Jump to content
Special Upgrade 4 Tech Tips

Some Thoughts on PBEM / IP Cheating -- Hubert Please Read

JerseyJohn
 Share

Recommended Posts

Hubert Cater Senior Member

Hubert Cater

Posted
Posted

fischkopf

On the other hand you're the only programmer on the team (quite impressive), and your to-do list is no doubt pages and pages long.

Yes and this does make my time limited ;)

I'll be the first to admit your argument is quite impressive, but again I think it comes down to a few issues for me. 1) If and when someone does crack it we are back at square one where everyone is suspicious of everyone else and 2) I'm not really all that interested in playing the game of patching security updates on the game as each security measure is broken/cracked. It again comes down to deciding where time and effort is best suited for the game development.

Anyway, if you need any help feel free to contact me at andrew@alloymail.com. We're in crunch mode ourselves but I could certainly spare a few hours here and there to code this up for you.

Thanks for the offer but I think your posts have given me some ideas... and I'll think about it some more and take from there.

Hopefully you've moved off Eiffel by now

Wouldn't be doing it any other way smile.gif

[ May 11, 2004, 02:53 PM: Message edited by: Hubert Cater ]

Link to comment
Share on other sites
Hubert Cater Senior Member

Hubert Cater

Posted
Posted

Ok, before I shut up, I wanted to also suggest that all PBEM and TCI/IP turns send and check a CRC checksum of the actual application executable. If two players (with version numbers matching) had different CRCs a warning could be popped up.

Interesting idea but this might not work as there are various language retail versions of SC1 (same version numbers) that would report checksum mismatches

I mention this because for fun I made a hack to my SC such that I would always get my tech rolls. I could have just as easily written one where I was twice as likely, etc.

I obviously cannot condone this and/or other hacks you've reported (I do realize you are sharing this to support your recomendations) but either way I suspect limited interest in PBEM and/or TCP/IP games for you in the future ;)

Link to comment
Share on other sites
Caesar Senior Member

Caesar

Posted
Posted

Fischkopf, any security system relying on a hidden file or registry key is pointless. You can put a watch on the registry to find the hidden keys or you can take a copy of it before and after installing and diff the files. You can find any new files by creation or last modified dates. If the security system is going to work it cannot rely on things remaining hidden - they will be found. The CRC checks on the executable is a good idea though I would recommend using multiple checks and having the CRC calculated from varying positions in the file. To trick a single CRC check is not terribly difficult. You may be able to get around the differing languages etc by only applying it to parts of the program.

Link to comment
Share on other sites
fischkopf Member

fischkopf

Posted
Posted

Yes, registry key protection is weak. That being said, how many players would/could backup and restore registry keys after each replay of a turn?

Now the hidden files. They are not as easily found as you think. Because you can programatically change the modification date of a file in win32, you need just create the file once at install time (different filename for every install), modify it when a turn is loaded, then hack it's modification date to the original value.

Someone doing a Windows search will not pickup the file as modified.

There are ways around this, but they are indeed that much harder.

So think about it. To replay a PBEM turn the player has to backup the registry, find the hidden file (not easy), then restore both the registry and the file. Just to replay a single turn.

Compare this to the present case where they just have to delete the PBEM turn and replace it with the one attached to the email. Hmmm.

So is this pointless? It think it would dramatically cut down on PBEM replay cheating. Very few people could figure out how to circumvent it, and of those that did few of them could be bothered to do it for every turn.

I agree that the .exe should be CRC checked in some manner, although hacked .exe's will be rare compared to re-played PBEM turns.

Link to comment
Share on other sites
Jupiter Junior Member

Jupiter

Posted
Posted

fischkopf

I agree 100% with Ceasar. Any security architecture relying on hiding files and/or registry keys are doomed. File and registry monitors will highlight these. I think it is a common misconception of the developing community (and I'm including myself) that users are dumb and computer illiterate. Strong encryption of files/settings/transmissions would be the only way to be fairly safe from cheating.

If the main concern regarding PBEM games is the fact that you can reload the game to try and get better results then an elegant solution would be to generate the random factors and store these with the mailed game. Battles/results will then always be the same no matter how many times you reload the game.

Link to comment
Share on other sites
  • 1 month later...
Terif Senior Member

Terif

Posted
Posted

Yes, and I think the most important one is to prevent the ´poor mans´ cheating method by simply using the editor and increasing his starting values.

Here the solution is pretty easy I think - like others proposed earlier: if both sides can check all values before the starting turn (i.e. no fog of war, research/starting mpps can be seen = like in the editor, but without the possibility to change the values now).

Then cheating (except for reloading, thats a different problem) would only be possible during gameplay and this would require a lot more effort and knowlegde than using the editor - which can be done by everyone at the moment - and for most players cheating would be not possible any more.

