The only real cheats in the _network side_ of Quake games are the bots (aimbot etc.) but there are no real cheats. Like: walk over walls (noclip), teleport whenever you want to, god mode or changing the player''s speed. How was this done? Why couldn''t you just reverse-engineer the exe and give you immortality that way? Or use some cheat program to hack Quake if there was CRC check in it? How did ID software make their games so cheat-proof? Was it based on server monitoring that nothing illegal happens, or on something else?

It all has to do with client/server responsibilities.

Quake & C/S games (Diablo II, for example) have a server that''s basically "running the game" and it''s telling all of the clients what''s going on by way of network packets. The client reads these packets, and then shows its user, "Hey, this is what''s going on". The user then chooses to do something via the client, so then the client sends a network packet to the server saying, "Hey, my client just said to do this." The server then processes this command into the current game data, and the cycle loops.

The reason you can''t go God Mode from the client is because in order for you to do ANYTHING, the client has to send a packet saying what it''s trying to do and the server has to accept the packet . Since there''s no "I wanna go God mode" packet that the server expects, there''s no way to do it without modifying the server itself.

Now, on the other hand, the client is free to manipulate the data it receives any way it wants. Therefore, if the server always sends the location of all enemies, even those who are supposed to be hidden, a maliscious client could create a cheat so that its player could see the enemies that were supposed to be hidden.

So imagine Quake was designed poorly, and instead of the server keeping track of damage, the client did. In other words, what if the server sent out messages saying, "you took 10 points of damage", and it didn''t track the damage itself; it expects the client to keep track and send a, "hey, I''m dead" message when there''s no more life. Well, all you have to do is modify your client so that it either ignores the damage messages or never sends a dead message, and you''ve got God Mode. Luckily, it wasn''t written this way.

Putting more functionality in the server and being extremely selective about what information you send to a client will generally make a game more secure. When creating this kind of a game, you have to always remember that the client can manipulate the data you send it any way it wants, and it can send you any kind of information it wants to as well (whether based on player actions or on "cheating").

That cleared it out quite well, thanks.

There''s an article on Gamasutra about hacking and how to make it more difficult, written by an Age of Empire''s guy.

use serial ids, checksums, encrypt key data...