Slashdot Mirror
Multiplayer Game Cheating
Washizu writes: "Ensemble Studios programmer Matt Pritchard, who worked on both Age of Empires, and Age of Empires 2: The Age of Kings, has written an article for Gamasutra, the online game developer magazine, on multiplayer game cheating methods and prevention." A lot to say here about human nature. A lot of it applies to virtually any form of online human interaction: from games to, yes, even Slashdot's message boards. A very worthwhile read.
I for one deplore cheating on online games. For shame. I'd write more, but I've got to go log on with my other account and moderate this post up.
--Shoeboy
If I went into a job interview and took the previous persons resume in with me how far would that get me? That's about the same thing as cheating in video games.
These kids better wise up before they get smacked by the real word.
The article identified six types of cheating, but completely failed to identify any reasonable solution for the first one: reflex augmentation.
It is not terribly difficult to write a script to execute commands without the use of the mouse. In Quake 2, the only real effect was that some people had godlike aim - and this was usually pretty easy to spot.
But consider what reflex augmentation could do in Warcraft 2, for example. One could write a script that caused the "mouse" to "click" on your Town Hall and Barracks, automatically creating peons and ogres at a set rate, while you controlled everything else.
Would this even be possible to spot?? From the server side, it would just look like someone had insanely good reflexes. And, of course, it would be easy to tone it down just a little - occasionally have your script "mis-click" just to the left of the town hall, put in tiny delays, etc.
It seems to me that the only way to prevent reflex augmentation would be to force the player to play on someone else's computer with a very restrictive account... any thoughts?
"Beware he who would deny you access to information, for in his heart he deems himself your master."
The problem with the entire RPG genre of on-line games is that it isn't really the fun that hooks people in, it is the basic stimulus-response instinct that keeps people up all night playing Everquest or a MUD. By making you do things to get rewards (levels, new items, etc.), and by dishing them out a little at a time (with a fair ammount of randomization), these games tap into the same psychological conditioning scheme that makes old ladies spend their retirement checks all day at slot machines and BINGO games.
Since the satisfaction one gets in these games is usually the reward of a more powerful character, the mind begins to make the association of "better character == more fun", and cheating, or power-leveling, or "twinking" becomes very attractive.
The draw of these games is that they sort of let you live life in fast-forward. In a few dozen hours of gaming, you go from being a pathetic babe in the woods to being a massive warrior or wizard. Cheating speeds this up even more. It's a logical extention of the persuit of the goals the game establishes, really.
You don't often see the kind of rampant cheating that prevailed in Diablo 1 or Ultima Online when you are playing the FPS games. It seems that the shooters have acquired a sort of sports culture. To cheat at Team Fortress would be a lot like cheating at a pick-up basketball game. Neither side has more fun as a result, because the rewards of player-vs-player gaming comes from the joys of testing your skills against other people. Cheating in such situations is boring for both the cheater and the victim, even among younger kids.
It seems to me that the challenge that lies before those who wish to write on-line RPG's is to get a little farther away from the "kill monster, get a treat" format that is so common to these games. Good storytelling is helpful; nobody cheats at games like Myst. Creating a social environment that facilitates less of a "who's got the biggest *" mindset would also reduce cheating dramatically.
Mind you, I'm not saying that the typical hack-and-slash, smash-and-grab RPG does not have its place. I wore out a mouse on the first Diablo, same as the next geek. All I am trying to say is that game designers ought to start thinking beyond it, now that the current technology allows them to explore a lot of new avenues.
Information wants to be anthropomorphized.
In massively multiplayer online games, most notably MMORPGs, integrity is everything. If people can't trust the integrity of other characters, they won't bother spending the time to build them. I think a lot of attention needs to be paid about how to keep server-side certain pieces of critical data.
First, the tradeoff: anything you keep server side on a trusted server is safe. Anything you load client side you can assume for the sake of argument will be possibly modified by a player. So, let's take a MMORPG: you have characters, monster, and various abilities all interacting. What is responsible for the integrity? The server needs to be. First, the all important player character should be totally stored server-side. No information about stats/abilities/etc is kept locally, and the server never reads any from the client. It just sends a scenario and accepts commands. A pristine client interprets options from the server to provide an interface, but just because you locally manage to send a "super fireball" command when you only have a regular "fireball", doesn't mean the server should parse that. It should obviously return an error. (and probably flag you for some sort of observation, cheater!)
In any event, the dichotomy between client and server matches that between cause and effect -- never let clients dole out effects, only accept input.
