Preventing cheating in network games written in Java

[quote=“M2009,post:38,topic:33704”]
heh, it’s not that bad. blah^3 is just a bit grumpy from being raised back from the ‘death’ and all. That and he’s an opinionated person, which is a good thing.

[quote=“M2009,post:38,topic:33704”]
be careful to separate the physics(game logic) from the rendering(also involves physics) but only has to be good enough. you only send as little information to render it ‘right’ which could well be jit before it comes into view. and handle/send if the player gets hit or not separately on the server, its a method to save bandwidh not cpu cycles. There are some papers avail on this, with respect to relevance here: it’s in the best interest of the client to render/calculate it right. You(the client) can render it any way you want but the server veto’s if you get hit. Beyond that it’s useful for the player to get the right information(for dodging if projectile is slow, for localising the enemy if the projectile is fast(sound, visual feedback of impact). So messing with it becomes a handy-cap not an advantage. I suppose you could draw tracers to help but thats about it.

the problems are probably more in the direction of the server having to determine if a player can see stuff and the cpu it takes.

[quote=“Riven,post:39,topic:33704”]
Actually I’m just learning right now, trying to make simple “move and shoot” games in 2D so I get the hang of rendering game graphics and syncing across network. Learning ways of how to prevent cheaters is also a good thing to learn I thought, so I made this thread. Also trying to learn how I can use ProGuard, have a thread up about it but it’s not really moving forward. Here’s a link to that thread in case any of you who reads here are an expert. http://www.java-gaming.org/index.php/topic,20582.0.html I have completed a small test game using TCP to communicate over the net, right now I’m trying to get the hang of how to make a game that communicates with UDP and that is turning out to be a challange. Might start a new thread about it soon.

[quote=“princec,post:40,topic:33704”]
Ah now, I get what you mean, thanks for clearing that up. That was a good addition to this thread. Speaking of Soldat, that is my favorite game believe it or not. I have high hopes of making my own game similar to that one. The anti-cheating in Soldat is however not good at all, and the network protocol is even worse. And most people are unable to discover cheats like reducing reload time by 50% so they won’t vote yes on a kick, to notice that in the heat of battle you need to have played the game for months if not years. And you’d be surprised to learn how many that are just too dumb to vote people out, many times I’ve seen people NOT getting voted out even though they teleport to each player as soon as they spawn and knife them to death instantly. In later versions Soldat has made use of BattlEye, which finally made it so hard to cheat that not that many people does it anylonger, but in the olden days there was probably at least one cheater on any server at any given time. Well, almost. They still haven’t fixed their network protocol however, a lot of times you hit someone without it doing any good, sometimes (more often than rarely actually) you can even make them bounce away from the impact but it still does no damage - thats the biggest problem with the game today I’d wager.

[quote=“Mr_Light,post:41,topic:33704”]
Maybe I wrote it badly, or misunderstand what you wrote now, but in what order things are drawn wasn’t part of the post I made (the one you quoted). But your post made my think about exactly how things should be drawn for the user, if I just have a separate thread that draws the game (like all teachers have told me to have so far) one object might be painted one frame ahead while the previous was painted one frame behind the current object. Hm, I guess making sure not to paint the game while the game logic is being updated would be a good idea, even though it probably isn’t noticeable in most cases. On thread can draw the frame while the other manages the networking part of the game loop. Off-topic but a important thought.

–

Well then, I guess this thread is going towards its end (for now). Thanks for all the tips people! If you stumble over some more good anti-cheat methods (that works in Java) remember to post them here in the future.

Soldat’s my favourite game too - if you’ve ever been pwned by Spas-Tard!, that’s me

Soldat’s main network code failing is that in a concession to dealing with some aspects of lag, it appears to allow the client code to arbitrate what’s happened, specifically, the way players move, not so much the bullets, I think. So things can explode on the client and send a player flying, but the server doesn’t register the explosion at that location and so the player takes no damage, yet the client tells it that one of the players has accelerated massively. It’s this that’s behind the speedhacks, I think - the server allows clients to make decisions about movement. Mostly in the name of smooth gameplay - there’s almost no warping in Soldat, ever, which is nice. But the server does do hit arbitration, hence the famous “Soldat heart attack”, where you suddenly and unexpectedly croak when a bullet not visible on your screen for whatever reason kills you.

Cas

(Screw what I said about staying on-topic in this thread!) Ah, how nice meeting someone else that fancy Soldat as their favorite game, that’s the first time that ever happened to me.

I just wish the guy that does Soldat now (since MM stopped working on it) would focus a little bit more on the network part of the game instead of stuff like a in-lobby IRC client-tab that nobody uses and exploading heads from 50% of all sniper headshots. There’s lots to do, first of all there’s the eat bug (aka “hit”) where due to package loss your bullet never reaches the server so to speak (I have read Soldat uses UDP, he probably does nothing about lost packets). But the weirdest thing is still when you hit someone with a M79 grenade and they fly away by it (meaning it hit on their screen), but the guy doesn’t die. So the server recieved the projectile and passes it to the other guy’s client, where it hits, but it doesn’t hit on the server. Then the guy reports to the server that he has recieved force and is being pushed in a direction, and the server accepts it even though he apparently is out-of-sync. Adding to that (which has been in Soldat forever) I think the network code somehow got worse in Soldat 1.5, so I stick with 1.4.2 still. I wonder if Soldat is beyond help concerning the network code. I really think they should have added something new and fresh in the latest version of Soldat, one new gun or even a new hat to wear would have been completely awesome. Instead we get exploading heads as the biggest new feature, something that I think happens way too often for it to be remotely cool (they should have made it so that it only occurred if the player was “overkilled” with a headshot, given at least negative 75 hp). Over one year between versions and we get exploading heads. =P I know there was that voice taunt thing too but I don’t care about it, the voices wasn’t that good and I always play with the game sound off and my music on.

But even with negative stuff taken into account Soldat’s still a fun game.

MM myspace update:
“Soldat: I’m rewriting the network code. This time using enet with the Q3 net model in mind from scratch. Raknet had too much useless features. 3 minutes ago”
Yay!

Cas

Oh sweet, had missed that. Didn’t know he had myspace, only ever read his blog at http://mm.soldat.pl (and not so often).

Definitely about time he rewrote the net code for Soldat, though I could have sworn he said he wouldn’t work on Soldat any more. Are you sure he isn’t just rewriting the net code for his Link-Dead game? Found this: http://mm.soldat.pl/?p=368 It doesn’t say exactly which game he is rewriting the network code for.

Soldat is cool. I made a map for it a long time ago:
http://n4te.com/dev/games/soldat/Crusade.zip

Streaming gaming is amazing! Good luck to them getting the sound to work.

Things that uh… my doppelganger :persecutioncomplex: has done in the past…

1. hexedit save game files
2. decompile source code
3. Sniff / spoof network traffic
4. Run code on a hacked VM

Things that slowed “him” down
A) No save games to poke at, everything on the server
B) network protocol had a rolling checksum, preventing external packet injection
C) network protocol was stingy exposing state
D) Kill-cam or game replay exposed dirty tricks
E) Penalty for getting caught was my account banned
F) Obfuscated client-side code
G) Important stuff (to hit %, damage inflicted) is arbitrated at the server or another client
H) Code was completely inaccessible (PS3, DS)
I) A legitimate mod framework existed
J) Hacked /file/game/protocol didn’t yield any advantage

Some people will cheat at anything if they think there is an upside, and they can get away with it. For the record, I think this includes DiabloII, monopoly, hide and seek, jury duty, and dating more than one individual at a time. ;D