Cheating & open source, revisited |
by Aardappel_
on 04/27/2005 07:54, 218 messages, last message: 06/16/2006 17:23, 188310 views, last view: 11/01/2024 15:29 |
|
As you all know, cheating is a problem for Cube being Open Source. Noone likes the current solution of the incompatible binaries, and I am getting to the point where I see the usefulness of having other people continue to work on Cube whenever I don't have the time.. currently that is problematic and would be much easier if the source to the official game could be truely open.
Multiplayer continues to be an important aspect of Cube, so we can't ignore cheating and simply hope that people won't change 1 line of code to enable god mode or permanent octa-damage, because they will (tell me something about human nature and the people on the interweb).
The solution can't come in the form of "cheat protection", this simply isn't possible with the current cube, and even if the entire gameplay code was moved serverside, is still fragile. Don't even suggest it... make sure you understand the nature of the client/server gameplay code before commenting.
The solution for Cube I feel has to be a social one. As you may remember, I designed a solution before:
http://wouter.fov120.com/rants/trusted_communities.html
The problem with this particular design is that it is too complex to set up, and too centralized. I would like to come up with a solution that is simpler, less implementation work, and can work with any group of people, centralized or not.
This is the idea I came up with sofar:
Every player that wants to play in a cheat free environment, can use a command in Cube to generate a set of key files. A key file is simply a file of, say, 10000 random bytes. The player then hands out these files to players he trusts... or rather, players he wants to trust him. (why there are multiple files will become clear later).
A server can either be in untrusted mode (default, works as before), or trusted mode. It can be set to trusted mode by the server admin, or voted by the players until the server empties. It will show up in the server browser as trusted.
If a player A & B connect to a trusted server, A looks up B's nickname in his folder of key files. If he finds a corresponding key file, he chooses a few random file offsets and reads the bytes there. It now sends a packet to B asking it for the bytes at those offsets. If B really is B, it can simply read its own keyfile and return the values. A now compares the values, and if they match, it sends a "I trust B" packet to the server. The hud shows which clients you trust, and for each client how many clients trust him in total. You are now sure that B really is who he says he is.
On a trusted server, people that after exchange of trust packets have gained no trust, can be booted from the server automatically. This allows you to play games with trusted people in your community, and have external people unable to be join the game.
asking for random offsets guarantees that untrustworthy clients or even servers never get to sniff keys. "Trust" is evaluated locally and for you only, so can't be spoofed.
The one problem would be handing your key file to someone who later turns out to be untrustworthy. This person could now impersonate you and appear to be you to all your trusted friends. Hence the multiple key files, so you can give a different key file to different people (or groups of people). That way, if the person "goes bad", he can't impersonate you towards your friends, as he doesn't have the keyfile your friends have.
The system is not perfect of course. You can still have 2 cheaters join together and trust eachother. Luckily cheaters hardly ever come in groups, and there are more complicated ways to protect even against this.
The biggest issue is the inconvenience of having to exchange key files, and especially to require new players to find existing players on forums/irc before they can sensibly play. I think it is bearable though, as you only need to do it once, and Cube multiplayer is a fairly closed community. And if servers are by default untrusted, you can give newcomers the benefit of the doubt until they behave suspicious.
What do you all think? Please think it through thoroughly before commenting (I am talking to you, Jean Pierre! :). I am especially interested in "holes" in this system, i.e. ways that cheaters could abuse it if they really wanted to.
|
|
Board Index
|
|
#35: .. |
by Jcdpc Mozilla_is_teh_cookie_monster
on 05/03/2005 03:06
|
|
I think a kick/ban system is the best way to prevent it. The other systems seem either ineffective (sure the player might not be able to code a bot, but he can still do that map-hack trick that im going to refrain from explaining in detail, but you probably know what im talking about) or might cause more problems than they solve (the trust system could easily be abused, and is overly complicated)
reply to this message
|
|
#36: On Further Reflection |
by pushplay
on 05/03/2005 07:32
|
|
I've decided I actually like the idea. Trust keys isn't mutex with voting for the common servers, and the possibility of cube becomming even less newbie friendly isn't as bad as punks wrecking the community entirely.
reply to this message
|
|
#37: .. |
by kernowyon
on 05/03/2005 10:33
|
|
The biggest problem with implementing any form of cheat banning system would be that some people get accused of cheating even when they are not. We have all been in servers where someone has the invulnerability bug - or seems to move amazingly quick due to lag issues etc. And of course, there are one or two players out there who are genuinely unbeatable - insight for instance.
With a vote system, these people could be kicked from a server - and maybe even blacklisted - for something which isnt their fault.
I do agree that cheating is an issue - I have seen some quite blatent cheats of late - with all weapons in insta for instance, or even with modded weapons ( anyone else see the guy with the flamethrower? ).
One thing I do find annoying is the number of people who find it funny to bind a key to say abusive phrases - usually involving some very foul language. Likewise those players with foul nicks to start with.
