Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
42 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

how to prevent save cheating? (for games where saving is NOT allowed)

Started by
54 comments, last by TheComet 10 years, 3 months ago

The way nethack does it is by running the game with the s-bit set (as root). So when the player saves, the data gets written to /var/games/nethack which the user has no write access to. This means on shared systems where the user has no admin access, they effectively cannot interfere with the save file.

So some flaws...

1) Nethack is open source so you can modify the code to remove the requirement.

2) Copy the binary, drop the s-bit and hex edit it to point to your home directory

3) chroot to create a fake root environment where you have control over the save file

Again, this system is most effective when playing the game over ssh where only the game launches as the shell and you are locked into it.

So I guess the best option you have is to make it too "impractical" to backup the save file and restore it on error. Perhaps forcing players to use a specially formatted memory stick and note down the device ID. This means that the player would need to do a full disk image on the usb stick to restore the data...

Make sure your game is really graphical and 3D making use of almost every graphics card extension known.. Otherwise players could just run your game in a virtual machine and save the entire state.

http://tinyurl.com/shewonyay - Thanks so much for those who voted on my GF's Competition Cosplay Entry for Cosplayzine. She won! I owe you all beers :)

Mutiny - Open-source C++ Unity re-implementation.
Defile of Eden 2 - FreeBSD and OpenBSD binaries of our latest game.
Advertisement

I will not bother playing a game that is that much of a pain in the butt. My time is valuable; particularly in games where outcomes are governed by random die-rolls, the cost of losing hours of progress due to an unlucky roll is enough to irritate me to the point where I will close the game and do something else for the rest of my all-too-rare free time...

Eric Richards

SlimDX tutorials - http://www.richardssoftware.net/

Twitter - @EricRichards22

Imagine a game like X-Com (which I haven't played, but I know the basics of). Due to the use of random numbers to determine if an alien is hit, or if one of your troops dies, or even the A.I. decisions, replacing a save file can help because next time the random numbers will be different different. So, why not make them the same - load the state of the generator from the save file and continue to use it going forward. So the next time the player loads the game, the same stream of numbers is waiting to be used.

Now, because the order of generation requests will be different, for example the player choosing to spend action points on shooting rather than moving, etc, this results in the random numbers being used for different things. However, consider instead of having a single generator for all actions, you have a number of separate generators - one for user actions, one for enemy actions, one for random events, one of A.I. decisions, and so on. This way, if the player is due a "hard time" due to a particularly unfavourable sequence of numbers for their actions (e.g. a string of poor accuracy), or the enemy is due a streak of "lucky" numbers, replacing the save file won't help - it will just change some of the details of exactly when they appear.

I'm just making this up right now, I haven't tried it and someone might be able to spot a major flaw in such an approach. In particular, I wonder if it would even be obvious to the player that this is going on - they might try save "cheating" anyway while the game mitigates the effectiveness of the tactic. Such players might come away thinking that the game is just fundamentally unfair and stop playing.

blog | twitter

Don't even bother. If a person wants to cheat, let them cheat. They bought the game. Let them play it the way they want.

This is of course assuming we are talking about single player games where cheating doesn't affect anyone else.


Imagine a game like X-Com (which I haven't played, but I know the basics of). Due to the use of random numbers to determine if an alien is hit, or if one of your troops dies, or even the A.I. decisions, replacing a save file can help because next time the random numbers will be different different. So, why not make them the same - load the state of the generator from the save file and continue to use it going forward. So the next time the player loads the game, the same stream of numbers is waiting to be used.

The latest version of X-Com that I've played has a "Save Scumming" setting for whether it saves its random number seeds. I don't know if it's one global seed, per team, per soldier, per action, or something else. Generally, if I reload after some bad dice rolls in a strategy game, I'd just retreat or find cover. I wouldn't try to do the same thing over and over. If I knew I was due a "hard time", I'd make sure I was in good cover and as far away as possible from the enemy, and I'd try to use up my inaccurate shots, so there's still a way to game the situation.

You could use an NTFS alternate data stream. Very few people know about them, and it would take someone with a disk I/O monitor to realize what you're doing.

To make it harder for someone to notice the ADS in a disk monitor, you can put the ADS *on the folder itself* with the same name of a standard, red herring file in the folder.

Example:

Folder:Save1.dat <- this is the ADS

Folder/Save1.dat <- this is the red herring (just write a ton of random bytes to it to make it look encrypted)

The : and / will be hard to spot in the disk monitor and it may appear to the cheater that only one file is being accessed.

