hsncorrosion Posted July 23, 2007 Share Posted July 23, 2007 I have played Assault Cube recently (an open source game/engine) They are having a big problem with cheats who use memory hacks and client side modifications, and now some are even taking admin accounts via server side bugs, Is there some way of protection to an open source game like this? I had and idea but they did not go for it. "I was thinking they can use a master ban list on the masterserver and require each game to have a serial number or key code that the master server looks for when they connect. If they do not have a code ban them. If a server bans them 3 times ban them on the master server, and if two people are playing with the same key ban them. I think this would help stop cheaters, this is similar to what is used in unreal tournament 2004) Quote Link to comment Share on other sites More sharing options...
dhp1080 Posted July 23, 2007 Share Posted July 23, 2007 Here lies the problem in open source everything. It makes everything much easier to exploit. They'd need to write their own PunkBuster client that checks to make sure all files are correct, then allows them to connect. Your idea for client side keys wouldn't work. The malicious user could simply change his key, and ta-da! Checking the hash of every file could work though. If it isn't the same as the server's hash values, don't allow the connection. It's a pretty simple concept that can turn wildly unsimple. Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted July 23, 2007 Author Share Posted July 23, 2007 But if the keys were generated when they first use the game and only get one key wouldn't that work, then they cant just make up one Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 23, 2007 Share Posted July 23, 2007 They could just modify the client to supple the correct key. The only way to prevent cheating is to make every thing server side. Unfortunately, for the most part, this is impractical. Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted July 23, 2007 Author Share Posted July 23, 2007 But how can they modify it. Im saying the masterserver gets a list of unique id keys and unless the players have a matching id they cant join a game Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 23, 2007 Share Posted July 23, 2007 The player can change the ID there client sends. Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted July 24, 2007 Author Share Posted July 24, 2007 But the server will match it with a list of current keys and if it does not match it bans them Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted July 24, 2007 Share Posted July 24, 2007 But the server will match it with a list of current keys and if it does not match it bans themyes that idea should work, but no matter what you'll be looking at modifying the source. Not a task I think you're willing to take up. Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 24, 2007 Share Posted July 24, 2007 But the server will match it with a list of current keys and if it does not match it bans them The player can change the ID there client sends. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted July 24, 2007 Share Posted July 24, 2007 But the server will match it with a list of current keys and if it does not match it bans them The player can change the ID there client sends. Sparda, how is the user going to get a list of valid keys? If the client sends a non-valid key it will be disconnected form the server. Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 24, 2007 Share Posted July 24, 2007 because it will be in the source code? Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted July 24, 2007 Author Share Posted July 24, 2007 No, keys stored on the masterserver side, not within the source. Also I would not be doing this, but convincing the ones who made the game to implement it. not to mention on my first post any two people with the same key are banned (just saying before you mention that) Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 24, 2007 Share Posted July 24, 2007 No, keys stored on the masterserver side, not within the source. Also I would not be doing this, but convincing the ones who made the game to implement it. not to mention on my first post any two people with the same key are banned (just saying before you mention that) For a client to validate it's self it has to download a key that any one can download and is publicly available then send it to the server it is attempting to connect to? Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted July 24, 2007 Author Share Posted July 24, 2007 When the game is first launched it requests from the master server and it generates a key code which is then stored in either a registry key or in an encrypted file. Then if they goto a server and are banned 3 times the server sends their id to the master server which then blocks there id on every server. Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 24, 2007 Share Posted July 24, 2007 You could write a rouge server that blasts every client out of the game. (btw. EA, because they are fucktards, had (and still do as far as I'm aware) a problem with some thing similar to this,again, because they are fucktards.) Also, the client could just request a new key, but if a rouge server blasted all of them off, that's not gonna work. Quote Link to comment Share on other sites More sharing options...
dhp1080 Posted July 25, 2007 Share Posted July 25, 2007 Modifying the game to request a new key on start no matter what would be very easy to do too. Also modifying these said "encrypted" files would be easy to do to, because the encryption method would be in the source. This is why real video games don't use jank client-side keys. They use advanced file-scanning techniques involved with programs. Look at PunkBuster as I said before. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.