• squaresinger@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 days ago

    Not really. Games have very similar security implications as any other server/client software.

    You are right now reading on exactly such a system, which is open source, and still you don’t see massive amounts of hacks targeting lemmy or piefed.

    The premise is simple: Never trust the client. The border you have to defend isn’t the border between the client software and the user, but the one between the client and the server. Always treat the client software as compromised.

    In terms of games that means:

    • All game state calculation happens on the server. The client sends to the server what it wants to do, the server sends what happens. So instead of the client sending “The player is now at position XY”, it sends “The player is walking forwards”. The server calculates the speed, distance and new position and returns that to the client.
    • The server only sends the client things the player should know. If the enemy unit is not visible, it is not sent to the client.
    • neatchee@piefed.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      2 days ago

      Are you a videogame networking engineer? Because you’ve just handwaved away one of the most difficult challenges in gaming as if it were “duh that’s easy” level simple.

      I can link you some GDC videos that talk about how hard this problem is if you want

      ETA: Also you’ve only addressed memory modification attacks. This does not address external aimbots that read memory to determine enemy player position and then send legitimate-but-automated inputs to aim and shoot. How do you stop cheaters from doing this when they can see exactly how data is structured in memory, how values are obfuscated, etc?

      • DaleGribble88@programming.dev
        link
        fedilink
        English
        arrow-up
        6
        ·
        2 days ago

        Different person, but isn’t this already a problem with closed source games? My game dev experience is more hobbyist than professional, but I’ve spent a few lonely hours on ghidra. I also teach secure coding at my university, but I focus more on how to patch legacy systems and audit code for vulnerabilities. My point is that closed source vs open source, I see this as an issue in both systems and therefore irrelevant. Pardon my ignorance on this exact topic.