I don’t disagree with you, but since most of the people here are just hobbists (hobbyists ? hobbysts ? (not hobbits, I’m sure)) and are looking forward to learning new stuff, I think we should just welcome interest and information in all areas, not the ones that are interesting for non-commercial game developers . I don’t expect to earn money with my game, but I do expect to learn a lot
anyway, it’s also interesting to know the efforts to do such stuff, but let’s just not let it obfuscate the main question of the topic
Anyway, ontopic: I read an article on Gamasutra.com about anti-cracking - I know that’s totally different than cheating, but the strategy they used was amazing.
Most hackers/cheaters will hack stuff, and if it works, they’ll release it. Nothing easier than programming a game to crash on a failed SHA1 hash of some resource - or even the binaries. Well. That’s where you get to nerf your game instead. In the article, they had this arcade game that required collecting gems in a 3D world. You’d spend hours exploring, and to finish the level, you needed ‘super gems’ hidden around the level.
When certain hashes failed, one or two ‘super gems’ disappeared from the game.
The hackers had no way to figure this out in a timely manner. They thought they got the game running, and released the crack on internet. Needless to say quite some ‘casual leechers’ got fed up with the impossible gameplay, visited some forums, and found out what was happening. Seriously: they bought the game instead.
So what can we learn? It is actually quite easy to figure out whether a wallhack is active. I mean, you have access to the framebuffer. You can use OpenGL Occlusion Queries if you’re really lazy. And if you determine somebody is cheating, don’t crash the game, don’t show them a warning. No! Instead nerf their game. Make them randomly die, once every 10 minutes. Occasionally do not render an enemy. Give them half the healthpoints of a healthpack, slightly darken their screen, reduce the framerate at totally random moments, preferably when it hurts them most.
The possibilities are endless. Besides that, it is fun to code.
Just be very subtile, so they won’t track it down to they own cheating.
It’s a facinating article/approach, but I can’t help but think they gloss over the disadvantages a bit - namely the time to implement, the (tedious) time to test and the inevitable pain and confusion caused when the system goes wrong. As a solo/bedroom programmer I don’t think the loss in productivity is worth it, but YMMV.
Of course if you’re writing an online pc game rather than a single player console game you’ve got the advantage of being able to patch easily and often. You can take advantage of that by doing “reactive” cheat prevention by releasing new versions which counter cheats as they appear - believe me it’s much, much easier to write a simple counter to a well-known cheat than it is to try and build in all sorts of elaborate tricks that cover every eventuality. And because you’re countering a specific hack you can get creative - like draing false players behind walls to confuse players using wall hacks.
Imho this is the worst idea I can think of. Chances are people will just say “This game is buggy as hell, so lucky I didn’t buy that crap”. Frankly I am one of the guys that occasonally gets his hands on a - erm - decentralized backup copy - erm - of a game and I usually buy it if I like it, otherwise I don’t play it at all. So you would loose me as a customer. In fact most PC players I know do the same…
I wouldn’t be so dismissive of my suggestions, either. I’m being deadly serious. Consider gameplay that is not cheatable by design, and technology that is likewise not cheatable. Failing that, truly attempt to grasp what I’ve said about heuristics and voting systems. It is a serious solution.
Sorry - I wasn’t clear. I was just refering to cracking. If this can be pulled of against cheaters it might be a good idea, but I am afraid this could really be difficult and cumbersome to implement.
I’d say apply the rule of diminishing returns: if there’s some easy protection you can put in that costs you little time and effort, while demotivating some script-kiddies, then do it.
But don’t sacrifice your game/marriage/life coding away just to stop the 1% of cheaters.
That (like others have said here) are what patches and updates are for, if your game takes off.
streaming video work with anything including game as the first video… but they seems to forget the most important… that will maybe never be removed wich is network latency and then game will be unplayable (especially when you look around)
[quote] Btw, if you had to name three (or more) of your other biggest problem, what would they be? It’s interesting.
[/quote]
Biggest problems in hacking?
Well since we still a beta we do still have a few bugs people abuse. But we fix them once we know about it. Not really much other then the macroing as I said.
We did have some problems outside the game, like abusing our payment system. But that’s also fixed now.
We make sure everything is server side. But of course this doesn’t work for all games.
Isn’t part of that what ms does with xbox live, they don’t ban you immediately, they simply keep gathering info and ban in bulk. This keeps ppl on thier toes and makes it hard(er) to figure out which method was detected.
But it only makes it harder for cheat-creators to debug their stuff and keep ppl guessing if they got caught or not.
Damn straight, Cas.
You never noticed how ‘aiming’ is removed from most MMORPG’s, or rather focus on strategy and tactics not on realtime/dexterity/skills
‘Cheating’ will always be possible with FPS. And the industry knows this too, if there is any price involved you always need to show up in person. As long as you make your (aim)bot external enough and humanlike enough you can’t tell the difference.
You don’t prevent cheating, stop saying you can, you make it iether:
harder to do so.
part of your game.
diminish it’s effect/rewards.
Whether you should make it harder to cheat I don’t know, for ‘low’ stakes games it might be useful but is it worth the effort? For ‘high’ stakes games it might be usefull too, but you have to make use of the stakes, and target the ones that impact other players the most. Like public, widely distributed cheats.
There’s plenty of information available and they aren’t probably as secretive about it as ppl might claim; There’s a difference between actually trying to cover something up and simply not pointing it out.
They also don’t really care about (some) false positives. which makes the game a lot easier.
