tags:

views:

137

answers:

5
+2  Q: 

Cross-platform game development: ease of development vs security

Hi, I'm a member and contributor of the Argentum Online (AO) community, the first MMORPG from Argentina, which is Free Software; which, although it's not 3D, it's really addictive and has some dozens of thousands of users.

Really unluckily AO was developed in Visual Basic (yes, you can laugh) but the former community, so imagine, the code not only sucks, it has zero portability.

I'm planning, with some friends to rewrite the client, and as a GNU/Linux frantic, want to do it cross-platform. Some other people is doing the same with the server in Java.

So my biggest problem is that we would like to use a rapid development language (like Java, Ruby or Python) but the client would be pretty insecure. Ruby/Python version would have all it's code available, and the Java one would be easily decompilable (yes, we have some crackers in the community)

We have consider the option to implement the security module in C/C++ as a dynamic library, but it can be replaced with a custom one, so it's not really secure.

We are also considering the option of doing the core application in C++ and the GUI in Ruby/Python. But haven't analysed all it's implications yet.

But we really don't want to code the entire game in C/C++ as it doesn't need that much performance (the game is played at 18fps on average) and we want to develop it as fast as possible.

So what would you choose in my case?

Thank you!

+8  A: 

There's an old adage: 'security by obscurity is no security'.

Don't worry about the code being available, that will make no difference at all. Instead, design the network protocol so it is hard to crack, which means really strong authentication for transactions that matter.

Actually, what I'd do, is try to port the game to Mono, starting from the VB source you have now, and gradually write new code in either C# or IronPython.

Andrew McGregor  2010-05-10 05:01:22
I know and almost always agree, but how would I manage it, if you can just change the client to do whatever you want?BTW: It's not in VB.Net, is in VB6 (and the code SUCKS)! So .Net it's not an option.
alcuadrado  2010-05-10 05:06:37
It wouldn't be too hard to port it from VB6 to VB.NET. Visual Studio.NET (at least the earlier ones) automatically converts VB6 code to VB.NET. It's not perfect,so you will have to manually convert some parts of the code, which the converter could not, but the effort would be far less than rewriting it in a new language.
Evans  2010-05-10 07:55:31
+1 Secure the features that matter not the whole code. Analyse what you need to be secure and focus on that - leave everything else alone. It goes without saying that any encryption keys should NOT be baked into your code though :)
zebrabox  2010-05-10 12:51:12
+5  A: 

The client being "secure" or not should, ideally, not be an issue. If it is an issue, there's a problem with the game's architecture.

The client being able to do "whatever it wants" is irrelevant. In a well-architected multiplayer game, the client only has the data that it absolutely needs, and all actions are authorized by the server.

Let's say someone hacks a client to say that their opponent is dead. Fine. They can hack it on their client all day long, and maybe even trick the renderer into rendering the opponent falling over. However, they should not have any authority to say whether or not the opponent is dead - that's up to the server. So the server gets a message saying "Opponent X is dead." The server should be smart enough to go "ummmm, no" and the opponent happily keeps being alive and doing whatever he wants.

This is an ideal, of course, and often some compromises need to be made for fluidity of gameplay and/or server load. However, for the important things, everything should be verified by the server. Especially in an MMO.

Treat your game as if your client was open source.

kyoryu  2010-05-10 05:43:04
Of course the game works like that, but you can always get unfair advantage cheating (like use macros, bots, and etc)
alcuadrado  2010-05-10 05:51:26
So, design the game such that there's no real advantage to use of bots... and provide the macro system, so regular users get that advantage too.
Andrew McGregor  2010-05-10 06:25:35
Bots are one thing (in an action game), but macros are often a sign that you've got repetitive tasks in your game that don't require thought... as Andrew McGregor says, add the macros to the game so everyone can have the advantage - or, better yet, design the game so that macros are less useful.
kyoryu  2010-05-10 09:14:53
The game is allready designed and it has thousands of users "like is", we can't change it's basis.And you can have some kind of macros not to perfome repetitive taks, to get advantage on PVP, and that's crusial in this game.
alcuadrado  2010-05-10 15:34:16
+1  A: 

I can't comment the last answer..

The thing is that this game in particular, has some thinks that changing them will make the game totally different..

