Jump to content

is the game secure enough?


Recommended Posts

was thinking of organizing a very simple properly made paid tournament.like 100$ total prizepool but was told 0ad isnt secure that ppl would cheat 

is it feasible to make it secure within reasonable effort or should i just forget about this idea?

some bits of what i was planning:

to enter gotta qualify via ingame rating and send a few replays of ur games so i can tell u can play well

probably gonna qualify like top 50-75 on leaderboard

prizes:

50/30/10/3/3/3  1/2/3/4/5/6 places respectively for 24

and 50/30/10/10  1/2/3/4 for 16

prob would have done 16/24 players 

for 16 i would have to do 4 rounds of course

round 1 1 game per 1v1

round 2 1 games per 1v1 

round 3(semifinals) 3 games per 1v1

round 4(finals) 5 games per 1v1

if i had chosen 24 id do 3 rounds + 3 ppl faceoff on finals (each 1v1ing other 2)

so 

r1:1 game per 1v1

r2:1 game per 1v1

r3: 3 games per 1v1

r4:5 games per 1v1 

at round 4 they each play vs the other 2 with total 15 potential points

in case of draw 5/5/5 or 6/6/3 or 7/4/4 the apropriate prizes get added up and divided equally so 30/30/30 40/40/10 or 50/20/20

all dates and times for all potential games would have gotten set and agreed upon before the tournament the tournament entry post would mention the 12 hour frame and heuristic advice for convinience but anyone willing to free up the time would be allowed to apply

also winners would get certificates for n1 vinme 0ad tournament 

 

payment would be in bitcoin

top rated 16 or 24 players who sign up would get spots

id hope to find som1(s) to do commentary and all that 

theres bunch of other details but that was the plan in general :p.

 

Link to comment
Share on other sites

Game is dangerous!!!11111onze!

Seriously though, game is definitely hacked, I found evidence myself with just a bit of work. The surface area for exploits might be even bigger than I imagine.

To be sure no cheats are present you need an `anti-cheat` mod but even that might be hackable so ¯\_(ツ)_/¯

Edited by badosu
Link to comment
Share on other sites

its a community project open scource not well funded so makes sense it wont be secure and i can tell with near 0 specific programming knowledge.

and alot of ppl im sure would hack for even 50$ first place prize lol tahts what like 5k in africa or other poor areas? XD (no offence pls dont hack my potential event)

anyway borg said ppl wont hack and we could tell from watching but i get the feeling that there may be ways we wouldnt notice.

i will HAVE to put in a disclaimer either way giving me complete autority to do as i feel is right either way no matter what anyone thinks with decisions without any need to prove anything.

so if i think som1 cheated ill just ban them for good

can ppl like see others vision ect r there such in game hacks? or give units 100% accuracy or something like taht that might be a bit harder to notice?

i assume ppl cant change such things like ingame mechanics? am i wrong? prob not

but even info is relevant like inf amount ect and we may not even notice such things sadly..seems problematic

 

Link to comment
Share on other sites

Being open source is not an issue, you can have end-to-end security even with source code available. Given enough eyes, it's arguably more secure.

The problem is just time and dedication to it, which needs to be invested in more important areas (e.g. performance, features, balance etc).

  • Like 1
Link to comment
Share on other sites

ok let me write it better.let me ask first what kind of cheating is possible?

mostly id assume most threat comes from a player getting information he is not supposed to have

like vision,game stats like pop ect.

ofcourse if he can change like unit damage or only target ranged in some way ect taht is bad too but i assume wed notice that while watching.

in conclusion i dont know how it all works but wouldnt it secure everyhtng if a program could be written where i or a trusted party would host the games in a way where no information or power is given to the potential cheater.is this already like that with a third party hosting a game? or are there still threats of someone gaining an advantage somehow by manipulating somethign even tho they are not hosting?

Link to comment
Share on other sites

eyes that arent being paid dont have all that much motivation other than interest in the game.thats like publishing a government owned recreational building schematic online having it being built purely by donations and willing participants.it wont be all that secure id imagine and if theres value in it som1 is far more likely to use the schematics to break in or whatever than to fix the flaws for near 0 motivation.am i talking shlt here? idk 

i assume it would be fine to just do the event but im just making sure.