Link to comment
Share on other sites
Curry Senior Member

Curry

Posted
Posted

Terif,

Good point. I understand it may be to hard to stop all cheating. But if this simple step can be done it would help. I would also hope that Mr. H.C. could come up with any other simple steps to help.

Link to comment
Share on other sites
  • 2 months later...
Friendly Fire Senior Member

Friendly Fire

Posted
Posted

Hi fischkopf,

I don't think a 256 bit key fits into 4 bytes.

Still, your idea is pretty good, takes out 90+ percent of the cheaters.

I think I could hack it by attacking the PBEM file, even if the key is split up into a bunch of locations

I would look for parts of the file that are constant within a game but vary from game to game. With enough samples I can track down all the key bytes. Once I get a good list of these locations I would mod them to match a game file I just generated and then I get a free reload. (Or a corrupted game file if I made a mistake)

of course you can add another twist to make this harder, the cat and mouse game can go on and on...

but I still think the game should make it less easy to play turns over and over, and your concept makes it hard, or at least a bloody nuisance. Good thinking!

Link to comment
Share on other sites
  • 3 weeks later...
vonpaul Junior Member

vonpaul

Posted
Posted

All this seems terribly complicated. Why not just preserve the random number seed like civ3 can do.

eg. In the save game file have then next say 100 numbers already generated. Whenever a number is used a new number is generated when the file is saved.

(assuming that no one hacks the save game file, but if they can do that they can do anything they like)

Link to comment
Share on other sites
vonpaul Junior Member

vonpaul

Posted
Posted
Originally posted by Terif:

Then cheating (except for reloading, thats a different problem) would only be possible during gameplay and this would require a lot more effort and knowlegde than using the editor - which can be done by everyone at the moment - and for most players cheating would be not possible any more.

My above post was agreement with this smile.gif
Link to comment
Share on other sites
Bill101 Senior Member

Bill101

Posted
Posted

Two thoughts:

1) The solution to cheating to get the right research result is simple - don't let the player see if they got any research breakthroughs at the end of their move, make them wait until they load up their next turn. It could be the first thing you get told, before you see the video.

2) I don't really worry about whether my opponents are cheating or not, and reloads could only make a big difference in turns where the player needs to knock out a key unit/country that turn.

When people say that PBEM can't be used for competitive play, here's a suggestion - have a league where it's ok to reload!

Not that I'd be interested in it, but if no one cared about reloads then it could work.

Link to comment
Share on other sites
vveedd Senior Member

vveedd

Posted
Posted
Originally posted by Bill101:

Two thoughts:

1) The solution to cheating to get the right research result is simple - don't let the player see if they got any research breakthroughs at the end of their move, make them wait until they load up their next turn. It could be the first thing you get told, before you see the video.

Simple and excellent solution. I hope that Hubert saw it.

As for cheating in combat results I have suggested before and I’ll say it again. There are two ideas:

1. It is called PBEM online. To play his turn player must connect to a certain server and play like he is playing TCP/IP game. When he is finish he will save turn on server and server will automatically send his turn and notice on opponent player e-mail with information’s like turn number, date, time AND server connection number. Server connection number will be in this case number of game loads. Of course, for that idea game makers or distributor must have resources for a good server.

2. It is called Online Notification. Before player load his turn, first, he must connect on internet. In that moment game will automatically send notice on opponent player e-mail that he has loaded his turn with other information’s like turn number, date, time etc. After that he can disconnect and play his turn.

Naturally, these ideas are not perfect and someone will find the way how to cheat. There is no perfect solution to prevent PBEM cheating.

Link to comment
Share on other sites
Bill101 Senior Member

Bill101

Posted
Posted

Hi Vveed, with regard to online notification, it might be easier if you were only informed if your opponent loaded the file more than once, otherwise we'd be getting lots and lots more emails than we currently do.

Otherwise it potentially sounds a good solution.

By the way, are we any closer to finishing our game?

Link to comment
Share on other sites
vveedd Senior Member

vveedd

Posted
Posted

Hi Bill, nice to see you again!

Yes, this will be a much better but how game will know when is reloaded if is overwritten with original one from mailbox?.

Unfortunately I don’t have time to play. I have only a few free times now (you know why) and that times are on weekend when weather is bad. ;) So to my opinion game will not be fun if we play it in those circumstances. Actually I am already now very concern do I’ll have free time to play SC2 :( .

Link to comment
Share on other sites
Bill101 Senior Member

Bill101

Posted
Posted

Hi Vveed

Good to hear from you too.

I don't know, but perhaps the programmers would find a way to implement your suggestion, without us receiving two emails for every turn played. That would be the ideal solution anyway.

I hope you do get some free time at some point. If you do, you know where to find me.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...