I was thinking of ways to make it harder to cheat in multiplayer. However to effectivly build and design a counter-measuer it would be good to have more knowledge of the attack and how cheats are developed. This is for games in general: Strategy/RTS, Action/FPS and Turnbased. This is the two most common and most difficult cheats to detect and stop I know of. Modified packets Like modifying the direction parameter in a packet - aka Aimbot. Modifying the position updates - aka Teleport cheat (If that is how they work, I am just assuming ) Solution: Could not a simple encryption of the packets solve this? Of course any encryption can be cracked but would that not be a big step on the way? For teleport cheat I think a simple check to see if the last seconds "movement over time" is realistic, seems like an easy way to catch any cheaters unless they also modify their client to not do those checks. Maphacks or Wallhacks I'm unsure if they modify the memory or if they have anything to do with network. Solution: A possible solution may be for the server to not send you updates of people that you can not see, seen from the server's view. Another way could be to do random checks to see if the player can see or select something out of sight. Any ideas? More problems? More solutions? Any links on the subject? If a game could use a encryption that could not be broken (in theory), how much security issues would that solve? How does the anti-cheat systems in BF/CS/UT work?

Quote:

Original post by Wave Problem: The first I thought about is Modified packets Like modifying the direction parameter in a packet - aka Aimbot. Modifying the position updates - aka Teleport cheat (If that is how they work, I am just assuming ) Solution: Could not a simple encryption of the packets solve this? Of course any encryption can be cracked but would that not be a big step on the way? For teleport cheat I think a simple check to see if the last seconds "movement over time" is realistic, seems like an easy way to catch any cheaters unless they also modify their client to not do those checks.

Encryption wouldn't help. Anyone who's determined to break your game will manage to break the encryption. It'll slow people down, but it won't stop them, and will be useless once people work out how your encryption works. Most servers already do the check to prevent teleporter hacks. They'll see if it's realistic for the player to travel that distance in that time, and if not, they'll flag it as hacking. Some servers will drop the connection immediately, some will kick if the player does this a few times, and some will just refuse to move the player.

Quote:

Original post by Wave Problem: Maphacks or Wallhacks, I'm unsure if they modify the memory or if they have anything to do with network. Solution: A solution is of course for the server to not send you updates of people that you can not see, seen from the server's view. Another way could be to do random checks to see if the player can see or select something out of sight.

Maphacks / wallhacks are done by modifying the game I think (Although I'm not entirely sure). If you disable clipping or something in the game, then the players will be rendered behind walls, so you can see them. You still won't be able to shoot them (Assuming the server validates shots), but you can see where they are and chase them.
If you only send the player details of other players that are near, then if the player moves quickly (Jumps off a roof for instance), or turns around then the client has to wait for the server to send it details of the players around it. That'll introduce lag and players suddenly popping into sight. I'd imagine that servers will use some sort of PVS system already so they don't end up sending details of every player to every other player if they're at opposite ends of the map, behind 5 buildings.

Quote:

Original post by Wave If a game could use a encryption that could not be broken (in theory), how much security issues would that solve?

Every encryption can be broken, it's just a matter of how long you want to spend trying to break it. Although theoretically, if you could create an unbreakable encryption system, then you could rely on client data being 100% accurate, which would mean the server would have to do far fewer checks, lag would decrease, and a lot of cheats would be useless.

Is it possible to stop MapHacks and similar cheats by verifying the files of the game is unmodified?

What about if someone changes the memory while the game runs? I had a little program before that could search for a value, example your health, then you enter the game and change your health, then you do another search.. After 3-4 times the program found the memory adress of this variable and could set it (your health) to any value. However such cheats seems to only work in singleplayer games. I have never tried it on a online FPS but I know that using it on LAN games of Starcraft issued an instant disconnect.

It seems to me that "altering memory" cheats can so easily be detected by simply veryfing the actual changes. If the value is modified by non-game mechanics then issue an error and revert to the last value. I assume it is more to it. From what I have seen the most common solution to this problem today is to not give the client any confidence, the client only send input to the server which runs the game and does all calculations. However that would also mean the server will get a high CPU load when many people are interacting. If I'm not wrong this is how most of todays MMORPGs and FPSs do it. (For example WoW,SWG,EQ,UT,CS and BF )

And back to encryption, how would someone work who wants to break an unkown encryption of some random data? The only thing they know is the packets from the game by packet sniffing. To be it seems like a series of random unreadable changing bits which I see no way to interpret without the source code. How do "hackers" start?

Quote:

Original post by Wave Is it possible to stop MapHacks and similar cheats by verifying the files of the game is unmodified?

