Welcome Guest ( Log In | Register )

[ Big| Medium| Small] -



Post new topic Reply to topic  [ 5 posts ] 
    Amy
  Thu Jun 14, 2012 9:43 am
User avatar
Staff

Big Dumb Guy
Some of you might not know - I have an active MMORPG http://afar.ws

I want to add to this some minigames, which would replace point and click for getting materials to craft items etc.

The only real ways I can do this are HTML5 or Flash, and neither are particularly secure.

What I want to know really is:

- Can Construct 2 or Gamemaker be secured in such a way to make it at least difficult to hack? I used to play a game called Adventure Quest, which was massive, but easily hacked using packet editors.
- If not, which is the more secure?

I don't want to fall into the trap of gimping legitimate users just in the name of security. I don't want to hamper some peoples' gameplay just because a minority would choose to hack the system.

In terms of gameplay itself, would you play a game where you could say, complete Sokoban-like levels to get resources, knowing full well that other people will just be editing packets to get the same thing? Would you mind? What if there was a limit, would that hurt you or hurt them more?

Would you rather play a basic game, or a flashy but hackable game?


Top Top
Profile      
 

    rosareven
  Sat Jun 16, 2012 9:57 am
House Vidae
User avatar
Sponsor


Location: Australia
If the purpose is to make a particular aspect of Afar more interesting, like you said for crafting and getting materials, I definitely prefer the flashy game.

As for security, I honestly have no idea =( If said mini game is going to be sending data back to Afar main game, it might not entirely be the HTML5/Flash mini games' responsibility to handle security. The main game itself could have a certain rule that determines what data is accepted and what data isn't. That thought is no where near a practical solution but just tossing the idea out there.


Top Top
Profile      
 

    valkyriegames
  Sun Jun 17, 2012 7:43 pm
User avatar
Awesome Bro


Location: Australia
I think hacking is an inevitable part of games but you could build your game to be more resilient to it - eg disable trade - or have code to flag suspicious behaviour (eg levelling up 10 times in a minute. Also, couldnt you just encrypt everything you pass from the client to the server? Although if players were changing memory directly that would be a problem.... But shouldbt the OS stop this? Since each program eg the browser gets its own memory?

_________________
Image

Content Hidden


Image
Content Hidden


Top Top
Profile      
 

    Glitchfinder
  Tue Oct 02, 2012 8:40 pm
BEWARE: Glitchfinder's sense of humor sucks.
User avatar
Staff

Party Mascot

Location: Approximately 93 million miles from Sol.
valkyriegames wrote:
I think hacking is an inevitable part of games but you could build your game to be more resilient to it - eg disable trade - or have code to flag suspicious behaviour (eg levelling up 10 times in a minute. Also, couldnt you just encrypt everything you pass from the client to the server? Although if players were changing memory directly that would be a problem.... But shouldbt the OS stop this? Since each program eg the browser gets its own memory?


With regard to the last bit, that is the entire purpose of a little download called Cheat Engine. It is used to locate and edit active memory for any given game or application.

Wyatt, in respect to your problem, what you need is decent encryption/decryption. I'm not saying it has to be state of the art or anything like that, just that it has to be decent enough to prevent on-the-fly editing. The most basic example I can think of would be to do something like converting numbers to strings, taking the current time to create a seed, using that seed to "salt" the string (in this case entering randomized characters between the ones you want), and then prefixing the string with the seed you used (which should be the timestamp of when it was created) This would make it so that you could check to see if someone is using a packet editor (hey! they just sent the server a packet from a month ago. I know because the timestamp says so!). Further, it would mean that people would have to do significantly more work to create a valid packet. In fact, if you used Construct 2, while they would technically have access to the source code, it wouldn't exactly be anywhere near legible, even for an advanced programmer. I took a look at the javascript for my construct project, and before I would have any hope of understanding it, I would not only have to spend a massive amount of time reformatting it, I would have to essentially reconstruct what everything meant without help from the original variable names. (Because everything is obfuscated too) The best part is, with such a simple algorithm, you could change it in a minor way and leave an autodetect for older formatting that would flag accounts as having sent an illegal packet.

If you're curious about what the final code for a construct project looks like, you can find an example from mine here.

_________________

Just call me Glitch.


Top Top
Profile      
 

    Xhukari
  Wed Oct 03, 2012 9:43 am
User avatar
Member

Generic Townsperson
Did someone say Flash? :D
I know some defenses can be put in place to defend against edits, though this was done with Flash's shared object files... And I have no idea how he did it. But the later versions, most of the 'bigger' hacks which were done using Sol Editor and such, pretty much locked out the character because it was detected! (Murloc RPG was the game)

I'm sure similar defenses could be put in place, such as a timer to check how fast a minigame is finished, and if it is finished in under X seconds, then the player obviously hacked and you can bring up a message box saying it was detected, and not send it the data back to the main game.

No matter what defenes you put in place though, people will always get around it, and you don't want to mess around with your legitimate players *coughDRMcough*.


Top Top
Profile      
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 


Who is online

Users browsing this forum: No users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

We are an independent, not-for-profit game making community.
Homepage
Board Index
About Us
Downloadable Games
Free Browser Games
Games in Development
RPG Maker Support
Game Maker Support
Construct 2 Support
HBGames the eZine
Advanced RPG Maker
Site Announcements
Powered by phpBB © phpBB Group