On to the more difficult problem, which is when the information you pass to the client is more than they should have, based on the fact that you cannot transmit it as-needed due to bandwidth/cpu/latency limitations. This is where innovation needs to occur. Things like handing over partial maps, or possibly breaking maps/info up into smaller pieces and giving them all out encrypted, then handing decryption keys over real time. (And this would be an art in itself? Would 16-bit XORs work? Or would someone find a way to analyze all 65k combinations for consistency and break through in sufficient time to gain an advantage?)
In a game which was not time-sensitive, obviously, this stuff should be kept server side. For example, I've never played age of kings, but I've played HOMM2/3, which are turn-based strategy games. In those cases, all data could be kept server-side, other than the revealed portion of the map. Because the players play each turn in succession, time is not a real issue. A few seconds for pulling data is not that important.
Anyhow, good article. This is definitely one of the biggest problems facing MMO gaming, and as multiplayer becomes more important to games, and as more games go MP-only, this will be critical. Bandwidth and lower latency will help alleviate the problem, but there's a lot of room, I think, for clever protection from cheaters.
(From the Article..very interesting. read on) An FPS aiming proxy works like this: The proxy program is run on a networked computer and the player configures it with the address of the server they are going to play on. They then run the FPS game on another machine and connect to the proxy machine, which in turn connects the game to the server, acting just like an Internet packet router.
:)
The only hitch is that the proxy monitors and attempts to decode all of the packets it is routing. The program keeps track of the movements and locations of all the players the server is reporting to the game, building a simple model. When the proxy sees a Fire Weapon command packet issued by the cheating player, it checks the locations and directions of all the players it is currently tracking and picks a target from them. It then inserts a Move/Rotate command packet into the stream going to the server in front of (or into) the Fire Weapon command packet that points the player straight at the selected target. And there you have it: perfect aim without all the mouse twisting. (End of Article)
I just cant help thinking, these guys are so desperate about cheating. All this effort could have been spent on building something productive or learning how to use the mouse with the keyboard and kicking bots ass. Why cant we just learn to lose sometimes. Why is winning so important ? I have had my ass kicked by bots and humans alike, but I jump right back up and rail his sweet ass to kingdom come. Gaming is not all about winning, but its about perspiration that drips from your eyebrows, but you cant wipe it off, because you know your enemy is out there, seeking you out with a railgun combined with the power of Quad Damage, with an ethereal blue shadow to his skin, and you wish you were somewhere else...
Rapid Nirvana
Or how would Neo dodge bullets or bend spoons in The Matrix???
Looks like "Up, Up, Down, Down, Left, Right, Left, Right, B, A, Select, Start" has been the downfall of human kind.
Why not skip the technical solution and go for the social one? Sort of like Advogato's trust model, or maybe more like PGP's key exchange mechanism. I trust Anna, who trusts Bob, so I trust Bob. Stuff like that. If someone cheats, you don't trust them. That way you don't have to trust everyone explicity, but you still have a wide pool to play from. Perhaps this is a bit too complicated for the average FPS-player (I'm not sure it could be implemented to where I thought it was easy). Do any games have solutions like this? Of course, such a model could possibly be abused and would put new players at a disadvantage (aren't they already, though?).
At WorldForge, we're doing exactly this. The client is made available in source code form so that the player can customize it to make it work better for them. And we make all of the server code available for download so players can look through it and discern new tricks for effective playing. If in doing so, they uncover a bug that can be taken advantage of to the detriment of other players, then they're welcome to make use of it - sometimes this is the best way to test out how bad the bug really is.
If I don't think the bug is worth my time fixing, then any players sufficiently bothered by it are welcome to download the source code to the server, find the area causing the problem, fix it, and submit a patch. If I disagree with their patch or otherwise refuse it, well then at the least they have the permission to establish a new server and compete with me. So I will probably work hard to make sure to include the patch!
So I guess a lot of stuff I see called cheats, I think really should be honestly called 'bugs', and responsibility placed with the programmers rather than the players. Some stuff - like denial of service or similar - that's just plain mean, and out of the server programmer's hands to prevent. But a lot of the in-game cheating is preventable via code.
Maybe I'm an idealist, but the best way to harness the creativity of cheaters, is, IMHO, to establish an environment where giving out fixes to cheats has as much glory as identifying the cheat in the first place.
