Thread: Cheating protection for highscore list

  1. #1
    Registered User morbuz's Avatar
    Join Date
    Aug 2001
    Posts
    35

    Cheating protection for highscore list

    I'm making a small game and would like it to upload/download highscores to/from a central database. I'm using C++ and Qt, so the game will be multi-platform. I would also like to give people the source code so that they can compile the games themselves on platform I don't have access to.

    But given the source code, people can easily figure out how to upload fake highscores. Is there any way to make this impossible (or very hard) even with the source code available?
    [Signature here. (Remove this!)]

  2. #2
    Registered User
    Join Date
    Dec 2004
    Posts
    465
    Make it so ungodly complicated that no one can replicate it. Encrypt things so they cannot change them effectively.
    My computer is awesome.

  3. #3
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    What about all the problems of dealing with say changing
    sendHiscoreToServer(score);
    to
    sendHiscoreToServer(score*1000);

    Or changing
    lives--;
    to
    // lives--; // infinite lives hack

    If they've got the code, you're sunk.

    I think you would need some kind of continual communication with the server which allows you to monitor game play, say points scored in time taken, to try and gauge whether a genuine game has been played. But even then, once people figure out the protocol, writing another program which just mimics a long plausible game will be pretty easy.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  4. #4
    Massively Single Player AverageSoftware's Avatar
    Join Date
    May 2007
    Location
    Buffalo, NY
    Posts
    141
    This is the classic mistake of applying a technological solution to a social problem. Politicians do it all the time, so you're in good company.

    I used to try do the sort of thing you're doing, then I came to the following realization:

    If someone cares enough about my game to hack and rebuild the code just to cheat the high-score list, I should be honored. The vast majority of freeware games get downloaded, played once, and then thrown away. If someone wants to cheat, I must not only have made a good game, but made a game interesting enough that someone WANTED to cheat at it!

    In short, if you're giving out the code (which I highly recommend), don't bother with anti-cheating safeguards. You're ultimately wasting your time trying to prevent something that likely won't happen.
    There is no greater sign that a computing technology is worthless than the association of the word "solution" with it.

  5. #5
    Registered User
    Join Date
    Nov 2006
    Posts
    65
    Well, you could have 2 separate programs; the game and one to send the score. Don't release the source to the latter. Each time you send a score, send a long a hash of the game binary, the game version, OS and the score (encrypted). Server side, you can check the hash against a DB of versions (and configurations and OS). That leaves you with one problem; locating the right binary to hash.

    [edit]
    really 2 problems. You need to build up the DB of hashes as well of course.
    [/edit]
    Last edited by coder8137; 07-12-2007 at 06:13 AM.

  6. #6
    Deathray Engineer MacGyver's Avatar
    Join Date
    Mar 2007
    Posts
    3,210
    Quote Originally Posted by AverageSoftware View Post
    If someone cares enough about my game to hack and rebuild the code just to cheat the high-score list, I should be honored. The vast majority of freeware games get downloaded, played once, and then thrown away. If someone wants to cheat, I must not only have made a good game, but made a game interesting enough that someone WANTED to cheat at it!
    You're giving way too much credit to cheaters. People steal, kill, and cheat all the time in life for stuff that has little to no gain whatsoever. Games are no exception when it comes to cheating. There is no reason to cheat at a game where you compete vs other people. If it makes you feel honored that people want to cheat at your game..... enjoy the feeling. I know as a player, I'm fed up with it, and it makes me want to avoid decent games if cheating can't be controlled.

    Quote Originally Posted by AverageSoftware View Post
    In short, if you're giving out the code (which I highly recommend), don't bother with anti-cheating safeguards. You're ultimately wasting your time trying to prevent something that likely won't happen.
    As Salem said, you can do it if you have a server/client model. Open source or not, it's possible.

  7. #7
    aoeuhtns
    Join Date
    Jul 2005
    Posts
    581
    Have it send the recorded game with exact timings and rng state, and have the server do a full check for correctness. Depends on how computationally intensive your game is :-). But then have some gametime() function encode information into low significance bits of the time values, and have the server check for that too. Maybe they'll miss that. You'll catch a few, and then after, say, a week or two to wait for their 'real' cheating playernames (their first might be a fake name for testing), you can put them up on the board as listed cheaters.
    There are 10 types of people in this world, those who cringed when reading the beginning of this sentence and those who salivated to how superior they are for understanding something as simple as binary.

  8. #8
    Amazingly beautiful user.
    Join Date
    Jul 2005
    Location
    If you knew I'd have to kill you
    Posts
    254
    Another option would be to use encryption in your communication with the high score server. Release the source code, minus the encryption key. If somebody ports it, and you trust them sufficiently, send them the key so that they can make an official binary for that platform.

    It requires some manual intervention, but is probably less effort than attempting to have the server verify proper gamestate with the client (saves you bandwidth, not to mention the fact that some games can still be cheated).
    Programming Your Mom. http://www.dandongs.com/

  9. #9
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    You could divide the thing into official and unofficial builds. Unofficial builds are normal source builds. They don't include the ability to upload scores.
    Official builds are available only as binaries, and they include an additional server communication module, which employs all the anti-cheat measures enjoyed by closed-source software.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  10. #10
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    hmm... but if you trust those people sufficiently to give them your secret key, then why not just release source code to selected maintainers?
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  11. #11
    Amazingly beautiful user.
    Join Date
    Jul 2005
    Location
    If you knew I'd have to kill you
    Posts
    254
    That's basically the idea, except you allow the general public to play with the source code if they wish, minus high scores.
    Programming Your Mom. http://www.dandongs.com/

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 26
    Last Post: 07-05-2010, 10:43 AM
  2. instantiated from here: errors...
    By advocation in forum C++ Programming
    Replies: 5
    Last Post: 03-27-2005, 09:01 AM
  3. How can I traverse a huffman tree
    By carrja99 in forum C++ Programming
    Replies: 3
    Last Post: 04-28-2003, 05:46 PM
  4. List class
    By SilasP in forum C++ Programming
    Replies: 0
    Last Post: 02-10-2002, 05:20 PM
  5. singly linked list
    By clarinetster in forum C Programming
    Replies: 2
    Last Post: 08-26-2001, 10:21 PM