Link to comment
Share on other sites

9 minutes ago, badosu said:

Sorry, I can't decipher your encrypted message

If you're talking about cloud gaming, someone had the same idea many years ago and many companies are or will be launching it soon.

yes i think thats what it was called.cloud gaming.where all the processing is happening on the company umm..servers?the company does all the processing..actually now that i think about it ti has far more advantages than wed imagine.in terms of fairness.no party will have advantage via game graphics quality or ping or whatever.assuming you have enough internet speed which should be the only factor.also it should be cheaper so if you are buing a pc for gaming it would be more economically wise to just get that service.like u buy a pc first of all since its a small size purchase its more expensive than a company making massive processing ...procesors? like crypto mine rigs or somthign.

when u buy a pc average person who buys a gaming pc games like what 6 hours TOPS prob like few hours thats 18 hours atleast on avg of wasted value.with large numbers a cloud gaming company would be far more efficient.anyway great idea getting off point.

not ping but fps*

Link to comment
Share on other sites

3 hours ago, vinme said:

its a community project open scource not well funded so makes sense it wont be secure and i can tell with near 0 specific programming knowledge.

and alot of ppl im sure would hack for even 50$ first place prize lol tahts what like 5k in africa or other poor areas? XD (no offence pls dont hack my potential event)

anyway borg said ppl wont hack and we could tell from watching but i get the feeling that there may be ways we wouldnt notice.

i will HAVE to put in a disclaimer either way giving me complete autority to do as i feel is right either way no matter what anyone thinks with decisions without any need to prove anything.

so if i think som1 cheated ill just ban them for good

can ppl like see others vision ect r there such in game hacks? or give units 100% accuracy or something like taht that might be a bit harder to notice?

i assume ppl cant change such things like ingame mechanics? am i wrong? prob not

but even info is relevant like inf amount ect and we may not even notice such things sadly..seems problematic

 

 

Spoiler

giphy.gif

 

Or you could spend that 50-100$ on an editor to post for you and you might learn something in the process.

 

"lol tahts what like 5k in africa or other poor areas?"

Spoiler

giphy.gif

 

Link to comment
Share on other sites

8 hours ago, badosu said:

Sorry, I can't decipher your encrypted message

If you're talking about cloud gaming, someone had the same idea many years ago and many companies are or will be launching it soon.

Everyone launched it and everyone pretty much failed. It's gonna take a while still.

Link to comment
Share on other sites

A player can't change simstate, i.e., all data there is in the game, other than he is supposed to (i.e., send commands). This includes changing unit stats, accuracy etc. Any player who tries to change it will instantly OOS (Out Of Sync), and hence will be noticed by all other players. So it is very easy to spot those. In A23b there is/was a slight issue where observers could change the simstate, which they are not supposed to do. This issue has been fixed upstream.

The issue of illegal information, however, persist and while there are some measures in place. It will be really hard, if not impossible to fix that completely. Actually part of the problem here is the fact we are Open-Source. If there is anyone knowing some solution to this, feel free to send me a PM.

Link to comment
Share on other sites

46 minutes ago, bb_ said:

It will be really hard, if not impossible to fix that completely. Actually part of the problem here is the fact we are Open-Source. If there is anyone knowing some solution to this, feel free to send me a PM.

Change the engine to be fully client-server and not lockstep. That might just be impossible at this point. There is no such thing as illegal information. The solution is to not give information people aren't meant to read. An added bonus, bad connections would no longer lag the game for everyone else.

Edited by smiley
Link to comment
Share on other sites

ty for the input @badosu @Issh @bb_ @smiley  i figured that information issue wouldve been the most problematic.

on your last comment smiley thats what i assumed that everyone gets waay too much info and is politely asked not to look.

ill guess that lockstep is all players having back and forth with eachother and client-server is "server"/separate party handling it all.

yes without a separate party theres no way to prevent players from cheating XD i mean someone is supposed to have the info or ..well it wont exist 

thats somewhat what i was trying to say with my i guess hard to connect to the main subject, cloud gaming example.in this case would be great if the host was the "server" then i could host or have a trusted party host and ppl wouldnt get to see everything from enemy summary stats to vision.

you said that this might just be impossible at this point.to me its obvious that without a secure system in place game cannot grow and will always stay small.

even ignoring the practical advantages of data transfer with this system its ill guess impossible to have any level of security from cheaters

not only does it cut out a huge chunk of monetization potential it pretty much cuts out all of it with the way i see it.no monetization ofc dooms the game.

so what you mean by it just might be impossible is that the game is programmed in such a way that for someone to try to make it so that only server holds the total information and everyone gets specific information that hasnt even been defined in the game programming. so the amount of things needed to be done to completely 180 the game design means that youd have to pretty much do everythign all over again?

