Cheating & open source, revisited |
by Aardappel_
on 04/27/2005 07:54, 218 messages, last message: 06/16/2006 17:23, 188314 views, last view: 11/01/2024 15:33 |
 |
|
As you all know, cheating is a problem for Cube being Open Source. Noone likes the current solution of the incompatible binaries, and I am getting to the point where I see the usefulness of having other people continue to work on Cube whenever I don't have the time.. currently that is problematic and would be much easier if the source to the official game could be truely open.
Multiplayer continues to be an important aspect of Cube, so we can't ignore cheating and simply hope that people won't change 1 line of code to enable god mode or permanent octa-damage, because they will (tell me something about human nature and the people on the interweb).
The solution can't come in the form of "cheat protection", this simply isn't possible with the current cube, and even if the entire gameplay code was moved serverside, is still fragile. Don't even suggest it... make sure you understand the nature of the client/server gameplay code before commenting.
The solution for Cube I feel has to be a social one. As you may remember, I designed a solution before:
http://wouter.fov120.com/rants/trusted_communities.html
The problem with this particular design is that it is too complex to set up, and too centralized. I would like to come up with a solution that is simpler, less implementation work, and can work with any group of people, centralized or not.
This is the idea I came up with sofar:
Every player that wants to play in a cheat free environment, can use a command in Cube to generate a set of key files. A key file is simply a file of, say, 10000 random bytes. The player then hands out these files to players he trusts... or rather, players he wants to trust him. (why there are multiple files will become clear later).
A server can either be in untrusted mode (default, works as before), or trusted mode. It can be set to trusted mode by the server admin, or voted by the players until the server empties. It will show up in the server browser as trusted.
If a player A & B connect to a trusted server, A looks up B's nickname in his folder of key files. If he finds a corresponding key file, he chooses a few random file offsets and reads the bytes there. It now sends a packet to B asking it for the bytes at those offsets. If B really is B, it can simply read its own keyfile and return the values. A now compares the values, and if they match, it sends a "I trust B" packet to the server. The hud shows which clients you trust, and for each client how many clients trust him in total. You are now sure that B really is who he says he is.
On a trusted server, people that after exchange of trust packets have gained no trust, can be booted from the server automatically. This allows you to play games with trusted people in your community, and have external people unable to be join the game.
asking for random offsets guarantees that untrustworthy clients or even servers never get to sniff keys. "Trust" is evaluated locally and for you only, so can't be spoofed.
The one problem would be handing your key file to someone who later turns out to be untrustworthy. This person could now impersonate you and appear to be you to all your trusted friends. Hence the multiple key files, so you can give a different key file to different people (or groups of people). That way, if the person "goes bad", he can't impersonate you towards your friends, as he doesn't have the keyfile your friends have.
The system is not perfect of course. You can still have 2 cheaters join together and trust eachother. Luckily cheaters hardly ever come in groups, and there are more complicated ways to protect even against this.
The biggest issue is the inconvenience of having to exchange key files, and especially to require new players to find existing players on forums/irc before they can sensibly play. I think it is bearable though, as you only need to do it once, and Cube multiplayer is a fairly closed community. And if servers are by default untrusted, you can give newcomers the benefit of the doubt until they behave suspicious.
What do you all think? Please think it through thoroughly before commenting (I am talking to you, Jean Pierre! :). I am especially interested in "holes" in this system, i.e. ways that cheaters could abuse it if they really wanted to.
|
|
|
 
Board Index
 
|
|
#191: ... |
|
by mardicas
on 12/06/2005 23:38
|
|
|
I think the master idea is good. But, i agree with sinsky, the server owner should have full control and be able to set the master. And
reply to this message
|
|
#192: .. |
|
by mardicas
on 12/06/2005 23:39
|
|
|
... most people dont recognize cheaters and what if the qurrent master is a bad player and kicks the player who are better than he is saying that he was a cheater :P
reply to this message
|
|
#193: I think... |
|
by Aardappel_
on 12/07/2005 10:13
|
|
|
you're all misunderstanding master mode. It is not some kind of status. It is just the easiest way to play with just your friends on the fly, on any servers.
So if there are people on a server that for any reason you don't like, don't play with them. Go to another server.
The person who runs the server should not have any special priviledges... master mode is about organizing a game, not the server.
reply to this message
|
|
#194: Hey guys |
|
by Maikik
on 12/10/2005 20:32
|
|
|
I have an idea... kinda.
Why not do a 'check' before connecting to a server - the client gets a generated code - example the client has a hacked version he gets a code 950522
The server has the real version - he gets a code 950596
If the codes match ,you can connect.
This still has a hole in it ,you see...
reply to this message
|
|
#195: Re: Hey guys |
|
by CrazyTB
on 12/31/2005 22:41, refers to #194
|
|
|
Very easy to workaround, very easy to cheaters send correct code and still be cheaters.
reply to this message
|
|
#196: some ideas |
|
by CrazyTB
on 12/31/2005 22:46
|
|
|
To Aard:
This "master" idea is somehow related on how "TetriNet" works. In TetriNet, a server has rooms (like an IRC server). Every room can have at most 6 players, no more (TetriNet limitation). Every player in a room is numbered from 1 to 6. The player with smallest number is "master". Only this player can start/stop a game, or kick people. There is also a command to "exchange" or "swap" player number with someone else.
I think you should also add a command to pass the "master" status to another player.
One more idea: maybe the servers should have some type of communication with Master Server, and they should tell each other who is a cheater or who is kick-banned. Maybe the master server could keep track of each player "niceness" (who nice or not nice he is when playing), just to help the master player decide whether should accept or reject some player.
