lorfje
Messages: 28,
Joined: Jun 12, 2009,
Offline
|
|
lorfje
Messages: 28,
Joined: Jun 12, 2009,
Offline
|
Robin wrote:
lorfje wrote: Interesting info, but it remains a weak point that you can, in effect, undo a whole turn as long as you did not finish it.
Each of your actions are saved as soon you perform them, so you cannot redo moves that you've already done.
This, as I had noted, is not the case if the connection with the server is broken at the moment you end your turn.
You are then told that your game is out of sync with the server, and you have to reload the last known position from the server.
This means playing the whole turn again, from the beginning. This is not a very good solution.
|
|
|
Anonymous
|
No, I've never seen that happen or gotten that message. I lose connection all the time. Your moves are saved, you just can't end your turn until you reconnect with the server.
|
|
|
Anonymous
|
I am sorry to keep harpin on this. But if the random calculations are seeded from the server then that means that the client can "know" the results of the calculation in advance. It is therefore possible to hack the client so as to tell you in advance how much damage your attack will do and then let you decide if you want to do it.
Also, does the server verify that the random results reported by the client really do match the results that are expected from the "seeds" that the server maintains?
Furthermore, how does the "fog of war" work? Does my iPhone "see" the entire map, or only the parts that I can see? If it only "see's" what I can see then offline play would be impossible. If it see's the entire map then it can be hacked into "revealing" the entire map to the player.
The iPhone client is fairly difficult to hack (but not impossible) once we start getting other clients (such as a web browser) I think these will start to be serious security issues.
|
|
|
![[Avatar]](/images/avatar/e2c0be24560d78c5e599c2a9c9d0bbd2.png)
_jnc_
Messages: 60,
Joined: Jun 15, 2009,
Location: Switzerland
Offline
|
|
_jnc_
Messages: 60,
Joined: Jun 15, 2009,
Location: Switzerland
Offline
|
I'm not sure about the importance of this matter really. If someone thinks that climbing the ladder is worth hacking into the server then so be it. There will always be a way to abuse the game and there will always be some people taking advantage of it. Most players enjoy a fair game; do whatever is reasonable to prevent abuse and ignore the rest.
|
|
|
5200
Messages: 44,
Joined: Jun 13, 2009,
Offline
|
|
5200
Messages: 44,
Joined: Jun 13, 2009,
Offline
|
I agree. If you want a higher ranking you can just challenge yourself on several accounts over and over. If that's how you want to spend hours and hours of your life. It means nothing. I prefer my ranking to be low actually because people expect less of me and it's easier to execute a sneaky trick or two. But if your rank is high it's really easy to lose it anyway since someone of much lower rank gets a lot more of your score if they win than you do theirs.
But most important.. We're all just random aliases on a marginal game (sorry, love the game but it's not Halo!). Who really gives a &^# who's at the top ranking? Try bragging about that to your friends and family and see what they say.
|
|
|
krisse
Messages: 3,
Joined: Jun 19, 2009,
Offline
|
|
krisse
Messages: 3,
Joined: Jun 19, 2009,
Offline
|
if the random calculations are seeded from the server then that means that the client can "know" the results of the calculation in advance. It is therefore possible to hack the client so as to tell you in advance how much damage your attack will do and then let you decide if you want to do it.
AFAIK nothing is seeded from the server.. Only the current state of the game. Actually what you get is information on all the past turns you have taken and the client compiles that to show you the current state.
A turn goes somewhat like this:
1) The client receives info about the past turns and the client compiles this to show you the current state of the game.
2) You make your moves offline, your client calculates damage, unit loss, constructions, movements and other actions.
3) You send that info back to the server.
4) The server (or the client) does a consistency check, i.e. have you spent more money then you have, have you build more than one unit in the same base, have units taken more actions than allowed etc.
5) If all these checks pass your turn ends successfully.
Now, there are some things that the server doesn't check. And this is where an eventual hack would come in. What the server doesn't check is:
a) The outcome of a given combat between two units (damage done / damage taken).
b) The range between attacking and defending units (are they in-range for combat).
c) The distance units move (have a unit moved longer than it's supposed to).
So, in theory, it is possible to modify your game data client-side changing all of the info in a), b) and c) to your advantage.
