Ok.. you want to know how to hack it. The easiest one is wait until your code is done checking all the dlls (if you want you can watch all this to see the calls and hack each dll also, but not needed), then you load a memory hack, overwrite what ever code you want and off you go. You do not need to do a single modification to your dlls or exe to hack your program. This would effectivly disable any protection that you have from your system. If you decide to do a check of the code durring run time the memory hack can have a saved version of the code footprint and let you check that when you want to verify that everything is still the way you want it.

theTroll

Quote:

Original post by TheTroll Ok.. you want to know how to hack it. The easiest one is wait until your code is done checking all the dlls (if you want you can watch all this to see the calls and hack each dll also, but not needed), then you load a memory hack, overwrite what ever code you want and off you go. You do not need to do a single modification to your dlls or exe to hack your program. This would effectivly disable any protection that you have from your system. If you decide to do a check of the code durring run time the memory hack can have a saved version of the code footprint and let you check that when you want to verify that everything is still the way you want it. theTroll

This is where the idea that you could use this DLL system to check for instances of certain hack methods would come in handy. This will not reduce hacks to 0% but will certainly frustrate hack makers.

Once they have found out how to modify the memory etc and release their hack to the world, you then have the opportunity to download it and create a new method that breaks the current one, and requires different output from the function back to the server. This then limits the use of hacks to either a small group of people (who don't publically release their hacks) or to individuals who are competent at hacking the game code.

Either way this should eliminate the majority of users using the hacking methods, though will not totally irradicate the problem (which is entirely impossible at the moment).

Quote:

we can usually afford the time to secure the client further

I don't understand how you can say this. From the data I've seen, a professional developer can easily put a team of three full-time people on "gameplay security" or whatever you want to call it. An indie team is happy to have three full-time people on the entire game. What's your experience to back up that statement?

dwarfsoft, to do that you would have to have a full time team of developers and testers to keep the new fixes going. How are you going to afford this? How do you pay for that team to keep doing thier work?

I will say it again, this is all cost benifit. Yes you can keep changing your program to make them recrack your code but is the cost worth the benifit? You will keep getting hacked and then you will keep having to update your code.

How long will it take you to fix each hack? Lets say you are a really hot team, with testing you can get each hack patched in a week. That still leaves a week of people cheating for every hack.

You have to keep putting patch after patch into your code, this gets really ugly after awhile, it will become harder and harder to get the patches out fast. It will get harder and harder for you to not introduce bug after bug into your program.

Every patch that you add, adds the possible of adding more bugs into your software, remember these are time sensitive patches so there will never get the testing that you would norammly put into your software.

In the end you are putting lots of money into making buggy code. Do you really think this is a solution?

theTroll

Incidentally, I've been talking with a friend to work on a project where we're going to remake a game (specifically, Puzzle Fighter) for multiplayer, using a peer to peer architecture where neither peer is trusted. That is, each peer has reason to be suspicious of the other peer for cheating. It's basically a research project on the side.

The discussions I've had with him have been most enlightening, and it sounds like it can actually be pulled off. But I'm still damned happy that I'm only doing the graphics work, because the security work sounds like a real bitch. Peer to peer without any trust. God damn.

well if you kept modifying your code for the hacks and banning the accounts responsible I think the hacker would give up on purchasing the game for another registration key which I'm guessing you'd be using and I have never seen anyone hack the registration keys.

Quote:

Original post by dwarfsoft This then limits the use of hacks to either a small group of people (who don't publically release their hacks) or to individuals who are competent at hacking the game code.

And these groups are far worse than the public groups of idiots who are just there to use the released "tools" combined -- people, who /will/ find anything you've left in the client hands eventually.

All clientside protection will do in the end, is piss off legitimate users. It's not going to stop those private groups.

Quote:

Original post by etsuja I have never seen anyone hack the registration keys.

...Are you joking? Registration keys are usually the first thing to get hacked.

Quote:

Original post by Promit Quote: Original post by etsuja I have never seen anyone hack the registration keys. ...Are you joking? Registration keys are usually the first thing to get hacked.

for an mmo? I don't think so.

Quote:

Original post by TheTroll Ok.. you want to know how to hack it. The easiest one is wait until your code is done checking all the dlls (if you want you can watch all this to see the calls and hack each dll also, but not needed), then you load a memory hack, overwrite what ever code you want and off you go. You do not need to do a single modification to your dlls or exe to hack your program. This would effectivly disable any protection that you have from your system. If you decide to do a check of the code durring run time the memory hack can have a saved version of the code footprint and let you check that when you want to verify that everything is still the way you want it. theTroll

ok now you dissapoint me.

First of all, I never said anything about checking DLL's, thats another matter, I even stated you can not fully protect third party libraries with it.

For your memory hack to work you will have to know what memory to overwrite...

So please try to answer this question:
How are you going to know what memory to overwrite?

With the game clients that exist today this is simple, they are static and never change (except when there is some update). So once you find where to patch the memory you can indeed just do a simple memory hack, release your cheat and your good for a month or 2.

I propose something new, a dynamic solution, where game clients mutate(randomize) every time you connect. So lets say you cracked one instance of a game client, it will not work next time you connect.

About the cost...there are in fact companies who are working on anti-cheat protections, its the only thing they do (punkbuster, NProtect, ...).
Their protections suck and they know it, but yet they are making loads of money with it, because there simply is nothing better, (YET :p).

[Edited by - ronkfist on May 16, 2006 6:22:06 AM]