[Nel] open source MMORPG and hacks/cheats question (probablyoff topic)

Daniel Miller miller@nevrax.com
Mon, 17 Dec 2001 12:07:37 +0100


At Nevrax our thoughts run as follows:

Game clients are very easy to reverse engineer or hack on a PC.
Server/ Client data packets are even easier to hack.

We assume that whether the source code for the client is open or closed, it
will inevitably be modified.

The only way to avoid cheating is to take all game sensitive decisions
server-side and to treat client as a kind of dumb terminal. This has
implications throughout the game design.

For instance, to avoid a hack from making invisible players visible, it is
up to the servers not to transmit update information for invisible players
to the clients. This means that invisible players can not make 3d-positional
noises as this would give an exploitable piece of information.

The front end servers clearly have to be robust too which means that all
incoming data from the clients is treated with caution - packets containing
invalid data are simply ignored.


In a nutshell - we assume that servers are trustworthy and that clients are
not.


Daniel.

-----Original Message-----
From: nel-admin@nevrax.org [mailto:nel-admin@nevrax.org]On Behalf Of
Vincent Caron
Sent: Sunday, December 16, 2001 7:13 PM
To: nel@nevrax.org
Subject: Re: [Nel] open source MMORPG and hacks/cheats question
(probablyoff topic)


There's a bit more than the 'security through obscurity' debate in this
question. It is actually more a question of trust, or if you prefer,
_what_ or _who_ needs to be secured ? The game ? The player moves ? The
server knowledge ?

Eric S. Raymond (with a nice link to Carmack's tought about this) did a
nice essay, back to the time where 'cheating drivers' (making walls
transparent) were about to be unveiled for FPS games :

http://www.tuxedo.org/~esr/writings/quake-cheats.html


_______________________________________________
Nel mailing list
Nel@nevrax.org
http://www.nevrax.org/mailman/listinfo.cgi/nel