I'm working on a very RPGish project right now, but not leaning much towards a MMORPG at all; it's more geared towards smaller groups of players interacting at a time, though intended to handle considerably larger numbers over time. This puts me in something of a tricky position, because for such a game both a central game server or a downloadable, player-runnable server would both make sense. A central server appproach would have several advantages, such as keeping character saves all in one place that would be relatively secure, but has the rather hefty problem of requiring, obviously, a central server! Letting players set up their own servers would actually be preferable, as I see it, except for the fact that it presents a problem with character saves... since players would have ready access to them, even if I encrypted them somehow (and I have very limited knowledge of encryption techniques to begin with) it would still be all too easy to edit them if a skilled cheater put their mind to it, and once the format was figured out just about anyone would be able to edit them freely.
A middle-of-the-road solution might be to let players download servers but keep player data (or at least some sort of player verification data) on a central server whose sole purpose would be to keep track of character files, thus making cheating a lot harder. This sort of server would probably be far less demanding and thus a lot more feasible for me personally to run, though still I'm not sure I could promise a particularly dedicated server for the task. (Plus, there's always the factor that then I'd have to read up on server-to-server communication, and I'm lazy).
Anyone have any thoughts/comments/suggestions on how I should go about this?
1
2
ID:154307
Jan 20 2002, 7:32 pm
|
|
Jan 20 2002, 7:53 pm
|
|
I would not allow players to keep the save files, for sure. I have built a sav-file editor, for TextMUD debugging, that takes a sav file in one end and spits a txt file out the other end. You could see the whole format and what all of the values are... and edit them to your will, because the .txt file is then put through a parser and spit onto the browser as an easily editable html file. If I can do it, somebody else can, which points the finger at the central server choice. Good luck, Leftley!
|
In response to Lord of Water
|
|
Lord of Water wrote:
I would not allow players to keep the save files, for sure. I have built a sav-file editor, for TextMUD debugging, that takes a sav file in one end and spits a txt file out the other end. You could see the whole format and what all of the values are... and edit them to your will, because the .txt file is then put through a parser and spit onto the browser as an easily editable html file. Actually, there are a few ways of circumventing that drawback... it involves hashing the savefile so it can't be read through ImportFile(). |
In response to Spuzzum
|
|
Tell me, how does one "hash" sav files so that they cannot be read?
|
In response to Lord of Water
|
|
Lord of Water wrote:
Tell me, how does one "hash" sav files so that they cannot be read? By reading the file in as text and adding to/subtracting from and/or modifying its byte code contents. |
Foomer's funky savefile ideas:
Repeat each variable in the savefile 3 or so times, then upon loading the file, compare each of the 3 or so variables and if they aren't all the same, abort and delete the file. I love that idea. Second, add certain numbers to each variable to keep them from looking like what they should. If a player has 272 hit points, they're going to search for 272! Add 784 to that number, and they'll never expect that they're looking for the number 1056... I like that idea too. And if they random test for numbers, the first one will get em! |
In response to Foomer
|
|
With suggestion 2 you would also want to make differnt ammounts of each var in the savefile and make them scattered throughout the file.
That way even if someone does figure out that there are 3 vars for HP, they wouldnt know that there are 5 Strength vars. It would probally help to change the order of the vars being saved each time you release a new version. That way if someone does manage to HEX Edit the saves they will have figure out all the locations again. But with the adding of a number to the var I dont think that would make it too much harder. Since they would only be searching for changes. These features would slow them down for sure, but not stop them. -DogMan |
Can I answer a question with a question here?
Is it at all posible in byond to move a mob between -servers-? Say BillyJoeBob918310 is running a server of the game, and MommaWheatums is playing on it. Is there some way to code it so MommaWheatums can go over a teleport spot, and be moved to a different server automaticaly? If this isnt possible, I think maybe someone should request that function @.@ I would really love to see an RPG that uses the same core. but splits the map and contents over multiple servers (IE You can run some maps, and your friend down the street can run a few maps too, and players can play on either or both if thier up) Itd prolly take a bit of effort to get to work, but I really think itd be great ^^ My own view of byond games is starting to shift. No longer in my mind are they just games, or self contained worlds as they were when I first found byond. For some reason Im starting to think of them as a group of interconnected personal 'rooms'. Nothing to do with my comment/question above, it just seems that way to me ^^; Oh well.. school time x.x; maybe Ill pick up the d2 battlechest today... Elorien |
In response to Elorien
|
|
Elorien wrote:
Is it at all posible in byond to move a mob between -servers-? I believe there is a demo on something similar(Sending messages between worlds) and I think its basically the same idea. You Export the client, and then Import it from the other end. I haven't really messed around with it, so thats all I can really tell you. Alathon |
In response to Elorien
|
|
I have messed around with this a little, adding functionality to TextMUD... it's all text, so I'm not really "transporting" things, but I still managed to create a functional lobby that could lead you to any games that are open and tell you if they are closed or open, who is GMing, how many players, etc. The biggest problems with it are that it does not look up to par with the flashy new release 2.5 pizzazz (I'll have to update it), and it would need a central server to keep track of messages exported from the various worlds.
|
In response to Dog Man
|
|
The other option would be to make it not matter so much. If they hack their files, it annoys their friends, and maybe even gets that character-name banned from the game.
