unmodfile.exe?

[DamoclesX]

ORIGINAL: Miguel

I believe information should'nt be held back. We supported this product through its development, we also financially supported Milo's efforts by purchasing this product supposed finished product. Which as was not impressed, when I first checked out starshatter three years ago, I was expecting much more. I like the freedom to work my creativity. While I believe intellectual property should be protected, nonetheless there are ways it can be protected without holding back knowledge that could help advance the way the engine goes. I myself had questions that have still gone unanswered.

I think its more a......... possesion issue.

From what I think, with the dat totaly ripped apart, you could change EVERYTHING to the point nobody would even have an idea milo created the game. granted, you could never sell it without getting sued to death, but still.

milo has always been there for the community, and I know first hand he goes out of his way to help people with their mods so maby just wait a while, give him a chance to catch up.

also, if he does this, I REALLY REALLY hope he says something along the lines of "dont ask me for help ask the community" lol, because, even what we CAN do right now runs even us veterns into a lot of problems sometimes, when you consider interface edits and dynamic campaigns, man, he must run into his bedroom and cry in the corner when thinking of all the questions he will get via email.

[Pheagey]

ORIGINAL: DamoclesX

I think its more a......... possesion issue.

From what I think, with the dat totaly ripped apart, you could change EVERYTHING to the point nobody would even have an idea milo created the game. granted, you could never sell it without getting sued to death, but still.

milo has always been there for the community, and I know first hand he goes out of his way to help people with their mods so maby just wait a while, give him a chance to catch up.

also, if he does this, I REALLY REALLY hope he says something along the lines of "dont ask me for help ask the community" lol, because, even what we CAN do right now runs even us veterns into a lot of problems sometimes, when you consider interface edits and dynamic campaigns, man, he must run into his bedroom and cry in the corner when thinking of all the questions he will get via email.

I couldn't agree more. milo has added a list full of features that the community requested from him. And perhaps woth time he will open the shatter.dat to the public. Let the communit build up, let milo make his money. Maybe after the peices are in place where he would not have to be Mr. support Guy he might open it up. How long did it take for Freespace 2 to open up?

[TexMurphy]

The reason this pisses me is that it opens up multiplayer gaming for mad cheating.

My Wing Commander mod is beeing ballanced for multiplayer and alot of mp scenarios will be built. BUT there is no way Im gonna spend effort into it if the mod is hackable.

Tex

[Phoenix-D]

ORIGINAL: TexMurphy

The reason this pisses me is that it opens up multiplayer gaming for mad cheating.

My Wing Commander mod is beeing ballanced for multiplayer and alot of mp scenarios will be built. BUT there is no way Im gonna spend effort into it if the mod is hackable.

Tex

Uh, no it doesn't. It *would* let your users see all the intimate details of the mod, but presumably the game checks which files everyone is using (with mods, it has to) so changing them wouldn't do any good.

[TexMurphy]

Phoenix-D

Does it really check all the stats of all the content in the mod?

Tex

[John DiCamillo]

The default level of security for multiplayer is to check that everyone has the same set of files by name and version. This is adequate protection against accidental misconfiguration, not against determined cheaters.

You can set the server for "secure" authentication mode, in which it will challenge each connecting player to produce a checksum of each exe and dat file. This is considerably more secure than the default mode, but it takes a minute or so for the player and server to prepare the checksums each time someone connects. This could leave the server open to a DOS attack, so the server admin should be prepared to ban attackers by IP address and user name to prevent this.

[Phoenix-D]

Pretty much what I expected. You have to do some checking, after all if player A has version 1 of a mod and player B has version 2, you might get situations like this:

Player A's laser does 100 damage
Player B's laser does 120 damage

Or, if the damage is checked server-side, you get:

Player A THINKS he's doing 100 damage, but actually he's doing 120. Much weirdness results.

[John DiCamillo]

Hits and damage are all calculated server-side. That's not the problem. Client-side hacks could include faster engines or greater maneuverability.

[TexMurphy]

milo that is just as much problem as damage as generaly manouverablity is more important then damage, asuming damage is within reasonable levels.

tex

[John DiCamillo]

Yes, I understand. I was just clarifying Phoenix-D's post. There is no "weirdness" where the clients and server see inconsistent results. It's just that the cheating player would have enhanced capabilities and therefore a combat advantage that he should not have.

I read all about the cheating problems people were having with Freelancer (which allows you to hack individual text files and does not report version data to the server) and I tried to avoid those. That's why I added the secure server option, and the IP ban features, and the LAN-only option. However, there is no getting around the fact that extra security is a burden on those who are not cheating. That's why I would hate to see the main .dat file compromised.

