I'm not sure exactly where to post this, if I posted this in the wrong forum I apologize.

I will be explaining my hacking concept for my game; Spies.

To get a better explanation of what the game is about, follow this link.

Well I'm trying to lay the foundations for the computer networks within the game. It's not going to be like "verb-use hacking device...wait 5 seconds...file retrieved!"

I want to make this concept as realistic as possible without straying too far from the norm.

This is a pretty decently sized rant, I'll try to make it bearable. For all you people out there who know about networks and servers, please correct me.

First lets understand the general concepts of a network;

Protocol:

A set of communication rules

Network Interface Card (NIC):

Sends and receives signals (messages)

Basic Concept:
Computer A encodes information using a protocol, and sends signals through the NIC.

Computer B receives the signals through their NIC, and using their protocol translates the signals into accessible files.

Spies Concept:
Generally all computers have 2 protocols. One receives information and decodes it from a hub, the other hashes it to be sent back to the network. The main computer puts a hash on the file before sent to the server, and stores the information for later access.

It goes something like this:

record	//we attempt to retrieve a file from the network off the	//main computer, we request the file and the protocol	//creates an appropriate hash, appoints it to the original file,	// and sends it along			protocol_hash = "somesecrethashingpass"	hash = md5(protocol_hash + record_name + data)		//computer b recieves the file and the hash, 	//and recalculates to see if its been tampered with,	//now computer a and b have the same protocol language	//which means the protocol_hash password should be the same			if(hash == md5(protocol_hash + record_name + data)		//the file is now stored as a copy in computer b		//whos hash variable is equal to the hash variable 		//residing in the main computer				return		//this isn't to say someone could have edited the 	//data and then hashed it appropriately, which is complicated	//now the server needs to be able to manipulate it 	//accordingly and send it back without error			//this is where hacking comes into play,*		//*Read about this at the end of the article.			newhash = md5(protocol_hash + record_name + data + "edited")		//the file and the new hash are then sent to the main computer's protocol		//now the computer checks if it wasn't hashed appropriately		//see if it wasnt interfered and tampered with along the way to computer A	if(newhash != md5(protocol_hash + record_name + data + "edited")		alert(file tampered with!)		return			//check if the record was hashed accordingly through the correct protocol	if(md5(protocol_hash + record_name + data + "edited")==newhash)		//the hash was created through the appropriate protocol, it is valid		update_file			else if(hash == newhash)		//the file's hash equals the same hash within computer a's record		//nothing was changed		return	else		alert(file tampered with)	

Please note the above code may be lacking a few details, but its just to show you the general idea.



*This opens up a number of possibilities for hacking, which mainly require knowledge and skill.

Now when changing a file in a server, the protocol will create a specific hash based on the information. That data is then sent out, and the main computer will do a check. Both computers are running the same protocol language, so if the file editing was done legally, everything should check out.

Thus making it impossible to simply edit basic information on a record and try to send it to be updated, without changing the hash. Only a protocol assigns a specific 'code' if you will, to be then decoded by that same 'code'. If you don't know this code, its damn near impossible for you to make up your own hash matching the record data, let alone attempting to send the information back through the protocol to be updated in the network.

This is where gadgets come into play. The spy will have access to a laptop, which he can upload various programs and run them locally, or on a server/network. Given he has the right tools for the job, he could upload his own protocols, connect to a server and send files straight from his laptop to be updated in the network.

I think that's all I will rant about tonight. I have left out specifics, just to give you a general idea of how things will operate.

Now remember, I want to keep this as realistic as I can. If I have made a mistake in my interpretations of a network/server and/or what they can do please correct me.

A hacking game! How original. But your problem seems to be semantics. Do you know why hacking in the movies display colorful boxes and pictures and 3d images and stuff? Because hacking is not fun. BUT! If you can put in elements that are fun in your hacking game, well hey, you got a diamond mine there mister!

Quote:

Original post by borneogamer Do you know why hacking in the movies display colorful boxes and pictures and 3d images and stuff? Because hacking is not fun.

I have always wondered why nobody tries to buck this trend. Is there any good reason for TCPdump *not* to display traffic as a virtual waterfall, with coloured streams to represent packet types and quantities? Or for the real-time firewall logs not to display discarded packets as bouncing off a virtual shield?

I agree with the above posters, if you make it too much like real hacking, then anyone who is interested in it will probably be real hackers, in which case, they would probably rather just do real hacking.

I think you need to mix in some type of fun things.

The only hacking game i've played is Uplink, you should try it, it's not perfectly realistic, but isn't neither a bunch of 3D allegories.

