Raydium 3D Game Engine

Official forum for everything about Raydium, ManiaDrive, MeMak, ...
It is currently Thu Mar 28, 2024 9:37 pm

All times are UTC




Post new topic Reply to topic  [ 15 posts ] 
Author Message
 Post subject: faked score
PostPosted: Fri Sep 01, 2006 3:58 pm 
hey guys,

maniadrive is really fun .. but I wonder what's up with all the impossible scores?
Tracks with top score of e.g. 10 or even 1 second .. that spoils a bit the internet livescore!

I'm sure you can prevent people from spoofing high scores..


Top
  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 6:36 pm 
Offline
User avatar

Joined: Sun Mar 16, 2003 2:53 am
Posts: 2591
Location: gnniiiii (Scrat)
I'm afraid that we can't ... Every one is able to get sources and modify it, it's almost impossible to secure all this.

One of my plan it to add a "roll" over one month for all scores, it may help to clean the database from cheaters.


Top
 Profile  
 
 Post subject: To easy cheating
PostPosted: Fri Sep 01, 2006 9:00 pm 
HI!

I'm from Poland. I very like Maniadrive - you have done fantastic work!
Probably yesterday I modifed one file. I only wanted to check, how it is easy to cheat, because some of resoults are inpossible I think.
So... cheating in Maniadrive is very easy, to very easy. I know, how you can fix it, but I don't know where I should tell about it. On public forum it is bad idea, because it will be instruction how cheat anyway :lol:

PS. Sorry for my English :wink:
PS2. I can't do enything there, because I can't speak French. I can't registered, this post it is miracle!


Top
  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 10:28 pm 
Offline
User avatar

Joined: Sun Mar 16, 2003 2:53 am
Posts: 2591
Location: gnniiiii (Scrat)
The default language is now english.

About your anti-cheat system, it cant exists. You can contact me by private message if you want (or by mail), but beleive me : "open source" means "cheatable", that's it.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Sep 03, 2006 1:54 pm 
well .. i think it's doable ..at least results like 00:00:01 could be prevented.
but you would probably have to change some things in the server and clients (I haven't look at the source at all).

The easiest thing which comes to my mind is that it continuesly sends data from the client
to the server. e.g. start time, checkpoing 1 .. n time and finish line time. Then the server
does some calculations whether the times are sensible...

It just doesn't make much sense to have internet scores and nearly all tracks have
very impossible best scores. How do other open source games with live scores do it?


Top
  
 
 Post subject:
PostPosted: Sun Sep 03, 2006 2:08 pm 
Another fraud prevention idea:

Everytime a car passes a checkpoint it contacts the server and says "checkpoint N
reached'.
The server replies with a random N-bit token. The client concatenates
all tokens from all checkpoint together and has to send it together with the highscore
at the end when the final is reached. The highscore is only accepted when the concatenated
token stream is what the server expected.

that should work unless the fake client can emulate that the car drives through the checkpoint ..


Top
  
 
 Post subject:
PostPosted: Sun Sep 03, 2006 3:11 pm 
Offline
User avatar

Joined: Sun Mar 16, 2003 2:53 am
Posts: 2591
Location: gnniiiii (Scrat)
All theses methods can be compromised easily with a faked client, and will require **much** more bandwidth that we can offer ...

Other open-source games with live score (there's not a lot of them) have the exact same problem. Some of them refuse scores when they're sent thru a "recompiled" client, and I don't want to do this (for me, "free" means thant I've the right to compile my game, obviously).

Again, IMO, the only simple answer here is to cycle scores over time (one week rotation ?) so faked scores disappears quickly.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Oct 27, 2006 6:24 pm 
Offline

Joined: Fri Oct 27, 2006 6:08 pm
Posts: 1
Location: Brussels [Be]
:idea: A good thing is calculate the minimal possible time on each map (maxSpeed x lengthOfCircuit) and don't accept absurd time when they are submit on the server.
Than can't stop cheater but respect the integrity of database as minimum as we can. :roll:

:idea: An other idea is to collect the replays of the new records ...


