[MUD-Dev] DGN/TECH: exploiting/hacking in MMOGs - sources of info?

[Tim Schubert]

HRose / Abalieno wrote:

> I also wonder why they [speedhacks] are so common. It should be
> easy enough to control this server side. You don't need to mantain
> the checks constantly, the server could just make them randomly
> and simply disconnect the player if something wrong is
> perceived. It should be annoying enough to make the hack
> concretely useless.

> We have ultra precise time synchronization on every PC, if we are
> able to do this we should also be able to realize who's running
> too fast.

My first submission.  Please be gentle.

The reason speedhacks are popular is not too complicated: its a very
definate edge that takes advantage of a loose part of a game's
security.  Networked games tend to have a little play in when and
how often it will accept movement requests.  A simple example: a
server has to be able to handle a larger lump of packets from a
player that had a short connectivity issue.  The server can either
kick the player, ignore the packets, or just consume them happily.
MOST players aren't cheaters so it is USUALLY best to just consume
the packets and avoid rubberbanding / etc- but therein lies a
problem.  Speedhacks mostly benefit movement as most other game
systems are slow enough that speedhacking doesn't help players hit
the server limits.  Tuning servers to manage movement limits and at
the same time keep the game feeling silky smooth when you get
unpredictable network traffic is a pain in the butt.

It isn't uncommon to handle the movement problem with some rate over
time constraint.  This kind of limit application also keeps people
on fast connections from eradicating those on slower ones.  Most
players don't ever hit this server side constraint because the
client is tuned to keep them under it to keep things running smooth
- but speedhackers operate at this limit at will and are thus faster
then others.  You can use pattern recognition (per your suggestion)
to find out who hits the limit all the time but then players will
just start to use speedhack in spurts - which looks a lot like
network problems and/or is usually missed by random sampling.

My recommendation at that point (if you don't try the sprint key
idea below ;) is to gather metrics on who hits limits and look for
contextual patterns.  Do they suddenly start sending packets fast
when they have 5% of their life left?  After they've just stolen
something?  Did they just just TP somebody's house?  Do what you can
automatically, but its often going to come down to other players
complaining and some manual observation and/or investigation.

One nutty idea I thought would be an interesting approach against
speedhacking is putting a button in the game that lets you "sprint."
This would give the primary benefits and pitfalls of speedhack to
everyone.  The client would send packets faster, and the server
would hit the movement limit which causes the character to consume
endurance (or whatever).  The player will probably get some
rubberbanding, but they may well find that acceptible from time to
time.  Maybe the presentation could be tweaked when you sprint so
you don't notice it so much.  Of course, you could just do the
endurance thing without the button - either way the speedhackers
would run out of endurance and end up standing around wheezing like
Joe Camel will when he gets old.  The impact on legit players
shouldn't be too severe - they're not the ones speekhacking to
escape a dragon.  Whether you like this idea or not take at least
this much away : you might be able to solve this problem with
gameplay mechanics instead of networking or security measures.

Tangentally (soapbox time), my personal belief is that everything
has to be ruled by the server to some degree - never trust the
client.  My litmus test: how would you feel about running your
game/system on an unencrypted text based data stream anyone could
easily screw with?  If your reaction is nausea you sould probably go
add some protection to your systems.  You should have movement
limits and game systems to keep cheating players in the same league
as "the innocents."  Even though you have uber 2048-bit key
encryption and ping timers and gweebodisks.... eventually the small
army of players out to break your game will probably succeed and it
will become a matter of damage control.

-- Tim Schubert
MMORPG Developer - Looking for Employment
tschubert at mail.com
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev