Re: [GD-General] Re: Basic questions regarding networking games...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

2002 September 24th
Tuesday

Someone pointed out that letting a client timestamp
events has allowed cheating in Quake.

Now I'm trying to figure out just how far people
take the principle of "never trust the client".

I'd like to know if anyone has experienced any
of the following scenarios, or even more bizarre
scenarios.

[1] Someone does a "tcpdump" (or similar) and
reverse-engineers the packets and writes a
stand-alone application that sends packets
that fools the game server in some way
for the purpose of cheating.
----------------------------------------------
ASSUMPTIONS:
  The only resource available to the hacker
  is the binary dump of TCP and/or UDP traffic.
  (i.e., no source code or details of packet format)
SOLUTION:
  Encrypt packets.

[2] Someone reverse-engineers the assembly
language of the client and works out the
packet format and encryption algorithm.
Or, the hacker just finds out the packet
format and encryption algorithm from social
engineering or a leak from the company.
The hacker either alters the code to transmit
different information, or writes another application 
to supplement or act independently of the
regular game client.
----------------------------------------------
SOLUTION:
  Uh, I guess you have to limit the client
  to sending the most basic events imaginable,
  scarcely more than keystrokes (essentially),
  and the server assumes nothing about the
  actual time the client events occurred --
  instead the server pretends that the 
  event occurs when it is received!
  Players with lag get punished proportional
  to their lag, but that's life!

  Is this the only practical solution?

[3] Someone gets source code sufficient to rebuild
the client -- with any desired logic modification.
----------------------------------------------
NO SOLUTION:
  Well, this allows the hacker to create "bot"-like
  shooting accuracy and scripted movement patterns
  (like running directly to all ammo spawn points,
  or pursuing enemies with the most efficient,
  minimal paths).
  Even if we totally distrust the client beyond
  receiving the most basic events possible, it
  doesn't seem possible to detect players that
  are "too perfect"!

[4] Someone writes a separate application that controls
  a legitimate version of the client.
-------------------------------------------------------
NO SOLUTION:
  What can be done?  The user (hacker) is communicating
with the application in a way that is indistinguihable
from a human hitting keys on the keyboard and moving
the mouse.
  It could be as simple as recording keystroke macro's
in your physical keyboard -- so you can do complex
operations in StarCraft just by hitting a single key.
  Or you could write an application that sent keyboard
and mouse messages to your game client so that you
could execute complex actions at high speed.

Anyhow, I guess I'm really just interested in a way
to make the client event timestamping work.  Also,
I guess that EVERYTHING depends on how much you think
hackers will diminish the value of your game by each
mode of hacking and cheating.  So, if I am fairly confident
that hackers won't go to the trouble of reverse-engineering
the encryption scheme, and if I'm confident that the
packet format and encryption scheme won't be leaked,
then maybe I can accept the risk of allowing the 
client to timestamp its own events.

I guess the scenarios mentioned above apply to servers,
too -- but if a server is hacked, then all of game
reality can be violated.  Question Authority!
"Yes" means "No", and "Left" means "Right"!
"1 + 1 = 3"!  **** You could do the nutty thing of CLIENTS
not trusting SERVERS! **** So, if you have a legitimate
client, and the (hacked) server starts cheating like crazy,
you could at least detect this condition and notify
the user that the server is run by a no-good hacker.

Anyhow, I'm fascinated by stories of how far hackers
will go to cheat.  I like funny pranks that can be
recognized as pranks and have obvious parameters and
limits, but I have no respect for hackers who think
it's fun to create an artificial advantage for themselves
in games and destroy the experience for other players.
I heard of simple stuff, like turning EVERYTHING semi-
transparent, so you can see people through the walls.
I could see how that might be fun for about 30 seconds,
especially if I had money riding on that game!
Okay, enough random gripes.  ;-)

--- Colin
cp...@ea...
www.colinfahey.com