For my next game, I plan on storing high-scores online, on my webserver. It works like this: when I want to add a score to the online database, I just have to make an HTTP request with some parameters ("score", "username"...).
Everything works. However, anyone could just look at the source and send custom HTTP requests to the server; that means everyone could cheat and send fake scores... How could I avoid that ?
You can't, and it has nothing to do with open-source.
Basically you have untrusted clients and encryption does not provide trust, just communication safety.
Even Blizzard cannot do this, and they have waaay more resources than you.
Unless of course you want to force your users to install "monitoring/protection" software alongside your game.
May I suggest alternative idea:
Instead of high scores, make an achievements API.
That way people have no incentive to cheat, and even if they do, they just lie to themselves.
As cohadar said, it's not a question of making it 'impossible' to cheat - just make it not worth it.
For anonymous hiscores, you can store the IP for each entry and ignore repeated request from that IP for 4-5 minutes.
Last edited by ivan on Wed May 13, 2015 7:45 am, edited 1 time in total.
If it still matters to you one thing you could try is moving some of that code to c/c++ and only distribute the binary form that way it is harder to discover how the scores are sent. But even still you cannot absolutely guarantee that the high scores sent are real.
My Tox ID: 0F1FB9170B94694A90FBCF6C4DDBDB9F58A9E4CDD0B4267E50BF9CDD62A0F947E376C5482610
For some games, I guess instead of sending the scores you could just send all user input, and then the server simulates the game and calculates the score. That way, a cheater must still "play" (although they may do so by scripting). May not be feasible for complex games, and is almost certainly not worth it, but it could be fun to implement.
The simplest way I know for ensuring that highscores are real is that the server knows some game logic.
For example, if you know that level 1's max theoretical score is 1000, then if anyone sends you 10000, that's a fake and you can discard it.
If it takes at least 30 seconds to complete a level and you get two request with the same user id and ip address in less than 30 seconds, you can discard both requests.
You can make the game send you one score per level instead of just one score at the end. If someone sends you a score for level 9 but not for level 8, 7, 6 ... etc, with appropriate rules for each one, you can discard that request too.
You can also put ip addresses into "ice boxes". The first time you detect they sent you bad stuff, you ignore all their request for 1 minute. If they send you bad stuff during that minute, you ignore them for the next 10 minutes. Then 1 hour. Then 2 hours. Then 10 hours. Etc. Until they stop. Some people will play from subnetworks so their public addresses might collide, so you might want to combine the ip address with something else, like the user id or a random id that you create in the game.
All this is not bullet-proof, but it should deter the "obvious" attempts. And it's more straightforward than encryption, which is very tricky. Still, it will take a non-trivial amount of time to implement all of this in the server. I would wait until I had at least a nice beta version of the game working, before starting any of this.
In my experience, releasing the game on the love2d.org forums and simply stating what a regular score at the end should be, gets you pretty legit scores posted by everyone who played it. Sometimes with screenshots.
Inny, your note about screenshots gave me an idea: The client could take a screenshot and send it to the server, which could then use image analysis tools to determine if it seems legit or not. While this can obviously be fooled as well, it could make some things very difficult to do. It could be pretty hard to know what the latter levels are going to look like without playing your way there.
T-Bone wrote:Inny, your note about screenshots gave me an idea: The client could take a screenshot and send it to the server, which could then use image analysis tools to determine if it seems legit or not.
The image analysis tool would likely be harder to write than something breaking that same tool.