For example, the client knows at each moment where are the other users. (its a tile engine based game) so, when a character is invisible, it is posible to see it accessing to the code (or editing memory or handling the packets).. Okey, let's say the client doesn't know anything about the invisible characters.. When a character casts an spell, he has an "Overhead" message, like "VAX IN TAR" or things like that.. So, you can see the position of the character that casted that spell.. People often send an empty chat (it is fair in the game) so, whoever is able to read the chats and look for an empty chat (full of spaces), he knows where an invisible char is..

And all things like that. It is possible to do all those things to put the ALL the stuff in the server, but it would be a whole different game.

This game is a very dinamic game, every player make a lot of things, and having all this things in the server will make it totally unplayable.

Sorry for my bad english. (Im a friend of alcuadrado, who can't comment in the other post, sorry if this is not an answer)

Marco  2010-05-10 07:42:52
I'm sorry, but these are very serious design flaws. Either they are solved, or it would be pointless to do anything.
Lo'oris  2010-05-10 15:47:02
Indeed @Lo'oris; having the code available and inspectable at runtime doesn't really change the opportunity for cheating much. I mean, people can do all sorts of crazy runtime inspection of memory even if the code is written in C, and code written in C is typically *more* susceptible to these sorts of attacks because it's often written expecting it'll be "secure."
dash-tom-bang  2010-05-10 17:36:16
The game was made like 11 years ago, in visual basic.. It obviously has design flaws.. But, the essence of the game is something like this.. The client must know about the visible characters (you can see them).If you can see them, you can make an "auto aim" so you don't miss any spell.. Or for example, when your life is decreasing, you can make a macro to drink potions, so you never die :PThere are things that, if we change them, the game would be completely different and will lost its essence..
Marco  2010-05-10 18:09:09
Then forget about the game and just create a 2.0 version of it.
Lo'oris  2010-05-10 18:18:08
Those flaws are present regardless of the language though. That was my point.
dash-tom-bang  2010-05-11 00:23:04
+2  A: 

I would suggest an upgrade path from VB6 -> VB.NET. Visual Studio would take care of most of the conversion process for you. After you get it properly ported, you could convert it to C# if you want. Then you'll have to create workarounds for non-portable(Windows only) features and those not supported by Mono.

Evans  2010-05-10 08:01:02
It would be solve a problem and get another... and open technologies are prefered :)
alcuadrado  2010-05-10 15:37:07
@alcuadrado: it's better to incrementally solve your problems and make progress than it is to try to solve them all at once and never finish.
dash-tom-bang  2010-05-10 17:36:59
Besides... there's an open source VB.NET compiler (in mono), so that actually is a (somewhat) open technology.
Andrew McGregor  2010-05-10 23:14:26
+2  A: 

I don't get it. You want to rewrite a free software program and make it closed source? I guess you can do it if you rewrite everything, but since now it is open, the protocol is open too.

So, even if security through obscurity was fine (and it is not), you would not have it anyway since there is no obscurity.

  • in no occasion the client should be authoritative about anything more than what he wants to do (and even in that case, it's the server who decides if he can do it, and what is the outcome)
  • in no occasion the client should know things he is not supposed to show

fail those, and everything else won't matter any more.

If the overall design is flawed, either fix it or stop worrying: it is pointless to brush your teeth if a tiger is eating you.

Lo'oris  2010-05-10 15:57:03
The project is open source, but the official server keeps a closed soruce project to add extra security, and that would never be open source (unless things changes a lot).The client hasn't got any responsibility else than the interaction with the user and the server. But for performance issues, it caches extra inforamtion that should not be inmediately visible for the user, and that must keep hidden...And there are more stuff like that. For example, if you don't avoid macros, you can automate some PVP actions and have lots of advantage, etc..
alcuadrado  2010-05-10 16:55:50
The point is: keeping the server closed **does _not_ provide extra security**. It's clear you don't know how to do security (no offence intended) so just accept what people more knowledgeable tell you ;). About the rest, I've already answered. Sorry for being rude, really, I didn't mean to, I just have no other way of expressing what I mean.
Lo'oris  2010-05-10 18:16:46
I'm not offended at all man (Y) I'm far away from being an expert in this field, that's why I ask :)
alcuadrado  2010-05-10 23:49:04

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security