That, of course, would only work in user-hosted RPGs, not MMORPGs. |
In response to Foomer
|
|
Foomer wrote:
The other option would be to make it not matter so much. If they hack their files, it annoys their friends, and maybe even gets that character-name banned from the game. That's one of the reasons that I might just go with player-hosted servers anyways. Maybe I'll add in a couple safety measures to the saves, then make the only consequence of breaking them be that your character is branded with a "hacked" tag. Although making character hacking harder is one way to slow down cheaters' progress, simply removing most of the motivation could potentially work as well--it's not like they're fooling anybody when their two-week-old key has a level 800,000 character on it, so quite a few would simply settle for the easy but visible hack and not really poke around much further. |
In response to Spuzzum
|
|
Spuzzum wrote:
Lord of Water wrote: Yep, but this is still fairly vulnerable to cryptanalysis attack. Soon, I hope, there will be a library to easily provide for this and more robust forms of encipherment for savefiles. Whoops, there I go again, announcing mostly vaporware! Back to work... |
In response to Alathon
|
|
I need to look at that demo, but what I really need to know is if it has a way to find a world of a certain name and to send over certain information along with the client...
|
In response to Foomer
|
|
thats what I mean too. Just moving the -client- isnt gonna help much if you cant move the mob (or a save file from the mob) with it.
One idea that just popped up (I dunno if it works in byond) but if you have to have a central server to deal with the messages between different play servers, have the central server deal with saving as well... Oh well.. Im confused enough as it is right now x.x; stupid business english classes >.< Elorien |
In response to Air Mapster
|
|
Yep, but this is still fairly vulnerable to cryptanalysis attack. Soon, I hope, there will be a library to easily provide for this and more robust forms of encipherment for savefiles. Whoops, there I go again, announcing mostly vaporware! Back to work... Heh. Actually, I already have a system of encryption working on my end -- the only real problem is that if it ever encounters a case where the byte would be modified to be a 00 byte, it has to set it to 01 to avoid EOF, and that messes up the decryption process by one byte. I'm thinking of other interesting possibilities, though, since I've been hammering off code snippets for my code snippet database like there is no tomorrow. I think the count is up to 30 of my own personal homemade code snippets that are completely self-contained in a proc or two. Some are just command aliases -- round_down(), for example. Others are more interesting and powerful -- bell_curve(), as another example. |
In response to Spuzzum
|
|
Spuzzum wrote:
Heh. Actually, I already have a system of encryption working on my end -- the only real problem is that if it ever encounters a case where the byte would be modified to be a 00 byte, it has to set it to 01 to avoid EOF, and that messes up the decryption process by one byte. One easy way around this is to convert the bytes to numbers, then convert the numbers to hexadecimal, appending to one large hex string. It doubles the size of your string, but it's a pretty standard practice. I've got an implementation of RC5 encryption working this way, and hopefully quite a few more algorithms when my copy of Applied Cryptography arrives (hopefully today). I wonder if I should release the hex2dec and dec2hex functions now... though I suppose you've probably already got those in your snippet database. ;-) |
In response to Air Mapster
|
|
I wonder if I should release the hex2dec and dec2hex functions now... though I suppose you've probably already got those in your snippet database. ;-) Nope... those are in my currently unreleased colour2html library. ;-) |
In response to Spuzzum
|
|
Spuzzum wrote:
Nope... those are in my currently unreleased colour2html library. ;-) I thought I saw colour2html() in one of your libraries, s_smiley maybe? I just wish you would spell it right, you silly Canadian! ;) |
In response to Shadowdarke
|
|
I thought I saw colour2html() in one of your libraries, s_smiley maybe? I just wish you would spell it right, you silly Canadian! ;) Believe me, I was strongly debating whether or not to spell it "color", so those backwards Americans could use it without making typoes, or "colour", to stick my nose up in the face of adversity. Maybe I'll just make an alias, color2html(), which calls the proc. ;-) Anyway, to refer to your actual question -- s_damage uses it, but I was planning on breaking it off, because I can conceive of many uses, not just to colour damage numbers. [edit] The most notable use, which requires dec2hex() and hex2dec(), is to make text strings that shift from one colour to another, purely for aesthetic euphoria. ;-) |
1
2