Thank you Stormbinder!

Zapmeister · #1 August 11th, 2004, 10:00 PM

I want to respond a second time to these statements from Gandalf, because an intervening dialogue between myself and Zen has buried the original. My concern (possibly unfounded - if so please put my mind at rest) is that these statements are a justification-in-advance for an announcement that the vulnerability will not be fixed:

Quote:

Any protection from such rare cheating will cause alot complaints amoung the players...
... I think you should continue enjoying Dom2 and simply be abit more careful who you play with.

#2 August 11th, 2004, 10:11 PM

Quote:

I want to respond a second time to these statements from Gandalf, because an intervening dialogue between myself and Zen has buried the original. My concern (possibly unfounded - if so please put my mind at rest) is that these statements are a justification-in-advance for an announcement that the vulnerability will not be fixed:

You must really have a low opinion of IW if you honestly think that they would not fix an exploit to the best of their ability/time. You seem to be forgetting that Gandalf is ever the diplomat when it comes to these things. It's a safety blanket. It means that if an exploit requires too much work (as in a total revamp) it may or may not be addressed. Or any number of other circumstances. It also means there are alot of ways for people to cheat within the limits of the game engine (with the fatherland file, etc) and the currently limited cheat prevention code.

If you want peace of mind, you can know that IW is on it and has several answers already in place in the Last day(s).

As for the Flame Warrior's link. Come on man, unclench a little, I was not biting my thumb at you. Some people take everything too serious.

Zapmeister · #3 August 11th, 2004, 11:00 PM

Quote:

Some people take everything too serious.

Now this is a fair cop. Guilty as charged

Gandalf Parker · #4 August 11th, 2004, 10:39 PM

Quote:

I want to respond a second time to these statements from Gandalf, because an intervening dialogue between myself and Zen has buried the original. My concern (possibly unfounded - if so please put my mind at rest) is that these statements are a justification-in-advance for an announcement that the vulnerability will not be fixed:

Quote:

Any protection from such rare cheating will cause alot complaints amoung the players...
... I think you should continue enjoying Dom2 and simply be abit more careful who you play with.

If it turns out to be hex editing then there is no vulnerability to be "fixed". That would mean that he directly edited the files. A file can always be hex edited. If you want to see it just open a DOS window and use debug to view the file. (NOT recommended)

More checks and encryption could maybe be added if the devs wish but that would tend to cause alot of complaints.

Zapmeister · #5 August 11th, 2004, 11:07 PM

Quote:

If it turns out to be hex editing then there is no vulnerability to be "fixed".

Sure there is. As Esben (I think) pointed out, a server-side audit of the incoming 2h file can entirely eliminate the possibility of cheating by editing the .2h or .trn file. However, I agree that if Norfleet was regularly getting his hands on the ftherlnd file (Esben doubts this and so do I) then there's likely no practical fix.

Gandalf Parker · #6 August 11th, 2004, 11:38 PM

Quote:

If it turns out to be hex editing then there is no vulnerability to be "fixed".

Sure there is. As Esben (I think) pointed out, a server-side audit of the incoming 2h file can entirely eliminate the possibility of cheating by editing the .2h or .trn file. However, I agree that if Norfleet was regularly getting his hands on the ftherlnd file (Esben doubts this and so do I) then there's likely no practical fix.

I wouldnt call that a vulnerabilty. Only more checks. But thats all semantics. Basically thats the kindof accounting that is already in place. It would have forced him to spend his illicit gains every turn or have it caught by the cheat-check routine which apparently he did. Of course further checks can be put in (I think I mentioned that) but Im not sure if the processing time and harddrive space would a trade-off that will happen quietly. And that still wouldnt stop hex editing.

Esben Mose Hansen · #7 August 12th, 2004, 07:48 AM

Quote:

And that still wouldn't stop hex editing.

Sigh. Yes it would. It's like my server pages: You are told that no more games can be started. Of course, you could break out you hex editor and send in a request to have a new game made anyway. What happens then is that the server rechecks that the game creation is allowed, and stops the request. This is no different than casting a summoning spell: Done right, the client would sent a request to the server that caster A cast spell B. The server would then check that the conditions are met, subtract the used gems, and send the result back. (In practice, there would be several orders and so on, but the principle is the same.) '

I repeat: Given a trusted server, cheating can be limited to "better clients". If no trusted server exist, cheating is possible. Try looking in the KDE forums for KBattleship. Battleship --- such a simple game. But there is no way to make it cheat-free without a third part acting the part of the trusted server. Try me, if you want

And yes, I'm aware that this would require such a major redesign that it would not be feasible for Dom 2. But I, for one, are secretly wishing for a Dom3, and for that, it might be done right <tm>

Gandalf Parker · #8 August 12th, 2004, 11:20 AM

Quote:

And that still wouldn't stop hex editing.

Sigh. This is no different than casting a summoning spell: Done right, the client would sent a request to the server that caster A cast spell B. The server would then check that the conditions are met, subtract the used gems, and send the result back. (In practice, there would be several orders and so on, but the principle is the same.) '

I repeat: Given a trusted server, cheating can be limited to "better clients". If no trusted server exist, cheating is possible. Try looking in the KDE forums for KBattleship. Battleship --- such a simple game. But there is no way to make it cheat-free without a third part acting the part of the trusted server. Try me, if you want

And yes, I'm aware that this would require such a major redesign that it would not be feasible for Dom 2. But I, for one, are secretly wishing for a Dom3, and for that, it might be done right <tm>

Im not sure that going from a PbEM type game to a different style of gaming is a "fix".

Yes that would allow for MANY things to be fixed if all actions were interactive at the server. Of course even more would be fixed if you just went all the way to an Online world environment. Of course then you have to shift attention from hex editing to packet editing. Everything has its pros and cons.

Graeme Dice · #9 August 12th, 2004, 11:29 AM

Quote:

Im not sure that going from a PbEM type game to a different style of gaming is a "fix".

I'm not sure what you are saying here. There's no reason to quit having the game as a PBEM one to implement what he's described. In fact, I'm kind of surprised that it wasn't done that way in the first place.

Leif_- · #10 August 12th, 2004, 12:17 PM

Quote:

Im not sure that going from a PbEM type game to a different style of gaming is a "fix".

I don't think he's suggesting that the server checks everything inter-actively - just that all the rule verification is done by the server, and not by the clients.

The game would still be the same, but you would get rid of hex-edit cheating - as all the information in the turn files would be just player orders that the server would examine for legality (as opposed to just checking for validity and correctness.)