Friday, September 27, 2019

security - How to verify if the client files are the same as the server files?



In a client-server game architecture, what are the possible ways to verify that the client has not modified things like gfx assets or client side scripts?


Obviously no solution is perfect, but I would love to hear some ideas.


I am thinking something like an hash on all the files in the resources directory. Does that sound feasible?



Answer



If this is for hack prevention, it's a losing battle.


Things like hashes and sending random bits of data back to the server for validation come to mind, but nothing stops the hacker from using a separate, non-compromised copy of the original data as source for answering such checks.


Same goes for sending checksums of in-memory resources.


One way might be to send screenshots or checksums thereof, but then you hit the problem of different video cards/drivers rendering subtly different frames...


All that said, I'd consider outsourcing the problem to someone who has been doing it for a while, like http://www.evenbalance.com/ (punkbuster).


No comments:

Post a Comment

Simple past, Present perfect Past perfect

Can you tell me which form of the following sentences is the correct one please? Imagine two friends discussing the gym... I was in a good s...