1

Topic: client-hash vs. modified clients

"Keep it short and simple" did my English teacher say. Therfore:

It would be great, if you could check if unmodified clients are used.
I dunno if there are any free file-checksum generators and i dunno if one can easily implement it that it is hard to cheat.

Antoine de Saint Exupéry: It seems that perfection is reached not when there is nothing left to add, but when there is nothing left to take away.
Besides -  I am the gfx guy!

2

Re: client-hash vs. modified clients

the problem is, that all the management had to be done in a trustworthy environment. If it's the client which submits a message to the server, a manipulated/corrupted client could also fake the hash or a certificate message. And it's quite easy to manipulate your client, that the MD5 is identical, but the program is not. I don't have an idea *shrug* but it's necessary to do. Somebody here who knows how they do that in other open source games? nexuiz or whatever...

Question? search function
Short movies? Lappi's link loft
Teeworlds info'n'tuts on gfx? Landil's sketchbook

3

Re: client-hash vs. modified clients

Lappi wrote:

If it's the client which submits a message to the server, a manipulated/corrupted client could also fake the hash or a certificate message.

Yeah, thats what I thought. As long as you're relying on the client, you're in a sticky situation.

Very interesting situation indeed. As Lappi asked, how do other open source games deal with this?

Hell, even closed source (counter-strike) have a HUGE problem with cheats/cheaters.

4

Re: client-hash vs. modified clients

Well, valve has the vac secured servers and stuff. Wonder how it works, the best way (if possible) is to do server-side hashing of the whole client.

if($poster["intelligence"] == $intelligence["idiot"])
        deny_post($poster);

5 (edited by catpaw 2008-07-14 07:38:29)

Re: client-hash vs. modified clients

Even commercial clients face the same problems, people being able to hitchhike load the client.

The only way is the client safe to cllient-hacking is to be a braind-dead 2d display having the server doing *all* calculation and sending the just frame pictures to the client. But this is a horror in bandwith, so most games make efficient bandwith and the client knows of how the game world is constructed, and this just leads to the fact of the problem that people are able to hack-extend their client.

Hashing and alltogether has been pointed out, just doesn't work. Imagine following code in the original client

sendToServer(getMyHashCode());

Now the hacked client:

//sendToServer(getMyHashCode());
sendToServer(0x67272838484a212s11); // this is the hash of the unmodified client

6

Re: client-hash vs. modified clients

Short answer: Not possible to verify wether we have an original client or a modified one.

Long answer: If you are really really into the topic, see the latest Uninformed issue regarding the same problem on BattleNet, Blizzard's multiplayer world. People used fake clients so Blizzard created Lockdown, made for the purpose of validating a client. The problem is, you have to ask the client, and the client may lie. It's as simple as that. I have been dealing with this (on the hacker's side wink) and the only thing that stopped me was when thing's got too complicated. Hacking a 2D game is fun as long as it is easy, if things get difficult people usually quit.

7 (edited by catpaw 2008-07-14 20:46:01)

Re: client-hash vs. modified clients

in the old days, I have been active in the community around hacking and extending "ulima online". Altough Origin added layer of layer of obfusticatation after some weeks the community had hacked them open again, and we could manipulate the stream between their server and their client, or log in their servers with 3rd party clients and so on. It were in total already 9 layers of obfustication when I left that field for good, all decoded smile don't know what has been happening since. The problem is, even with closed source, you just have to give the "foe" a decoding machine, otherwise the clients wouldn't work. So given enough energy its just gets open again...

8

Re: client-hash vs. modified clients

But no matter how complicated you do it, this game is open source... This makes it fairy easy to bypass as you don't even have to go through masses of assembler =P

Used to be very active waay back

9

Re: client-hash vs. modified clients

The solution is design the game that way it challenges me as human, and not in a way a simple bot could easily outperform me.

For one thing this means, just say no to instagib smile

10

Re: client-hash vs. modified clients

Well, aiming is a skill any bot will outperform you for sure. It's not like rocket trajectories can't be calculated, you just have to have the ambition to do. And because the game is open-source and therefore you can read the game physics, this is even easier than writing aimbots for other games - which has succesfully been done already. I advise switching to the Japanese board game Go, no computer will be able to beat an average human until maybe quantum computers have been done wink