Technical solution to eliminate desync in single-player sessions

qwave, you make a compelling case.

As a layman, I must say that I have become a fast fan of your idea.

EDIT: I could have sworn Scrotie posted that map hacks are already possible in current Path of Exile. Did that get fixed?

"

qwave wrote:

SkyCore, did you even read any of my post? I'll sum it up based on your response:


1. The client receives a deterministic seed from the server in order to generate the snapshot. This seed allows the server to validate that the snapshot follows all the rules of the game.

2. During play, the client streams the snapshot progress in realtime to the server. The server does not need to validate the accuracy of the snapshot until the session 'ends' (The client disconnects, TPs, leaves the instance, etc)

3. The server then uses the deterministic seed to validate the full snapshot.


This is a proven software development pattern that is used in countless industries. I even provided a white paper which goes into further detail. What more evidence could you possibly need? What do you need me to elaborate on?

"

To trust a client with so much information is a gross violation of security.

The server validates the client snapshot at the end of the session using the deterministic seed. It does not 'trust' the client.

From the way i understand it in your plan, the client has all data needed to play a complete session. Perhaps you dont recognize the power of information. I could construct a program to show me everything that will drop in a zone as soon as its loaded, where its located, and full information of all obstacles.

"

qwave wrote:

"

And you expect that the client will return a response which is 'impossible' to fake or alter.

The client streams the snapshot using the deterministic seed that the server can validate. You cannot alter the snapshot without corrupting the deterministic nature of it.

On my computer i can alter any damn thing i want, including calls to your deterministic generator. Or lack of calls to it. Its all just bits in memory which can be altered at will.

"

qwave wrote:

"

You claim that there is a magical technique utilizing timestamps and hashes which somehow guarantees its accuracy.

Yeah, here's some C# code to do it, there's nothing magical about it:

private Guid GetDeterministicSeed(string input)
{
MD5CryptoServiceProvider provider = new MD5CryptoServiceProvider();
byte[] inputBytes = Encoding.Default.GetBytes(input);
byte[] hashBytes = provider.ComputeHash(inputBytes);
Guid hashGuid = new Guid(hashBytes);
return hashGuid;
}

You can then use this to generate the next random number in a deterministic set:

new Random(GetDeterministicSeed("foo"));

Do you expect me to be intimidated by a simple function that computes a hash? Regardless of the code, it is being run by a foreign system whom can choose to execute any operation or not. Completely bypassing your seed as needed.
I can imagine a variable delay hack, allowing you to roll back time several seconds. When the client PoE executable thinks its doing something it instead is actually just putting it in a buffer. As far as your magic hash is concerned it has not happened yet until my hack reiterates its buffer contents.
Im sure i could come up with several other such violations of your 'immpossible' to fake system. And for every patch you add to cut out one vulnerability i could just find another way around it. On MY system i am god. And there is nothing you can do about it.
In your example you use encryption. In case you werent aware there are various laws against the transmission of such things through international borders. Or at least from stories iv read this is so, i may be receiving incorrect information. ;)

"

qwave wrote:

None of this is rocket science, trust me. =)

I agree. But once again i must state that your imagination is quite limited. It is not I who am failing to understand, it is you.

"

From the way i understand it in your plan, the client has all data needed to play a complete session. Perhaps you dont recognize the power of information. I could construct a program to show me everything that will drop in a zone as soon as its loaded, where its located, and full information of all obstacles.

The client must remain connected to the server and stream input to it in the same manner. At the end of the session the server validates the input. The server does not need to continually synchronize the client because the client is 'trusted' during the session.

The map/monster/item information would still be stored/generated on the server. The client would only be trusted with input that traditionally causes desync.

"

On my computer i can alter any damn thing i want, including calls to your deterministic generator. Or lack of calls to it. Its all just bits in memory which can be altered at will.

By altering the snapshot, the server would be able to see that you are cheating. So sure, you can alter it, but then your account will be banned.

"

Regardless of the code, it is being run by a foreign system whom can choose to execute any operation or not.

Sure, you can execute any code you want on your client. But it's all client-side and nothing will be 'valid' until you've sent it to the server. The server is the ultimate authority and will identify faults in the snapshot if you've altered it.

"

qwave wrote:

"

one cheat / hack that immediately comes to mind that you didn't address is map hacking

The server can store the mobs/map on it. The client only needs to be initially trusted for things that cause desync, such as pathing/combat actions. So map hack would not be possible.

How can the pathing and combat information possibly be segregated from the maps and mob location information in a meaningful way? Pathing and combat are a function of the map layout and mob location.

In your initial post, if I understand correctly, the method is basically to give the client-side the ability to generate an entire instance based on an initial random seed. This would completely remove desync from a single player instance. But as soon as you start withholding any critical gameplay data from the client-side, then you go back to having latency causing problems with desync.

"

Mark_GGG wrote:

This is not remotely feasible to implement on the scale of something doing as many calculations on PoE due to bandwidth

The client would still be sending the same amount of data. The server would not need to respond with synchronization data because the client would be trusted. This would result in significant savings in bandwidth.

"

Mark_GGG wrote:

and if it was, opens the door to incredibly easy hacks for simple things like the "stop sending data to fake disconnect when you die" so that the server never knows you died and thinks you disconnected just before then

I have addressed this by saying that there would need to be a Town Portal / Log Out timer of 3-4 seconds in order to prevent this sort of activity. Using a deterministic seed hashed with a timestamp ensures that the client's snapshots can be validated on the server to prevent cheating.

"

Mark_GGG wrote:

Nothing here is correct with regards to the functionality of the game. The PoE client is not a dumb terminal.

The PoE client IS a dumb terminal. It does not perform any of the calculations locally, and its only role is to send input and update the game state received from the server. This is the REASON it gets out of sync, because it is a -dumb terminal- that is not granted the authority to perform basic calculations on it's own. I have demonstrated with code and white paper citations that the client can synchronize itself as long as a deterministic seed is used.

Mark, it's clear that you have not read my proposal, or you do not understand the manner in which Path of Exile's synchronization works at a technical level. This may further explain the root cause of these desync problems.

"

Mark_GGG wrote:

If you want to know more about how PoE actually communicates between the client and server, I would recommend Chris's manifesto post (link incoming) as a good starting point.

If you're referring to his old manifesto post, I will say that as a layman, the post is not very convincing whatsoever in terms of why suggestions like qwave's can't be implemented.

However, as I am apparently repeating several times in this thread, I'm just a layman. So I don't know what really is or isn't possible here.

Just saying the average player would probably need much more detailed explanations of PoE's client-server communication to be convinced than the dev manifesto post.

"

qwave wrote:

Mark, it's clear that you have not read my proposal, or you do not understand the manner in which Path of Exile's synchronization works at a technical level. This may further explain the root cause of these desync problems.

Shit. Just. Got. Real!

I think it's great to see the true champions of desync come together on this issue. Deep down, this tickles the CS major in me :3

I must say, this is quite a fascinating read. KEEP GOING GUYS!

I'm getting the popcorn.

@qwave:
The Path client is not just a dumb terminal. If it were, you'd never get out of sync, instead you'd experience more milliseconds of delay on your actions. As an example, your client does not ask the server if it is allowed to move, it just tries to move on its own accord and tells the server that it is trying to move using the same input. You may be playing the game on the server, but you're also playing some of the game on both your client and the server, which leads to desync.