Thank you Stormbinder!

[Zapmeister]

Quote:

Some people take everything too serious.

Now this is a fair cop. Guilty as charged

[Zapmeister]

Quote:

If it turns out to be hex editing then there is no vulnerability to be "fixed".

Sure there is. As Esben (I think) pointed out, a server-side audit of the incoming 2h file can entirely eliminate the possibility of cheating by editing the .2h or .trn file. However, I agree that if Norfleet was regularly getting his hands on the ftherlnd file (Esben doubts this and so do I) then there's likely no practical fix.

[Stormbinder]

Quote:

Quote:

If it turns out to be hex editing then there is no vulnerability to be "fixed". That would mean that he directly edited the files. A file can always be hex edited. If you want to see it just open a DOS window and use debug to view the file. (NOT recommended)

More checks and encryption could maybe be added if the devs wish but that would tend to cause alot of complaints.

I disagree Gandalf. I am a programmer myself, just like you, and I certanly don't agree that hex-editing is impossible to beat or detect, especially in the game like Dom2.



It is possible to make a game such as Dom2 much more hackproof against various forms of cheats, including "dreaded" hex editing. The combination of better and more powerful encryption methods that those that are being used now, with changes along the lines of what Mose have mentioned (BTW the mantra of all network security programmers is "Remember! The client is in the hands of the enemy!" ), with any numbers of additional security checks can make dom 2 *much* more difficult to hack, or even completely hack proof, depending how much efforts and changes into client/server architecture and tasks balancing devs would be willing to do to improve security.


Finally, I just don't think that the solution that Gandalf proposed "Sorry, but this game can always be hacked, just choose your partners carefully" would be an acceptable solution to a lot of Dom2 players. The typical MP Dom2 game can take anywhere from 4 to 17 players. When people invest *days* of their time into game with many other playes, some of whom they don't know very well, they want to be sure that they are not wasting their time playng against some jerk with unlimited ammount of gems. I am sure you understand such feelings.

Regards,
Stormbinder

[Gandalf Parker]

Quote:

Quote:

Sure there is. As Esben (I think) pointed out, a server-side audit of the incoming 2h file can entirely eliminate the possibility of cheating by editing the .2h or .trn file. However, I agree that if Norfleet was regularly getting his hands on the ftherlnd file (Esben doubts this and so do I) then there's likely no practical fix.

I wouldnt call that a vulnerabilty. Only more checks. But thats all semantics. Basically thats the kindof accounting that is already in place. It would have forced him to spend his illicit gains every turn or have it caught by the cheat-check routine which apparently he did. Of course further checks can be put in (I think I mentioned that) but Im not sure if the processing time and harddrive space would a trade-off that will happen quietly. And that still wouldnt stop hex editing.

[Gandalf Parker]

Quote:

It is possible to make a game such as Dom2 much more hackproof against various forms of cheats, including "dreaded" hex editing. The combination of better and more powerful encryption methods that those that are being used now, with changes along the lines of what Mose have mentioned (BTW the mantra of all network security programmers is "Remember! The client is in the hands of the enemy!" ), with any numbers of additional security checks can make dom 2 *much* more difficult to hack, or even completely hack proof, depending how much efforts and changes into client/server architecture and tasks balancing devs would be willing to do to improve security.


Finally, I just don't think that the solution that Gandalf proposed "Sorry, but this game can always be hacked, just choose your partners carefully" would be an acceptable solution to a lot of Dom2 players. The typical MP Dom2 game can take anywhere from 4 to 17 players. When people invest *days* of their time into game with many other playes, some of whom they don't know very well, they want to be sure that they are not wasting their time playng against some jerk with unlimited ammount of gems. I am sure you understand such feelings.

OK I will stop trying to say people are arguing things I didnt say, and agree with you. Some protection can be added. It still will be possible to hex edit it but much more difficult. And "choosing your partners carefully or taking your chances" as a slight effort to avoid playing with a cheater is not a good answer.

I dont think I said anything in disagreement with what you just said, but yes, the way you said it is correct.

[Stormbinder]

Quote:

Quote:

OK I will stop trying to say people are arguing things I didnt say, and agree with you. Some protection can be added. It still will be possible to hex edit it but much more difficult. And "choosing your partners carefully or taking your chances" as a slight effort to avoid playing with a cheater is not a good answer.

I dont think I said anything in disagreement with what you just said, but yes, the way you said it is correct.

All right, I am glad we are on the same wavelength than.

[Leif_-]

Quote:

It is possible to make a game such as Dom2 much more hackproof against various forms of cheats, including "dreaded" hex editing.

Putting on my software engineering hat for a moment:

While it is possible to make a bullet-proof server, it is not necessarily practically possible to make an existing server bullet-proof. Judging by some of the previous bugs, I suspect that in Dominions 2 the GUI is mashed in with the underlying game logic to such a degree that it would probably take an almost complete redesign and rewriting of the game engine to accomplish. That would be too much work to invest over some very rare incidents of cheating.

Remember, if it was easy to make secure software, people would do it more often.

Quote:

The combination of better and more powerful encryption methods that those that are being used now,

Just a very minor nitpick here, but you can't really encrypt the turn files from the eyes of the player. As the player has access to the binary which generates the turn-file in the first place, he has always theoretical access to the plain-text - regardless of what encryption method is applied. The correct term to use would be "obfuscate."

