[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Game Loop and Simulation



On Wed, 9 Feb 2000, Erik wrote:

> >> guarentee cheating wont happen. In practice various levels of obfusication
> >> may help for various periods of time. (Like binary only releases,
> >> encrypting the datastream, hiding the decryption key in the binary, etc).
> 
> ok, so I packet dump the authentification sequence into a file, modify the
> binary, packet dump the auth sequence again, look for the difference, and
> 'edit' my version so it sends the same info as before... And I think things
> like binary only releases and trying to hide the details will *NOT* help at
> all, and will probably result in poorer security, both from laziness (look at
> m$ security, oohhh, how powerful their password crypts are) as well as making
> it a juicier target for people who brag about cracking programs... 

We totally agree. I should have been clearer. "obfusication may help for
various periods of time" was really meant to be a very weak expression. 

> Good solid
> open source security would, of course, be optimal, but that'll have the servers
> working extra hard... but hiding code/methods and trying to generate signatures
> won't really enhance security

This only helps for "game state cheating". There is no way you can
guareentee that the client for instance is a person, not another computer.

> > One hack that would be very easy (for example) would be to change Mesa
> > to render every polygon at only 80% of it's normal opacity.  This would
> > allow you to see through walls at people hiding behind them. (Well, maybe)
> > This would only take a couple of lines of code.
> > 
> 
> this is the kind of thing I'm seeing as an issue for windows...

As a starting point: most binaries under Windows (and other OS) are
dynamically linked. So, my game tries to load "directx.dll". I rename this
to directx.org.dll, and have my own dirext.dll, that modifies some calls
to the directx.dll before passing them on.

I bet it is easy if you know what you are doing. It is _very_ easy to do
in Linux. And, this is without modifying the original binary.

OK, the binary fellows say: we have the binary check all dll's. Well, I
say, you still link dynamically against the kernel.dll. I copy you binary,
modify one of it to call my dlls, and when it tries to read files, I pass
it copies of the real files, etc etc.

It is unstoppable - only exception may be special hardware, but if you
need to display it on a screen, in theory you could have a computer
analyze the screen and aid the player...

Mads

-- 
Mads Bondo Dydensborg.                               madsdyd@challenge.dk
Just because a program takes text commands makes it complex? I love GUI's. I
love using the web. I love WYSIWYG word processors. But I also love CLIs. It
feels more natural to me, as if I'm talking with the computer (granted, the
language isn't english, it's bash, and the vocabulary happens to be whatever's 
is my PATH)--I tell it what to do and it does it for me (unlike GUI's where I
have to do everything my own damn self). 
                                      - fassler, in response to MS France FUD