I can only speculate that the checks a), b) and c) are skipped because it would take considerably more calculation power to do range checks than to simply check if variable1 < variable2. I.e. if (Number of actions) > (Number of actions allowed). Also, as people state, the damage calculations are quite complex, so keeping all server-side algebra to simply doing greater-than-or-equal-to operations probably saves them a lot of CPU time.
I don't know how this problem, if it really is a problem, could be overcome. I guess some kind of encryption would make it less interesting for hackers in the long term, as they would have to decrypt the game-files every time they anted to cheat. Also more server-side checks could be an option, but could also be a costly one for developers. I don't know.
|
|
|
krisse
Messages: 3,
Joined: Jun 19, 2009,
Offline
|
|
krisse
Messages: 3,
Joined: Jun 19, 2009,
Offline
|
Looks like I ran out of space in the above post. So here is my disclaimer:
I posted this info so people interested in the matter could know the truth. I know that some things are better left untold, but I also believe that more and free information is better in the long run. There are available measures that can be taken to overcome these problems (if they are problems after all). And players have the right to know the rules of the game.
If a moderator thinks the post is unsuited for a forum like this, please, by all means, delete it.
|
|
|
magic molly
Messages: 72,
Joined: Jun 21, 2009,
Offline
|
|
magic molly
Messages: 72,
Joined: Jun 21, 2009,
Offline
|
Why would that be unsuitable for the forum?
About the hacking: it's easy enough to hack the game once, but for multiple hacks i'd doubt anyone would find it worth it. Most of the losers doing that sort of stuff are still stuck messing with runescape, and the rich ones are messing with WoW. While it does need looking at, the current state makes it that the turns taken on your iphone are saved in the client, and then authenticated by the server (afaik). Therefor, it doesn't matter if you download your turn and walk out of wifi, your turns still can't be undone.
The only way i know of to execute something like this would be to jailbreak the iphone, then plug it into the computer whenever you wanted to 'fix' a turn. Hell, if someone wanted to, they could probably 'fix' the app to run on a computer, and then 'fix' their turns more easily. Shitnutters. Just realized that. Ummm....
Anyways, i was going to say that this sort of thing might have been one of the obstacles in releasing a pc based client. Xpressed might not want this sort of hacking to happen, as it would be far easier if they put the game up for pc. But, as i just figured out, that can't really be an obstacle.
If i were trying to stop this sort of hacking, i'd put in really heavy server-side authentication. Also, it might be good to prioritize certain games (anyone higher than 2k points, tournament games, marked players), and if processing power is an issue leave the rest mostly alone. I really have no clue how easy that sort of stuff would be though, but that's my idea.
There, fixed it, now it shows as mine.
|
|
|
colin
Messages: 15,
Joined: Jun 11, 2009,
Offline
|
|
colin
Messages: 15,
Joined: Jun 11, 2009,
Offline
|
Without jailbreaking, without complicated hacking, I reset a turn once in a bot game (more for proof of concept and curiosity's sake than anything), leading me to confirm that yes, fights between two units in same circumstances will generate the same results. My concern is that this allows players to reset until they get a more favorable turn result, as well as gain information about terrain initially outside the fog of war. It would not shock me to discover that some players already utilize this technique.
I understand that it's more efficient (from the server standpoint) to have the device transmit all of the moves from a turn simultaneously when the player hits End Turn, but if at the very least there is some kind of an auditing mechanism on an installation of the game that randomly triggers--for a turn--the transmission of information move-by-move (to be compared to with the final set of moves transmitted by End Turn)... if something like this were in place, I would be more at ease.
This message was edited 1 time. Last update was at Jul 10, 2009 15:57
|
|
|
ahzdeen
Messages: 3,
Joined: Sep 17, 2009,
Offline
|
|
ahzdeen
Messages: 3,
Joined: Sep 17, 2009,
Offline
|
lion37 wrote: If the random calculation are really all done in the server (which I doubt) then that means you cannot play your turn offline and then just upload the result once your connection resumes. Not good.
If the random calculation actually take place in the client software then it is always theoretically possible to hack the client and make it work in your favor. This will be especially true once we get more clients (such as a web browser client, etc). Also not good.
This is a technical issue and I know exactly what I am talking about. Please consider eliminating all randomness from the game or you will have problems down the read.
