Anti-Cheat Protection?
Forum rules
This forum is for feature requests, content changes additions, anything not a Bug in the software.
Please report all bugs on the Support Forums
- Peacemaker
- Novice
- Posts: 96
- Joined: 04 Apr 2005, 19:41
Anti-Cheat Protection?
hi
Will there be a anit-cheat protection if the client and new Server reaches a final version?
I know, at the current developing phase such a protection makes no sense... because the client is changing often and many ppl compile there own (like me)... but I want to mention it
I think that there are a lot people who wants to put on their own server... if tmw goes final someday and they surely want to protect their server somehow...
Here is a simple protection system, using md5 hashes.
http://www.rainbowsix.org/temp/tmw/tmw_ ... ection.png
There is a problem: the hash might be faked anyway on the way to the login-server... solution? maybe a closedsource launch application which hashes the client and challengeresponse it to the Server?
Will there be a anit-cheat protection if the client and new Server reaches a final version?
I know, at the current developing phase such a protection makes no sense... because the client is changing often and many ppl compile there own (like me)... but I want to mention it
I think that there are a lot people who wants to put on their own server... if tmw goes final someday and they surely want to protect their server somehow...
Here is a simple protection system, using md5 hashes.
http://www.rainbowsix.org/temp/tmw/tmw_ ... ection.png
There is a problem: the hash might be faked anyway on the way to the login-server... solution? maybe a closedsource launch application which hashes the client and challengeresponse it to the Server?
Peacemaker: Level 58 - STR 60+ / AGI 30 / VIT 36 / INT 5 / DEX 20 / LUK 5 - wiped because of inactivity...
keeping those checksums up-to-date is gonna be a real Female dog, wolf, fox or otter. good luck with that. i think since everything's open source there's no proper way to check that stuff client-side (heck, i dont even trust closed source clients that i wrote *myself*, since someone could have disassembled & "improved" them), so let the server do it (kinda like it's being done now: send only stuff the client absolutely has to know, and not a byte more). to protect from bots etc one could implement a captcha to do every full hour or so, but that'd be a major annoyance to regular players. the best way would still be the old-fashioned "gm watching players that behave suspiciously".
- ElvenProgrammer
- Founder
- Posts: 2526
- Joined: 13 Apr 2004, 19:11
- Location: Italy
- Contact:
There are many ideas on our server development docs to prevent cheating. But they usually don't include hacking protection: everyone should be able to hack his client and play TMW if the client follows the server rules.
I guess you're referring mostly to what happened on the "Drunken snakes" event. Someone had his modified client version with auto pick up enabled. This is possible because eathena allows everyone to pick up dropped items (it sound strange to me though, since when I was playing RO that wasn't happening). Our server will of course prevent stealing of loot even with an hacked client. Using checksums is only useful for authentication which probably won't be a problem even when using our server, encrypted username and password should be more than enough.
I guess you're referring mostly to what happened on the "Drunken snakes" event. Someone had his modified client version with auto pick up enabled. This is possible because eathena allows everyone to pick up dropped items (it sound strange to me though, since when I was playing RO that wasn't happening). Our server will of course prevent stealing of loot even with an hacked client. Using checksums is only useful for authentication which probably won't be a problem even when using our server, encrypted username and password should be more than enough.
- Bjørn
- Manasource
- Posts: 1438
- Joined: 09 Dec 2004, 18:50
- Location: North Rhine-Westphalia, Germany
- Contact:
Checksums make no sense in this open source project. Actually we should even be encouraging people to modify their client and distribute improved versions and contribute patches. All cheat protection will be done server side.
This does mean that banning bots will be more difficult. This problem is the same as banning misbehaving players in general though, and can probably best be handled by GMs as ktm said.
It could be cool to have a server on which bots are explicitly allowed, to see what people can come up with and potentially have bots vs bots fights.
This does mean that banning bots will be more difficult. This problem is the same as banning misbehaving players in general though, and can probably best be handled by GMs as ktm said.
It could be cool to have a server on which bots are explicitly allowed, to see what people can come up with and potentially have bots vs bots fights.
- Peacemaker
- Novice
- Posts: 96
- Joined: 04 Apr 2005, 19:41
ok thanks
I'm not only referring to the event... The other topic in which somebody wants cheats was decisive for my topic...
another problem are hacked maps with no collisions. I didnt see ppl using it yet but a few months ago the desert map was updated via CVS for example... The CVS Players were able to see the other (monthly release) ppl walking through the fences because they used the old Map ... so it might be possible to leave a closed PVP Area while fighting?!? I think the new Server will check the corrds. serverside right? so that problem would be solved EDIT: Bjorn already answered it -> Serverside
what about an optional action-recorder for clients? that actionrecorder should record every interaction in view... so user can record obvious interactions and submit it to the gm's? (i dont know which data the server sends to the client... so i dont know if its possible or not)
I'm not only referring to the event... The other topic in which somebody wants cheats was decisive for my topic...
another problem are hacked maps with no collisions. I didnt see ppl using it yet but a few months ago the desert map was updated via CVS for example... The CVS Players were able to see the other (monthly release) ppl walking through the fences because they used the old Map ... so it might be possible to leave a closed PVP Area while fighting?!? I think the new Server will check the corrds. serverside right? so that problem would be solved EDIT: Bjorn already answered it -> Serverside
what about an optional action-recorder for clients? that actionrecorder should record every interaction in view... so user can record obvious interactions and submit it to the gm's? (i dont know which data the server sends to the client... so i dont know if its possible or not)
Peacemaker: Level 58 - STR 60+ / AGI 30 / VIT 36 / INT 5 / DEX 20 / LUK 5 - wiped because of inactivity...