Java-Gaming.org Hi !
Featured games (83)
games approved by the League of Dukes
Games in Showcase (521)
Games in Android Showcase (127)
games submitted by our members
Games in WIP (589)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 [2] 3
  ignore  |  Print  
  Open source and Preventing Cheating  (Read 16365 times)
0 Members and 1 Guest are viewing this topic.
Offline princec

« JGO Spiffy Duke »


Medals: 421
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #30 - Posted 2003-01-05 11:56:27 »

Well bugrit, I'm sticking with client - server as it seems to me to be the only reasonably easy way of making money out of selling a service... mortage to pay etc.

Cas Smiley

Offline mill

Junior Devvie




popcorn freak


« Reply #31 - Posted 2003-03-18 07:59:17 »

what goes about preventing cheating in forms of sending false highscores? I have had some ideas about preventing the client from simply decompile the classes and hardcode a score to send to the highscore server, but i've always found easy ways to break this.

any ideas? what's the common thing to do? one of the problems is that the highscore server is customizable to suit all games, not just one (read my game).

Offline Backmask

Junior Devvie




586: The average IQ needed to understand a PC


« Reply #32 - Posted 2003-03-18 08:02:07 »

You can NEVER trust the client. The only way is that if you have a game server(that you have full control of) that calulates the highscore and send it to the highscore server and configure the highscore server to only accept messages from you game server. Can't come up with any other ideas.

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline mill

Junior Devvie




popcorn freak


« Reply #33 - Posted 2003-03-18 08:12:26 »

one of ideas i came up with was that this:

1. the client starts a new game
2. the client sends some message to the highscore server that he has started a game -> timestamp stored
3. client plays for a while and game over
4. client sends highscore to server
5. the server checks the time elapsed (currentTime-startTime) and checks in some whay that the score is possible to get for the elapsed time.

for instance, say I get 1000 points when playing 5 mins (normal play), then getting 10000000 points in 2 seconds is not possible.

this should work pretty well. as stated before, it's easy to break. how? start the game, leave it running for a day in the background, send fake score to server -> tada!

i'm lost Sad it might work though if i come up with something smart.

my other ideas are similiar to this one.

Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #34 - Posted 2003-03-18 08:20:17 »

Quote
The only way is that if you have a game server(that you have full control of) that calulates the highscore and send it to the highscore server and configure the highscore server to only accept messages from you game server


That's basically the same thing as sending it directly to the hiscore server as far as cheating is concerned. I'd still be able to send bogus scores to the game server.

Quote
for instance, say I get 1000 points when playing 5 mins (normal play), then getting 10000000 points in 2 seconds is not possible


No, but nothing prevents me from sending 2000 points after 10 mins, or 20000 after 100 mins. Or deactivating collision detection or whatever.

<edit> Oops sorry, you pointed that out yourself already </edit>  Lips Sealed

Bottomline, you can never prevent cheating if you depend on the client for score calculating. You can complicate things a little at best. The only way is to let the game and scoring happen on the server, not the client and then you'd still not be fully safe.

Greetings,
Erik

Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #35 - Posted 2003-03-18 08:32:08 »

maybe a little encrypted native library as the score submitting client that only accepts the full serialized game objects which it validates somehow and from which it subtracts the score which (if validation was ok) it sends to the server.

That might be a little demotivating to hack but of course still not fully safe.

Erik

Offline Backmask

Junior Devvie




586: The average IQ needed to understand a PC


« Reply #36 - Posted 2003-03-18 08:50:12 »

Quote

That's basically the same thing as sending it directly to the hiscore server as far as cheating is concerned. I'd still be able to send bogus scores to the game server.


Maybe I wasn't clear enough on what I meant. The game server shall contain all game logic and from it create the highscore. The client only sends "move left", "fire", etc to the server and the server checks if the fire hits the opponents and register this to the score and sends back a message to the client that he hit the bad guy. Without control of the game logic you can't trust the highscore.

But if you think of the amount of time you can add on your game on the subject of preventing cheats and the number of possible cheaters in your game I quess that the easiest solution is that you check the highscore yourself every day or so for scores that looks like cheating.


Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #37 - Posted 2003-03-18 09:09:11 »

Yes, very true.
My own hiscore server is completely unprotected (don't tell anyone  Wink) but there's no need to invest time in that yet, as nobody seems to play the game anyway let alone hack it.
First priority is to make the game fun I guess and then *if* cheating becomes a problem, deal with that then.

Erik

Offline Backmask

Junior Devvie




586: The average IQ needed to understand a PC


« Reply #38 - Posted 2003-03-18 09:28:22 »

exactly... no need to spend hours and hours on something noone will ever try to do... concentrate on your game and the gameplay... worry about cheaters later... but try to have a little thought that it may come up in the future so that you code your game in a direction that allows you to add anti-cheats.

Offline princec

« JGO Spiffy Duke »


Medals: 421
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #39 - Posted 2003-03-18 09:33:01 »

If anyone comes up with a neat solution to the hiscores problem I'd be especially interested as we're going to run a Million Points Prize promotion for Alien Flux when it's launched, and we need to make sure no-one's cheating because the prize is going to be pretty nice, like an Inspiron or something.

I toyed with the idea of recording the whole game but apart from being detrimental to performance it might also be rather bloody large.

And obviously we can't run the game on a server.

Cas Smiley

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Backmask

Junior Devvie




586: The average IQ needed to understand a PC


« Reply #40 - Posted 2003-03-18 09:57:58 »

if there is a prize there will be cheaters...

but an easy solution does not exist. I think you have to log some part of the gameplay, highscore and level related.
TIMESTAMP + monster killed, 300p
TIMESTAMP + power up
TIMESTAMP + nextlevel

and try to find out some logic that can validate the highscore against these game events on the server.

recording the whole game would of course be the best but as you stated it will be devistating to performance.

To make it abit easier on you I promise I will not try to cheat  Grin

(if mostly java people will play the game you could always create the highscore part in c++ and use jini for everyone knows that java people never uses c++  Roll Eyes )

Offline elias

Senior Devvie





« Reply #41 - Posted 2003-03-18 10:19:16 »

why not? The game events themselves should be quite small - key and mouse events take up little space. Push it through a zip stream or something and you could end up with a small log of the entire game. Playing the game for 3 hours gives me 3*60*60*60*event_size = 648000*event_size uncompressed, if there's one new event per frame. And if you only let the winner(s) send in their logs, the online highscore might be wrong, but not the result.

Replaying the log shouldn't be a problem - either do it yourself on a client or let an offline server do it without the gl calls, assuming alienflux gamestate doesn't depend on opengl.

- elias

Offline princec

« JGO Spiffy Duke »


Medals: 421
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #42 - Posted 2003-03-18 10:34:29 »

Recording will be tricky, for sure, because it'll require much thinking Smiley It would make it more or less a waste of time to try cheating that's for sure. The timestamp method is probably pretty easily figured out and hacked.

I'll investigate recording and see what it comes out like. It should zip up very, very small indeed.

Cas Smiley

Offline elias

Senior Devvie





« Reply #43 - Posted 2003-03-18 10:45:56 »

I have implemented event recording in my current project, so saving and loading an event log is easy. If for nothing else, it really makes those intermittent bugs easier to find.

Anyway, to make it possible you have to record all game state altering events, including time. That last part is a bit trickier, but I guess you more or less do it already knowing that your game loop runs in a fixed 60 Hz. The article that inspired me is this one, found on gamasutra, describing some of the pitfalls of creating a reproducable engine:

http://www.gamasutra.com/features/20010713/dickinson_01.htm

Offline mill

Junior Devvie




popcorn freak


« Reply #44 - Posted 2003-03-18 13:01:35 »

okay then, i'll skip cheat detection until needed then Smiley


Offline leknor

Junior Devvie




ROCK!!!


« Reply #45 - Posted 2003-03-18 14:35:30 »

Re-read the second post on first page of this thread.
Offline elias

Senior Devvie





« Reply #46 - Posted 2003-03-18 16:17:02 »

I saw that - but as princec said, recording a log of events will make it _much_ harder to cheat. If you can't have impossible, very hard is good enough.

- elias

Offline JohnMunsch

Junior Newbie




Founder of GameDev.net


« Reply #47 - Posted 2003-03-18 23:29:51 »

Quote


He can re-read it all he likes, it still would not be correct.

