external programs, just like your game, can be patched. look at pb, it was hacked reguarly. granted they only released updates once week if even at that pace. it did keep more ppl from cheating, but then again it was more thrilling to cheat on a pb server since most ppl though you could not cheat on them. the screen shot feature was useless, in fact it created a major problem since they had too allow voodoo2/voodoo1 video cards to work with the game. this meant no screen capturing would work correctly in an extrenal program unless you did some fancy tricks (which obviusly they could not get to work since i dont think the screen shot feature ever went out of beta). hackers used this as an advantage, simple send screen shots back to the server that looked like they were taken on a voodoo2 board, (which in some cases meant just denying the screen shot request) and you would not have to worry. though the tried and true method was to just hook directdraw (since thats how pb took its screen shots) and turn off visible cheats on your screen, after pb took the shot, you turned your cheats back on.
external programs also have the overhead of having to use windows functions to check things as well as use extra cpu and extra bacndwidth. the windows functions for readin memory of another app are a bit slow, and can esily bring a fast system to its knees (this is why pb "lagged" players). this overhead reduces enjoyment for legit players and leads to very cumbersome interface to the game itself (why do you think the pb team decided to quit after valve denied them the access (and money) they wanted to continue on the project).
this is not to say that all external methods are bad, it is to say that they are more difficult and dont work as well as is the same work was applied to the actual game. in fact, how will your extrenal program detect that it has been patched? or even better that windows is returning the real running apps/memory that you are trying to check and not some fake stuff that the hacker knows yoru progam wants to see.
it all comes down to trying to make it hard for the hacker to create things and then when he gets it working you change things to make him have to do all the work over again. unlike you however, he is allowed to modify system files (like the kernal32.dll) and do other low level tricks you cant do simply because you would be breaking the law (searching the harddrive for instance without consent is breach of privacy). NOBODY in there right mind woudl install ANY software that would modify system critical files just to play a game in a "cheat free" enviroment.
just for a pondering, go see the 13th floor. its not based on cheating or games, but on the idea of simulating a world on a computer. and how you truly dont know what goes on, beyond what the world tells you. for instance, how do you handle cheat detection on hardware that is being emulated? now at the hardware level the hacker has control fo the system and controls EVERY aspect of what your game is allowed to do, all without yoru knowledge (the OS level hacks are one step below using hardware emulation). dont think hackers wont resort to hardware emulation either, espicealy with free x86 emulators like bochs starting incorporate VMWare style emulation that uses the hardware cpu to decode and handle instructions.
cheat prevention sound difficult and it is. you should really try finding some cheat development forums and read up on what your up against.
Whoa a person what I said was not ment a as a crit or a flame just a comment and yes I know that most games DO limit the amount of info the client is given about player positions, I also know that some don''t...
Convict@Large
Convict@Large
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement