There is a thing that I’ve been pondering a long time - how to prevent duping in the trading of virtual items. I mean, how to prevent that someone in the possession of a virtual item can multiply it, and sell the copies.
To make it worse, the scenario which I had in mind puts the item data into the users hands - he’s got a file, representing the item, so basically he can make as many copies as he wants … and the trading system must make sure he can only sell one of those copies, and the others will be rejected.
A while I thought it is impossible to prevent duping in sucha scenario. But now I see those virtual currencies like Bitcoins, and there is no way to dupe coins as it seems. This gives hope that there are measures to prevent duping of other “items”, even if the owner has access to the data.
what if you just save the amount of items the user has in a db?
Or save a “trading key” in an “item-file”, which you also have on your server…
once traded, this key would be made unusable…
A central, highly available DB to keep track of all items and their owners is a solution, but I have no menas to establish such an infrastructure. That’s why I added the “offline scenario” to the title - I want to make trades possible even if there is no internet connection availble at the moment of the trade.
I think then you have to encrypt your save file.
If the encryption method is good enough, and the save
format is’nt known, cheating is nearly impossible
and sorry, I read over the last words of the title ^^
As far as I know, strictly speaking, this isn’t possible. As long as the client has authority over the data, they are free to do as they like. And remember, it’s not just data they have control over your applications code too. Even if you write code in your application to prevent it, there’s nothing preventing the client from removing or altering said code. The best you can do is to make it as difficult as possible to accomplish. Even Bitcoin doesn’t leave the user as the sole authority, it uses something called a Block Chain.
I have no experience in this area, but I’ll put forward some ideas.
Your application could store a hash of the users inventory every time a change is made. Check this hash against the users inventory save on load. You want to make sure the hash is as hard to copy as possible, you may want to store it in multiple locations. You could even hide it within a harmless looking image file if you wanted to. If any check fails, reset the inventory. Ultimately, the user can save these files at a given time and revert the game to that state, or remove the hash check from code. You’ll also need to consider occurrences such as an application crashing while writing these files. This will revert the items the user received from the trade, but if they trade to another account they own, they can return the items anyhow.
Perhaps with every (offline) trade with another person, such as over a LAN or splitscreen, you could store the transaction data on the other users machine. Each item could have a GUID. If the other user sees that the GUID matches one it has stored in the transaction history, reject the trade. But again, you need some way to protect the integrity of GUIDS.
Compile your application to make it as difficult to reverse engineer as possible. Preferably done with a compiler that compiles down to machine code. This potentially means compromising performance and increasing executable size. This may or may not be worth the effort depending on your application.
Ideally your application, if hacked by a user, wouldn’t affect the experience of other users. But this can’t always be the case.
In the end, you need a trusted 3rd party, like a server, with proper sanity checking.
Either people will reverse engineer your format, or retrieve the algorithm from your code through reverse engineering. Or they may just copy the current state of the file, trade away items to another account of theirs, restore the file, and trade items back.
I think so, too. Just the virtual currencies made me reconsider the idea …
The case in question was a single-user application that uses text files. Such a file represents an item with all it’s characteristics in the application.
There is no server or central database in this scheme, no place to track hashes or such. If there isn’t a way to employ a system like private/public keys and encrypt the files so that only the creator can distribute the files, and the receivers can use them, but not further spread them (lacking the private key of the creator), I think there is no chance to do it.
I guess if this works, the industry pays me millions for my DRM solution ;D