I suppose I should have encrypted it. I chose not to encrypt it in order that people would be able to mod and maintain the game down the road in the unlikely event of my inability to do so. I've seen the positive effects of TerminusPoint and the Freespace 2 SCP, and I wanted to keep those avenues open in case of need.

Lesson learned: I won't make that mistake in the future.

[Phoenix-D]

I think the Freespace files *were* encrypted. They were broken anyway, though not the entire code. That was released seperately.

Part of the problem is there's a lot of incentive to bust into the main .dat file even for non cheaters. Its much easier to mod if you don't have to build everything from scratch.

[TexMurphy]

You dont need to encrypt the data files.

Adding the serverside sanity check for more data will do the trick.

Personally Im always for all data beeing mastered serverside. Space and flight games are well suited for this as they dont demand the milli second reflex reaction times of a Counter Strike type FPS. The changes in vector are much slower in a space/flight sim.

I dont know how your architecture works. Are you using the server to just record the hits and damages as well as positions and other then that the clients are master of their own data or are you using true server side data mastering? If the data is mastered on the server meaning the game client just sends updates in events like thrust increase/decrease, pitch/yaw/roll, ect then you can check these events to see that they are sane to the master data file.

If you have the clients mastering any kind of data and/or have any peer to peer communication then I would seriously urge you to consider a rewrite.

Encryption isnt really the answer as it can always, always be hacked. The only way to ensure that a multiplayer game is fair is through serverside data mastering. For single player I dont care at all if people hack the data files, all they do is cheat them selfs.

Tex

[Comet]

Couldn't agree more with you, Tex.
Encryption can be hacked. It's only a matter of time.
But if clients are set up to follow server's rules, hacking becomes useless.

A good example of this is the game Dungeon Siege, where clients can use the data they want (so to speak), but when connected to a server they follow its rules.
I loved that [:)]

[DamoclesX]

most encrytion, there ar levels of it that are just to great for any simple home user to have a hope, you need a farm of systems.


dat hacking is not the multiplayer cheat i"m conserned with, real time memeory editing and freezing is the major one, using that i've edited a lot of multiplayer games on the fly, such as getting unlimited money and invincible shields in freelancer and so on

when I get a chance I"m goign to try to see if it will work with ss.

it WILL work unless the clients settings are audited by the server and compared based on what happens, if milo leaves the processes for shields/ weapons and so on up to the client computer to constantly update the server then this would work really easy.

I wont go into more detail, or how you do this.

[Freaky]

ORIGINAL: DamoclesX

most encrytion, there ar levels of it that are just to great for any simple home user to have a hope, you need a farm of systems.

You miss the point; you can use a one time pad and it'd be just as insecure as 128 bit AES or ROT13, because the key has to be included in at *least* starshatter.exe, along with the decryption routines.

Of course, such a thing will probably push the requirements up beyond a lot more people, but there will still be plenty able to do it if they're so inclined; the moment a modder asks his assm freak coder friend to break it, it's as good as transparent (eventually).

[WintermuteX]

ORIGINAL: Phoenix-D

Part of the problem is there's a lot of incentive to bust into the main .dat file even for non cheaters. Its much easier to mod if you don't have to build everything from scratch.

That's an important point. I also like to add that i miss information here and there in the game which i would like to look up by the .def files. And there is the pure curiosity how some things are solved
I don't see the cheater problem .. most cheaters get busted early and nobody plays with a cheater .. it shouldn't be too hard to add some sanity checks, too. Everything is hackable. The main .exe could calculate a CRC for the shatter.dat and compare it with the default CRC .. if it doesn't match it could deny access to multiplayer (to keep singleplayer cheater and modder happy), now you would say "hey, then someones hacks the .exe" .. nothing is absolutely secure i guess. Someone could say the .exe could calculate also it's own checksum on the fly and send it to the server, but this isn't bulletproof too. To make it short: some cheaters will always find a way .. so it's an balancing act between making it as painless as possible for fair players and difficult as possible for cheaters. The Clientside protection is a mere illusion in my opinion .. i guess it would do more good than bad if there would be an unmodfile util .. but i would strongly recommend to include the CRC checking as some kind of a protection. Freaky got the format hacked and i could also tell you which algorythm is used, blocksize and structure. I miss the skills to make my own tool out of it, but if i provide this info to someone with more skills i guess he needs an hour to make the script/util. Wouldn't it be nicer if the dev himself provides the tool + securing against cheaters by other means? As everyone would agree: it's far easier to modify and try an existing infrastructure of data to get in touch with the whole system than by reading some pieces of information .. well let's say it would be the faster way.
Am i that worng?