Vanilla List Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [VANILLA-LIST:2760] Quake1 client cheating
> On Mon, Dec 27, 1999 at 04:18:13AM +0100, Mats Olsson wrote:
> > > Pretty neat article at
> > >
> > > http://www.bluesnews.com/cgi-bin/finger.pl?id=1&time=19991226003141
> > >
> > > About cheats in the open source version of Quake1. Funny, didn't the vanilla
> > > community fix client-hacking a long time ago?
> >
> > Not really. The bar was raised high enough to make it non-trivial. This,
> > together with a smaller playerbase which is more interrested in playing the
> > game rather than winning at all costs, means that the RSA authentification
> > works for us.
>
> From reading the articles, it's much worse than that.
Ah... *30min slashdot reading later* - oh...
> It appears that the client actually determines whether a weapon hits or
> misses.
... inventory, position, damage from hits... the works. Well, trusted
clients can never work in an open-source game, that's pretty obvious.
> On top of that, a lot of information is sent to the client. For instance
> if a person is right around the corner, the client knows it, but just
> doesn't display it.
The info-borgish problems with quake has been known for a while, as
well as the man-in-the-middle attacks (bots). Quake has it a lot worse than
netrek, as you can modify the drawing data (like having a user-modifiable
color for cloaking - change it from transparent, and voila! visible
cloakers). Together with keeping accurate cloaking info on the client...
> Quake doesn't follow a pure client/server paradigm like netrek does, and
> thus I think it's going to be impossible to solve this problem.
True. It will require a large rewrite effort to enforce authorative
server/untrusted client. Probably easier just to rip the rendering engine
and write a new game on top of it.
/Mats