[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Bit on cheating: was: Re: Introductions

On Tue, 9 Dec 2003, Gregor Mückl wrote:

> > 2)The main engine is a balanced tree with “game time” as the key.  Each
> > player will run his own tree and only check in with a central server
> > periodically to stay in sync.  When a unit is moved it must publish  events
> > locally, if it moves onto enemy ground, it must publish on both the local
> > and remote event tree.
> >
> This is a *very* problematic approach. This way you open barn doors for 
> cheaters. Because each player has the only authoritative copy of his map 
> locally it is on him/her to edit it as he/she likes and noone would even have 
> a chance of noticing that.

You could fix it though, by storing all events on the client, and having 
the server replay all events when syncing. Only if the states match, the 
player is allowed online. And obviously, other clients would check from 
time to time, that the hashed state of the clients matched the server 
hashes. (This way the server could check the rules, reducing the load on 
the clients). This is doable, I am sure.

> Online games are by nature very open to cheating. 

Now, that is true!

> The only measures against cheating that I am aware of are rather
> drastic:
> - use a server that decides on *everything*. If a citicen in a player's city 
> wants to poop, the server must confirm it.

But, in non FPS games, where player interaction is rarer, you can actually 
"just" check that the rules were followed once in a while.

> - encrypt/obfuscate network traffic.

Wont work with open source though :-)

> - never release the sources for your network code. This is not as far-fetched 
> as it might seem: it's very likely that the people at Valve are rewriting 
> their Half-Life 2 network code totally from scratch after the sources leaked 
> in October. The release date hasn't been moved for nothing.

Other methods, includes what the nethack people does; blessed binaries, 
with embedded (randomly accessed) digital keys. 

And, you could authenticate the players: Won't stop cheating, but allows 
you to distinguesh between players you trust, and do not trust.

> Yes, right: it's a lot of effort, but it will only stop people from cheating 
> for so long. There is no single method with which you can stop cheating. 
> Create an online game and you are forced to enter a fight.


The problem really is, that you have no way of knowing what code is 
running on a client. So far, the only solution to that I have heard of, is 
TCPA/Palladium. And then we might as well all just bend over.


Mads Bondo Dydensborg.                               madsdyd@challenge.dk
My shell can beat your shell. So there!