(And yes, this is hair-splitting - at least when we're talking of nothing more important than turns for a game.)

Quote:

Finally, I just don't think that the solution that Gandalf proposed "Sorry, but this game can always be hacked, just choose your partners carefully" would be an acceptable solution to a lot of Dom2 players.

Why not? It's not like anyone plays this game professionally for money, and even if people did, the existance of some amount of cheating is accepted in other games and sports that people play for money.

[Stormbinder]

Quote:

It is possible to make a game such as Dom2 much more hackproof against various forms of cheats, including "dreaded" hex editing.

Quote:

Putting on my software engineering hat for a moment:

While it is possible to make a bullet-proof server, it is not necessarily practically possible to make an existing server bullet-proof. Judging by some of the previous bugs, I suspect that in Dominions 2 the GUI is mashed in with the underlying game logic to such a degree that it would probably take an almost complete redesign and rewriting of the game engine to accomplish.

It is hard to tell for sure without actually looking into source code Leif. But I also have noticed that Dom2's GUI is indeed likely to be mashed with arhitecture code.

Quote:

That would be too much work to invest over some very rare incidents of cheating.

How can you possibly know that these are rare incidents? If you have followed this cheat discovery story, you know that this particular cheat was catched only because of unique combination of many factors. And if cheater would not be so blatant with the amount of which he cheat, it would be impossible to prove. It would also be compltetly impossible to prove if the game would not be stoped by turn 23 but Lasted even 20 more turns. Et cetera...

Quote:

Remember, if it was easy to make secure software, people would do it more often.

Hey, I never said it was easy.

Quote:

The combination of better and more powerful encryption methods that those that are being used now,

Quote:

Just a very minor nitpick here, but you can't really encrypt the turn files from the eyes of the player. As the player has access to the binary which generates the turn-file in the first place, he has always theoretical access to the plain-text - regardless of what encryption method is applied. The correct term to use would be "obfuscate."

(And yes, this is hair-splitting - at least when we're talking of nothing more important than turns for a game.)

You are right.

Quote:

Finally, I just don't think that the solution that Gandalf proposed "Sorry, but this game can always be hacked, just choose your partners carefully" would be an acceptable solution to a lot of Dom2 players.

Quote:

Why not? It's not like anyone plays this game professionally for money, and even if people did, the existance of some amount of cheating is accepted in other games and sports that people play for money.

It also know to devastate computer games communites in many other MP games. I have witnsses several examples of this myself, and I've heard and read of many more. And Dom2 is very time intensive game as far as strategic MP games go.

Quote:

A long bow and a strong bow, and let the sky grow dark!
The cord to the nock, the shaft to the ear, and the king of Koth for a mark!

Great signature/quote Leif.

[Leif_-]

Quote:

How can you possibly know that these are rare incidents?

Two reasons. First of all, very few people have the skills and plain stubborness of mind that's necessary to fiddle with obfuscated binary files. Secondly, if this cheating was common, Norfleet wouldn't have had the unique reputation he did - both because his "strategies" wouldn't have been as efficent, and because other people would have managed to get them to "work."

Quote:

Great signature/quote Leif.

Yes, I rather like it. It's a chapter heading from one of Robert E. Howard's Conan stories.

[Stormbinder]

Quote:

Quote:

Two reasons. First of all, very few people have the skills and plain stubborness of mind that's necessary to fiddle with obfuscated binary files. Secondly, if this cheating was common, Norfleet wouldn't have had the unique reputation he did - both because his "strategies" wouldn't have been as efficent, and because other people would have managed to get them to "work."

Hmmm, why do you think that the Norf was nesseserly the one who discovered how to hack the files? I may be wrong, but he didn't struck me as somebody with good technical skills and programing knowledge. Besides once the protection is cracked, simple "trainer" program can be writen to modify client's turns before they are send to the server, with something like simple shortcut to reset all gems to 200, or whatever. Once it is done any 5 year old kid can use it.

As for the strategies, "madcastling" and "massive clamhoarding" strategies are still very efficient ones, if boring, norf was not the only one who used them successefully. Just like VQ was still overpowered before it was nerfed, regardless of the fact that Norf used her in all his games while cheating.

Basicly I am not saying that there are tons of cheaters out there, and I hope there are none or just a few.

I just wanted to point out these three facts:

First, we have no real way of knowing if there are other cheaters out there and if there are - how many of them.

Second - Norf's kind of cheats are virtually impossible to detect by other players, unless cheater is really greedy or stupid, and the curcumstanses are right.

Third - from my personal experience with computer MP games once the cheat is out the number of people using it would only grew in time, never shrink, until the loophole is closed. Call it human nature, or murphy law, or whatever. But I never seen cheats appear, and just slowly fade by themself with time.

Quote:

Great signature/quote Leif.

Quote:

Yes, I rather like it. It's a chapter heading from one of Robert E. Howard's Conan stories.

Yeap, I remember you told me about it long time ago, answering my question. I even tried to find that particular Howard's Conan story, but couldn't. Do you happen to remember its name by any chance?