Page 1 of 1

Anti-Cheat Protection?

Posted: 22 Aug 2005, 12:42
by Peacemaker

Will there be a anit-cheat protection if the client and new Server reaches a final version?

I know, at the current developing phase such a protection makes no sense... because the client is changing often and many ppl compile there own (like me)... but I want to mention it ;)

I think that there are a lot people who wants to put on their own server... if tmw goes final someday :) and they surely want to protect their server somehow...

Here is a simple protection system, using md5 hashes. ... ection.png
There is a problem: the hash might be faked anyway on the way to the login-server... solution? maybe a closedsource launch application which hashes the client and challengeresponse it to the Server?

Posted: 22 Aug 2005, 13:27
by ktm
keeping those checksums up-to-date is gonna be a real female dog, wolf, fox or otter. good luck with that. i think since everything's open source there's no proper way to check that stuff client-side (heck, i dont even trust closed source clients that i wrote *myself*, since someone could have disassembled & "improved" them), so let the server do it (kinda like it's being done now: send only stuff the client absolutely has to know, and not a byte more). to protect from bots etc one could implement a captcha to do every full hour or so, but that'd be a major annoyance to regular players. the best way would still be the old-fashioned "gm watching players that behave suspiciously".

Posted: 22 Aug 2005, 13:51
by ElvenProgrammer
There are many ideas on our server development docs to prevent cheating. But they usually don't include hacking protection: everyone should be able to hack his client and play TMW if the client follows the server rules.
I guess you're referring mostly to what happened on the "Drunken snakes" event. Someone had his modified client version with auto pick up enabled. This is possible because eathena allows everyone to pick up dropped items (it sound strange to me though, since when I was playing RO that wasn't happening). Our server will of course prevent stealing of loot even with an hacked client. Using checksums is only useful for authentication which probably won't be a problem even when using our server, encrypted username and password should be more than enough.

Posted: 22 Aug 2005, 14:05
by Matt
My idea is that every sever has rules like "Speed is x", "You can only pick up items of monster that you killed", ... So you can hack your client as you wish without the possiblity of cheating.

Posted: 22 Aug 2005, 14:08
by Bjørn
Checksums make no sense in this open source project. Actually we should even be encouraging people to modify their client and distribute improved versions and contribute patches. All cheat protection will be done server side.

This does mean that banning bots will be more difficult. This problem is the same as banning misbehaving players in general though, and can probably best be handled by GMs as ktm said.

It could be cool to have a server on which bots are explicitly allowed, to see what people can come up with and potentially have bots vs bots fights.

Posted: 22 Aug 2005, 14:41
by Peacemaker
ok thanks

I'm not only referring to the event... The other topic in which somebody wants cheats was decisive for my topic...

another problem are hacked maps with no collisions. I didnt see ppl using it yet but a few months ago the desert map was updated via CVS for example... The CVS Players were able to see the other (monthly release) ppl walking through the fences because they used the old Map ... so it might be possible to leave a closed PVP Area while fighting?!? I think the new Server will check the corrds. serverside right? so that problem would be solved :) EDIT: Bjorn already answered it -> Serverside ;)

what about an optional action-recorder for clients? that actionrecorder should record every interaction in view... so user can record obvious interactions and submit it to the gm's? (i dont know which data the server sends to the client... so i dont know if its possible or not)