Here's the fun part: Copy/pasting something with an ADS attached to it *does not copy the ADS*. This means that if the player makes a backup of their save folder, then restores it later, the original ADS will either be unmodified or completely lost.

The most obvious downside is that people unaware of the ADS will not be able to make any kind of backup of it. If they try to copy the game to a new computer, their game will be lost.

It's not perfect, but it'll probably confuse the hell out of people for a while. Still, it only takes one person leaking the information about how it works for the technique to be ruined.

The way nethack does it is by running the game with the s-bit set (as root). So when the player saves, the data gets written to /var/games/nethack which the user has no write access to. This means on shared systems where the user has no admin access, they effectively cannot interfere with the save file.

So some flaws...

1) Nethack is open source so you can modify the code to remove the requirement.
2) Copy the binary, drop the s-bit and hex edit it to point to your home directory
3) chroot to create a fake root environment where you have control over the save file

There are common and well-documented work arounds that don't involve root and don't involve anything particularly sneaky. You can copy the file from /var/games and overwrite an existing file if it came from there.

Even though the regular user cannot do much the file, they can read, copy, and move them with relative impunity. Keeping a collection of ascention-ready save files from /var/games/nethack is a common thing, as is keeping a backup save file of your current quest. Count me among the guilty on a shared system, especially after facing a group of randomly generated baddies with multiple wands of death. The first one fired and destroyed my amulet. The second fired and I resisted, then "would you like your possessions identified?" For a few years after that I kept copies of my save file that I updated after playing.

I would just like to point out that saving the game remotely adds complexity and further requirements to your project without providing a feasible return in most cases. Intercepting the call for a save game file and injecting your own is a lot simpler, in many circumstances, than performing intense decryption. Many forms of encryption, worth a lot more than any save game editor, have stood the test of time for dozens of years.

Hi
In many games such as xcom or others, there is a big point in the player not being able to go back if something went "bad". Actions should be permanent. The punishment/difficulty for "failing" something ingame can differ, but generally you don't want the player to be able to cheat.

However it seems to be hard to technically prevent save cheating (the user just finds and backups the "savefile" and restores it later). Any good way to actually stop this from being possible? Hide or nest files or something? I mean, if i save progress in the exe instead of in a separate "savefile" the player can just backup the exefile...

I was wondering the same thing but for single player games (will probably never make an mmo/mo etc.).
I guess i/you could implement an automatic autosave without the option for 'no autosave' and when the player opens the game, you can only load your career (like nfsmw).

UNREAL ENGINE 4:
Total LOC: ~3M Lines
Total Languages: ~32

--
GREAT QUOTES:
I can do ALL things through Christ - Jesus Christ
--
Logic will get you from A-Z, imagination gets you everywhere - Albert Einstein
--
The problems of the world cannot be solved by skeptics or cynics whose horizons are limited by the obvious realities. - John F. Kennedy

Hi
In many games such as xcom or others, there is a big point in the player not being able to go back if something went "bad". Actions should be permanent. The punishment/difficulty for "failing" something ingame can differ, but generally you don't want the player to be able to cheat.

However it seems to be hard to technically prevent save cheating (the user just finds and backups the "savefile" and restores it later). Any good way to actually stop this from being possible? Hide or nest files or something? I mean, if i save progress in the exe instead of in a separate "savefile" the player can just backup the exefile...

I was wondering the same thing but for single player games (will probably never make an mmo/mo etc.).
I guess i/you could implement an automatic autosave without the option for 'no autosave' and when the player opens the game, you can only load your career (like nfsmw).

He's already stated that this is basically what he wants to implement. His question is "how to stop people from cheating?"

This topic is closed to new replies.

Advertisement

Popular Topics

taby
Double to float C++ General and Gameplay Programming
pbivens67
AABB collision For Beginners
Sergemx73
Need some pointers. Kind of a 3D scroller for highway visualization For Beginners
nethsaras
Game event/stats tracking General and Gameplay Programming
Alundra
MSAA resolve of normals Graphics and GPU Programming
gjl
ARM64 Native Calling Convention Return Issue on Apple Silicon AngelCode
Advertisement

Recommended Tutorials

TheComet
Using DOT to Debug Data Structures General and Gameplay Programming
Myopic Rhino
Introduction to Shader Programming Part II: Programming Vertex Shaders Graphics and GPU Programming
Myopic Rhino
Win32 Assembly Part 6 General and Gameplay Programming
Myopic Rhino
IGF 08 Interviews Part 4 Interviews
tnovelli
DIY 2D Vector Physics Math and Physics

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top