Vanilla List Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [VANILLA-LIST:2760] Quake1 client cheating
On Mon, Dec 27, 1999 at 04:18:13AM +0100, Mats Olsson wrote:
> > Pretty neat article at
> >
> > http://www.bluesnews.com/cgi-bin/finger.pl?id=1&time=19991226003141
> >
> > About cheats in the open source version of Quake1. Funny, didn't the vanilla
> > community fix client-hacking a long time ago?
>
> Not really. The bar was raised high enough to make it non-trivial. This,
> together with a smaller playerbase which is more interrested in playing the
> game rather than winning at all costs, means that the RSA authentification
> works for us.
From reading the articles, it's much worse than that.
The worst that can happen with Netrek is if you break the authentication
scheme, you can build a borg which does some things automatically for
you(shields, autoaim, infoborg stuff).
Quake on the other hand relies a lot on the client to process information.
It appears that the client actually determines whether a weapon hits or
misses.
On top of that, a lot of information is sent to the client. For instance
if a person is right around the corner, the client knows it, but just
doesn't display it. This would be like the netrek client knowing the exact
position of a cloaker.
Quake doesn't follow a pure client/server paradigm like netrek does, and
thus I think it's going to be impossible to solve this problem.
> > Maybe we should let them in on our "secret" relatively open solution.
>
> "There is some prior art in various unix games that would probably be
> helpfull"
>
> Maybe our "secret" isn't so.
>
> "The server operator would determine which versions of the game are to
> be allowed to connect to their server if they wish to enforce proxy
> protection"
>
> ... sounds pretty much like the netrek servers.
In another article on slashdot, Netrek was mentioned numerous times. (Well
I mentioned it a couple of times, so did Carlos and some others)
Carmack followed up with some of the specific issues, and mentioned "maybe
I will look at this nettreck that people have mentioned". So I don't think
he'd seen it before. :0
> > I hate to see a closed source solution to a problem that can be solved with
> > relatively open solutions.
>
> What Carmack proposes is just as closed as RSA - having a closed/trusted
> part in an otherwise open source system in order to handle validation.
> That it uses separate programs[1] is a detail which is pretty much
> necessary in order to let people compile their own binaries.
I'm sure they'll figure something out.