Cheating & open source, revisited

by Aardappel_ on 04/27/2005 07:54, 218 messages, last message: 06/16/2006 17:23, 188333 views, last view: 11/01/2024 15:51

As you all know, cheating is a problem for Cube being Open Source. Noone likes the current solution of the incompatible binaries, and I am getting to the point where I see the usefulness of having other people continue to work on Cube whenever I don't have the time.. currently that is problematic and would be much easier if the source to the official game could be truely open.

Multiplayer continues to be an important aspect of Cube, so we can't ignore cheating and simply hope that people won't change 1 line of code to enable god mode or permanent octa-damage, because they will (tell me something about human nature and the people on the interweb).

The solution can't come in the form of "cheat protection", this simply isn't possible with the current cube, and even if the entire gameplay code was moved serverside, is still fragile. Don't even suggest it... make sure you understand the nature of the client/server gameplay code before commenting.

The solution for Cube I feel has to be a social one. As you may remember, I designed a solution before:
http://wouter.fov120.com/rants/trusted_communities.html
The problem with this particular design is that it is too complex to set up, and too centralized. I would like to come up with a solution that is simpler, less implementation work, and can work with any group of people, centralized or not.

This is the idea I came up with sofar:

Every player that wants to play in a cheat free environment, can use a command in Cube to generate a set of key files. A key file is simply a file of, say, 10000 random bytes. The player then hands out these files to players he trusts... or rather, players he wants to trust him. (why there are multiple files will become clear later).

A server can either be in untrusted mode (default, works as before), or trusted mode. It can be set to trusted mode by the server admin, or voted by the players until the server empties. It will show up in the server browser as trusted.

If a player A & B connect to a trusted server, A looks up B's nickname in his folder of key files. If he finds a corresponding key file, he chooses a few random file offsets and reads the bytes there. It now sends a packet to B asking it for the bytes at those offsets. If B really is B, it can simply read its own keyfile and return the values. A now compares the values, and if they match, it sends a "I trust B" packet to the server. The hud shows which clients you trust, and for each client how many clients trust him in total. You are now sure that B really is who he says he is.

On a trusted server, people that after exchange of trust packets have gained no trust, can be booted from the server automatically. This allows you to play games with trusted people in your community, and have external people unable to be join the game.

asking for random offsets guarantees that untrustworthy clients or even servers never get to sniff keys. "Trust" is evaluated locally and for you only, so can't be spoofed.

The one problem would be handing your key file to someone who later turns out to be untrustworthy. This person could now impersonate you and appear to be you to all your trusted friends. Hence the multiple key files, so you can give a different key file to different people (or groups of people). That way, if the person "goes bad", he can't impersonate you towards your friends, as he doesn't have the keyfile your friends have.

The system is not perfect of course. You can still have 2 cheaters join together and trust eachother. Luckily cheaters hardly ever come in groups, and there are more complicated ways to protect even against this.

The biggest issue is the inconvenience of having to exchange key files, and especially to require new players to find existing players on forums/irc before they can sensibly play. I think it is bearable though, as you only need to do it once, and Cube multiplayer is a fairly closed community. And if servers are by default untrusted, you can give newcomers the benefit of the doubt until they behave suspicious.

What do you all think? Please think it through thoroughly before commenting (I am talking to you, Jean Pierre! :). I am especially interested in "holes" in this system, i.e. ways that cheaters could abuse it if they really wanted to.

   Board Index   

#209: Re: rcon

by CC_machine4 on 04/24/2006 23:52, refers to #207

soz for duble post..
about leaving a server in private mode.. could you add something to the server code that would check if there are no players in the server like evey second and if so, reset to normal non-provate mode? how can this fail?

reply to this message

#210: cs style cheat prevention?

by Passa on 04/25/2006 02:26

if anyone has played CS they will know that alot of cheating accusations come from people watching that persons screen and seeing them have an aimbot or whatever

if you implemented a feature for spectator mode that let you see a player's screen, it would help determine if the player is a cheater or not, with the client sending the health and ammo numbers

reply to this message

#211: MasterMode stuck [was "rcon"] (actually this is OT)

by MeatROme on 04/27/2006 10:49, refers to #209

UTSL ... Use The Source Luke! ... with
Luke = CC_machine4.