You've yet to show how the simple algorithm I explained, one that can be found in any competent encryption textbook (alongside other algorithms that will show you how to do a fair coin flip or fair deal of cards between two parties), will not work.

You were right in part of what you said, "People have thought long and hard on this..." but you were wrong on all the rest. People have thought long and hard on this and they came up with some simple answers. You are simply choosing to ignore them.
Offline cfmdobbie

Senior Devvie


Medals: 1


Who, me?


« Reply #48 - Posted 2003-03-19 00:38:35 »

Quote
You've yet to show how the simple algorithm I explained, one that can be found in any competent encryption textbook (alongside other algorithms that will show you how to do a fair coin flip or fair deal of cards between two parties), will not work.


Well, it would certainly make it hard to cheat, but it doesn't prevent it, due to the very fact that *in theory* you can generate six different keys, then when the other player picks an index, present the key that provides the number you want in that position.

Add to this the facts that (1) you could just generate two keys and pick the better result and (2) you're dealing with a short fixed-length plaintext, and it becomes more and more likely that there will be a mathematical oddity in any algorithm you try that makes it exploitable.

In any case, in this situation as presented you could have a process running off-line for months before a game generating all the keys you need.  You only need to guarantee the outcome of a few important rolls, so it's not the processor-intensive task it first seems.

Hellomynameis Charlie Dobbie.
Offline leknor

Junior Devvie




ROCK!!!


« Reply #49 - Posted 2003-03-19 00:55:32 »

JohnMunsch is right! I'm completely wrong and way off base here.

mill: All you need to do is restructure your entire game so it is expressed in terms of dice rolls and then implement JohnMunsch's suggestion. Then you need to restructure your High Score board as a peer and you'll be set.


Back in reality....
JohnMunsch: We're never gonna agree on this so this will be my last response to you. Either you're missing the big picture or I'm missing the details. Either way you claim to have a grasp on the problems at hand so I'll patiently wait for a secure, cheat-free gaming experience provided by you in the near future. You could make a lot of money providing perfectly secure computing enviroments, everything from games to online voting could use your skills.

mill: There seems to be two realities here. John's and mine. Mine is other than a server side solution, you are wasting your time trying anything else. If you don't like that, pick John's.

Offline mill

Junior Devvie




popcorn freak


« Reply #50 - Posted 2003-03-19 05:07:18 »

at the moment i'm not going to do anything about cheating. i've got some more critical stuff i have to implement first anyway.

if cheating becoms a problem, i'll do something about it later.


Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #51 - Posted 2003-03-19 13:33:23 »

I might have the IQ of a horse's arse but I completely fail to see how this dice roll example would apply to submitting a high score to a server.  Huh

I don't know about recording input too. It seems an awkward solution and I think I would (if I were to hack it) alter the client to be able to play back the recorded input and continue playing (and start recording input again) just before I made a mistake for example.

Offline princec

« JGO Spiffy Duke »


Medals: 421
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #52 - Posted 2003-03-19 15:22:33 »

Actually, yes, recording a game isn't even foolproof because it would be technically possible to write a 'bot' to control the player's ship and essentially have perfect reactions (shield on just at the right time, instant rescue of blobs, etc)

I think the best way, for me, is to have a no-frills unencrypted hi score server and leave it at that, and stage an actual physical competition at GDC2004, IGDC, EGDC etc.

Cas Smiley

Offline JohnMunsch

Junior Newbie




Founder of GameDev.net


« Reply #53 - Posted 2003-03-19 18:33:33 »

>  I might have the IQ of a horse's arse but I completely fail to see how this dice roll example would apply to submitting a high score to a server.

He wasn't serious. There are algorithms for fair die roll, coin flip, and card shuffling. Those are probably sufficient to handle what the original poster (way back on page one Smiley asked for.

The more recent stuff about high scores is a different matter. I don't know a way for a normal algorithm to prove that you did what you say you did when all activity is confined to your machine and it only has the opportunity to look at the final result of a game playing session.

Maybe there is one, but I certainly don't know it.
Offline zaal

Junior Newbie




Java games rock!


