Cheating & open source, revisited

by Aardappel_ on 04/27/2005 07:54, 218 messages, last message: 06/16/2006 17:23, 188303 views, last view: 11/01/2024 15:25

As you all know, cheating is a problem for Cube being Open Source. Noone likes the current solution of the incompatible binaries, and I am getting to the point where I see the usefulness of having other people continue to work on Cube whenever I don't have the time.. currently that is problematic and would be much easier if the source to the official game could be truely open.

Multiplayer continues to be an important aspect of Cube, so we can't ignore cheating and simply hope that people won't change 1 line of code to enable god mode or permanent octa-damage, because they will (tell me something about human nature and the people on the interweb).

The solution can't come in the form of "cheat protection", this simply isn't possible with the current cube, and even if the entire gameplay code was moved serverside, is still fragile. Don't even suggest it... make sure you understand the nature of the client/server gameplay code before commenting.

The solution for Cube I feel has to be a social one. As you may remember, I designed a solution before:
http://wouter.fov120.com/rants/trusted_communities.html
The problem with this particular design is that it is too complex to set up, and too centralized. I would like to come up with a solution that is simpler, less implementation work, and can work with any group of people, centralized or not.

This is the idea I came up with sofar:

Every player that wants to play in a cheat free environment, can use a command in Cube to generate a set of key files. A key file is simply a file of, say, 10000 random bytes. The player then hands out these files to players he trusts... or rather, players he wants to trust him. (why there are multiple files will become clear later).

A server can either be in untrusted mode (default, works as before), or trusted mode. It can be set to trusted mode by the server admin, or voted by the players until the server empties. It will show up in the server browser as trusted.

If a player A & B connect to a trusted server, A looks up B's nickname in his folder of key files. If he finds a corresponding key file, he chooses a few random file offsets and reads the bytes there. It now sends a packet to B asking it for the bytes at those offsets. If B really is B, it can simply read its own keyfile and return the values. A now compares the values, and if they match, it sends a "I trust B" packet to the server. The hud shows which clients you trust, and for each client how many clients trust him in total. You are now sure that B really is who he says he is.

On a trusted server, people that after exchange of trust packets have gained no trust, can be booted from the server automatically. This allows you to play games with trusted people in your community, and have external people unable to be join the game.

asking for random offsets guarantees that untrustworthy clients or even servers never get to sniff keys. "Trust" is evaluated locally and for you only, so can't be spoofed.

The one problem would be handing your key file to someone who later turns out to be untrustworthy. This person could now impersonate you and appear to be you to all your trusted friends. Hence the multiple key files, so you can give a different key file to different people (or groups of people). That way, if the person "goes bad", he can't impersonate you towards your friends, as he doesn't have the keyfile your friends have.

The system is not perfect of course. You can still have 2 cheaters join together and trust eachother. Luckily cheaters hardly ever come in groups, and there are more complicated ways to protect even against this.

The biggest issue is the inconvenience of having to exchange key files, and especially to require new players to find existing players on forums/irc before they can sensibly play. I think it is bearable though, as you only need to do it once, and Cube multiplayer is a fairly closed community. And if servers are by default untrusted, you can give newcomers the benefit of the doubt until they behave suspicious.

What do you all think? Please think it through thoroughly before commenting (I am talking to you, Jean Pierre! :). I am especially interested in "holes" in this system, i.e. ways that cheaters could abuse it if they really wanted to.

   Board Index   

#30: ..

by Gilt on 04/30/2005 18:02

oh, and I bet cheaters will start preying on newbs to get into trust servers.

"Hey newb, you want to be my friend? If you're my friend you can go play on the safe trust servers!" or some other bullshit.

reply to this message

#31: ..

by makkE on 04/30/2005 20:19

I have waited a while to see everyones opinion before I post mine.

The most problematic issue I see about this "trust" system is that it´s pretty complicated. A system like this might make sense in a big community, but, don´t get me wrong, I believe cube will never get too big.

At the moment cheating is really no problem in cube. I believe it´s up to cube´s nieche-like state. (the closed netcode doesn´t really prevent an ambitious hacker from coding a cheat, does it?)

Someone who likes the simplicity and speed of cube´s gameplay is (at least to me) very often a person that wouldn´t cheat anyways. It´s brute gameplay does in my opinion only really attract people that look for real competition, for people that don´t mind losing ..etc..