Luckily, as has been mentioned in this thread already - most of the cheats seem to appear for a day or so - then leave the servers.
reply to this message
|
|
#38: .. |
by deathrabbit@optonline.net
on 05/03/2005 23:34
|
|
I really agree with kernowyon for the most part. Most cheaters leave fairly quickly possibly since there isn\'t any way they\'re rewarded other than having a little fun unlike in some other games where there are rankings or items to buy. Most of the time there is no problem but occasionally there is one but as kernowyon and many other people said they usually go away after a day and sometimes you can play around them of just go to a different server.
Before implanting any kind of anti-cheating system you should either fix or think about game bugs that may make someone look like a cheater who is not such as the invincibility bug most people who play a lot have seen and/or had it happen to them.
Trust keys might be annoying and hard to deal with if you play on multiple computers and would make it VERY hard for new people to get into the community or even people who just took a break for a while unless there were rules restricting the use of \"trust only\" servers.
A kick/ban system might be nice since you could remove the cheater but it also has problems. Many new players don\'t read the instructions like they should and don\'t know how to vote, therefor making your vote have a harder time passing. Also kicking someone would probably temporaraly fix a glitch giving a player an unfair advantage, but most players would probably jump right to banning someone. Also a group of cheaters could join a room at the same time to prevent the vote from being passed and to ban regular players! Also if ip\'s were banned, some innocent people might not be able to play because of someone else on the same network cheating or has dynamic ip geting banned. Also with the idea of a + - trust system, morons could lower peoples trust just to make them look bad unless maybe admins and mods could give trust for free and other people have to pay 1 trust to raaise or lower someone\'s trust? exept nice people might lower their rank too much. Also with a trust system, someone can play legitamatly and gain people\'s trust and then cheat when they\'re fully trusted.
I believe a simple kick/temp ban(no more than an hour) would help a lot. Cheaters or people who have an advantage to to glitches could just be kicked and if someone continues to have an advantage they could be temp banned. The temp banning would get someone out of the game for a little bit in case of a mistake they\'re not fully banned and most cheaters would probably go away during that time and if they didn\'t it wouldn\'t be a bit deal to ban someone every hour and I dought they would stay for more than a day trying to get back in.
Also a server moderater system would be nice so that the person in charge of a server could give out a password to people they trust and they could kick/ban people within that server. This way people can be in charge of who is on there server and remove cheaters and other morons.
Also i have one last note:
To all people who talk about if cube was fully open source, it is essentially fully open source as long as it can be dissasembled fairly well. I recommend you use a software protector such as SDProtector, or ACProtector on the Windows version which will make it much harder for people to hack or dissasemble it and only the best of the best will be able to, who will probably not be able to be hardly stopped at all anyway. I recomend you stay away from X-Treme Protector and Thermida though because they like to mess around with the Windows registry.
Thanks for reading.
-deathrabbit
reply to this message
|
|
#39: .. |
by deathrabbit
on 05/03/2005 23:49
|
|
Sorry for the double post, but I missed some stuf and could a mod please edit my e-mail address out of the name slot? I axidentally put it there and dont really want it there.
Also, some people don't realize how bad the cheating situation is. For those of you who don't know, we've seen modded weapons, edit mode in any mode, other weapons in instagib, infinite ammo, invincibility, people moveing like 10 times as fast as anyone else, and other problems.
You could try comparing some sort of checksum when you connect. This might work but memory cheats could be loaded after connecting, so the check could be more frequent.
Another idea that I like more than all others that I have seen and and came up with is the ignore idea. A player should be able to ignore and not see anything about including the score, character model, ammo being pickud up, and bullets from players that they choose. This can make a person not mind if a cheater is in the game since they can just ignore them and neither person will be able to see or effect the other one, rendering all the cheaters cheats useless, AND giving them no targets to cheat against.
Thanks for reading.
-deathrabbit
reply to this message
|
|
#40: Re: .. |
by lokirulez
on 05/04/2005 00:35, refers to #32
|
|
"And for the ESL, yes you may think you have less of a problem because you know all players, and you do demos/screenshots. But if I was interested in cheating in the ESL, it would be VERY easy without being noticed, I could simply write some kind of minor graphical enhancement (akin a radar or rendering behind walls) that shows me where my opposition is at any time. You can play with that information without it being clearly noticable on a demo, yet giving you huge advantage. You can turn these gimmicks off for the screenshot.""
Cheating/faking/hacking is a common problem in online leagues and will always be. The only thing league admins can do is check for easy to recover things like demos/screenshots.
I read about your trusted communities quite a long time ago and still think it's great.
I doubt that a social anti-cheat system will work in competions, but let's have a try, anyway.
reply to this message
|
|
#41: deathrabbit |
by pushplay
on 05/06/2005 08:30
|
|
The difference between cheating by hacking a binary and hacking the source is miles appart. In hacking a binary I can play with some constants and maybe get extra ammo and take less damage. In hacking the source I could get super elaborate and you would never be able to detect it. I could have timers drawn over all the pickups for when they'll respawn, you would never know.
