Slashdot Mirror
Multiplayer Game Cheating
Washizu writes: "Ensemble Studios programmer Matt Pritchard, who worked on both Age of Empires, and Age of Empires 2: The Age of Kings, has written an article for Gamasutra, the online game developer magazine, on multiplayer game cheating methods and prevention." A lot to say here about human nature. A lot of it applies to virtually any form of online human interaction: from games to, yes, even Slashdot's message boards. A very worthwhile read.
I for one deplore cheating on online games. For shame. I'd write more, but I've got to go log on with my other account and moderate this post up.
--Shoeboy
The article identified six types of cheating, but completely failed to identify any reasonable solution for the first one: reflex augmentation.
It is not terribly difficult to write a script to execute commands without the use of the mouse. In Quake 2, the only real effect was that some people had godlike aim - and this was usually pretty easy to spot.
But consider what reflex augmentation could do in Warcraft 2, for example. One could write a script that caused the "mouse" to "click" on your Town Hall and Barracks, automatically creating peons and ogres at a set rate, while you controlled everything else.
Would this even be possible to spot?? From the server side, it would just look like someone had insanely good reflexes. And, of course, it would be easy to tone it down just a little - occasionally have your script "mis-click" just to the left of the town hall, put in tiny delays, etc.
It seems to me that the only way to prevent reflex augmentation would be to force the player to play on someone else's computer with a very restrictive account... any thoughts?
"Beware he who would deny you access to information, for in his heart he deems himself your master."
The problem with the entire RPG genre of on-line games is that it isn't really the fun that hooks people in, it is the basic stimulus-response instinct that keeps people up all night playing Everquest or a MUD. By making you do things to get rewards (levels, new items, etc.), and by dishing them out a little at a time (with a fair ammount of randomization), these games tap into the same psychological conditioning scheme that makes old ladies spend their retirement checks all day at slot machines and BINGO games.
Since the satisfaction one gets in these games is usually the reward of a more powerful character, the mind begins to make the association of "better character == more fun", and cheating, or power-leveling, or "twinking" becomes very attractive.
The draw of these games is that they sort of let you live life in fast-forward. In a few dozen hours of gaming, you go from being a pathetic babe in the woods to being a massive warrior or wizard. Cheating speeds this up even more. It's a logical extention of the persuit of the goals the game establishes, really.
You don't often see the kind of rampant cheating that prevailed in Diablo 1 or Ultima Online when you are playing the FPS games. It seems that the shooters have acquired a sort of sports culture. To cheat at Team Fortress would be a lot like cheating at a pick-up basketball game. Neither side has more fun as a result, because the rewards of player-vs-player gaming comes from the joys of testing your skills against other people. Cheating in such situations is boring for both the cheater and the victim, even among younger kids.
It seems to me that the challenge that lies before those who wish to write on-line RPG's is to get a little farther away from the "kill monster, get a treat" format that is so common to these games. Good storytelling is helpful; nobody cheats at games like Myst. Creating a social environment that facilitates less of a "who's got the biggest *" mindset would also reduce cheating dramatically.
Mind you, I'm not saying that the typical hack-and-slash, smash-and-grab RPG does not have its place. I wore out a mouse on the first Diablo, same as the next geek. All I am trying to say is that game designers ought to start thinking beyond it, now that the current technology allows them to explore a lot of new avenues.
Information wants to be anthropomorphized.
In massively multiplayer online games, most notably MMORPGs, integrity is everything. If people can't trust the integrity of other characters, they won't bother spending the time to build them. I think a lot of attention needs to be paid about how to keep server-side certain pieces of critical data.
First, the tradeoff: anything you keep server side on a trusted server is safe. Anything you load client side you can assume for the sake of argument will be possibly modified by a player. So, let's take a MMORPG: you have characters, monster, and various abilities all interacting. What is responsible for the integrity? The server needs to be. First, the all important player character should be totally stored server-side. No information about stats/abilities/etc is kept locally, and the server never reads any from the client. It just sends a scenario and accepts commands. A pristine client interprets options from the server to provide an interface, but just because you locally manage to send a "super fireball" command when you only have a regular "fireball", doesn't mean the server should parse that. It should obviously return an error. (and probably flag you for some sort of observation, cheater!)
