Fix Save Game Exploits!

Discussion in 'Suggestions' started by Kerchunk, Sep 19, 2011.

Thread Status:
Not open for further replies.
  1. Kerchunk

    Kerchunk Member

    Very disappointed to discover that simple save game exploits work just fine in DoD. Hope GLG will take the next patch or so as an opportunity to plug some of these holes.

    Even in Permadeath mode, you can simply Save & Quit before a Chest of Evil, then reload if you're not happy with the results - the one time I tested it, I went from getting an enemy to an amazing staff! I haven't tested this for all, but I assume this applies to every "random chance" object on a level - Lutefisk Shrines, Chests of Evil, Uberchests, Quest Rewards, etc.

    This means anyone can basically exploit their way to a win & high score, overshadowing "legitimate" efforts.

    Why not roll the entire dungeon at the start of the game? Every "random" chance result should be calculated in advance so no amount of Save/Quitting can change the outcome of any single event within a playthrough. Anyone attempting to change the outcome will simply receive the same outcome repeated.

    Given that the game has a finite length (10 levels), this is entirely feasible from a technical standpoint. 2 Anvils, 3 Quest Rewards, 2 Lutefisk Shrines, ~0-5 Chests of Evil/Uberchests, 0-5 Fountains - rolling this all from the start for all 10 levels would take no time at all and very little physical storage space in the save file.

    PLEASE patch Dredmor to make Save/Quit exploitation impossible!

    Then wipe the leaderboards again.
     
  2. Derakon

    Derakon Member

    My attitude on this is, bottom line, the game is singleplayer, so the only person you're cheating is yourself. The leaderboards aren't really all that interesting even if they aren't being exploited because the scoring mechanism counts experience towards your score -- thus, score tracks with willingness to grind rather than with skill.

    As for rolling the entire dungeon at the start of the game, you overlooked a few things, namely:
    * Lutefisk shrine rewards depend on how much lutefisk you've tithed.
    * Krong anvil boosts depend on the item type (e.g. procs can only be added to weapons and crossbows)
    * You should also for completeness's sake pregenerate every dispenser, random named weapon (e.g. the ones on islands), items in stores, chests, minifridges, etc...

    If you really want to exploit savegames, it's very hard to stop you. And it's difficult to see why the devs should go to all the effort for, again, a singleplayer game. Just for the leaderboards?
     
  3. Kerchunk

    Kerchunk Member

    The leaderboards aren't interesting to you. I find them very interesting and agree with your assessment of the scoring algorithm. However, I feel the algorithm should be improved so score is more meaningful as opposed to just agreeing that "score isn't interesting" and moving on...

    Personally I don't believe any games are truly single player anymore. Games create communities and communities want to interact, communicate, share and compete regardless of whether the game is actually "versus" or "multiplayer."
    We rarely do things for "completeness' sake" in the games industry; but in this case none of the things you mention vastly increase complexity or data requirements. Even rolling 2 (Archaeology) results per anvil for each of the 11 item types in the game is only 440 chunks - probably less than a kb on the save file.

    It's hard to stop 100% of exploits, but 99% can be quashed very easily. Right now we're sitting at ~30% or so, there's still plenty of low-hanging fruit to be had. As to the "why" - first it is just better design, second it shores up the integrity of the leaderboards (for those of us who ARE interested), and I think both of these combine to make the community healthier.
     
  4. Nicholas

    Nicholas Technology Director Staff Member

    I'm not that worried about the exploits, to be honest; there are much bigger problems that I want to deal with first. (Also, technically speaking, in permadeath mode you should be unable to save and quit and then have the option to re-roll an evil chest or whatever.)

    That said, we should at least deal with the evil and uberchests.

    EDIT: Although, wait, no, that's not true, either. If I roll an evil chest, and it's permanently rolled at the start of the dungeon creation process, then what's to stop me from opening it, finding the robot, then reloading and deciding not to open it? You can't win either way.
     
    Exile and Internets like this.
  5. 123stw

    123stw Member

    @Kerchunk
    Look, if a game is both run and saved on the client side (your machine), it is technically impossible to prevent cheating no matter what you put in. It is as simple as that. If you think preventing RND reroll can stop 99% of cheating, you don't know enough about cheating.

    The 3 most popular ways to cheat are save file edit, memory hack (cheatengine), or changing how the game function directly (modifying the XML). Okay save file edit with a hex editor is not easy, I give you that. And sure not everyone knows how to sniff out pointers, but anyone can open item.xml with note pad, find wooden sword, and change the damage to 999.

