Hi guys
I recently watched a C++ tutorial on game hacking out of interest. The guy in the video mentioned that games such as COD tend to be easy to hack into the memory as it doesn’t use dynamic memory and relies on Valve’s VAC to find hacks. This has raised the question of how Blenders GE handles memory and could this become an issue for small developers using the GE for online games. Could any of you which has delved into Blenders code please share information on this issue.
In the BGE you do not code in C,C++ or native code. You code your game flow in Python. You do not have access to low level operations such as memory allocation. You should be happy that you do not need that error prone methods.
But you need to be aware there are options to execute bad code. E.g. avoid functions like eval() as it interprets any data as python code.
I think the memory hacking referred to by DerpGoose is the injection of custom values into the memory space of a process and I suppose that the allocation argument made in the video points to the predictability of the space structure that allows an external “hacking” program to alter the constraints of the game, by changing values into known addresses.
If that’s the case then what you do in BGE is irrelevant, the matter is if the way BGE behaves in handling its memory can prevent such injections.
I have no idea if blender way of allocating stuff can make the life of hackers hard or easy.
Yes, but even when you allocate from a static block, the addresses for certain objects (within that block) depend on the state of the game, which is usually non-deterministic.
So, depending on what you want to modify, you’ll probably have to do some scanning beforehand, even with static allocation - But yeah, it’s easier, because you’re searching within a known range.
The memory allocation scheme doesn’t really matter. In theory, it’s easier to find relevant memory in a static allocation scheme, but most scan tools do a lot of runtime scanning either way, so it’s really just a question of efficiency, rather than difficulty.
The core fact is: You can’t trust the client, because client memory is out of your control.
You can still make your game pretty hard to exploit, by running the simulation server-side, and treating the client as a dumb input/rendering terminal. Combine that basic approach with some well defined, enforceable limits on what kind of input is possible for a human player, and you’ll probably have a decent experience.
yeah, goran is correct,
if there is a discrepancy between the host and the client, use the host data.
planetside 2 relies heavily on physics calculated client side to increase game speed, consequently it gets hacked, but the moderators in planetside can replay a timeframe of the server if a hack is reported, and drop the ban hammer,
people dont hack often because they dont want their IP banned.
Thank you for sharing your knowledge guys/gals. Pgi was right about the injections and Gorans answer makes complete sense. I’m not good at coding, so I’m using logic bricks with my project most of the time.
Running everything from the host side seems to be the better solution, the only problem is delays/lag between the host and client. Planetside 2 doesn’t have a server close to my country, playing it has given me some weird behaviours from the physics. Awesome game, but I had to drop it as it was unplayable most of the time.
I’m not sure if there is a plugin or current project which helps integrate Valve’s VAC for BGE based games, but it would be nice to see integration for Steams SDK into Blender to make it easier to bring BGE games onto steam.