I’m not defending the rude OP’s response, but … this approach was known/shown to be “very stupid, only relevant for lazy, stupid, or foolish people” as of approximately 10 years ago. (hint: Diablo1)
If you wish to make money or fame out of game development, then … Dont Do This.
It’s been shown time and again that this leads to large numbers of reviews stating your game “sucks”; indeed, it’s led to some interesting lines of speculation about “how often - on average - are reviewers running pirate copies?”.
Report cheating, react to it, but don’t auto-cripple the game. Generally speaking there’s a fine line, but it’s acceptable to e.g. tell the cheater on their screen that they succeeded, while not reporting that info to anyone else.
(I’ll leave it to you to work out how to achieve this. Hint: it’s quite easy, and requries re-reading Cas’s post and thinking about what he’s saying.
Now, you’re right there - but then, this shouldn’t even be an issue. Are you sure this is an issue, or did you just imagine it might be an issue, and you’ve started worrying pre-emptively?
I don’t much care if pirates review my games. Especially if they say good things about them, and doubly especially if they link back to my site. Worth a free copy any time! Which is why I always give out free copies to reviewers.
First off, thanks all for the replies. This thread is heading for greatness. And thanks to those helping out trying to get people to stay on topic - how to prevent cheating in network Java games (and nothing else).
Good stuff, especially the replay saving. That would serve as a sure way to remove all cheating in some games (except, like you said, if someone bothered to write a bot that plays as a human).
Haha, that was a great thought. Instead of being betters cheaters would get worse, and even if the “cheat makers” later found out how to fix the anti-cheat there would already be flawed cheat-tools in circulation. However, as some people has pointed out in the thread, this strategy comes with a risk of the game getting a bad reputation of being broken if there are many cheaters that open their mouths on forums etc, and if you counter that by saying that only cheaters will get a broken game you alert the cheat-makers of what to look out for. Still a fun way of implementing anti-cheating though.
Good idea, drawing things that non-cheaters will not see is one way of preventing people from using the cheat.
Making it harder to make cheats is always a good thing. And it’s always nice to keep in mind that ye, latency problem will get smaller with time - if something has pretty good latency now it will probably have great latency in the future. But one should remember that not all network parts in the world will get faster at the same pace (hehe), and the faster ones may always rely on the slower ones.
In what way? Who are you quoting that says it is for foolish people? Elaborate please.
[quote=“blahblahblahh,post:35,topic:33704”]
At you first statement: You guys seem to be very tight on this forum, aggressivly defending one another. How nice. I’m still not sure in what way I was wrong though, but I might indeed have failed to interpret what princec said, maybe he (or you) can repeat what he said in a simpler wording (with focus of countering your quotation of me)? Saying exactly how to achive it would also save other people time (for example a guest that reads this thread a year from now scanning for advice - maybe he can’t understand how to do it either and just need quick advice?).
At your second statement: I’m pretty sure this is an issue, say you have a 2D world and someone fires a bullet just outside of your view, to the right. This bullet passes inside view in the top right corner of your screen and then disappears at the top. Then the bullet hits a box outside of view which falls down, gets in view and then crushes your player. Should the server just say “make this bullet” and let the client simulate the physics, or should it say “create a bullet” when it gets into view, then “remove the bullet” when it gets outside of view, and then “create a box” when the box comes falling into view? Or should the server tell the client to simply draw a bullet/box for each frame that it is visible (no physics calculation needed at all from the client).
I have this vague idea you’re refering to me and blahblahblah.
You might easily get the wrong impression here. It’s not typical to this forum to be like this. I know I can be blunt at times, but the way blahblahblahh was responding to me and others was so arrogant and demeaning, that I couldn’t resist myself, and counter it.
Anyway, I’ll try to stay ontopic.
Any trick that raises the bar, is good, as long as you can afford the additional time you consequencely have to put in. Encrypting variables surely is one of them, as you can do a drop-in replacement in minutes - it simply raises the bar.
If you already have a product/game, and you already have users/players, it’s all about seeking the balance between adding positive things and reducing negative things. You should always do whatever yields the greatest effect for your users, even if that means focusing on new content, and accept the occasional cheater, which you manually IP-ban once or twice and move on.
So… what is the product/game you’re making anyway?
[quote=“M2009,post:38,topic:33704”]
I’m not sure I can explain it any more clearly, and the achievement is of course the devil of the detail. But here goes:
A technical solution to cheating is to have a secure third party which is the sole arbiter of the rules of the game. Right away this does away with 99% of the useful cheats you might have thought about. The typical situation is that the servers are hosted by yourself, and no-one else. The clients don’t even have to obey what the server says - the server contains the state of the game, and the clients only have powers to influence that state via the interface the server provides. You can’t speedhack, for example, because the server says how far you can move.
Secondly, to design a game where, given all the information that the client can possibly obtain, it does not matter how the client uses that information. Specifically, games that involve “aiming” and “reflexes” are prone to clientside hacking to do the aiming for you. To counter this you could have autoaiming on the server anyway, negating any advantage (which is what all the MMOGs do). And failing that, you resort to heuristics.
Heuristics is the science of making an educated guess based on the available information. What you need to do is collect information about the players’ performance on your server, and then set a threshold beyond which it is probably the case that a player is cheating. A player that gets 100% accurate hits with the railgun every time when the rest of the players only manage 50% is probably cheating. And if not cheating then probably making the other players have a crap time. But automatically kicking players is unwise and unfair. Flag them as possibly cheating, and get all the players to vote. Check Soldat out for an example of this. Soldat uses all kinds of mixes of clientside prediction and arbitration and is famous for clientside hackery, so heuristics and voting play an important part in its gameplay. It even makes the game more fun.
