yet another strategy...

Content and general development discussion, including maps, quests, and server code from the development team.
Post Reply
User avatar
iceslice
Novice
Novice
Posts: 266
Joined: Mon Nov 16, 2009 9:39 pm
Location: MilkyWay

yet another strategy...

Post by iceslice » Tue Jun 22, 2010 7:31 pm

I dont know if this strategy was talked before to ensure fairness in the game. Still it's worth to consider. (i had a talk with a char "shadows" )
Well, it's like this....

a server will have options of running in two modes, secured & non-secured mode. In secured mode only the client compiled by the server admin can access the server. In non-secured mode any client can access the server. How's that ? admin will use an encryption key while compiling the client & client will use the key to make connection with the secured server.
This way the client still remaining it's OpenSource tag. Only the encryption protocol is varying. (i.e. codes open but connection isnt) And it'll ensure some kinds of fairness when the server is running in secured mode. Because that way a player cant run a client that's not compiled by the admin.

Well, drawback is, it'll increase pressure on the server to make it laggy. But there are ways to make the connection optimized.

If it's implemented, it'll be suicidal to my own portable client. So far I talked against my own client. :| :|
.... for the sake of fairness
Lets Chase MDGs...

ManaPortable (Vanilla Mana + ManaPlus) -- run 'em portably

http://manaportable.1sourceplus.com
http://manamac.1sourceplus.com
Game Server >> jadu.1sourceplus.org , jadu.1sourceplus.com

User avatar
Crush
TMW Adviser
TMW Adviser
Posts: 8046
Joined: Thu Aug 25, 2005 5:08 pm
Location: Germany

Re: yet another strategy...

Post by Crush » Tue Jun 22, 2010 8:13 pm

Sorry, but there is no secure way to authenticate the integrity of a software which connects to a service over a network. Even when you cryptographically sign the client the hacked client could just obtain the signature from a parallel legit client installation. When you encrypt the network traffic you have to store the encryption key somewhere in the original client where the hacked client can find it. You simply can not trust the client. Any code which runs on the users machine is under the control of the user and can be manipulated by him.

There are commercial anti cheat tools like Gameguard, VAC or Punkbuster which claim to be able to prevent the user from tinkering with the client software of games they protect, but those tools have serious weaknesses:

1. they requires very invasive access to the users operating system which is violating the users privacy and right to control his system.
2. they rely on security by obscurity. They try to be hard to circumvent by trying to make it hard to find out what they do and how they do it. This concept can't work in open source.
3. they don't work. there are a lot of attacks which are not detected by these tools or hacks to disable them.
  • former Manasource Programmer
  • former TMW Pixel artist
  • NOT a game master

Please do not send me any inquiries regarding player accounts on TMW.


You might have heard a certain rumor about me. This rumor is completely false. You might also have heard the other rumor about me. This rumor is 100% accurate.
User avatar
iceslice
Novice
Novice
Posts: 266
Joined: Mon Nov 16, 2009 9:39 pm
Location: MilkyWay

Re: yet another strategy...

Post by iceslice » Tue Jun 22, 2010 11:06 pm

well, it seems already studied.
Btw, ofcourse you cant trust a client forever. it's possible to reveal the encryption key by decompiling or so. Still wont it reduce the way players modify the client every often ?
Lets Chase MDGs...

ManaPortable (Vanilla Mana + ManaPlus) -- run 'em portably

http://manaportable.1sourceplus.com
http://manamac.1sourceplus.com
Game Server >> jadu.1sourceplus.org , jadu.1sourceplus.com

Post Reply