Just some ideas...
reply to this message
|
|
#197: .. |
|
by Mukkanovich
on 12/31/2005 22:48
|
|
|
That is a very good idea, I would hate the idea of making every thing server side or addming more clutter to the cube code just to attempt prevent 'punks' from cheating. At the end of the day, no matter how hard you try people will still find a way to cheat and the hard you try to make it the MORE people are going to want to try and cheat.
reply to this message
|
|
#198: Re: some ideas |
|
by Aardappel_
on 01/01/2006 20:58, refers to #196
|
|
|
cool.. I loved playing tetrinet back in the day. Your one more idea is exactly the complication we're trying to avoid.
reply to this message
|
|
#199: .. |
|
by >_< Sauceofallevils >_<
on 01/02/2006 01:13
|
|
|
Well I hope this problem gets fixed, but people cheat less then you would think but Ive came across chain guns in instagib before so its still a problem.
reply to this message
|
|
#200: Be prepared for stupid answer and I'm not a good programmer |
|
by snesreviews
on 01/13/2006 04:17
|
|
|
I'm awaiting the howls of laughter here but why not just store ammo, health, quad capabilities etc on the server, and if a player still is on the map after his health reaches zero on the server, kill him and stick a ban on him with a nastygram..? I know it's similar to what has already been mentioned, and it needs a little more bandwidth but would this not be the simplest way?
reply to this message
|
|
#201: .. |
|
by Mukkanovich
on 01/13/2006 12:17
|
|
|
No, cheating is far to easy it can never be stopped. So what, you cant health hack anymore? Dosent stop wallhacks and aimbots does it?
Aardappel's idea is best.
reply to this message
|
|
#202: .. |
|
by snesreviews
on 01/13/2006 13:19
|
|
|
What's to stop somebody connecting with a cheat to give them 200 health every time they are respawned, though? Odds are nobody would notice because they do die eventually anyway.
I'm pretty sure stuff like this is going on at the moment anyway: Having armour and full health, running after some guy with a shotgun, hitting him three or four times at close range, then him turning around and killing you with one shot seems to be a relatively frequent occurence from my experience of the game... wallhacks would also probably go undetected anyway, regardless of the solution, unless the client literally doesn't know where the players are until the server decides it's time to send out the coordinates. A well coded aimbot would also go undetected, and it's not very easy to turn around and accuse somebody of cheating...
Keeping as much information as the bandwidth/load specifications can withstand on the server and the client is still the most secure way and convenient way to reduce cheating as far as I can tell.
Plus keys remove the plug-and-play online appeal of the game. I never would have played this game online if I required a trust key, and few enough people play this at any given time as it is...
reply to this message
|
|
#203: cheating |
|
by beckers
on 01/14/2006 19:36
|
|
|
Maybe you can integrate an external program that checks the md5 checksum of de cube.exe file, or maybe a program that checks the size of the file?
reply to this message
|
|
#204: cheating |
|
by snesreviews
on 01/14/2006 21:48
|
|
|
:beckers
You would still be relying on the client software to read the checksum, though, so it would probably still be hackable.
reply to this message
|
|
#205: .. |
|
by Coxor
on 01/15/2006 04:53
|
|
|
Make an option for how client-side or server-side you want your server to be?
Anywhere from each client sending coordinates and other things to each other client to each client sending input and the data in some files to the server and reciving an image of what your screen should look like?
Either that or let a server kick/ban and allow others to do the same.
Or ranks: You can kick/ban/assign a rank as high as your rank maximally to anyone with a lower rank than you.
Also, there'll be for and against commands(which should be binded), and a time from the last unique(made by someone who has not voted in the poll) command that the vote should end(say, 5 seconds).
To get the for and against scores, you add up the ranks of the people in the respective catigories.
If there's a tie, the vote fails. You're for it by default.
The server has a rank of infinity.
reply to this message
|
|
#206: rcon |
|
by 1134
on 04/23/2006 04:20
|
|
|
I have a dedicated server running on a seperate computer from the one i play on but still on my lan. A few times, i have been locked out of my own server and have had to reset it by closing the server program. A passworded remote console to the server would be a good way to give the server owner and people of their choosing full control, but if no one with the rcon password is playing, the server would default to the mastermode type of control. The rcon password should also be able to be used to connect to a server in private mode.
reply to this message
|
|
#207: Re: rcon |
|
by Aardappel_
on 04/24/2006 01:03, refers to #206
|
|
|
rather than that, I'd prefer to debug what can cause some to leave a server in private mode. The code is meant to reset the server state as soon as the last person leaves... no idea why this is not working...?
reply to this message
|
|
#208: Re: cheating |
|
by CC_machine4
on 04/24/2006 23:47, refers to #203
|
|
|
lol, 5th time that has been suggested and counting...
can't you just make the server check the coordinates and the shooting of the players and if one player appears to have god mode or something... kick him? just an idea, would require quite a bit of server side code though...
reply to this message
|
|
#209: Re: rcon |
|
by CC_machine4
on 04/24/2006 23:52, refers to #207
|
|
|
soz for duble post..
about leaving a server in private mode.. could you add something to the server code that would check if there are no players in the server like evey second and if so, reset to normal non-provate mode? how can this fail?
reply to this message
|
|
#210: cs style cheat prevention? |
|
by Passa
on 04/25/2006 02:26
|
|
|
if anyone has played CS they will know that alot of cheating accusations come from people watching that persons screen and seeing them have an aimbot or whatever
if you implemented a feature for spectator mode that let you see a player's screen, it would help determine if the player is a cheater or not, with the client sending the health and ammo numbers
reply to this message
|
|
|
|
Board Index
|
|
home 
files 
forum 
docs 
wiki 
faq