« Reply #54 - Posted 2003-05-10 13:47:35 »

(sorry for my bad english)

there could be another solution, based on "agents".

imagine each client has "computational unit" which receives blocks of initial data, computes something and sends results back to the server. server doesn't compute itself - it only dispatches packets of initial data and results between cliens(customers).

so, neither client knows what data it processes.
and server needs not huge computational power.

yes, you need great "dispatching" system, evaluation of concrete client's power, bandwidth and so on... but such a system could support really "massive" and "greed-for-processing-power" games based on the computational power of clients' computers.

as far as i know, many players usually simply chatting, so their 80% of all clients' computers could compute battles for 20% others who really playing. (maybe percents are different for different kinds of games).

so... just think in this direction Smiley
Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Reply #55 - Posted 2003-05-11 20:53:15 »

Quote
If anyone comes up with a neat solution to the hiscores problem I'd be especially interested as we're going to run a Million Points Prize promotion for Alien Flux when it's launched, and we need to make sure no-one's cheating because the prize is going to be pretty nice, like an Inspiron or something.

I toyed with the idea of recording the whole game but apart from being detrimental to performance it might also be rather bloody large.


IME, you can get an awful lot of mileage out of "record each game", but in most cases there is absolutely no need to record a large amount of data. I've lots of suggestions - but it all depends on your threat model and sec policy.

It REALLY depends what cheating you want to prevent!

I was writing a different reply to this topic, but I might as well use this as a case study. First thing you must do is create a security policy and a threat-model; without those, no-one can help you.

Threat-model is a list of all the different ways you think someone might want to cheat, try to cheat, be capable of cheating, etc. It's rather like a requirements document in Software Engineering.

Security Policy describes stuff like the precise invariants you wish to maintain ("no player may ever submit an unrealistically high score"). Preferably it should state which security breaches are tolerable, and which are intolerable. A little similar to a specification document.

...then I can offer suggestions on ways to achieve the policy, in the presence of all the threats. Otherwise, we're all shooting in the dark / pissing into the wind / whatever pointless and slightly dangerous activity you care to choose Smiley.

PS: Although I agree with leknor's statement in general (in general, it is impossible to prevent cheating, unless you TRUST [control is never necessary - only trust is] the client environment), there are several successful solutions that work by redefining the problem. JohnMunsch has already talked about one solution to a particular set of problems - Leknor, you should really think about the bit that says "Works for two people; doesn't work for more", and John should really not make statements like "this doesn't work for more than two, but other things solve that" - it's too much handwaving to help.

For another example, I saw some guys @ GDC2003 with a system that let you run a game without the server-bandwidth, and at the end if you SUSPECTED someone was cheating (you didn't need to bother otherwise), you could get a check on their die-rolls. I wasn't much excited by it, because it was pretty simple - but if you had the right kind of game, it works brilliantly.

I actually skipped a question on my finals paper on this topic, because I knew of several cases which show that there is NOTHING you can do if you want to completely prevent cheating without any server logic on a large scale. My answer would have said something like the following:

Anyone can write a program that peeks at the memory locations and identifies the point where you have a decrypted copy of the score, in order for you to add points to it (or whatever you want to cheat on). They pause the program (using a live debugger) every time that memory changes, and edit it to suit their fancy. Voila.

Note: this has been done before for at least one commercial game; IIRC, it was what brought Diablo to its knees, security-wise, in the end.

This kind of threat is valid for most situations where you have any data that the client is going to alter, and then act upon.

malloc will be first against the wall when the revolution comes...
Offline swpalmer

JGO Coder


Exp: 12 years


Where's the Kaboom?


« Reply #56 - Posted 2003-05-12 02:32:51 »

Recording the whole game won't work for all the reasons already covered.  The only way to run such a contest and be guaranteed of no cheating is to run it in a closed and controlled environment.

I wrote a cheat for minesweeper - I had a program that read the screen bitmaps and sent mouse clicks to the app.  Other than being played very well and very fast, the minesweeper program had no idea it was being cheated.. it was all the original code - no hacking needed, and it could do whatever it wanted to send highscores to a server.

Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Reply #57 - Posted 2003-05-12 07:29:01 »

Quote
Recording the whole game won't work for all the reasons already covered.  The only way to run such a contest and be guaranteed of no cheating is to run it in a closed and controlled environment.


