1
\$\begingroup\$

I'm working on a P2P game and I know I should never trust the clients. I my architecture, there is a "Master Server" that stores game room (host) informations. Players can create their own rooms (hosting) and play with together.

There is another server that is "Info Server", it stores character informations like inventory, level etc. Now, I need to make a stats table with kills/deaths and I have to get these kill/death events from host player (host player >> [event] >> master server). But I think host player can send a lot of kill events because it is authoritative, so master server will process/handle all events from the host player.

How can I trust these events? Can't a server just send fake kill/death events?

\$\endgroup\$
2
  • 1
    \$\begingroup\$ You've already answered your own question: "never trust the clients". Letting the player host the servers and preventing them from cheating is mutually exclusive. \$\endgroup\$ Commented Dec 14, 2014 at 21:02
  • \$\begingroup\$ @Philipp I mean other clients. There must be an autoritative client (master client). \$\endgroup\$ Commented Dec 14, 2014 at 21:42

2 Answers 2

Reset to default
1
\$\begingroup\$

As you already guessed, you can't trust any server or client you do not have under your control. So you can't send processed results. You have to send requests to the server, indicating the actions that lead up to these results, and verify these requests against the master server's knowledge of the rules of your particular game.

Even then, someone could hack the client and e.g. create aim-bots or whatever to make the game easier for them.

If your users run the servers, you can guarantee even less. The person hosting the server (or "master client" or whatever) could be running a hacked server, you can't know. So if that's your approach, you have to decide how much you want to trust them.

What is your motivation behind this P2P approach?

If the objective is that friends can play and have fun without having to do it online with others, or in more privacy, then it's probably fine, because a friend who runs a hacked server will get reprimanded by his friends. You just can't take any results from these off-line games and use them on your official server.

If the objective is to make it easy to find other players nearby for multi-player matches, you can just make the finding of the partners P2P, and then have each player send the unique ID of their team to the central server. You get easy discovery of P2P, and less cheatable gameplay of a central server.

If the objective is to save yourself from having to run a huge server, you could try to split up the operations across all users that are logged in. I.e. send out little units of calculation, maybe even unrelated to the game of the player whose machine is processing them. That way, nobody can predict who will benefit from any hacks they do, and if you have several computers perform the same calculation, you can find hacked servers because their results don't match.

Or you could simply forget about it, like many single-player games on iOS do. They simply let the user play the game, and then send the result to a high score server. Anyone can send their own fake result there (in fact, many iOS games these days have the first bunch of top high score spots taken up with ridiculously huge hacked numbers). But since the high score is mainly an encouragement to users and doesn't really affect gameplay or rewards you might get, it's OK in that case.

\$\endgroup\$
5
  • \$\begingroup\$ Cool! Also using a encryption (AES/DES etc.) isn't a solution for fake kill commands? Namely PlayerA kill PlayerB is a kill command. Hacker can create many commands like this one ie: PlayerA kill PlayerC, PlayerD etc. In this case, is encryption a solution? Thanks! \$\endgroup\$ Commented Dec 15, 2014 at 14:37
  • \$\begingroup\$ To send encrypted messages from the user's machine, the user's machine needs the encryption key. So a hacked version would have the encryption key, too. There is no way around having a trusted instance verify the commands somehow. E.g. by saying: Is the player's character close enough to the other player to shoot him? Has the player already moved this round and should we wait with processing the last "run forward" command until 1s has gone by? etc. \$\endgroup\$ Commented Dec 15, 2014 at 16:57
  • \$\begingroup\$ I really wonder how COD games works! There is a host player and COD network creates ranking/score table. Any suggestions around it? \$\endgroup\$ Commented Dec 15, 2014 at 19:51
  • \$\begingroup\$ No idea. Maybe they keep a transcript of the game and only periodically verify batches of that and reject a session if it doesn't match the rules? \$\endgroup\$ Commented Dec 16, 2014 at 11:16
  • \$\begingroup\$ Hmm, we need a spesific solution for this implementation. Thanks btw! \$\endgroup\$ Commented Dec 16, 2014 at 18:04
0
\$\begingroup\$

Is this question still active after nine years?

If so, ensuring that only the server is initiating these calls is good.

To further enhance trust, consider implementing authentication on the receiver's end to verify the legitimacy of the source.

\$\endgroup\$
4
  • 1
    \$\begingroup\$ How would you verify this? What algorithm would you use that will distinguish a cheater from non-cheater? \$\endgroup\$ Commented Feb 8, 2024 at 12:10
  • \$\begingroup\$ We've made sure only the server can make calls in first place. To double-check the passed data, I'll run some tests to ensure it's valid and within the right range. If everything checks out, I'll grab an authentication token and use it to call the info server. As long as the token's valid, the server will process the data. \$\endgroup\$ Commented Feb 8, 2024 at 12:35
  • \$\begingroup\$ So is your answer to the question "how to do this in P2P" to say "don't do this in P2P, use an authoritative server that validates each game action"? \$\endgroup\$ Commented Feb 8, 2024 at 13:00
  • \$\begingroup\$ To stick to the architecture of @PilawyerDev I would utilize the master server. Per definition this isn't a P2P game anymore because the room creation is being centralized on a master server. And to answer the question: How can I trust these events? Can't a server just send fake kill/death events? yes the server could - but the master server should approve the data by doing calculation or range checking or whatsoever. \$\endgroup\$ Commented Feb 8, 2024 at 14:17

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.