Networked multiplayer security in 3D games

Many game clients know more about what’s going on in a game than the
player is supposed to know. Theoretically, there is no real solution,
you cannot prevent sufficiently learned player from getting this
information for himself.

I am leaning in the direction of FPS games, however this discussion
probably can’ t be done any harm visiting other genres.

Plenty has been done to detect popular hacks on the game client, and
for the most part, this is an effective way of preventing people from
downloading hacks to cheat at the games they play, but it isn’t really
effective at preventing a potential hack author from using his hack if
he never chooses to publish it. I wonder if this even happens, I mean
you can’t really even know how many of them are out there.

My question is a bit FPS specific, but again, feel free to mention
other genres if you feel it’s relevant. But has there been any attempt
to send only information that the player should have access to?

Most FPS games do some ordinary sorting. If two players are on
completely independent areas of the arena, their clients might as well
not even be aware of each others’ presence. But what about, for
instance, a player who is completely concealed by a small box in the
street? I play Urban Terror (a Quake 3 mod) and the pretty much
unstoppable blending hack will make such a box completely see-through.
Yet the game server still reports the position and state of a such a
player even if he is completely concealed, probably because it would be
very expensive to calculate per-polygon visibility of other players.

Another issue is when you make a game that is open source. Then you
have a whole new set of challenges to tackle (unless you really think
there are uber-elite assembly hackers out there who have nothing better
to do than hack the binary packages of proprietary commercial games.)

Anyhow, I’m not planning on writing a multiplayer FPS game any time
soon, but it was a discussion I thought might be interesting, and I’d
like to hear any ideas that some of you may have.

Many game clients know more about what’s going on in a game than the
player is supposed to know. Theoretically, there is no real solution,
you cannot prevent sufficiently learned player from getting this
information for himself.

I am leaning in the direction of FPS games, however this discussion
probably can’ t be done any harm visiting other genres.

Plenty has been done to detect popular hacks on the game client, and
for the most part, this is an effective way of preventing people from
downloading hacks to cheat at the games they play, but it isn’t really
effective at preventing a potential hack author from using his hack if
he never chooses to publish it. I wonder if this even happens, I mean
you can’t really even know how many of them are out there.

My question is a bit FPS specific, but again, feel free to mention
other genres if you feel it’s relevant. But has there been any attempt
to send only information that the player should have access to?

Most FPS games do some ordinary sorting. If two players are on
completely independent areas of the arena, their clients might as well
not even be aware of each others’ presence. But what about, for
instance, a player who is completely concealed by a small box in the
street? I play Urban Terror (a Quake 3 mod) and the pretty much
unstoppable blending hack will make such a box completely see-through.
Yet the game server still reports the position and state of a such a
player even if he is completely concealed, probably because it would be
very expensive to calculate per-polygon visibility of other players.

Another issue is when you make a game that is open source. Then you
have a whole new set of challenges to tackle (unless you really think
there are uber-elite assembly hackers out there who have nothing better
to do than hack the binary packages of proprietary commercial games.)

Anyhow, I’m not planning on writing a multiplayer FPS game any time
soon, but it was a discussion I thought might be interesting, and I’d
like to hear any ideas that some of you may have.


SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

This is sort of OT for this mailing list… but from what I know some
games already attempt to do some sort of visibility culling to send out
only relevant actor positions to other clients. Of course you run into
the problem though that if client X moves to where client Y is now visible
(by client prediction) but the server does not yet know this there will be
a discrepency for a time where client Y will be invisible to client X but
should have been visible thus allowing some pretty bad exploits to be
made. Personally I prefer culling by zones but not by visibility.

  • Will