0

Background

One problem with games using online highscore lists is that they often can be abused. The game sends the current score to the server and a cunning user can analyze the protocol/scheme and send bogus scores. That is why some highscore lists are topped with 999999 scores.

A common solution to this problem is to encrypt the score in some way, and on top of that put other mechanisms to recognize false scores. But even if you do this, it's the client that sends the score and the client is living in the user's computer and can be reverse-engineered.

My idea

I am designing/thinking about a game (that I will complete, yeah right :) ) where you configure your player/robot with instructions on how to perform a task (and when these instructions are to be carried out). When a "Go" button is pressed the game runs the instructions. Finally a result and, if successful, a score, is obtained.

So, how about this: Instead of submitting the score, the actual instructions are sent to the server, where they are run, using the same implementation. Then the server calculates the score and places the user on the highscore list.

The question

Are there ways this idea can be abused to get a false score?

I understand that this probably is not a new idea. But if it works, it wouldn't be impossible to extend it to other games too, where it is possible to record all user actions.

Community
  • 1
  • 1
Peter Jaric
  • 5,162
  • 3
  • 30
  • 42
  • 1
    Thoughts: 1) You would have to send a *lot* more data and it would put a lot more pressure on the server and 2) It is "better" in that it's harder to break but if someone is really dedicated, they can still do it. – flight Sep 21 '11 at 07:18
  • Be sure to add some kind of limit to the instructions so that you don't get DDoS-ed by your users. For example, writing an endless loop could easily be a problem. Adding a simple limit like maximum number of steps to perform, might help here. – Joachim Sauer Sep 21 '11 at 07:24
  • Yeah, the pressure/DDoS aspect is a dimension that I did not take into account.... – Peter Jaric Sep 21 '11 at 07:51
  • @quasiverse Can you expand your reasoning behind point #2? – Peter Jaric Sep 21 '11 at 07:52
  • @PeterJaric You are sending the events in your game rather than just a score and so someone trying to break it must work out what all of those events are and how to manipulate them which is harder than sending a false score (unless your game is *really* simple or your score is *really* complex). – flight Sep 21 '11 at 08:24
  • @quasiverse But I am thinking that, if they do, they are are sending correct solutions, and so are playing the game, albeit in a much harder way. – Peter Jaric Sep 21 '11 at 09:04

2 Answers2

1

People will always find a way to cheat, but this seems like a reasonable counter measure. You'll have to consider your intended traffic levels as your scheme will require more resources than if it was just recording the high score sent by the client.

But, as an aside - this game sounds an awful lot like my job (giving instructions to a machine so it performs some task). No high-score board though (although, that would be awesome).

JHolyhead
  • 984
  • 4
  • 8
0

as long as the robot program's behavior doesn't depend on the speed of the computer it'll be fine and if the programs are quite small at most a few kilobytes this would work fine; the only way i can see to cheat it is if one cloned the work space and ran a program to find the optimal program for the robot and then put it in and submitted it or if some one posted the solutions, and people used that but both of those issues can be solved with randomization.

(a note about the issue of speed dependent games, it's fine for the game to uniformly slow down if the computer can't run it at full speed but if the physics time step depends on the frame rate, you can get problems like the jump height varying with the frame rate)

Dan D.
  • 73,243
  • 15
  • 104
  • 123
  • Being worried about the frame rate dependence issue, I was thinking of precalculating the resulting sequence of events in the game too. Just to be sure. :) – Peter Jaric Sep 21 '11 at 07:56