 

Link to comment
Share on other sites

11 hours ago, vinme said:

thats somewhat what i was trying to say with my i guess hard to connect to the main subject, cloud gaming example.in this case would be great if the host was the "server" then i could host or have a trusted party host and ppl wouldnt get to see everything from enemy summary stats to vision.

Also here are some problems. Currently we only send commands and chat over the internet, so internet consumption of the game is extremely low (Probably few MB over the course of the game). With such a server system, the host needs much more bandwidth, which probably isn't available to everyone. Note that now the host will have to share the simState (say 1 MB) with every client, every turn (0.5s). Hence for a 4v4, we already need a 14MB/s connection. I am sure a fibre glass connection could handle that easily, but many many others certainly can't (including me). Having a server provided by WFG, would become very expensive, rather quickly, considering many games are played simultaneously (and the server needs to compute the simstate for all those games and handle the data distribution). Maybe one could have such a server for a few (1v1) games only. https://trac.wildfiregames.com/ticket/3556 is a related ticket.

Link to comment
Share on other sites

Impossible as in too much work for someone to do for free.

The entire simstate need not be shared every turn. In abstract terms, the simstate will be continuously patched.

Rather than the simstate being modified after each client execute the commands locally. The server will execute the commands and tell clients how to change the sim state.

Link to comment
Share on other sites

In addendum of the previous post: The lag will increase for everyone. Currently there is only command lag (commands are executed only 2 turns after they have been issued). But now you will also see the simstate a turn (or two maybe, need to think about that harder) behind, hence your commands are based on info of turn n-1 (or n-2), while the are processed at n+2. So There will be an additional turn (or two) for every command, causing more lag for everyone.

Link to comment
Share on other sites

Turns are a concept of the lockstep model. Events are received and fired with the only limitation being latency. There is central authority which allows such flexibility without having to juggle knives.

Another important consideration is that once there is central authority, the game doesn't need to have the same exact state in each client. CFixed is no longer necessary and I recall a RedFox post where he experimented with CFixed and the actual overhead it has compared to fast floating point math. His figure at the time was 25% performance boost. I can't verify that, so take that with a grain of salt. Any slight deviation would just be overridden by the server overload.

I cant think of a recent game where devs opted to go for a lockstep model. (Even AoE2:DE revised its predecessor's networking code too).

The more efficient things are made, the more load the server has to take, so that's a trade off. In everybody else's case, Valve is ready with open arms with game servers.

To answer your question, lockstep is impossible to make secure. Which was one of the main reason devs switched to a full client server model in the first place, that and not having to worry about slight cpu optimizations and things across different architectures completely derailing the game.

Edited by smiley
Link to comment
Share on other sites

There are issues with the possibilities of cheating, the game is open source, so with enough technical knowledge, you can run a custom game client that gives you unfair advantage such as by implementing automatic troops micromanagement or to exploit the latency-compensation mechanism. Also, the network code, from my understanding is written in such a way that every player simulates the whole map, so that means that a cheater can remove fog of war and see what other players are doing. Cheaters won't be able to alter unit stats, that will get them out-of-sync.

But I don't think these should prevent one from running a competitive gaming scene. Sportsmanship and some level of trust is necessary, and you can't always rule out every form of cheating in any game. This is not unique to 0AD, even commercial games have exactly the same problems to varying degree. Just don't make the prize pool so large that people becomes monetarily motivated to cheat, and action reported cheaters promptly. If you want to run a competitive scene with large monetary sums, you will need to run an offline competition, so that you can control the gaming machines and ensure that players can only use an unmodified version of the game.

(actually, I suspect that if you actually try to deliberately make cheating hard and try to implement various rules to make cheating hard, that will probably just invite people who would cheat just to show you wrong; so you either has to go all the way to prove that they're wrong, or rely on sportsmanship)

Edited by yvrelna
  • Like 4
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...