I believe you have misunderstood Rolando's explanation. It would appear that when you connect to the server to fetch the game for your turn the first time (and you obviously have to make this connection or how would you see the results of your opponents turn) the game state returned includes a random seed - let's call it a luck factor - for each unit along with that unit's state. The client still performs the calculations, but those calculations are deterministic (all randomness happened on the server in the generation of the seeds).
That's a reasonably elegant solution on face value - the server can validate all damage calculations against the initial unit seeds thereby preventing "extra" damage-dealing. But it does suggest one evil hack to my mind. Assuming you could decode the incoming game state (packet sniffer on your router plus some clever coding) you could theoretically determine ahead of time which of your units will be more/less effective in a turn and use that to inform your tactical decisions. Not the most Earth-shattering hack of all time to be sure but perhaps an edge that would tip the balance in a close game.
I don't fundamentally disagree with your basic point lion37 - in fact the change you advocate was my #1 request item for UniWar 2.0. A true server-based multiplayer model that followed the golden rule of MOG servers ("Never trust the client!") would be better. But I don't think it's fair to overstate the flaws of the current design for effect.
|
|
|
lion37
Messages: 112,
Joined: Jun 13, 2009,
Offline
|
|
lion37
Messages: 112,
Joined: Jun 13, 2009,
Offline
|
Hi Ahzdeen,
I appreciate the discussion, but you quoted something I posted over 3 months ago. We have moved on since then... 
We know now that the server just seeds the client which then uses the seed(s) to generate the random numbers.
If someone wants to cheat, they dont need a packet sniffer or other such "heroic" measures. There is a very simple and quick way to play your turn and then to re-set it and play it over again. So anyone can see the outcome of the attacks (and also the fog of war) and then re-play their turn based on those outcomes.
The truth is there is no good solution for random attack factors. If the server seeds the client it is always possible for the client to cheat by showing the info to the player. If the server "rolls the dice" this will slow down game play and not let you play offline.
This is just one more reason (among many others) that I would like to see the random factors eliminated from the game.
|
|
|
ahbritto
Messages: 35,
Joined: Jun 05, 2009,
Offline
|
|
ahbritto
Messages: 35,
Joined: Jun 05, 2009,
Offline
|
The penalty for re-downloading the game again could be stiffer:
Currently:
Ther e is no penalty.
Change:
Your turn is automatically skipped with healing occurring and a global chat announcement is made.
If the message occurs a lot, you know someone is a cheater.
True, this penalize people encountering genuine sync bugs, but it is a rare price to pay.
-Arthur
|
|
|
lion37
Messages: 112,
Joined: Jun 13, 2009,
Offline
|
|
lion37
Messages: 112,
Joined: Jun 13, 2009,
Offline
|
That would help.
But suppose you know (or suspect) someone is cheating.
You are already stuck in the game with them past turn#3.
If you quit you lose points.
I myself have had to re-download the game several times in the past when I would get black screens.
The Random factors will never be "cheater free" and also they are just plain reducing my enjoyment of the game.
|
|
|
savior59
Messages: 53,
Joined: Feb 27, 2010,
Offline
|
|
savior59
Messages: 53,
Joined: Feb 27, 2010,
Offline
|
Lol at your icon Robin, sorry it isnt related but its just hysterical
|
|
|
radrx
Messages: 3,
Joined: Jun 23, 2010,
Offline
|
|
radrx
Messages: 3,
Joined: Jun 23, 2010,
Offline
|
A random component, even if relatively minor (as in this game) adds a good element to game play, in my opinion. If anything, I would prefer increasing the wieght of randomness in determining battle outcomes.
In "real" combat, there is a random component. Why shouldn't a combat simulation game have a random component?
As for the argument that the random component should be eliminated, for fear that someone might cheat by hacking into the game... that is not sufficient, in my mind. For example, are we also going to eliminate fog of war, because someone could do a hack-cheat with that?
|
|
|
|
|
![[Search]](/templates/default/images/icon_mini_search.gif){kind=icon}
![[Recent Topics]](/templates/default/images/icon_mini_recentTopics.gif){kind=icon}
![[Login]](/templates/default/images/icon_mini_login.gif){kind=icon}
Login
![[Post New]](/templates/default/images/icon_minipost_new.gif){kind=icon}
![[Up]](/templates/default/images/icon_up.gif){kind=icon}