The other half (I guess the majority) of people that try cube will quit playing it after 5 minutes anyways ("too fast, looks crap, too few weapons no this and that, can´t impress my friends with that"..)

So well to get to the point: Cube´s gameplay already prevents a lot of "malicious" persons even bother with playing it and cheating.
For those few morons (excuse me) that really try cheating or go on peoples nervers, a simple kick/ban function would be sufficient.

I also believe that just very few coders would bother to write a cheat for cube.
I mean those people want fame. They won´t be able to impress their fellow "evil coder friends" with saying: "Look I wrote a hack/bot/cheat for cube"
And the common idiot doesn´t code.., he´ll go back on some cs pub to use his easily downloadable hack/cheat and annoy people there.

Of course, if cube went fully opensource, the possibility to hack it would be there. But I believe none of the coders intrested in the cube code (the people on this board for example) will ever even consider writing a hack.

To sum my 2 ?cents up: ability to kick/ban people an the basis of a more simple ("Vote yes (F1)/no (f2)") voting system would be sufficient.

If cube should go open source and if after some time problems do arise, the trust system might be reconsidered.

One last word: I personally have met only 1 person I would have wanted to kick (for namefaking and spamming) in over a year of cube pubbing.

reply to this message

#32: Re: ..

by Aardappel_ on 04/30/2005 21:18, refers to #31

I don't mind putting in some simple ip-banning, infact, maybe I should do that already given that people have used in-memory client hacks already.

But I strongly disagree that people won't cheat... you seriously underestimate how retarded the average interweb user is. If the source code is right there, and it takes changing 1 number or uncommenting one line, it will be too tempting. You don't even need to know C++. Infact, on windows people will distribute recompiled binaries, much like now there's in-memory cheat clients available for cube.

And for the ESL, yes you may think you have less of a problem because you know all players, and you do demos/screenshots. But if I was interested in cheating in the ESL, it would be VERY easy without being noticed, I could simply write some kind of minor graphical enhancement (akin a radar or rendering behind walls) that shows me where my opposition is at any time. You can play with that information without it being clearly noticable on a demo, yet giving you huge advantage. You can turn these gimmicks off for the screenshot.

And in non-match games, these kinds of cheats are even easier.

reply to this message

#33: Re: ..

by DrLZRDMN on 05/01/2005 17:28, refers to #32

The way I see it, cube is not completely done. A lot of those cheating are mearely hackers trying to help the developement of the game, testing it. I think that if you want to implement the 'trust' do not apply it to all servers. I also think that people with modified clients should be allowed to play (but may be restricted from some servers). If somone is trying to play "seriusly" they don't want someone flying around shooting rapid fire rockets and not dying. However, others might like to experiment with the game.
For play servers and match servers, have them verify the checksum, however, also allow other people to run servers that allow hacking.

reply to this message

#34: Re: ..

by >driAn<. on 05/01/2005 19:31, refers to #32

Only a kick/ban system won't help, it would be too easy to cheat in cube if its fully open source. And yes, there are only a few fools/cheaters on the pubs atm, but if people see how easy it is to modify the client the pubs will be flooded by such dumb people, I'm sure.
I like the idea of an "open cube", but its really hard to find out if that 'key' system works.
Maybe its necessary to handle it like GPG/PGP with a kind of keyserver (for each community) and a public/private key for every player =)

reply to this message

#35: ..

by Jcdpc Mozilla_is_teh_cookie_monster on 05/03/2005 03:06

I think a kick/ban system is the best way to prevent it. The other systems seem either ineffective (sure the player might not be able to code a bot, but he can still do that map-hack trick that im going to refrain from explaining in detail, but you probably know what im talking about) or might cause more problems than they solve (the trust system could easily be abused, and is overly complicated)

reply to this message

#36: On Further Reflection

by pushplay on 05/03/2005 07:32

I've decided I actually like the idea. Trust keys isn't mutex with voting for the common servers, and the possibility of cube becomming even less newbie friendly isn't as bad as punks wrecking the community entirely.

reply to this message

#37: ..