Ahem. Indeed. To quote myself: "in general, it is impossible to prevent cheating, unless you TRUST [control is never necessary - only trust is] the client environment....", but "...you can get an awful lot of mileage out of [recording]".

Equally, without a sec policy and threat model, your statement and your anecdote are misleading (even if accurate). Without these two sets of information, there is no conversation to have here - leknor said it all in his first post.

I tried to point out that recording actually is a very useful technique, as it appeared that people were already on the verge of giving up on it. I didn't highlight any other security measures, simply because there isn't enough info to do so.

malloc will be first against the wall when the revolution comes...
Offline princec

« JGO Spiffy Duke »


Medals: 421
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #58 - Posted 2003-05-12 11:01:28 »

The system I'm running with for Alien Flux has been nailed down now as follows:

Rather than recording the whole game I am recording a very large number of game statistics:

  • Score
  • Lives lost
  • Level attained
  • Shots fired
  • Shots which hit aliens
  • Smartbombs fired
  • The number of frame-ticks elapsed whilst the player was alive
  • The number of shield-ticks the player used
  • The player's registration code
  • Indirectly of course, I also know the IP address of a hiscore submission and the time I received it


It is of course trivial to spoof these values but I suspect it's less than trivial to spoof all of them at the same time to the point where I can't detect scores that fall outside two standard deviations from the mean after collecting a lot of real hiscores. I can improve and refine my analyses over time.

My two intolerable security breaches are that 1) unregistered users are using the hiscore server and 2) that people are faking hiscores

What I'm left with then is a multi-pronged approach to preventing security breaches.

Firstly, someone has to want to cheat in the first place, and believe it or not, 90% of users don't actually want to cheat to obtain hiscores, even if I'm offering petty prizes.

Secondly, someone has to bother hacking the code or the protocol and this will eliminate 50% of the 10% of users that want to cheat because it's nontrivial for non-technical people or beyond a lot of people's laziness to bother doing.

Thirdly, I can detect the registration code, time, and IP address of a hiscore submission and in a very short space of time I can tell if it's a hacked code and block it on the server, after giving the official registered user a new registration code.

Fourthly, by analysing statistics from trusted sources (ie those players known to be playing for real) I can build up a graph of correlations between pairs of data and flag scores as suspicious when they fall outside of the range of acceptable values and acceptable correlation. Once a suspicious score has been registered I can flag a registration code as suspicious as well and scrutinize the statistics even more carefully. Although I will never block a valid registered user from using the hiscore table I will reserve the right not to post hiscores when I have determined someone to be suspicious. Or perhaps post them on the Suspicious Scores table.

All of which will add up, I think, to an acceptable level of hiscore security.

Also by clearing the online hiscore server every week I'm hoping that cheaters will get bored of the game rapidly once they start cheating and stop playing it, thus removing themselves from the hiscore tables of their own accord.

All to be determined, of course...

<edit> Oh, and there's an interesting side-effect of hiscore tables that I can take advantage of too: if you're not playing to win, ie. get the no. 1 hiscore, I don't care if you're cheating or not. Indeed, if you cheat but don't get the no. 1 spot, what's the point in cheating? It's a lot of bother to go through to get second place and not win the prize. The conclusion I can draw from this is that I can ignore cheat analysis on anything other than the no. 1 hiscore.

Cas Smiley

Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #59 - Posted 2003-05-12 11:54:41 »

What might help too is not to give feedback if the hiscore has been accepted or not until the contest is closed so that the cheater will think his/her score is accepted and not bother to really hack it.

Pages: 1 [2] 3
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

xFryIx (60 views)
2014-11-13 12:34:49

digdugdiggy (39 views)
2014-11-12 21:11:50

digdugdiggy (32 views)
2014-11-12 21:10:15

digdugdiggy (28 views)
2014-11-12 21:09:33

kovacsa (50 views)
2014-11-07 19:57:14

TehJavaDev (54 views)
2014-11-03 22:04:50

BurntPizza (53 views)
2014-11-03 18:54:52

moogie (68 views)
2014-11-03 06:22:04

CopyableCougar4 (67 views)
2014-11-01 23:36:41

DarkCart (153 views)
2014-11-01 14:51:03
Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!