Top
 Profile  
 
 Post subject:
PostPosted: Fri Oct 27, 2006 7:15 pm 
Offline
User avatar

Joined: Sun Mar 16, 2003 2:53 am
Posts: 2591
Location: gnniiiii (Scrat)
With a complete (and complex) physics engine, you can't summarize track time with "(maxSpeed x lengthOfCircuit)" :)
Btw, our main problem is not really people who post times of 0 or 1 seconds, but people posting fake scores very close to the best time of a track ... And a replay is easy to fake, too.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Oct 28, 2006 12:34 pm 
Offline
User avatar

Joined: Thu Sep 29, 2005 2:59 pm
Posts: 828
i vote for registration.
The user will have to registrate to get its highscores be added to the "registered users" (the current highscore will be working as well).
The registration will be done putting the email in the game, and a confirmation email will be send.
Aftr confirmation, the user will have to put its name and password in the options menu of the game.
And one more thing, each month the best highscored users will be challenged by a maximun of 3 players (if more than 3 players want to beat the leader, the high scored ones will be the chosen ones).
If a leader is beaten, its highscore will be deleted.
Also when a leader loose one of those challenges, the replay will be available in the web to honour the victorious challenger.
The challenger won't be upgraded to the top of the list.

Well, this is just one more of my strange ideas :P Don't take it too much serious.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Apr 25, 2007 5:30 pm 
Offline

Joined: Wed Apr 25, 2007 5:03 pm
Posts: 3
Replays from registered users are quiet enouth i think, at least in xmoto it work quiet well. When you beat the record you can upload the replay wich is then checked by the site admins for aproval.

As usual with this kind of problem you have to juge the attacker. Here it is probably some 13 yo kiddies wanting to play l33t, no need for anything big to stop them. Doing a fake replay is sure possible, but it won't be easy in particular if it have to convince a human afterwards. I doubt anybody would spend days making a false replay just to become leader at some fairly unknow game (no offense meant). Plus if some lamer really waste their time doing false replay one could just show the state of a few key things (whell angle, output power of the engine, brake state, etc) and any trick would be fairly obvious imho.

Plus being able to play against the best replay would be quiet cool :)


Top
 Profile  
 
PostPosted: Wed Sep 26, 2007 9:51 am 
Offline
User avatar

Joined: Thu Sep 29, 2005 2:59 pm
Posts: 828
I have an idea to get real scores.

Under the 100 best times the scores can be directly uploaded as currently (no anti-faked system).

In the 100 best times we can do the next:
The realtime input(keyboard and joystick) of the WHOLE RACE has to be saved. Then that input is compressed and sent to the score server. A second machine (or the main if it is idle) will have to replay the race with the input data, and the score will be the resulting score IN THE REPLAY MACHINE, not the client machine. As this replay won't be playable we can make a few tweaks like remove graphics, make the frametime near 0ms and such things. I think a 1 minute race can be simulated in less than a second or two.
With this system we could make an anti-faked scores really hard to crack.

What do you think?


Top
 Profile  
 
 Post subject:
PostPosted: Wed Sep 26, 2007 3:45 pm 
Offline
User avatar

Joined: Sun Mar 16, 2003 2:53 am
Posts: 2591
Location: gnniiiii (Scrat)
As said somewhere else, it's very hard to make ODE deterministic, so the same input will not exactly repeat the same situation.

Short story : currently, we can't generate input driven replays, only "positional" replays.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Oct 20, 2007 6:18 am 
Offline

Joined: Sat Oct 20, 2007 6:10 am
Posts: 5
Xfennec wrote:
As said somewhere else, it's very hard to make ODE deterministic, so the same input will not exactly repeat the same situation.

Short story : currently, we can't generate input driven replays, only "positional" replays.


requiring a replay upload with a high-score would help a lot regardless. Maybe someone could manually check the replays for all the official tracks (that come with the game) before new records are accepted. (I don't know the rate at which they're beaten... I haven't finished the "story" campaign yet.)

I could also imagine a way for someone viewing a replay to flag that it looks like a cheat. If a record gets more than 1 "fake" vote, someone with the power to take it down would review it.

You could have a volunteer for the position of replay verifier, or something, if nobody working on the project currently wants to do it.

No idea if these ideas fit into how things are currently set up, but I thought I'd suggest anyway.

_________________
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 25, 2007 7:22 pm 
Offline
User avatar

Joined: Sun Mar 16, 2003 2:53 am
Posts: 2591
Location: gnniiiii (Scrat)
Getting the community involved for "high-score moderation" sounds like a good idea to me. The right-way-to-do-it is a more complex problem. Perhaps can we create an area on the future ManiaDrive2 website were people "can vote for ban" of other players suspected to cheat. If the "ban counter" of a player exceed a certain threshold, the player accunt is banned (or reported as a cheater to some admins, like you said).

... could work, but It will probably require a bit a tweaking :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 24 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group