Quote:

Original post by klefebz The only hacking game i've played is Uplink, you should try it, it's not perfectly realistic, but isn't neither a bunch of 3D allegories.

I'd second this - Uplink found a fairly happy medium between realism and Hollywood-style hacking. The game used a suitable level of abstraction and mechanics which seem superficially plausible to the average non-technical person (referencing trojans, encryption, routing and a bit of social engineering in the form of recording phone calls to use later opening voice recognition locks). Another of its strengths was the variety of objectives: destroying data, transferring money, changing database records, corporate information dealing and so on. Uplink wasn't without its flaws and the "hacking in" part of the game could get somewhat repetitive (something which I think is a major challenge when designing a hacking game) but is worth playing if only for research purposes.

Quote:

Original post by WavyVirus the "hacking in" part of the game could get somewhat repetitive (something which I think is a major challenge when designing a hacking game)

Is that really any different than any other genre? Slogging through mud-filled trenches in the pouring rain is also repetitive and uninteresting, but Call of Duty never saw that as a barrier to FPS design...

Real world hacking tends to be around 90% social engineering, and 9% planning - systems are on the whole fairly secure, but exploits come along once in a while, and the trick is to have enough infrastructure to deploy a wide-spread attack before the vulnerability is patched.

Quote:

Original post by swiftcoder Quote: Original post by WavyVirus the "hacking in" part of the game could get somewhat repetitive (something which I think is a major challenge when designing a hacking game) Is that really any different than any other genre? Slogging through mud-filled trenches in the pouring rain is also repetitive and uninteresting, but Call of Duty never saw that as a barrier to FPS design... Real world hacking tends to be around 90% social engineering, and 9% planning - systems are on the whole fairly secure, but exploits come along once in a while, and the trick is to have enough infrastructure to deploy a wide-spread attack before the vulnerability is patched.

Now there's an idea! Penkovskiy, why not include social engineering in your game? Make it so that you can have several ways to do a hacking "quest", which is either social engineering, brute force, or wiresharking (aircracking if your target is wireless) packet sniffing, or whatever.

I like the feedback so far! I think I got the impression some of you are convinced this is what the game revolves around.

See the game is based around 3 agencies, each one having their own network containing all their database records. Any orders for shipments of supplies are stored on the network, as well as the records of corresponding agents working for that agency. Hacking in the game is not a necessity, I was trying to plan a semi-complicated system that requires a bit of a learning curve to get good at it. The game revolves around a spy's skill and competence, not some hacking variable which determines your expertise.

While hacking is not necessary, the benefits that come with being able to hack a network are extremely significant. Hopefully this will incline the players to attempt to learn this system, as I am going to write a few detailed tutorials about it.

Social engineering is a definite, the possibilities I have planned go on and on..
My main goal is to create a system of how the database is active within the agency, and to purposely create a flaw in the system. It is up to the players to then exploit this flaw, add strategic tactics, social engineering, to retrieve the information they sought.

I will definitely check out this Uplink, thanks for the feedback!

Quote:

Original post by swiftcoder Is that really any different than any other genre? Slogging through mud-filled trenches in the pouring rain is also repetitive and uninteresting, but Call of Duty never saw that as a barrier to FPS design...

Well generally the excitement in an FPS comes from reacting to and interacting with the enemy AI, which is ideally complex enough to maintain some variety in the play experience. I agree that broadly a designer faces the same challenge of keeping the game interesting with a finite set of mechanics, but the problem can be exaggerated when the most common approach to hacking in a game is applied.

Hacking methods ("breaking through a firewall", "cracking encryption"...) are usually abstracted to mini-games which are often fairly static, without the emergent behaviour of multiple interacting autonomous agents, and ultimately can fail to stay fresh when the player encounters similar defences in all of the networks they are trying to break into (which is pretty much inevitable if a pseudo-realistic approach is being taken). Of course there are ways to deal with this - taking inspiration from action games might be one such method, where a "cat and mouse" element involving evading AI agents (sysadmins, computer forensics investigators or even anti-virus programs) is the focus.

Quote:

Now remember, I want to keep this as realistic as I can. If I have made a mistake in my interpretations of a network/server and/or what they can do please correct me

Your system basically revolves around obtaining the "salt" value used to create a checksum-type hash. It seems like a pretty plausible system, although things often don't work exactly like that (where data is submitted one record at a time with some kind of validation token). Generally the two machines would begin communication with some kind of "challenge and response"-based authentication protocol and then simply send data over their (now trusted) encrypted channnel.

[Edited by - WavyVirus on June 16, 2010 9:03:40 AM]