Re: [VANILLA-LIST:2760] Quake1 client cheating

[Mats Olsson <matso@dtek.chalmers.se>]

> On Mon, Dec 27, 1999 at 04:18:13AM +0100, Mats Olsson wrote:
> > > Pretty neat article at
> > > 
> > > http://www.bluesnews.com/cgi-bin/finger.pl?id=1&time=19991226003141
> > > 
> > > About cheats in the open source version of Quake1. Funny, didn't the vanilla
> > > community fix client-hacking a long time ago?
> > 
> >     Not really. The bar was raised high enough to make it non-trivial. This,
> > together with a smaller playerbase which is more interrested in playing the
> > game rather than winning at all costs, means that the RSA authentification
> > works for us.
> 
>  From reading the articles, it's much worse than that.

    Ah... *30min slashdot reading later* - oh...

> It appears that the client actually determines whether a weapon hits or
> misses.

    ... inventory, position, damage from hits... the works. Well, trusted
clients can never work in an open-source game, that's pretty obvious.

>  On top of that, a lot of information is sent to the client.  For instance
> if a person is right around the corner, the client knows it, but just
> doesn't display it.

    The info-borgish problems with quake has been known for a while, as
well as the man-in-the-middle attacks (bots). Quake has it a lot worse than
netrek, as you can modify the drawing data (like having a user-modifiable
color for cloaking - change it from transparent, and voila! visible 
cloakers). Together with keeping accurate cloaking info on the client...

>  Quake doesn't follow a pure client/server paradigm like netrek does, and
> thus I think it's going to be impossible to solve this problem.

    True. It will require a large rewrite effort to enforce authorative
server/untrusted client. Probably easier just to rip the rendering engine 
and write a new game on top of it.

    /Mats