We also strongly encourage (even urge) players to get involved in the game development process. Our present game server is written in Python, and we will encourage and allow extension of it by direct coding (the amount of extension is limited by the slowness of Python). Our next game server (being coded now - in C++), will allow players to design assemblies and mechanisms in-game, and automate them with scripting, among other things. :-)
And of course, since the client is open source, you're welcome (and encouraged) to automate your character as much as you want. (In my opinion, if the game is so simple that you *can* program a super-bot that wins consistently, then the game lacks adequate sophistication. AI programming is tough, and if allowing for this kind of "cheating" encourages lots of people to gain skill at it, then this makes the (game)world a more interesting place! Besides, programmers are cool and deserve an edge. *Wink*)
Bryce
Top Geek at WorldForge
Look at how many hacks and/or cheats that have been uncovered in Everquest. Nada.. Ziltch.. A few cheats that have been quickly 'repaired', but those that resided in the 'buisness logic' of the game.
;-P
One has to ask how they did it. And I can tell you one thing, it wasn't with client side logic.
They do virtually *EVERYTHING* that this article says is a big nono, or simply not possible. Yet they are successfull. They take some addition precautions as well, such as not allowing the app to run minimized, therby making it a *little* harder to hack while running. They encrypt all local files, and do a CRC check on them. If they fail, they update them. All communications is encrypted, and yet they still maintain decent framerates..
Granted, their framerates aren;t their selling points, but the game is playable with *hundreds* of people in the same zone..
-- I'm the root of all that's evil, but you can call me cookie..
I think someone should make a persistent world game designed for programmers. Instead of having them focus their energy destroying the experience for other players, why not make a game that encourages programming/hacking - in fact it requires it.
That is, all the entities in the game are controlled by computer programs, which are written by the players. The programs can run remotely on their machines and make request over the network (with some human guidance) or they can run 24hrs a day on a Java Servlet on the server.
The idea of programmers writing robots for a game isn't all that new. A long time ago there was C Robots. About 8 years ago Dave Taylor and I got our start in the gaming world by running the National Programming Contest for IEEE. This contest had a fresh new game every year that was played by client programs and run on the IBM AIX platform (they gave us free machines). Our contest were simple because contestants only had one weekend to make a client, but I can imagine a much more complex and interesting world for clients to play in.
What is kind of new here is the idea of a persistent world. As players get more advanced they can have their characters spawn new ones. A computer program can control 10 people almost as easily as 1. And computer programs can play 24 hrs a day, but human players have to sleep. And for someone looking to make money - you could charge for "hosting" the client program.
-- Virtual Windows Project
i, for one, don't give a shit about cheating because whenever someone i'm playing is cheating, i can walk over to their computer and kick them in the good 'n plentys. let me explain:
internet multiplay is crap! stop doing it! everybody cheats, we know this. you don't know the people you're playing against (this, i'm sure, is not true in many cases, but i'm generalizing) so what fun is it to win? basically, all that internet play does is foster agressiveness and competitiveness in people-- two things i personally can live without. internet play is also difficult for modem users who are up against HPBs all the time.. gosh, what fun!
the solution is, get some friends together and start having LAN parties. start playing with people you know. multiplayer games are so much more fun when you get to talk about it afterwards over a beer or a mountain dew or whatever the hell you want to drink: "dude, that one part where you bounced off my rocket over the lava and onto jimmy's head was RAD!" "yeah, rad". i know, sounds lame, but you all know it's fun.
basically, i'm giving a call to gamers to quit being lazy sax of shznit and start organizing LAN parties in your town: they kick ass, and you could probably use the socializing (if you're anything like the hermits i normally party with)!
thanks for your time, sorry if i was overly-crude
grizzo: totally insecure, but very convenient.
Oh wow. I just got back into Dallas from Siggraph 30 minutes ago and discovered my mailbox filling up with emails from the /. side-effect. Just a couple quick comments on the discussion....
0) This article first appeared in print in the June 2000 Issue of Game Developer Magazine.
1) I didn't come up with the title. I honestly couldn't think of a catchy title, so I let my editor come up with one. As far as nit-picking over the useage of "Hacker" and "Cracker" - don't sweat it. Yes, I know the difference.
2) The most important point in my mind is that multiplayer cheating hurts other human players and is an order of magnitude different from the things we do when playing solo (single player) games. When a person realizes they are on the receiving end of a cheat - that another human being wants to do that to them - it's a hugely distructive feeling.
2a) People walk away from games and badmouth them to their friends when they think they are getting screwed. The better selling your game, the more this matters.
3) Many people have been emailing me and posting about things I didn't cover. I really appreciate it though I do already have some of it. When I wrote the article I had to keep it to about 7000 words, so I only got to cover about 1/2 of what I wanted to. Given the reception it has received, there will likely be a second article on the topic.
3a) Keep the comments and emails coming - I will try and respond to all.
That's all for now. I really appreciate everyone's input and thoughts on the matter.
-Matt Pritchard