How to prevent cheating
by AIDan · in Torque Game Engine · 02/03/2002 (1:41 pm) · 0 replies
Hi,
I would like to bump the question of cheat prevention. I'm sure many of you have a look at the things that are currently going on Hal-Life so I ask myself what has to be done for making sure that Torque as a highly scripted engine could become more invulnerable.
For myself, I personally see a great leak in two topics:
- JIT compiling
- several byte stream files
To make sure that someone is not cheating we have to reach a state where the symbol table has to be locked. So that one can be sure that once being declared as non-cheating player that player is not able to load any cheating stuff afterwards.
The first step could be that the files cannot be compiled JIT so that we can be sure that would not change while the game is running. That also needs preventing the ability of overloading functions through the console and the changing of non-public variables. So the scripting language has to be extended with the understanding of public and private variables (and functions?).
The second one might be to link all byte stream files together that, for example an library file gets created by the script object linker. Then we just have to take a look at the "loaded libraries" table and possibly deny access to server if some unauthenticated libraries got found. The authentification could easily realized by calculating library's md5 checksum.
For LAN sessions that system should be disconnectible.
For all other files we can easily add signs to the zip files so that we can check if the file got validated by us or not (-> Quake 3 -> "pure server").
In conclusion there could be the following things done for a better cheat prevention:
- library files
- disabling JIT support for script files
- public/private mode for functions/variables
- disabling run-time de-/activation of packages
- support for signable zip files
- Q3A's "pure server" support
- external compiler and linker
Sure, it's not safe then but it would be much more easier to find out if sb. is cheating or not.
just my two cents
Felix
I would like to bump the question of cheat prevention. I'm sure many of you have a look at the things that are currently going on Hal-Life so I ask myself what has to be done for making sure that Torque as a highly scripted engine could become more invulnerable.
For myself, I personally see a great leak in two topics:
- JIT compiling
- several byte stream files
To make sure that someone is not cheating we have to reach a state where the symbol table has to be locked. So that one can be sure that once being declared as non-cheating player that player is not able to load any cheating stuff afterwards.
The first step could be that the files cannot be compiled JIT so that we can be sure that would not change while the game is running. That also needs preventing the ability of overloading functions through the console and the changing of non-public variables. So the scripting language has to be extended with the understanding of public and private variables (and functions?).
The second one might be to link all byte stream files together that, for example an library file gets created by the script object linker. Then we just have to take a look at the "loaded libraries" table and possibly deny access to server if some unauthenticated libraries got found. The authentification could easily realized by calculating library's md5 checksum.
For LAN sessions that system should be disconnectible.
For all other files we can easily add signs to the zip files so that we can check if the file got validated by us or not (-> Quake 3 -> "pure server").
In conclusion there could be the following things done for a better cheat prevention:
- library files
- disabling JIT support for script files
- public/private mode for functions/variables
- disabling run-time de-/activation of packages
- support for signable zip files
- Q3A's "pure server" support
- external compiler and linker
Sure, it's not safe then but it would be much more easier to find out if sb. is cheating or not.
just my two cents
Felix
About the author
