preventing multiplayer cheating - umd · 2019. 5. 1. · cheating attacks • reflex augmentation:...
TRANSCRIPT
Preventingmultiplayercheating
CMSC425.01Spring2019
Administrivia
• Finalhomework(Hw3)• Errata: Question2(a)hasabadheuristic.• Correctedhomeworkposted
• Finalmidterm• Prepmaterialonwebsite• Mondaywilldoreview• ThursdayMay8th
Today’squestion
Howtopreventcheating
Cheating…
• Frustratesplayers• Reducesingamepurchases• Causesplayerstoquit• Impactspaidplayerleagues
• Yourexperiences?
Considermoregenerally…
• Alwaysgoodtoconsidersecurity
• Howaregameslike
• Onlinebanking• Onlineretail• Socialmedia• Anythingnetworked
Cheating…
• Frustratesplayers• Reducesingamepurchases• Causesplayerstoquit• Impactspaidplayerleagues
• Yourexperiences?
• Howprevent?
Cheating…
• Frustratesplayers• Reducesingamepurchases• Causesplayerstoquit• Impactspaidplayerleagues
• Yourexperiences?
• Howprevent?
https://www.aimforest.com/cheat-detail/call-of-duty-ghosts-hacks-aimbots-and-other-cheats
PritchardonGamasutra
• Ifyoubuildit,theywillcometohackandcheat• Hackingattemptsincreaseasagamebecomesmoresuccessful• Cheatersactivelytrytocontrolknowledgeoftheircheats• Yourgame,alongwitheverythingonthecheater’scomputer,isnotsecure—notmemory,notfiles,notdevicesandnetworks• Obscurityisnotsecurity• Anycommunicationoveranopenlineissubjecttointerception,analysisandmodification• Thereisnosuchthingasaharmlesscheat• Trustintheserveriseverythinginclient-servergames• Honestplayerswouldlikethegametotipthemofftocheaters
Networkgamemodels
• Clientserver• Clientsoftware• Serversoftware
• Peertopeer• Identicalvs.differentclients• Withorwithoutlockstep
• Question• Howiscomputationshared?
https://developer.valvesoftware.com/wiki/Source_Multiplayer_Networking
Cheatingattacks• ReflexAugmentation:Improvephysicalperformance,suchasthefiringrateoraiming• InformationExposure:Clientsobtain/modifyinformationthatshouldbehidden.• Protocolcheats:Clientscaptureandmodifyordelaypackets• AuthoritativeClients:Althoughtheservershouldhavefullauthority,someonlinegamesgrantclientsauthorityovergameexecutionforthesakeofefficiency.Cheatersthenmodifytheclientsoftware.• Compromisedservers:Ahackedserverthatbiasesgame-playtowardsthegroupthatknowsofthehacks.• BugsandDesignLoopholes:Bugsanddesignflawsinthegameareexploited.InfrastructureWeaknesses:Differencesorproblemswiththeoperatingsystemornetworkenvironmentareexploited.
• https://en.wikipedia.org/wiki/Cheating_in_online_games
ReflexAugmentation
• Enhanceclientsoftware• Externallycapturepackets• Modifyclientcode
• Aimbot• Reflexenhancer• Howdetect?
ReflexAugmentation
• Enhanceclientsoftware• Externallycapturepackets• Modifyclientcode
• Aimbot• Reflexenhancer• Howdetect?• Checkclientexecutable• Analyzepackettraffic
InformationExposure
• Accessanduseinformationnotentitledto• Infrastructure-levelcheats
• Whatmightacheatuse?
InformationExposure
• Accessanduseinformationnotentitledto
• Whatmightacheatuse?• Keyvariables• Graphicshacks• Itemproperties• Physicsbehavior• Time(speedhack)• Ghosting
Keyvariables
• Lives,strength,health,etc.• Youhavetheexecutable– howfindthesevariables?
Keyvariables
• Lives,strength,health,etc.• Youhavetheexecutable– howfindthesevariables?
• Runprogram.• Ifnum_lives=5,searchforlocationswith5• Getkilled,findonethatjustdecreased
• Howprevent?
Keyvariables
• Lives,strength,health,etc.• Youhavetheexecutable– howfindthesevariables?
• Runprogram.• Ifnum_lives=5,searchforlocationswith5• Getkilled,findonethatjustdecreased
• Howprevent?• Encryptorprotectkeyvariables
Graphicshacks(removalofgameelements)
• Changelocalgraphicsrendering• Turnoffrenderingelements• Eliminatefog,walls,etc
Itemhacks
• Modifyitemproperties• Firingrate,accuracy,portionaction,itemfrequency
Physicsandspeedhacks
• Changecolliderbehavior• Changephysicsenginebehavior
• Controlgameclock
Ghosting
• Cooperationbetweentwoplayers• Onerunsasspectator• Informsactualplayeroflocationofotherplayers,etc
Protocolcheats
• Interferewithnetworkpackets• Packetsmaybeinserted,destroyed,duplicated,ormodified
• Suppressedupdate:• Acceptopponentpackets,suppressown,togetadvantage• Usesserverpolicyofinterpolatingandbackwinding• Preventbymonitoringpatternsofpacketdelay
Protocolcheats
• Interferewithnetworkpackets• Packetsmaybeinserted,destroyed,duplicated,ormodified
• Suppressedupdate:• Acceptopponentpackets,suppressown,togetadvantage• Usesserverpolicyofinterpolatingandbackwinding• Preventbymonitoringpatternsofpacketdelay
• Fixeddelay:• Delayallpackets• Localplayersseeinfofaster• Preventbylockstep,analysis,slidingpipelines
Protocolcheats
• Interferewithnetworkpackets• Packetsmaybeinserted,destroyed,duplicated,ormodified
• Inconsistency:corruptpackets• Time-stamp:postdatepackets• Spoofing:sentoutpacketsmasqueradingasotherplayer
DetectingCheating
• Signaturedetection- Detectingofcertainpatternsofbytesinmemory,checkedagainstadatabase(whitelist)• Heuristicanalysis- Statisticalanalysisofbehavior• Userreports- Informationprovidedbyotherusers
• 1.Metricsforbestpathonmap• 2.Navmesh process(R_D_Palgorithm,triangulation)
• 3.Walkableterrain• 4.Findpathsontriangulatedspace• 5.Configurationspaces• 6.Qualityofpath• 7.C-obstacles• 8.Minkowski sums• 9.Navmesh - grid,mulitresolution grid• 10.Visibilitygraph• 11.Medialaxis• 12.Randomizedplacement• 13.Rapidly-expandedRandomTrees(RRTs)• 14.L-systemplusturtle• 15.Fractaldimension
• 16.Randomizedand3DL-systems• 17.Particlesystems• 18.Flocking• 19.Mandelbrotsets• 20.Constructivesolidgeometry• 21.Shadingequation• 22.Bumpmapping• 23.Polygonalmeshes- basics,Euler'sformula
• 24.DECLdatastructures• 25.Perlinnoise• 26.A*• 27.Admissibleheuristic• 28.Multiplayercheatingattacks• 29.Forbiddenvelocitiesforcrowdmotion• 30.Fittingcubiccurvestodatapoints