In any event, the dichotomy between client and server matches that between cause and effect -- never let clients dole out effects, only accept input.
On to the more difficult problem, which is when the information you pass to the client is more than they should have, based on the fact that you cannot transmit it as-needed due to bandwidth/cpu/latency limitations. This is where innovation needs to occur. Things like handing over partial maps, or possibly breaking maps/info up into smaller pieces and giving them all out encrypted, then handing decryption keys over real time. (And this would be an art in itself? Would 16-bit XORs work? Or would someone find a way to analyze all 65k combinations for consistency and break through in sufficient time to gain an advantage?)
In a game which was not time-sensitive, obviously, this stuff should be kept server side. For example, I've never played age of kings, but I've played HOMM2/3, which are turn-based strategy games. In those cases, all data could be kept server-side, other than the revealed portion of the map. Because the players play each turn in succession, time is not a real issue. A few seconds for pulling data is not that important.
Anyhow, good article. This is definitely one of the biggest problems facing MMO gaming, and as multiplayer becomes more important to games, and as more games go MP-only, this will be critical. Bandwidth and lower latency will help alleviate the problem, but there's a lot of room, I think, for clever protection from cheaters.
At WorldForge, we're doing exactly this. The client is made available in source code form so that the player can customize it to make it work better for them. And we make all of the server code available for download so players can look through it and discern new tricks for effective playing. If in doing so, they uncover a bug that can be taken advantage of to the detriment of other players, then they're welcome to make use of it - sometimes this is the best way to test out how bad the bug really is.
If I don't think the bug is worth my time fixing, then any players sufficiently bothered by it are welcome to download the source code to the server, find the area causing the problem, fix it, and submit a patch. If I disagree with their patch or otherwise refuse it, well then at the least they have the permission to establish a new server and compete with me. So I will probably work hard to make sure to include the patch!
So I guess a lot of stuff I see called cheats, I think really should be honestly called 'bugs', and responsibility placed with the programmers rather than the players. Some stuff - like denial of service or similar - that's just plain mean, and out of the server programmer's hands to prevent. But a lot of the in-game cheating is preventable via code.
Maybe I'm an idealist, but the best way to harness the creativity of cheaters, is, IMHO, to establish an environment where giving out fixes to cheats has as much glory as identifying the cheat in the first place.
We also strongly encourage (even urge) players to get involved in the game development process. Our present game server is written in Python, and we will encourage and allow extension of it by direct coding (the amount of extension is limited by the slowness of Python). Our next game server (being coded now - in C++), will allow players to design assemblies and mechanisms in-game, and automate them with scripting, among other things. :-)
And of course, since the client is open source, you're welcome (and encouraged) to automate your character as much as you want. (In my opinion, if the game is so simple that you *can* program a super-bot that wins consistently, then the game lacks adequate sophistication. AI programming is tough, and if allowing for this kind of "cheating" encourages lots of people to gain skill at it, then this makes the (game)world a more interesting place! Besides, programmers are cool and deserve an edge. *Wink*)
Bryce
Top Geek at WorldForge
Oh wow. I just got back into Dallas from Siggraph 30 minutes ago and discovered my mailbox filling up with emails from the /. side-effect. Just a couple quick comments on the discussion....
0) This article first appeared in print in the June 2000 Issue of Game Developer Magazine.
1) I didn't come up with the title. I honestly couldn't think of a catchy title, so I let my editor come up with one. As far as nit-picking over the useage of "Hacker" and "Cracker" - don't sweat it. Yes, I know the difference.
2) The most important point in my mind is that multiplayer cheating hurts other human players and is an order of magnitude different from the things we do when playing solo (single player) games. When a person realizes they are on the receiving end of a cheat - that another human being wants to do that to them - it's a hugely distructive feeling.
2a) People walk away from games and badmouth them to their friends when they think they are getting screwed. The better selling your game, the more this matters.
3) Many people have been emailing me and posting about things I didn't cover. I really appreciate it though I do already have some of it. When I wrote the article I had to keep it to about 7000 words, so I only got to cover about 1/2 of what I wanted to. Given the reception it has received, there will likely be a second article on the topic.
3a) Keep the comments and emails coming - I will try and respond to all.
That's all for now. I really appreciate everyone's input and thoughts on the matter.
-Matt Pritchard