• tabular@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 day ago

      Do you suppose games only use obfuscation as security? In turn-based games you have the time to not trust client infomation and real-time games could give the client less info until it’s actually needed. There would still be cheating via outside communication or outside tools… as cheating isn’t a technical issue solved by denying user software freedom - it’s a social issue.

      • neatchee@piefed.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 day ago

        I want you to know that I literally work in this space and you are handwaving away an incredibly complex problem space that hundreds of smart people have been trying to solve for decades now and it’s only getting harder (good cheat suites use hypervisor mods and direct memory access kits these days). I would love to educate this community but I’m under NDA (in addition to not wanting to provide information that attackers can use to better understand how we approach this problem space)

        • tabular@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          21 hours ago

          Cheaters are preferable to your proprietary kernel-level anti-cheat and whatever sneaky plans you may have for users and their computers. Good luck winning an arms race.

          If I ever do multiplayer (I hate networking) I plan to explore treating cheaters as a service problem, like pirates are to piracy.

          • neatchee@piefed.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            18 hours ago

            Only some cheaters are a service problem. There are a number of different cheater archetypes and some of them do not respond to service offerings

            And believe it or not, while kernel level provides a level of access that could be used for nefarious spying we actually do much MORE stuff people would find distasteful when we DON’T have kernel access, because we have to infer more without direct access to the places where cheat makers do their work

            • tabular@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              17 hours ago

              I’m unaware of any (1st party) game services being offerered to cheaters, or any explicit positive association. Best I can think of is a more neutural “anarchy” servers (i.e Minecraft). I imagine implimenting built-in “cheats” you would expect from 3rd parties (e.g. auto aim, wallhacks) but framed in a way that is hopefully tolerable to non-cheaters (perhapscalling it a handicap).

              Having control over others’ computing, even with good intentions, creates a bad incentive. One must resist the temptation to use that control for your own benefit at the user’s expense. So no, I wouldn’t believe devs typically act more immoral when they have less unjust power over others’ computing.

              • neatchee@piefed.social
                link
                fedilink
                English
                arrow-up
                1
                ·
                42 minutes ago

                As someone who works in this problem space, I promise you with 100% certainty that the type and quantity of data collection being done without kernel access would be far more distasteful than what’s done with kernel access. You can take my word for that or not but I obviously can’t say any more than that

                Including cheating functionality in games is already done and people hate it: it’s called pay-to-win microtransactions.

                The archetypes for cheaters are such that they don’t provide ways to please the a large portion of cheaters without harming players because harm is their goal. And the other group is trying to make money by charging for services for players and then cheating to complete those services as fast as possible. There are no in-game features that can be created to mitigate these people.

                The only class of cheaters that can be dealt with as a service problem are those that are cheating to a) catch up to others or b) offset a skill shortfall or c) offset a time shortfall. This makes up only a subset of an cheaters

    • squaresinger@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 days ago

      Not really. Games have very similar security implications as any other server/client software.

      You are right now reading on exactly such a system, which is open source, and still you don’t see massive amounts of hacks targeting lemmy or piefed.

      The premise is simple: Never trust the client. The border you have to defend isn’t the border between the client software and the user, but the one between the client and the server. Always treat the client software as compromised.

      In terms of games that means:

      • All game state calculation happens on the server. The client sends to the server what it wants to do, the server sends what happens. So instead of the client sending “The player is now at position XY”, it sends “The player is walking forwards”. The server calculates the speed, distance and new position and returns that to the client.
      • The server only sends the client things the player should know. If the enemy unit is not visible, it is not sent to the client.
      • neatchee@piefed.social
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        2 days ago

        Are you a videogame networking engineer? Because you’ve just handwaved away one of the most difficult challenges in gaming as if it were “duh that’s easy” level simple.

        I can link you some GDC videos that talk about how hard this problem is if you want

        ETA: Also you’ve only addressed memory modification attacks. This does not address external aimbots that read memory to determine enemy player position and then send legitimate-but-automated inputs to aim and shoot. How do you stop cheaters from doing this when they can see exactly how data is structured in memory, how values are obfuscated, etc?

        • DaleGribble88@programming.dev
          link
          fedilink
          English
          arrow-up
          6
          ·
          2 days ago

          Different person, but isn’t this already a problem with closed source games? My game dev experience is more hobbyist than professional, but I’ve spent a few lonely hours on ghidra. I also teach secure coding at my university, but I focus more on how to patch legacy systems and audit code for vulnerabilities. My point is that closed source vs open source, I see this as an issue in both systems and therefore irrelevant. Pardon my ignorance on this exact topic.

    • tabular@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 day ago

      Invested players tolerate a level of cheating and banned cheaters often re-buy the game again. There is a monitary incentive to have some cheaters in proprietary multiplayer games.

      Open source client/server multiplayer games permit endless redistribution - new server hosters can exist. A server that falls to a bad temptation can be replaced by players migrating elsewhere.

    • Doomsider@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      2 days ago

      Why?

      If you can’t write your game in a way to prevent cheating it really doesn’t matter.

      I would argue that the only way to ensure trust in the competitive arena is to open source.

      Could you imagine sports being played without defined rules?

      Cheating is about a design challenge related to how clients and servers communicate and has nothing to do with the source code being public.

      • neatchee@piefed.social
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        2 days ago

        Cool. So tell me how to write a game engine that cannot have its memory read to determine enemy player position with precision and then automate aiming and trigger pulls in a first-person shooter

        You have no idea how hard anti-cheat is or how determined attackers are because of the profit incentive.

        • Doomsider@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 days ago

          It really depends on your goal. Obviously you can eliminate most cheating by a server model that never trusts the client.

          This does not eliminate other possible client side cheating such as wall hacks or aim bots.

          As I said, there is a logical problem to solve here because in the case of wall hacks (ie seeing enemies through walls) the client needs enough information to be able to show an enemy around a corner quick enough to make sense for a FPS. Visibility calculations are entirely possible and I am sure you could find creative ways to limit this as much as possible.

          Aim bots or trigger bots are a lot harder, but for competitive games heuristic based anticheat shows a lot of promise without having to hook the kernel in a losing game of cat and mouse.

          • neatchee@piefed.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 day ago

            I want you to know that I literally work in this space and you are handwaving away an incredibly complex problem space that hundreds of smart people have been trying to solve for decades now and it’s only getting harder (good cheat suites use hypervisor mods and direct memory access kits these days). I would love to educate this community but I’m under NDA (in addition to not wanting to provide information that attackers can use to better understand how we approach this problem space)

            • Doomsider@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              24 hours ago

              I am not hand waving anything away, I am very familiar because I have been involved with game development. I am aware of the unique issues that multiplayer FPS generate and I am also aware of the current best solution.