Yea, I don't know of any. I'm just looking for some ideas.
The only thing that comes to my mind, is patching libraries against offsets with some of the source for the guard mechanism itself kept private while those offset tables are local to a server.
I figure, it would take a good hacker five minutes to get around.
So, anyone have any ideas.
Soma
You could do that, but the whole idea of open-source would be no more!
I believe that game hacker mostly care about all the other players of that game ( their position, velocity, life or ammo left etc ).
You could see to none of that information can be used for other than rendering the scene. Now how you'll do that, hmm...
Devoted my life to programming...
I used to hack games so I could talk about this for a long time. The most important thing is to make as many server-side things as possible. A good example are web browser-based games, where every principle of the game is processed by the server.
The real problem can be bots and information hacks. These ones are very useful, give big advantage to the player, and tend to be very hard to detect. They are perfect for leagues, often do not change anything in the game state. They are hard to detect, because they work on client's machine in every aspect. To detect them you need a client-side anti-cheat (like punk buster).
One advice I can give is: do NOT write your own anti-cheat system. You will save your time using a third-party (PB, valve) or just ignore it. All you can (and should) do is smart network protocol / server-side coding.
Last edited by kmdv; 04-10-2011 at 12:13 PM.
That path only leads to a pointless philosophical debate.You could do that, but the whole idea of open-source would be no more!
It isn't that kind of game. Think a simplified "Dwarf Fortress" with globally persistent worlds, continuous effects, multiple players, and PvP.I believe that game hacker mostly care about all the other players of that game.
^_^You could see to none of that information can be used for other than rendering the scene.
It sounds to me like someone has been getting owned in the "Call of Duty" games.
I still hack games when I'm done playing them the first time around.I used to hack games so I could talk about this for a long time.
This is obvious.The most important thing is to make as many server-side things as possible.
In any event, because source is available, "man-in-the-middle" attacks offers a high chance of a successful exploit even when using a cryptography scheme for transmission.
That's a terrible example; I exploited the crap out of "Legends of Zork" before I got banned, and even if that were acceptably true, I'm not only worried about simple fishing or "duping".A good example are web browser-based games, where every principle of the game is processed by the server.
Honestly, to me it just serves to show that games hackers don't care about as much don't get hacked as much.
Yes. See my original post. That is one possible method for discovery and prevention of client side binary injection attacks, but it only even has a chance when the server is allowed to distribute dynamic patches without distributing the source to those patches. And even then, a good hacker with knowledge of the system shouldn't take more than a few minutes to get around it.The real problem can be bots and information hacks.
I take it that you missed the "Open Source" part. I'm fine handing off a huge chunk of open source code and allowing someone to keep certain changes private for the purposes of exploitation prevention, but using almost any third-party system prevents even that much.One advice I can give is: do NOT write your own anti-cheat system.
Sure, you can use certain third-party systems in a two stage setup where the principled code can be completely removed from the client code base, but that means that "out of the box" the code has no protection whatsoever, and it would also mean that I'm endorsing some particular provider by distributing such a setup.
All that said, would you want to download open source software that burned you with what is essentially spyware? The source would be yanked out and distributed with nothing instead.
Just so as you know, "PunkBuster" is broken beyond belief, and I'm not even talking about the draconian license or the invasive measures to client privacy. I can't cheat it for now, but I can get legit players banned left and right. That's not what I want for people who give my game a chance.You will save your time using a third-party (PB, valve) or just ignore it.
The last I looked, Valve's methods were integrated into "Steam" and not all that great to begin with. I'm fine with "Steam" as a service, but coupling it to a system for only that purpose is ridiculous.
Just in case it comes up, the system used by Blizzard is nice, and I admit, I've never worked against the version included with "World of Warcraft", but the version used with the latest version of "Diablo II" only took me a few weeks to break sufficiently for my purposes.
In any event, some of the licenses at play would not allow me to distribute a "GPLv3" implementation even if behind a facade.
So, yea, I'm still looking for techniques viable for open source games; if there are any.
Soma
Finally!
I've been trying to edit for hours.
Anyway, I realize that came out rude. I apologize.
I actually said a lot more originally, but forum software and slowdown ate that huge post.
Soma
As one of the guys who builds the nuclear weapons for the "good guys" in this escalating hack/anti-hack arms race, I can say that the black hats take a lot more pleasure in it than I do, that it's tedious, it's unrewarding, my efforts are never recognized and appreciated, and, ultimately, even though I'm working for the good guys, the stuff I create is WMD and it doesn't make me feel all warm and fuzzy doing it.
See for instance the authoritarian technologies developed by Blizzard to attempt to control this stuff. You can understand WHY they do it, but it's still creepy as hell. Doing it in an open source context is kind of like standing in a glass room in the middle of Times Square performing surgery on babies with no anaesthetic. People will be booing you, throwing rotten vegetables and wishing for your death. It's a completely thankless task.
Having said that, can you be more specific about what you really want?
Code://try //{ if (a) do { f( b); } while(1); else do { f(!b); } while(1); //}
I've been working on this, and I still am. I'm trying to broil down what I've got, what my concerns are, and some of my ideas without throwing a crazy huge wall of text up I know that no one is going to read.Having said that, can you be more specific about what you really want?
I just haven't been sleeping well and what with everything else I just haven't gotten to it yet.
Anyway, thanks to everyone whose come by, I'll get more information up as soon as I can.
Soma