The code does this check every time a user disconnects - instead of the overhead entailed in a time-based check.

Even if this spanks of hybris (with regard to Aardappels knowledge [http://cubeengine.com/forum.php4?action=display_thread&thread_id=566&start=200#26290]) - I can't imagine either why it's not doing what it's supposed to do ...

... it might serve as a hint that I have experienced servers that - upon connect - suddenly rapidly decrease the minutes left to play down to zero (from whereever they started off (not 10/15!)) ... and then trigger a map load.

So maybe this whole problem has something to do with servers going into a sort of limbo after the last client disconnects - time stops passing for them obviously, since they continue where they were left off and jump back to real-time when revisited - though as I understand the code this shouldn't happen.

A work-around could be to at least _re-check_ the settings every 1h (in the master-server update routine).

JM2CW

reply to this message

#212: Re: cs style cheat prevention?

by MeatROme on 04/27/2006 11:02, refers to #210

Yeah!
A Chase-CAM would really be a nice feature.

I've experimented with the code a little but have encountered difficulties.
Due to the fact that other players are not of the same structure as player1/camera1.
Simply trying to hook a thirdperson-viewpoint to another player entity doesn't work as well as with watching yourself :(

Another issue is for the CAM to move smoothly.
Even though packets arrive regularly (>30/s right? [for correct physics]) - simply repositioning the CAM will be jerky.
Calcing a diff-vector (which results in smooth movement) can be tricky.
For instance in corridors when the multiplayer-entity goes round a corner ... you would need to keep travelling vector and pitch in a time-lagged synch which looks good.

In the end it will certainly help a lot when health/armour and multiplayer-gun are implemented into the protocol.
I have already seen players take 2 rockets and a [full] MG assault ... and live - that might have been cheating, ... but might not have.

reply to this message

#213: Re: cs style cheat prevention?

by Passa on 04/27/2006 15:10, refers to #212

another simple solution, if you THINK someone is cheating, don't say anything

just leave

cheaters want attention, they want people to see their 'brilliant' hacks

if no-one hangs around to see them, its not fun for them at all

reply to this message

#214: Re: cs style cheat prevention?

by MeatROme on 04/27/2006 22:11, refers to #213

As has been sayed B4:
These skills could easily be benificiary to us all.
Then again I'm not so sure there are that many cheaters around as is often claimed or implied by this on-going discussion.
There are quite a few sudden network hiccups - my wager'd be it's _that_ instead of cheat-clients in ... let's see ... 92.7% of cases ... ;-)

reply to this message

#215: A Way to improve on this

by Andy on 04/27/2006 23:59

One way to greatly improve you verification scheme would be to use a digital signature. This would allow players to only have 1 set of keys, and would make it very dificult for another player to impersinate him.

Each player would create a pair of keys which numbers encrypted with one may be decrypted with the other, there are various ways to do this, the wikipeda can be consulted for more crypto information.

The player A keeps one key, his private key, and distributes the other key. Player B trusts player A and adds his key to his list of known keys.

In order to validate player A, Player B would send a randome number to Player A, then Player A would encrypt that number with his private key and send it back to player B. Player B would try to decryp the result with all his the keys of the people he trusts, if he gets the orrigional number back then he knows that player A is one of his trusted players and can verify him. Other wise he does not.

While this is somewhat processer intensive, it should not be a big deal as it only needs to be done when a new player logs in.

If intrested feel fre to email me about it at andyg314@yahoo.com

reply to this message

#216: Re: A Way to improve on this

by Aardappel_ on 04/28/2006 19:40, refers to #215

I suggested a scheme similar to this before. It's just a lot of hassle to organize, the current system is a lot simpler.

reply to this message

#217: Re: cheating

by lucilandeo on 06/11/2006 06:09, refers to #208

cheat code/Cube 1

reply to this message

#218: codes

by lucilandeo on 06/11/2006 06:10

..

reply to this message

#219: ..

by ef on 06/16/2006 17:23

How about running 2 processes simantaniously, one source that\\\'s the game. And one closed on that regulates player validation and status?

reply to this message

   Board Index