    And no I sure as hell don't want my saves on the server side, with invasive programs to monitor my desktop activities (ex. Warden, GameGuard) just for the sake of the leaderboard.
     
  6. Haldurson

    Haldurson Member

    What about some kind of checksum on save files?
     
  7. 123stw

    123stw Member

    @Haldurson
    2 problems

    Checksum has no affect on direct modification of the game. It only makes save file edit harder, but cannot do anything about modify item.xml or tweakDB.xml.
    It still can't prevent basic memory cheats like freezing my max HP/MP with a memory hack.
     
  8. Derakon

    Derakon Member

    Yeah, basically you're hosed unless you do everything online and all the player does is send inputs to you. Nothing the player provides can be trusted to be legitimate otherwise. Even with that, sufficiently dedicated players of popular games will figure out how to send inputs at a rate that an actual human couldn't, in order to abuse exploits in the game (WoW had/has this problem, for example).
     
  9. Haldurson

    Haldurson Member

    What about a checksum on the game files themselves? I know there's always ways ways for a clever, determined person to get around just about anything -- I'm just talking about dealing with the casual cheater.

    And all this of course goes out the door once mods are added (unless you disable recording scores for modded games).
     
  10. 123stw

    123stw Member

    @Haldurson
    I am not sure what you mean by "checksum" for xml. For savefile usually they can hide an encrypted number somewhere within the save itself which will makes editing it a pain with Hex Edit, but when exactly do you check the xml given this game (or vast majority of it) can be played offline? If you "checksum" only when achievement is being logged, then you can easily get through 99% of the game and save just before dredmor dies.

    It is far easier to just encrypt the xml if it isn't meant to be messed with. Vast majority of the people will not bother to download an external encrypt/decrypt even if it's publicly released. That's usually enough to deter casual cheat but not genuine modding.

    That said, memory hack is still too easy and it only takes a few hackers to ruin the leaderboard. You know God Mode, Infinite Mana, Infinite Skill Points, and the typical cheating stuff. And that is usually impossible to stop unless the calculations are done on the server side.

    I just don't think the leaderboard is worth the security it takes. It's way too much work/potential of mess up to make it even casually secured.
     
  11. Derakon

    Derakon Member

    By "checksum" he presumably meant something like an MD5 hash to detect if the game had been modified. But bottom line is, at some point you're going to have a transaction that looks something like this:

    Client: "Hey server! I got a new highscore to send you!"
    Server: "Hey man, great! Uh, I gotta check -- you're the unmodified game, right?"
    Client: "Oh, totally man, you can trust me! So here's the score: 999999999."
    Server: "Sounds legit to me!"

    You can encrypt all you want, but the keys have to be stored somewhere -- either in the executable, or in the network transaction. Either way, the player can sniff them out and then it's game over.
     
  12. Internets

    Internets Member

    Sort of what you wrote reminds me of the ability to leave and rejoin a single player game to find different loot on the vendor in diablo 2 or hitting esc and quitting before you died in hardcore. Sure you can use exploits to your advantage, especially in ANY single player game.. The best way to circumvent the exploits in a single player game is just not doing them yourself. Also, wouldn't you want each event to be random, so the game is more completely random. If you just randomize the entire game once at the beginning, how "random" is it really?
     
  13. 123stw

    123stw Member

    @Derakon
    Yeah I know checksum for an online game, but this game is run primary offline, unless you mean to embed the numbers in the exe making the game unplayable if modded. You can just ecrypt the whole xml files which is far more secure against casual cheat. Either that or make it check only when it tries to send information online (when you achieved something), but then it's clearly not being checked enough to prevent cheating through 99.9% of the game. The third option is to make it unplayable offline and the game must checksum with server once it is loading, I would personally hate to see this since my internet sucks and I usually play DoD without steam.

    The "once sniffed" can be overcome if they change the algorithm just a little bit each week.
     
  14. J-Factor

    J-Factor Member

    Closest thing you'll get to a secure single-player leaderboard is some sort of 'upload a replay' system. Not worth the dev time in my opinion.

    I don't even know where the leaderboard is. Doesn't seem to be on the main menu...
     
  15. Internets

    Internets Member

    Isn't the leaderboard single player only as well because all i've seen on that list is me failing hardcore at many adventurers. lol
     
  16. Daynab

    Daynab Community Moderator Staff Member

    You can find multiplayer leaderboards on Steam.. from the achievments page then leaderboards, I think.
     