And given the game is open source there is no question you could ask my hacked client that I couldn't give a correct answer to. As a last resort I could always have my hacked client also run a server for a proper client and relay all questions and answers. Man in the middle attack basically. I even question the viability of trusted computing in hardware
reply to this message
|
|
#42: .. |
by makkE
on 05/23/2005 04:15
|
|
Uhm I never really believed it could be a problem until I saw it today. Go for the trust thing and the kick/ban :(
Sad but it´s got to be (saw a guy ruining a game to day by editing :(
reply to this message
|
|
#43: my $.02 |
by Sparr
on 05/23/2005 04:35
|
|
I have an idea. What if cheat ban voting was automatic? This idea would not help against passive hacks like radar, but invulnerability hacks for sure. Basically you set up the client so that every few seconds it randomly picks an opponent and tracks their position, health, weapon, whatever. If your client thinks they are doing impossible things (like floating if they have the wrong/hacked map) then it lets the server know. If enough clients make the vote, they get kicked.
I think vote kicking would be nice too, even if not against cheating. It would be nice to be able to kick people who dont understand /getmap, or who chat spam. The best part about voting is that its completely human controlled. Unfortunately this would hurt players like Insight who might get accused more often than they should, but in cases like that you could implement whitelisting by server admins.
reply to this message
|
|
#44: the real solution... |
by Sparr
on 05/23/2005 04:36
|
|
I think the real solution to the problem involves a little of everything. Take every idea here, implement it to SOME degree. Getting the right balance will be hard, but every method helps fix the weak points of another.
reply to this message
|
|
#45: Re: the real solution... |
by kernowyon
on 05/23/2005 10:28, refers to #44
|
|
Yep - good idea.
As mentioned, voting to kick people can be incorrectly or maliciously used against those players who are good - such as Insight or several other great players.
However, something needs to be done to rid Cube of the comedians who appear on a server then spout obscenities at everyone, or those people who are blatently cheating.
I do wonder how many of those "floaters" who dont have the correct map are new to the game and simply dont understand the /getmap function? Many times I have seen people asked to use the getmap command, only to see them typing getmap without the actual / command prompt bit. So it simply comes out as getmap repeated many times before someone puts them right. Same with name etc.
I like the radar idea - that would solve the invulnerability issues at least - which is something which seems to cause of lot of aggro in the servers. The number of times people are accused of cheating when they are simply victims of the invulnerability bug is amazing. Of course, some people do take advantage of it - but to be fair, its hard to tell you are invulnerable sometimes for a while.
reply to this message
|
|
#46: .. |
by CC_machine
on 05/24/2005 19:10
|
|
also dont forget that there are other types of cheating other than mods of cube, for example:
using a modded map to give the player an advantage (e.g. flood the map to enable flying to dodge rockets etc.)
believe me ive tried it before, and no-one even suspected me of cheating ( just for testing.. honest)
reply to this message
|
|
#47: .. |
by makkE
on 05/24/2005 21:02
|
|
I know that kinda stuff is pretty obvious.. but you should refrain in the future to even mention it ;) Don't tell them how to here..
reply to this message
|
|
#48: .. |
by CC_machine
on 05/26/2005 19:39
|
|
oops.. just thought id mention it cause you were asuming cube mods were the only way to cheat :P
reply to this message
|
|
#49: Re: .. |
by jean pierre
on 05/27/2005 07:19, refers to #48
|
|
Mine says different protocol when entering in a server with my MOD that is a good thing tough becouse i editted weapons and it isnt cool to have rocket launcher in multiplayer that does a bigger explosion that could kill 20 people on touch(if they're near)
reply to this message
|
|
#50: .. |
by CC_machine
on 05/27/2005 23:19
|
|
jean pierre have you uploaded your mod to quadropolis (http:\\www.cube.snieb.com)
reply to this message
|
|
#51: Re: .. |
by jean pierre
on 05/28/2005 07:06, refers to #50
|
|
Last time i tried it gaved me an error page really due to long time and i seriusly hate uploading too much so dont suppose to help but im sure Fusion is even better cause Lava MOD is just a pack of new lame graphics and different levels please dont ask me to upload it now(Il upload it maybe when Hell freezes over?)
reply to this message
|
|
#52: .. |
by CC machine
on 05/31/2005 17:17
|
|
question: everything physical (that is the player physics, not textures models and all that) is in the cube.exe inside the bin folder right? at least i think it is. if that is true, if someone is accused of cheating, then the server could upload his/her cube.exe and see if it is modded. scince the .exe is only 148 kb, it shouldnt take too much time to upload
What do you think of my idea?
reply to this message
|
|
#53: Re: .. |
by eihrul
on 05/31/2005 17:33, refers to #52
|
|
That still depends on the client to cooperate with the server. The client could just send over some other binary than itself and the server couldn't tell the difference.
reply to this message
|
|
#54: .. |
by CC machine
on 05/31/2005 18:44
|
|
i was having a good game of instagib team on map pyramids, and it disconnected and said:
illegal network message type(clientnum)
disconnected
what does this mean?
reply to this message
|
|
|
Board Index
|
|