Hey When one have a online game, with a client server architecture. Is there a way to be sure that a user is not playing with a hacked client? I have been thinking in lines like having the client to take a hash on dll:s and exe:s on startup and providing the hashes as a part of the login. But I'm not sure that that is enough? I'm thinking that the user could take the hash of the dll:s and exe:s and save them and then modify the client so that they are just cosntnats that are sent to the server at login, to go around this. Anyone have a solution that is bullet proof? Lizard

There have been plenty of discussions on this, but the usual solution is to try to get the server, instead of the client to manage important data. It's really very hard to keep an end-user from just using a packet sniffer, unless you take to using encryption, and then they can just profile memory, etc... really, hashes and trying to verify the client are much easier to get around than a situation where the client can't actuall mess with the data. Beyond that, any measures will just slow hacks down, instead of stopping them, so practically nothing is bulletproof.

An interesting thread on the topic can be found here.

As well, another problem with hashing dll's and exe's is that Windows binaries aren't exactly portable, and Wine doesn't run on every software platform yet. This would complicate any possibility of porting your work, as you'd have to start associating hashes with platforms on the server.

Your client is going to get hacked, that hack is going to get published to the web. There are things you can do to slow the hackers down but in the end it will get hacked no matter what you do. There is NO bulletproof software solution to prevernt hackers. If you think you have come up with a solution that is going to stop them you are just fooling yourself.

The only way to protect yourself in a client/server game is to make sure the server is secure and make sure that all the real work is done on the server. This adds a lot of load to the server but it is the only way to prevent cheating.

theTroll

In the extreme, a hacker can write his own program, that just listens to packets from your server, and sends back whatever your server wants to hear. The hacker can disassemble your program, even if you encrypt it, because the CPU needs to run a disassembled version. You have to assume that the client will be hacked, and design your gameplay and server validation based on that assumption. That's one of the reasons we use an advanced kind of lockstep networking with consistent server-side physics, but there are other solutions to that particular problem, too.

Theoretically it is impossible to make something 100% bullet proof against cheaters, but in practice there are some ways that will stop hackers because the human brain has limits.

eg. How did the universe start? We will never grasp this because a today's human brain can't handle this question.

This question proves that the human brain has limits, and there are a million other things our brain can't solve either (maybe someday it will, tho).

So it's just a matter of creating something nobody understands :)

And yes it is possible, I read in that other thread about "self modifying code".
Well thats a start, the problem is tho that you would need self modyfying code to modify your self modifying code and so on..., so that won't work.

The biggest problem is that most people just adapt other people's ideas, instead of thinking about the problem. There are ALOT of imitators but very few creators on this planet.

Seek and u shall find.

Quote:

Original post by ronkfist Theoretically it is impossible to make something 100% bullet proof against cheaters, but in practice there are some ways that will stop hackers because the human brain has limits.

I think you'll find the brains of any small group of developers are more limited than the countless people who will try to hack. It only takes on person who hacks it to spoil your day.

All you end up doing is culling the number of hackers who will be able to hack your program, and for a single developer project, this can be at the expense of more important things, particularly since you may not be a big enough target to draw decent hackers.

Remember, the more hackers fail, the bigger the percieved prize will be.

Quote:

So it's just a matter of creating something nobody understands :)

If you can understand it (and you should damn well be able to [smile] ), then it will be hacked.

Or great self modifying code will just be bypassed, the hacker will just rip out that part and that will be the end of that. I few well place jumps and no more modifying code. As long as we can read the asembly there is no way to prevent a hacker from cracking your code. Sure most hackers are not that good but the problem now days is it only takes one, then they publish it to the web and your code is free for everyone.

theTroll

P.S. No matter how smart or good you think you are, there is ALWAYS someone better.

As a programmer, I resent that last statement, as that is a physical impossibility.

What I am trying to say is if YOU think you are the best you are wrong.

theTroll

Quote:

Original post by TheTroll Or great self modifying code will just be bypassed, the hacker will just rip out that part and that will be the end of that. I few well place jumps and no more modifying code. As long as we can read the asembly there is no way to prevent a hacker from cracking your code. Sure most hackers are not that good but the problem now days is it only takes one, then they publish it to the web and your code is free for everyone.

Wrong...

The problem is you just copy what u read, no offense, most ppl do that.