mIRC Homepage
Posted By: BNX Source protection - 30/08/05 04:50 PM
I am making a multiplayer game and I need to prevent cheating (by altering source code).
Since there is no way (that I know of) to hide/encrypt my script source, would it be possible to save scripts to an online server and have the user open a socket and connect the script online, and import it to use temporarily?
I have no real experience with sockets, I have only made a couple in that past with help from tutorials but I don't know exactly what they are capable of. Is it possible to pass a script (about 1100 lines)?

I don't need a whole script, I can do that on my own... but just an idea of how it could work.
Posted By: Riamus2 Re: Source protection - 30/08/05 04:58 PM
Well, the best way to run a multiplayer game is probably to use a bot as a server and the bot handles all calculations and data so that no one can really cheat.

If you don't want a bot, you can use sockets to post and retrieve data from the site, but I think someone could very easily edit how that works so they could still cheat.

You might consider making a DLL to handle all the calculations and other "sensitive" code instead.
Posted By: BNX Re: Source protection - 30/08/05 05:23 PM
Thanks.

I don't really want to use my bot since the game is sort of fast paced and will probably get my bot killed from the server for flooding.

I was thinking of somehow encrypting pieces of the source to make things complicated for the user.
Like instead of

%v

I could do
% $+ $chr( $+ %varbit1 $+ )

//set %varbit1 $calc((50/5)*10+(10-5)+13)

%varbit1 would return 118, this making % $+ $chr(118) or %v

But this would make things complicated for me as well, so I don't think its very efficient for something I will be working on continuously. :tongue:

I would do a .dll but I don't know enough about dll in c++ yet.
Posted By: Riamus2 Re: Source protection - 30/08/05 06:53 PM
As a note, DCC Chat won't get your flooded off and you probably don't need to have everything done by the bot, so you can limit the data going back and forth. Anyhow, that was just a possibility I offere. smile

One possibility you can do is to create some form of check bit in all data being transmitted.

Just like is used in CRC and in Credit Cards and Bar Codes and similar things, you can create a check bit to determine the validity of the data.

For example, if you're sending 5 numbers for data, you'd instead send 6 with the last one being a value to make some mathematical function work properly.

Example:

I'm sending character stats to the server:

I send it as health, mana, gold, experience--
150 75 50000 3418

So that a player can't just send that data to the server using their own numbers, you can add a check bit.

As a simple example, let's say you want the total, when you add the 1st to the 3rd, then multiply by the 2nd, then divide by the 4th, then add your check bit (all that as an integer) and have it equal 100000.

In this case, your check bit would be:
$int((150 + 50000) * 75 / 3418) + X = 100000
Calculated out, it would be:

X = 100000 - $int((150 + 50000) * 75 / 3418)
so...
X = 98900

If someone sent a 5th value that wasn't calculated by the script (and it can only be calculated by the script if the data is valid), you would know that they cheated (or your script broke).

Obviously, the code for calculating that would need to be hidden fairly well. You could use the same method for hiding that one variable as you mentioned above.

This example is for numerical data being sent... but, you can do similar things with alphanumerical data as well.

In the end, if someone really wants to cheat, they'll find a way. This is just a relatively easy method to make it somewhat difficult.
Posted By: DaveC Re: Source protection - 31/08/05 02:08 AM
your not going to protect it with an opebn source scripting enviroment, by socketing in and downloading the script, someone who wants to crack it well just do that and alter the script once they have dl it.

I dont really know what type of game it is, so cant really say what might help prevent cheating.

One method is that all players are infact the server, each other player is a client, ill try and explain it (this only works for some types of games also)

lets say there are 8 players and we setup a channel called #thegame to play in and maybe it even needs a second chanenl for passing fields etc lets call that #thegame.fields

So your all sitting in the #thegame chan and the game starts, well all 8 machines are running the same script, player 4 does something and that causes an effect, in #thegame.fields all the players scripts reply with some type of result code, now anyone that replies differently has a different script running.

you might say, but they could fake the replies, well yes they could, but the idea is it wont matter, becuase the other 7 games are playing by a set of rules defined on there machines not this 8th players machine, so lets assume player 8 should be stunned in the game well 7 machines well say stunned and his wont, well the games soon gonna go BAAAAAHHHHHH as soon as he keeps trying to play wheil the other machines go "hes stunned!"


Of course not knowing what type of game it is, that might not be possable, if a set of secret values need to be stored for each player then the above doesnt work, since you dont want those values exposed to each machine as that in itself can be used to cheat (the tanks game cheat is an example). Then a server machine must be selected and really i can only see that the person running that sever machine has to be trusted to not have hacked into the code.

Another way i have heard of is using a master server, when a game starts the master server is copntacted by the players, and it aligns and starts the game, it selects one of the players to act as the game server, and the game begins, it however also acts as the game server, and at any point during the game can be polled for game stats, now if its stats and the current game server stats dont line up, then the current player who was acting as the server has altered the script somehow.

The only problem alot of ideas like this have is there is no way of predicting if an all servers or master server system recieves the exact same set of messages in the same order as each other. if everyone is issuing ing commands in real time, one server might see P1 kills P3, P2 shoots dead P1 so p3 is dead, and p2 is dead BUT another machine saw it like this P2 shoots dead P1, P1 Kills P3, so it says P1 is dead, P3 is not since P1 was already dead

Its like the trivia script games when you sit there and wonder why BOB got the answer but YOU BILL and PETER all answered before him, the trivia bot didnt see it in that order (maybe due to linked irc severs)


PS: what type of game is it?
Posted By: BNX Re: Source protection - 31/08/05 03:38 AM
I have a working script now, it prevents cheating but user will always be able to edit stat variables.

The game is a 1 on 1 battle game, it compares user stats and declares a winner.
A good example of this is www.newage3.com

You attack a player, it then sends a probe string to check if its a valid nick.
If it is, the opponent returns his user stats along a random 3 digit code or id
using $rand(1,9) $+ $rand(A,Z) $+ $rand(a,z) and saves it to %hash

The receiver saves that to %hash too. Then every query made to each other sends the %hash along with it. If the hash is missing, or doesn't match it breaks. (for example if ($2 == %hash) { perform } else { cheater })
Before the %hash is created, there is an /unset %hash to prevent a user from creating their own. The id is created on the opponents side, so an attacker can't make a fake one.

I added some other protection to cover possibilities, and I am confident I covered it all, this is very efficient. This prevents a user from manually entering a query to the opponent through notice.

The code is large and complicated enough that noone wants to bother editing it, I just have to trust them to not change the variable stats, if they do I will use my IRC Bot to store stats in a .txt smirk


I also took the liberty of hiding my variables with extremely pointless algorithms using $sin $cos and $tan :tongue:
its kind of harder for me to understand it, but it's 100 times harder for them.
Posted By: Im2good4u Re: Source protection - 08/09/05 05:57 PM
i know this message is a litle late bu u cna use a .dll those are compiled laugh
Posted By: IR_n00b Re: Source protection - 08/09/05 09:24 PM
If you would have read riamus' post, he suggested that. :tongue:
Posted By: Im2good4u Re: Source protection - 09/09/05 05:24 PM
Quote:
If you would have read riamus' post, he suggested that. :tongue:
oO i only say 2 post in this topic when i posted it shocked
© mIRC Discussion Forums