Minecraft does something similar, though it's by no means the first game to split the game engine from its interface in such a way. The "cheats" would then work on the server side. Since you also want to use the same client for the single-player game, a solution would be to run a local server in a separate process/thread and treat it internally as a client/server setting. This won't stop people hacking each other via malformed messages relied by the server - your client needs to guard against messages from the server same as you would guard your web sites from SQL injection attacks. This won't stop automation and this won't stop passive information gathering and analysis, but you can design your game such that these don't have a significant impact. Really, the only way to beat most cheats is to have the client be a "thin client", that is: To only act as an input and output device, and to never give it more information than it precisely needs. That's above what I would personally consider the average level, and if you do want to be worried about that level then a separate trusted server which does all the heavy lifting is required and the client will boil down to essentially just being display and input devices.
#ROBOTEK MULTIPLAYER CHEATING CODE#
So the question is, how average is 'average Joe'? You've already mentioned code editing and memory editors. For instance, the movement validation I mentioned before: If you do a simple point to point calculation people may still be able to teleport through walls. Even with one, it is still possible if you don't think through all the different ways to manipulate the situation slightly. Without a server in the middle doing everything that is vital to the game, it is impossible to not have cheating, because someone smart will always find a way around anything you can build into the client. For instance, don't allow the client to say that they want to move to one side of the map when you know they were on the other side a moment ago. All calculations should be handled on the server and all actions verified as being at least somewhat possible. The only way to do what you want is to have a server and simply not trust the client at all. If you are worried about locally modified code, then how can you be sure that someone hasn't simply modified your notification code to send a static list of MD5 hashes, the same ones you expect? In fact, you don't even need code modification to do this, you just need a fairly basic proxy (assuming no SSL, but even that could be faked with a bit more effort).
0 kommentar(er)