  17. Haldurson

    Haldurson Member

    I haven't been a programmer in a long time (worked on the PC back in the 1980s, then worked with DEC VAX computers) so forgive me if my jargon is dated. I really don't care if someone cheats, per se, but I'd like to see the leader boards not include those scores. So I'm really only talking about doing a check when scores are uploaded to the leader boards (which DOES require Internet access).
     
  18. 123stw

    123stw Member

    @Haldurson
    As I mention earlier, what prevents cheating prior to the checking? You can pretty much run with a modified xml until the finishing blow of Dredmor, before you save/quit/paste backup xml/load/finish him off. Most online game checks the file while loading so no cheating takes place throughout the game, but in that case you need to be online all the time to play at all.

    Checks really only works if they are done on each time they are loaded, so cheating cannot happen in between. Even then, any file that is missed will be subjected to modding (ex: BNet Attack Speed mod on Diablo 2)

    Likewise, if I give myself "God Mode" using memory hack, there are no way of really checking for that. I am almost positive the guys with those impossible 999999999999 scores are using memory hack. Most online games avoided having to deal with this by processing most of the information on their end. But again not exactly possible with DoD.

    I forgot 1 category before, the "give yourself more info than you should" category, usually involve stuff like map hacks. All the little client side stuff that don't really leave records or mess with anything. They are usually impossible to detect without an aggressive spyware that scans your desktop and activities (ex: Warden).
     
  19. Kerchunk

    Kerchunk Member

    Identifying, analysing and closing exploits has been a regular part of my job as a designer for the last decade or so; I have a decent handle on the basics.

    You identify the 3 most popular forms of cheating among technically savvy cheaters. This is a very small population compared to the overall player population. HEX editing, memory hacking, even editing raw/unprotected data files are uncommon practices outside a certain small circle of gamers. These all require a certain amount of intent, technical knowledge, and a very specific goal of cheating the system...

    This is in contrast to "exploits" within the game that leave gaping loopholes which, if not patched, will be taken by many, many more players than would have otherwise gone the route of the more technical cheat methods. "Save/reload" is a much more palatable (and justifiable) means of cheating the system than installing some 3rd party memory viewer and editing addresses manually to achieve your goals.

    So, while 99% might be a slight exaggeration, it's not far off. MOST "casual cheaters" will look for the path of least resistance and give up if they don't find it. If a given population of 100 players has 10 cheaters, only 1-2 of those are going to be of the sort to go digging around the game files to accomplish their goals.

    Really? Assuming the damage has gone through (attack was not dodged, countered, resisted or otherwise negated) I think this would pretty much take care of it (ignoring my terrible syntax as it's been a few years):

    int healthCheatCheck = player.getHealth(); // Store health
    player.health -= damageAmount; // Apply damage
    if (player.getHealth() >= healthCheatCheck) { // If damage isn't applied, they're cheating
    player.killPlayerPermanently(); // DESTROY them FOREVER!
    game.destroySaveFile();
    game.exitToMainMenu();
    }

    Consider carefully for a moment you should realize this has no effect on the randomness. The same RNG function is called, the same set of possible results exist - the only difference is when the function itself is called; is it at the time the dungeon is created or at the time you click on the chest. Both are equally random, one is just more secured against exploitation.

    Consider an analogy in poker. We shuffle the cards BEFORE the hand begins. The randomization takes place before play begins. Once that shuffle is complete, the cards that each player will hold (and any community cards) are technically "predetermined." You don't ask the dealer to reshuffle every time he deals a new card, right? Of course not, because the cards were already sufficiently randomized by the initial shuffle. Same logic applies here - we're "shuffling the deck" at the start of the game as opposed to each time a new card is drawn.
     
  20. 123stw

    123stw Member

    While this might be true for many casual games with casual players, in the context of DoD I suspect we have a much more technically competent group here. Judging from this forum alone, we definitely have more than 1 or 2 of us here know how to change a number in tweakDB.xml. Also, it really doesn't take more than a few cheaters to screw up the leaderboard

    Find what reads from the HP
    Cheat on a new character so it gets destroyed
    Find the set destroy
    Replace with blank

    Alternatively

    If the "store health" is saved in memory, freeze both the player health and the store health. Since they both have the same variable they should both show up on the same search.


    Except here we get to look at the card first, put it back in the same order, and play again. Any roll with a bad outcome (monster), I can reset and not open it.
     
Thread Status:
Not open for further replies.