Blue's News artwork by Walter |2| Costinak <2@2design.org>

.plan File Tracker

John Carmack
id Software | Dec 26 1999, 00:31:41 (PT) | johnc@idsoftware.com


Name: John Carmack
Email: johnc@idsoftware.com
Description: Programmer
Project: Quake 3 Arena
-------------------------------------------------------------------------------
12/25/99
--------

There are a number of people upset about the Quake 1 source
code release, because it is allowing cheating in existing games.

There will be a sorting out period as people figure out what directions
the Quake1 world is going to go in with the new capabilities, but it
will still be possible to have cheat free games after a few things get
worked out.

Here's what needs to be done:

You have to assume the server is trusted. Because of the wau quake
mods work, It has always been possible to have server side cheats
along the lines of "if name == mine, scale damage by 75%". You have
to trust the server operator.

So, the problem then becomes a matter of making sure the clients are
all playing with an acceptable version before allowing them to connect
to the server. You obviously can't just ask the client, because if it
is hacked it can just tell you what you want to hear. Because of the
nature of the GPL, you can't just have a hidden part of the code to do
verification.

What needs to be done is to create two closed source programs that act
as executable loaders / verifiers and communication proxies for the
client and server. These would need to be produced for each platform
the game runs on. Some modifications will need to be done to the
open source code to allow it to (optionally) communicate with these
proxies.

These programs would perform a robust binary digest of the programs they
are loading and communicate with their peer in a complex encrypted
protocol before allowing the game connection to start. It may be
possible to bypass the proxy for normal packets to avoid adding any
scheduling or latency issues, but it will need to be involved to some
degree to prevent a cheater from hijacking the connection once it is
created.

The server operator would determine which versions of the game are to
be allowed to connect to their server if they wish to enforce proxy
protection. The part of the community that wants to be competetive
will have to agree to some reasonable schedule of adoption of new
versions.

Nothing in online games is cheat-proof (there is allways the device
driver level of things to hack on), but that would actually be more
secure than the game as it originally shipped, because hex edited patches
wouldn't work any more. Someone could still in theory hack the closed
source programs, but that is the same situation everyone was in with
the original game.

People can start working on this immediately. There is some prior art
in various unix games that would probably be helpfull. It would also
be a good idea to find some crypto hackers to review proposed proxy
communication strategies.


12/21/99
--------

The Q3 game source code is getting pushed back a bit because we had to do
some rearranging in the current codebase to facilitate the release, and
we don't want to release in-progress code before the official binary point
release.

We still have a Christmas present for the coders, though:

http://www.idsoftware.com/q1source/

Happy holidays!

 

id Software...
Graeme Devine 02/09
Tim Willits 02/03
Todd Hollenshead 02/02
Robert Duffy 01/31
Christian Antkow 01/12
John Carmack 12/30
Paul Jaquays 12/29
Dave Kirsch 12/05
Kenneth Scott 11/23
Brian Hook 06/01
John Cash 05/18
Brandon James 05/08
Kevin Cloud 04/30
Katherine Anna Kang 03/04
Paul Steed 12/29

Also Today...
Alex Redman 01:17

Yesterday...
Geoffrey Field 21:35
Tomasz Jachimczak 02:24

Full list


Visit Webdog today!


Blue's News Home
Square Eight - Taking over the world and you don't even know it yet!

(c) Copyright Square Eight 1999. All Rights Reserved.
The BlueTracker is provided by Ron Crisco & Richard Smith from Webdog.
The Webdog logo was created by Illiad, creator of User Friendly the comic strip.