by kernowyon on 05/03/2005 10:33

The biggest problem with implementing any form of cheat banning system would be that some people get accused of cheating even when they are not. We have all been in servers where someone has the invulnerability bug - or seems to move amazingly quick due to lag issues etc. And of course, there are one or two players out there who are genuinely unbeatable - insight for instance.
With a vote system, these people could be kicked from a server - and maybe even blacklisted - for something which isnt their fault.
I do agree that cheating is an issue - I have seen some quite blatent cheats of late - with all weapons in insta for instance, or even with modded weapons ( anyone else see the guy with the flamethrower? ).
One thing I do find annoying is the number of people who find it funny to bind a key to say abusive phrases - usually involving some very foul language. Likewise those players with foul nicks to start with.
Luckily, as has been mentioned in this thread already - most of the cheats seem to appear for a day or so - then leave the servers.

reply to this message

#38: ..

by deathrabbit@optonline.net on 05/03/2005 23:34

I really agree with kernowyon for the most part. Most cheaters leave fairly quickly possibly since there isn\'t any way they\'re rewarded other than having a little fun unlike in some other games where there are rankings or items to buy. Most of the time there is no problem but occasionally there is one but as kernowyon and many other people said they usually go away after a day and sometimes you can play around them of just go to a different server.

Before implanting any kind of anti-cheating system you should either fix or think about game bugs that may make someone look like a cheater who is not such as the invincibility bug most people who play a lot have seen and/or had it happen to them.

Trust keys might be annoying and hard to deal with if you play on multiple computers and would make it VERY hard for new people to get into the community or even people who just took a break for a while unless there were rules restricting the use of \"trust only\" servers.

A kick/ban system might be nice since you could remove the cheater but it also has problems. Many new players don\'t read the instructions like they should and don\'t know how to vote, therefor making your vote have a harder time passing. Also kicking someone would probably temporaraly fix a glitch giving a player an unfair advantage, but most players would probably jump right to banning someone. Also a group of cheaters could join a room at the same time to prevent the vote from being passed and to ban regular players! Also if ip\'s were banned, some innocent people might not be able to play because of someone else on the same network cheating or has dynamic ip geting banned. Also with the idea of a + - trust system, morons could lower peoples trust just to make them look bad unless maybe admins and mods could give trust for free and other people have to pay 1 trust to raaise or lower someone\'s trust? exept nice people might lower their rank too much. Also with a trust system, someone can play legitamatly and gain people\'s trust and then cheat when they\'re fully trusted.

I believe a simple kick/temp ban(no more than an hour) would help a lot. Cheaters or people who have an advantage to to glitches could just be kicked and if someone continues to have an advantage they could be temp banned. The temp banning would get someone out of the game for a little bit in case of a mistake they\'re not fully banned and most cheaters would probably go away during that time and if they didn\'t it wouldn\'t be a bit deal to ban someone every hour and I dought they would stay for more than a day trying to get back in.

Also a server moderater system would be nice so that the person in charge of a server could give out a password to people they trust and they could kick/ban people within that server. This way people can be in charge of who is on there server and remove cheaters and other morons.

Also i have one last note:
To all people who talk about if cube was fully open source, it is essentially fully open source as long as it can be dissasembled fairly well. I recommend you use a software protector such as SDProtector, or ACProtector on the Windows version which will make it much harder for people to hack or dissasemble it and only the best of the best will be able to, who will probably not be able to be hardly stopped at all anyway. I recomend you stay away from X-Treme Protector and Thermida though because they like to mess around with the Windows registry.

Thanks for reading.

-deathrabbit

reply to this message

#39: ..

by deathrabbit on 05/03/2005 23:49

Sorry for the double post, but I missed some stuf and could a mod please edit my e-mail address out of the name slot? I axidentally put it there and dont really want it there.

Also, some people don't realize how bad the cheating situation is. For those of you who don't know, we've seen modded weapons, edit mode in any mode, other weapons in instagib, infinite ammo, invincibility, people moveing like 10 times as fast as anyone else, and other problems.

You could try comparing some sort of checksum when you connect. This might work but memory cheats could be loaded after connecting, so the check could be more frequent.

Another idea that I like more than all others that I have seen and and came up with is the ignore idea. A player should be able to ignore and not see anything about including the score, character model, ammo being pickud up, and bullets from players that they choose. This can make a person not mind if a cheater is in the game since they can just ignore them and neither person will be able to see or effect the other one, rendering all the cheaters cheats useless, AND giving them no targets to cheat against.

Thanks for reading.

