Technical solution to eliminate desync in single-player sessions

"

// This is the client seed
var clientSeed = new Random(SharedSeed);

// This is the packet that the client sends to the server. If you modify it, the server can identify that it's fake.
var packet = new Packet {
Timestamp = timestamp,
Signature = Hash(clientSeed.Next().ToString(), timestamp.ToString()),
Target = mob
};

// This is the server seed
var serverSeed = new Random(SharedSeed);

// The server can now validate the signature to make sure this packet wasn't forged
if (Hash(serverSeed.Next().ToString(), packet.Timestamp.ToString()) == packet.Signature) {
Console.WriteLine("The client's packet is valid");
}
else {
Console.WriteLine("The client's packet is hacked.");
}

You're not really serious, are you? I can barely code and this is a joke. This doesn't even need a hack. It literally hacks itself.

Scrotie ... what? It hacks itself? The 'ServerValidate()' method represents the validation function that lives on the server (not the client).

You have guts posting code that's about to get combed over every way possible.

Comb over it all you want. I welcome it. =)

There are still a lot of things that it doesn't do yet, but I can add it in. The point is, the server can validate the packets.

Added some more example timestamp checks just to demonstrate how important timestamps are to this system, here's the revision:
http://pastebin.com/raw.php?i=UxKtqTKu


If I wanted, I could even have the client apply a timestamp to each of his actions/calculations. But that probably isn't necessary.

"

// The server can now validate the signature to make sure this packet wasn't forged
if (Hash(serverSeed.Next().ToString(), packet.Timestamp.ToString()) == packet.Signature) {
Console.WriteLine("The client's packet is valid");
}
else {
Console.WriteLine("The client's packet is hacked.");
}

This section literally looks at a variable on the packet, which could be any arbitrary number whatsoever, and hashes it with the next random from the random seed, then compares it. Thus, as long as random seeds are in sync, the hack can put literally any number there and have it pass validation. (I like 42. Let's go with that.)

I mean, I was expecting at least some kind of ornate calculation to see if the timestamp was within some kind of common-sense range, which still does absolutely nothing to prevent a hack whatsoever because any old hack can call DateTime.Now.Ticks, block the client packet, and send its own frauduelent packet, but there wasn't even that much.

Not to mention zero way to prevent a hack from remaining in sync in terms of which random number is being called next.

Do you know anything about computer security?

What is really scary about this thread:

* We don't know who actually knows what he is talking about or not
* We don't know who just speculates without/with basic knowledge
* We don't know who speculates without/with real knowledge

And most important

* We don't know who has practice knowledge than this is > all.

So, sry here is the internet failing because of the anonymity. If people really want to talk about it you have to give your background too. Or this is all pointless. Its not hard to convince people to believe that something will work. Its actually pretty fucking easy and if you do not believe it you somehow manged to ignore the RL completely.

"

This section literally looks at a variable on the packet, which could be any arbitrary number whatsoever, and hashes it with the next random from the random seed, then compares it. Thus, as long as random seeds are in sync, the hack can put literally any number there and have it pass validation. (I like 42. Let's go with that.)

Try it Scrotie, try it. Change the ticks and see what happens. The signature uses a hash of the timestamp. The timestamp between each snapshot is used as a delta. The server can validate the timestamp accordingly.

The timestamp time itself doesn't matter as much as the delta between each action.

Since you're confused, ill go ahead and add support for deltas, previous snapshots, and timestamp comparisons. But at this rate ill have coded the entire system for GGG. =P

The timestamp value doesn't matter because we don't want system clocks to interfere. That's why we are using deltas.

Scrotie, I added the delta calculator to the code. The server uses each timestamp to generate the delta. The delta is used to validate possibility:

http://pastebin.com/raw.php?i=1cjqe120


The timestamp is used to calculate the delta.

The client can hack the timestamp, but it would break the delta.

The client uses the timestamp to sign the packet.

The server uses the timestamp to generate the delta.


Therefore, the timestamp and delta have to be consistent, otherwise the server will identify a hack. Signing the timestamp means that the client cannot 'buffer' packets. Because the actions must coincide with the signed timestamp.

"

ScrotieMcB wrote:

You're not really serious, are you? I can barely code and this is a joke. This doesn't even need a hack. It literally hacks itself.

This kind of attitude pisses me off so fucking much. If a piece of code or mathematics or whatever is clearly wrong, you should be able to show it's wrong with a counterexample. Just do it, and the conversation ends, and you've clearly proven yourself correct.

If instead the provided argument does not have enough rigor for a counterexample to be constructed (maybe it's too handwavy or isn't specific enough), then state that this is the case and why.

If it's written like shit and unreadable, say why it's written like shit and unreadable. Make some intelligent point to further the discussion, or at least have the good sense to step out of the way.

qwave clearly is, at least the very least, putting thought into his posts. Of course he's being serious. He's spending time trying to develop and communicate an idea, and you're trivializing his effort. Regardless of whether or not his method is sound, you're being rude and unduly disrespectftul here.

As someone who has written several long and well-developed posts on this forum, who has clearly made an attempt to try to improve the game and community, I'd have hoped you would know that responding in such a dismissive manner accomplishes nothing.

I appreciate some good trolling when the poster clearly deserves it, but this shit has to stop when the intent of the post is clearly a constructive one.

Yes, you've made other intelligent counterargument in this thread, and I am taking your post out of context. However, it does nothing but add stupidity to what at least started off as a constructive intelligent thread; one that yielded interesting discussion and responses from GGG staff.

</rant>

EDIT: this was written before your most recent post.

EDIT2: as well as your edit of the quoted post.

The code now demonstrates how the server can detect:

- Speed hacks
- Distance hacks
- Packet spoofing
- Packet sequencing
- Target hacking

This covers all hacks, and the server is 100% authoritative because it performs the simulation using the delta, timestamp, and seed. The code shows the deterministic seed being used on the client and server to produce the validatable results.


Code:
http://pastebin.com/raw.php?i=1cjqe120