Cheat countermeasures

[noccy]

I've been reading a bit on her about cheaters in the main mp lobby. Wouldn't it be possible to create a simple anti-cheating scheme to at least attempt to hinder the lameness?

One idea would be a basic file hashing scheme with a challenge/response. This idea is full of holes and caveats, but it could perhaps evolve into something a bit more reliable. If the sever were to send a "range" and a "challenge" to the client, such as "1234-1245" and "helloworld!" (obviously, this would just be any random string), the client would then apply that range to one of the key files of the game in order to extract the data and then concatenate it with the challenge. The result would be hashed and sent back to the server. Nothing would prevent the server from requesting a "revalidation" at any time.

I know that implementing this on the binaries might be a whole lot of trouble considering the platforms supported, debug vs. non-debug builds etc. It could however be performed on the main data files or something that can be considered consistent across platforms.

Surely this would not get rid of cheating alltogether, but it would at least hinder some of it. Cheating the game would just be a matter of rewriting your l33t h4xx0r version to calculate the sums from a copy of the original data files or so, but it would still require two sets of the data files to be installed and maintained. The same hashing could of course be performed on the data as it's loaded from the archives as an added verification, but the advantage of the server asking for a specific range would be that it would be a genuine hell to create a "lookup table" in order to fake the verification, especially considering the challenge being added to the mix.

Players that fail the verification could either be kicked (which might be a bad idea as the server would be unaware about trunk builds etc) or marked with a red skull or questionmark or similar to indicate that the verification failed or that the player is using an unofficial version of the game.

What do you guys think? Doable or simply not worth it?

[chekwob]

This is already done. In the game it's known as a Data Check, and you will see messages about it if you run the debug version.

[Dalton]

This is already done. In the game it's known as a Data Check, and you will see messages about it if you run the debug version.

Chekwob knows all about that... (sounds like cheeky behavior )

[noccy]

Ah, excellent When will that feature be available in the stable release, and how does it indicate it's success/failure?

[chekwob]

It's already in. Whenever someone is kicked at the start of a game for "incompatible mods", it means they failed the data check.

[Zarel]

Yeah, what the other guys said. The feature's been available since 2.2.4. Verification schemes are ridiculously easy to circumvent, which is why we use it mostly to prevent accidental corruption caused by mods.

[noccy]

Ah, I see. And I agree with you Zarel, which is why I proposed the above algorithm. The "random chunk + challenge" algorithm would be a bit harder to circumvent as there is no way to calculate all the possible checksums in advance

[chekwob]

The "random chunk + challenge" algorithm would be a bit harder to circumvent as there is no way to calculate all the possible checksums in advance

The checksum wouldn't have to be faked if the stats data is left intact.

[milo christiansen]

So do a hash on the binary too.

[chekwob]

So do a hash on the binary too.

The Mac OSX binary isn't the same as the Windows one, and on Linux you're expected to compile it yourself. Different build environments can create different binaries.

[Zarel]

Ah, I see. And I agree with you Zarel, which is why I proposed the above algorithm. The "random chunk + challenge" algorithm would be a bit harder to circumvent as there is no way to calculate all the possible checksums in advance

Keep a copy of the legitimate data. Load your cheat data, but when asked for checksums, take them from your legitimate data. Bam, circumvented.

So do a hash on the binary too.

Keep a copy of the legitimate binary, follow instructions above.

Not to mention that we would have to drop support for many nonstandard distributions of Linux and BSD if we went this route.

[milo christiansen]

True.

so the only way to go is some kind of dedicated server?

[noccy]

so the only way to go is some kind of dedicated server?

You mean like offloading some of the logic to the server?

[milo christiansen]

Yes, if you mean doing things like power rate checks and such during a game.

Come to think of it wouldn't something like having every computer run a simple check on the power flow rate/units built/oil owned to check for example, that no one has 1000000 power with 4 oil in the early game, be a good way to at least slow cheaters down? Such checks could be droped after the first 20-30 minutes as cheaters won't like the wait.

[m1ndgames]

If you had to register in the Forums before you could login to the login server, you could add cheat reports and ban the accounts.

oh well... i suggested this allready like a gazillion times, i fu**in coded the whole multiplayer server and still: no progress on the client side, no answers in the topic... screw this!