Yes, a lot of games do that. But that only verifies that the files are valid when the app starts up. They can be modified when the app is running.

Quote:

Original post by Wave What about if someone changes the memory while the game runs? I had a little program before that could search for a value, example your health, then you enter the game and change your health, then you do another search.. After 3-4 times the program found the memory adress of this variable and could set it (your health) to any value. However such cheats seems to only work in singleplayer games. I have never tried it on a online FPS but I know that using it on LAN games of Starcraft issued an instant disconnect. It seems to me that "altering memory" cheats can so easily be detected by simply veryfing the actual changes. If the value is modified by non-game mechanics then issue an error and revert to the last value. I assume it is more to it. From what I have seen the most common solution to this problem today is to not give the client any confidence, the client only send input to the server which runs the game and does all calculations. However that would also mean the server will get a high CPU load when many people are interacting. If I'm not wrong this is how most of todays MMORPGs and FPSs do it. (For example WoW,SWG,EQ,UT,CS and BF )

Again, a lot of games will look for common memory editors, and some will protect against this with internal checksums and checking against the remote server as you said.

Quote:

Original post by Wave And back to encryption, how would someone work who wants to break an unkown encryption of some random data? The only thing they know is the packets from the game by packet sniffing. To be it seems like a series of random unreadable changing bits which I see no way to interpret without the source code. How do "hackers" start?

Either by reverse-engineering the game code, or by trial and error. If you can get a large enough pool of packets and you know what each one does (Jump packet, move packet, etc), you might be able to see patterns in them.

In order to encrypt outgoing data, the client will need two things. It will need a key and an algorithm.
The key will either be embedded in the game binary somewhere, or received from the server during runtime. Either way, the key will ultimately have to be in readable form in memory to perform the encryption, so it will be possible to retreive it.
As for the algorithm, the attacker can just disassemble the game binary and search for something that looks like an encryption algorithm. Most algorithms have rather distinct code footprints that makes them somewhat easy to locate. Things like copy protection can help protect against disassembly, but ultimately all protections will be broken. It's all a matter of time and effort.

With multiplayer games, the more that is done by the server the safer you are from cheating. If the server maintains all the positions and you just issue move commands, for a simple case, you're safe from teleport cheats.

Map- and wallhacks are done by altering the client so that it shows information that is sent in any case, but not supposed to be shown. By not sending that information you can avoid them, but in a fast game it could be very annoying if the minimap lagged while you explored new areas so there are problems there too.

As mentioned above, encryption is useless if a hacker can find your encryption algorithm – he can just encrypt the changed packets himself.

Quote:

Maphacks or Wallhacks I'm unsure if they modify the memory or if they have anything to do with network. Solution: A possible solution may be for the server to not send you updates of people that you can not see, seen from the server's view. Another way could be to do random checks to see if the player can see or select something out of sight.

Wallhacks can be easily done with a modified OpenGL32.dll (or the D3D pendant). I have done this one time myself and got it working easily for Quake3 (No, I have not used it online! It was just a proof of concept!). This can be done for every game on every PC platform. The only counter measure I know is to make several screenshots throughout the game and transfer them to the server for analysis. Make a random delay between two screenshots.

You don't need to modify packets to create an aimbot. You could let the computer control the mouse movement. You only need to analyse the current framebuffer and detect, if there are any enemies. This becomes more easy when you change the player textures to a simple texture like "red only". If you found an enemy, you point the mouse to that position.
This is very hard to detect, because players can although use a touchscreen for aiming, which makes them very, very fast at aiming.

Actually The Specialists (specialistsmod.net) has a send-only-relevant-players-system coded in and working very well. Even 3rd person cornerpeaking is avoided.
This can only help against severe wallhacking though because in most games you want to send footstep-sounds to the client. (Yes, there are footstep-wallhacks for HL)

Perhaps by doing some advanced sound-system with multiple reflections and not sending the true origin of the sounds or by having the sound origin change position randomly a few meters every frame you could even avoid this problem. But most likeley a smart client could gather enough information to pin down the origin anyway.

My approach would be at what I think Bob was getting to...

Client does NOT tell the server where it is, but the client ASKS the server to move to X location.

Server calculates if it is legal or not.... if legal, then tell the client YES and so forth...

The more control yoou give the client, the more the client can be hacked with ease.

Quote:

Original post by Wave Is it possible to stop MapHacks and similar cheats by verifying the files of the game is unmodified?

Never trust the client on /anything/ *period*. How do you know that client isn't lying to the server about the files?