Technical solution to eliminate desync in single-player sessions

"

But the client would have full authority to reorder the actions any way it pleases in order to optimize the outcome for the player, as long as it followed the PRNG sequence.

The client will stream the snapshot to the server during play. Reordering actions like this would likely not be possible or optimal.

"

You could reverse engineer the seed, but this would have virtually no benefit because any action would roll the next number. As long as loot is generated on the server, you wouldn't be able to do anything useful even if you had complete recognition of the seed's state.

I'd worry that you might be able to do an attack on the seed data using a very limited set of initial actions, that might let you be able to predict, in a small window, the result of crafting operations.

Certainly letting each action "kick" the RNG state a bit is going to prevent that from being the case for any human-inputted set of instructions, but in combination with any sort of bot software you might be able to get enough control on it.

I think that would be very difficult to do, but I'm not convinced that it's impossible or not within reason (I've never written botting software).

"

syrioforel wrote:

"

ScrotieMcB wrote:

"

qwave wrote:

The server would identify the hack because the client could only cheat by generating data that is outside the scope of the deterministic seed. In other words, if your next hit is supposed to do 150 damage, and your hacked snapshot says you did 1000 damage, the server would be able to deterministically evaluate that this was not properly generated.

What is the server supposed to do when it desyncs from you?

The point of the OP's suggestion is that there is no sync performed at all. Data is uploaded and checked at the end of a session (instance, whatever unit of time you like), and then replayed later and verified.

There's no sync to be kept.

There's no way for the server to check against this if it's not receiving continual updates. Either the server trust the client — which means hacks — or the server verifies everything the client does — which means just as much desync as currently, but with the roles reversed.

This entire suggestion is a security nightmare and utterly unfeasible.

syrioforel, I would agree that all crafting actions should be performed on the server. I am specifically talking about combat/pathing that causes desync.

"

Tuoweit wrote:

"

qwave wrote:

"

What if the spell says I can deal between 100 and 300 damage and then I hack so that it always deals 300 damage and never 100 damage. How will the server know that I didn't tamper with the RNG rolls?

The snapshot you are generating must adhere to the deterministic seed that the server sent at the start of the instance. This means that each random number can be validated by the server. This is the mathematical nature of a random seed. In other words, your client would roll the same value that the server would roll using that seed.

But the client would have full authority to reorder the actions any way it pleases in order to optimize the outcome for the player, as long as it followed the PRNG sequence.

Computing even a single alternate sequence of actions that would collide with what you actually did would be very difficult.

"

There's no way for the server to check against this if it's not receiving continual updates. Either the server trust the client — which means hacks — or the server verifies everything the client does — which means just as much desync as currently, but with the roles reversed.

This entire suggestion is a security nightmare and utterly unfeasible.

ScrotieMcB, please do some research on deterministic random number generation. It's easily possible and is done constantly on numerous online games.

I am not saying that the server trusts the client, I am saying that the server should only perform the actual validation until AFTER the client leaves the instance. In other words, desync will not happen because the authoritative checks do not happen until the end.

"

qwave wrote:

syrioforel, I would agree that all crafting actions should be performed on the server. I am specifically talking about combat/pathing that causes desync.

I can't see any way for foreknowledge to be particularly useful in combat. For pathing alone, this is also fine. For map data, you'd have to be careful to not allow maphacks. However, I don't think you were mentioning map data necessarily.

Seems fine, then.

"

I can't see any way for foreknowledge to be particularly useful in combat. For pathing alone, this is also fine. For map data, you'd have to be careful to not allow maphacks. However, I don't think you were mentioning map data necessarily.

Seems fine, then.

As long as the map is seeded as the player explores it, map hacks would not be possible. In other words, the randomly generated number would change anytime a random number is rolled, which means that a single attack calculation would in effort 'reroll' the entire unexplored map, making it completely unpredictable.

"

There's no way for the server to check against this if it's not receiving continual updates. Either the server trust the client — which means hacks — or the server verifies everything the client does — which means just as much desync as currently, but with the roles reversed.

This is not true. If you have a log of the events (user inputs) as they occur, you can verify afterwards that everything happened as it should have, and bring down the banhammer should something shady occur.

You wouldn't want one large log sent to the server, since that would allow trial-and-error optimization of the game state, but you could get away with a much higher latency without exposing yourself to client-side hacking.

"

qwave wrote:

"

I can't see any way for foreknowledge to be particularly useful in combat. For pathing alone, this is also fine. For map data, you'd have to be careful to not allow maphacks. However, I don't think you were mentioning map data necessarily.

Seems fine, then.

As long as the map is seeded as the player explores it, map hacks would not be possible. In other words, the randomly generated number would change anytime a random number is rolled, which means that a single attack calculation would in effort 'reroll' the entire unexplored map, making it completely unpredictable.

I don't think maps are usually generated "as you go," but are done once as the zone is first entered.

It might be interesting to see a map system that does generate a map in pieces while still producing reasonable layouts.