-deathrabbit

reply to this message

#40: Re: ..

by lokirulez on 05/04/2005 00:35, refers to #32

"And for the ESL, yes you may think you have less of a problem because you know all players, and you do demos/screenshots. But if I was interested in cheating in the ESL, it would be VERY easy without being noticed, I could simply write some kind of minor graphical enhancement (akin a radar or rendering behind walls) that shows me where my opposition is at any time. You can play with that information without it being clearly noticable on a demo, yet giving you huge advantage. You can turn these gimmicks off for the screenshot.""

Cheating/faking/hacking is a common problem in online leagues and will always be. The only thing league admins can do is check for easy to recover things like demos/screenshots.

I read about your trusted communities quite a long time ago and still think it's great.

I doubt that a social anti-cheat system will work in competions, but let's have a try, anyway.

reply to this message

#41: deathrabbit

by pushplay on 05/06/2005 08:30

The difference between cheating by hacking a binary and hacking the source is miles appart. In hacking a binary I can play with some constants and maybe get extra ammo and take less damage. In hacking the source I could get super elaborate and you would never be able to detect it. I could have timers drawn over all the pickups for when they'll respawn, you would never know.

And given the game is open source there is no question you could ask my hacked client that I couldn't give a correct answer to. As a last resort I could always have my hacked client also run a server for a proper client and relay all questions and answers. Man in the middle attack basically. I even question the viability of trusted computing in hardware

reply to this message

#42: ..

by makkE on 05/23/2005 04:15

Uhm I never really believed it could be a problem until I saw it today. Go for the trust thing and the kick/ban :(

Sad but it´s got to be (saw a guy ruining a game to day by editing :(

reply to this message

#43: my $.02

by Sparr on 05/23/2005 04:35

I have an idea. What if cheat ban voting was automatic? This idea would not help against passive hacks like radar, but invulnerability hacks for sure. Basically you set up the client so that every few seconds it randomly picks an opponent and tracks their position, health, weapon, whatever. If your client thinks they are doing impossible things (like floating if they have the wrong/hacked map) then it lets the server know. If enough clients make the vote, they get kicked.

I think vote kicking would be nice too, even if not against cheating. It would be nice to be able to kick people who dont understand /getmap, or who chat spam. The best part about voting is that its completely human controlled. Unfortunately this would hurt players like Insight who might get accused more often than they should, but in cases like that you could implement whitelisting by server admins.

reply to this message

#44: the real solution...

by Sparr on 05/23/2005 04:36

I think the real solution to the problem involves a little of everything. Take every idea here, implement it to SOME degree. Getting the right balance will be hard, but every method helps fix the weak points of another.

reply to this message

#45: Re: the real solution...

by kernowyon on 05/23/2005 10:28, refers to #44

Yep - good idea.
As mentioned, voting to kick people can be incorrectly or maliciously used against those players who are good - such as Insight or several other great players.
However, something needs to be done to rid Cube of the comedians who appear on a server then spout obscenities at everyone, or those people who are blatently cheating.
I do wonder how many of those "floaters" who dont have the correct map are new to the game and simply dont understand the /getmap function? Many times I have seen people asked to use the getmap command, only to see them typing getmap without the actual / command prompt bit. So it simply comes out as getmap repeated many times before someone puts them right. Same with name etc.
I like the radar idea - that would solve the invulnerability issues at least - which is something which seems to cause of lot of aggro in the servers. The number of times people are accused of cheating when they are simply victims of the invulnerability bug is amazing. Of course, some people do take advantage of it - but to be fair, its hard to tell you are invulnerable sometimes for a while.

reply to this message

#46: ..

by CC_machine on 05/24/2005 19:10

also dont forget that there are other types of cheating other than mods of cube, for example:

using a modded map to give the player an advantage (e.g. flood the map to enable flying to dodge rockets etc.)

believe me ive tried it before, and no-one even suspected me of cheating ( just for testing.. honest)

reply to this message

#47: ..

by makkE on 05/24/2005 21:02

I know that kinda stuff is pretty obvious.. but you should refrain in the future to even mention it ;) Don't tell them how to here..

reply to this message

#48: ..

by CC_machine on 05/26/2005 19:39

oops.. just thought id mention it cause you were asuming cube mods were the only way to cheat :P

reply to this message

#49: Re: ..

by jean pierre on 05/27/2005 07:19, refers to #48

Mine says different protocol when entering in a server with my MOD that is a good thing tough becouse i editted weapons and it isnt cool to have rocket launcher in multiplayer that does a bigger explosion that could kill 20 people on touch(if they're near)

reply to this message

   Board Index