Technical solution to eliminate desync in single-player sessions

"

gonzaw wrote:

"

qwave wrote:

ScrotieMcB: I writing am the code for this full system right now. It will prove that you cannot modify the packet, and that the server can detect any sort of cheats, speed hack, etc.

You are not understanding how the seed is used in conjunction with the timestamp. The code will explain it in more detail.

I won't accept a proof until you post a paper with the formal specification of the problem, and prove using a proof assistant that your code follows that specification!

:P

Since I'm actually not a coder — yeah, I can do the really easy "Hello World" crap from CompSci 101, but not a heck of a lot further — I wouldn't be able to code the hack required to foil qwave's little program. I think I'd (unironically) prefer the white paper.

"

qwave wrote:

No, each mob generates it's own seed once.

Definitely don't like this idea. It would mean that a simple seedview hack would be able to rather reliably predict the actions of a major boss (such as when Dominus would use Touch of God). Given the extreme length of pseudorandom number generators, why wouldn't you just use one seed for all of them?

And don't tell me seedview hacks wouldn't be possible, they'd be easy, they don't even need to spoof anything. It's pretty much just Wireshark with a specific filter.

ScrotieMcB: Once im finished, just download a compiler and run the code. To make a 'hack', just replace any of the numbers in the code. You will see that the program can detect any changes no matter what.

ScrotieMcB: Just because a mob uses a single seed it can still be generating it's own billions of random number combinations. The seed just makes it deterministic for the server/client.

All AI pathing in all games work this way. AI isnt actually 'intelligent', that's why its called artificial intelligence. It uses a seed to pretend that it's smart.

"

qwave wrote:

ScrotieMcB: Once im finished, just download a compiler and run the code. To make a 'hack', just replace any of the numbers in the code. You will see that the program can detect any changes no matter what.

LOL. As if hacking was that easy. No, the hack would have to analyze the situation to determine how to work its magic; the answer isn't 42.

Here you guys go, I wrote this code to show how the entire system works. This exact code could be used to drive the server/client communication. It 100% illustrates how this system works with a real example:

http://pastebin.com/raw.php?i=CAJY3D30


Features:
- The client/server have a shared list of mobs. The client can only attack a mob within range, or the server knows.

- The client sends a packet with a timestamp. If the client changes it, the server knows.

- The server can calculate every attack using the seed. If you run the code, you will see output for every attack value.

- Floating points are not involved in determination, so this is 100% cross-platform. Even if that was coded in C++, it doesn't use floating points for determination.

- The client only sends the action to the server, it does not need to send ANY output. The server can simulate all of it.

- It is 100% secure and unhackable. If you change ANY of the values, the server will know.


This is how modern games perform their synchronization.

"

qwave wrote:

ScrotieMcB: Just because a mob uses a single seed it can still be generating it's own billions of random number combinations. The seed just makes it deterministic for the server/client.

All AI pathing in all games work this way. AI isnt actually 'intelligent', that's why its called artificial intelligence. It uses a seed to pretend that it's smart.

Why would it be calling billions of anything? It's monster pathing AI, not a NASA launch. One, maybe two or three RNG calls per monster action (so perhaps 2-6 per second) would be enough.

And that still doesn't explain why calling all RNG from a single seed wouldn't be a better idea. I sense very inelegant code coming on... which, I should point out, was a major factor in my dropping out from a computer science program. The pure raw messiness I was handed when it came time to swap programs and build off of someone else's code... I just couldn't take it. (I was immature then.)

Scrotie: I was saying that it can generate as many random numbers as it wants after it has been seeded. The initial seeding is all that matters.


Anyway, the code demonstrates how to sign the packet with the seed. The server can detect if you're lying. If you modify this code in any way, the ServerValidate() function will recognize it.

"

The pure raw messiness I was handed when it came time to swap programs and build off of someone else's code... I just couldn't take it. (I was immature then.)

At least you can run it! Add print debugging, test inputs. Inelegant theory is worse. :)

It's not hard to download a compiler and run the code. If you modify the Packet instance at all, the server will know it. It doesn't matter what you do. This is because it's using a crypto on the timestamp + seed.

This code represents how modern security software works and how modern game synchronization works.

Need more info? Ask all the questions you need. I will expand the code as well if you need me to. I can write any amount of code that you need for me to prove a point.