views:

137

answers:

5

Hi, I'm a member and contributor of the Argentum Online (AO) community, the first MMORPG from Argentina, which is Free Software; which, although it's not 3D, it's really addictive and has some dozens of thousands of users.

Really unluckily AO was developed in Visual Basic (yes, you can laugh) but the former community, so imagine, the code not only sucks, it has zero portability.

I'm planning, with some friends to rewrite the client, and as a GNU/Linux frantic, want to do it cross-platform. Some other people is doing the same with the server in Java.

So my biggest problem is that we would like to use a rapid development language (like Java, Ruby or Python) but the client would be pretty insecure. Ruby/Python version would have all it's code available, and the Java one would be easily decompilable (yes, we have some crackers in the community)

We have consider the option to implement the security module in C/C++ as a dynamic library, but it can be replaced with a custom one, so it's not really secure.

We are also considering the option of doing the core application in C++ and the GUI in Ruby/Python. But haven't analysed all it's implications yet.

But we really don't want to code the entire game in C/C++ as it doesn't need that much performance (the game is played at 18fps on average) and we want to develop it as fast as possible.

So what would you choose in my case?

Thank you!

+8  A: 

There's an old adage: 'security by obscurity is no security'.

Don't worry about the code being available, that will make no difference at all. Instead, design the network protocol so it is hard to crack, which means really strong authentication for transactions that matter.

Actually, what I'd do, is try to port the game to Mono, starting from the VB source you have now, and gradually write new code in either C# or IronPython.

Andrew McGregor
I know and almost always agree, but how would I manage it, if you can just change the client to do whatever you want?BTW: It's not in VB.Net, is in VB6 (and the code SUCKS)! So .Net it's not an option.
alcuadrado
It wouldn't be too hard to port it from VB6 to VB.NET. Visual Studio.NET (at least the earlier ones) automatically converts VB6 code to VB.NET. It's not perfect,so you will have to manually convert some parts of the code, which the converter could not, but the effort would be far less than rewriting it in a new language.
Evans
+1 Secure the features that matter not the whole code. Analyse what you need to be secure and focus on that - leave everything else alone. It goes without saying that any encryption keys should NOT be baked into your code though :)
zebrabox
+5  A: 

The client being "secure" or not should, ideally, not be an issue. If it is an issue, there's a problem with the game's architecture.

The client being able to do "whatever it wants" is irrelevant. In a well-architected multiplayer game, the client only has the data that it absolutely needs, and all actions are authorized by the server.

Let's say someone hacks a client to say that their opponent is dead. Fine. They can hack it on their client all day long, and maybe even trick the renderer into rendering the opponent falling over. However, they should not have any authority to say whether or not the opponent is dead - that's up to the server. So the server gets a message saying "Opponent X is dead." The server should be smart enough to go "ummmm, no" and the opponent happily keeps being alive and doing whatever he wants.

This is an ideal, of course, and often some compromises need to be made for fluidity of gameplay and/or server load. However, for the important things, everything should be verified by the server. Especially in an MMO.

Treat your game as if your client was open source.

kyoryu
Of course the game works like that, but you can always get unfair advantage cheating (like use macros, bots, and etc)
alcuadrado
So, design the game such that there's no real advantage to use of bots... and provide the macro system, so regular users get that advantage too.
Andrew McGregor
Bots are one thing (in an action game), but macros are often a sign that you've got repetitive tasks in your game that don't require thought... as Andrew McGregor says, add the macros to the game so everyone can have the advantage - or, better yet, design the game so that macros are less useful.
kyoryu
The game is allready designed and it has thousands of users "like is", we can't change it's basis.And you can have some kind of macros not to perfome repetitive taks, to get advantage on PVP, and that's crusial in this game.
alcuadrado
+1  A: 

I can't comment the last answer..

The thing is that this game in particular, has some thinks that changing them will make the game totally different..

For example, the client knows at each moment where are the other users. (its a tile engine based game) so, when a character is invisible, it is posible to see it accessing to the code (or editing memory or handling the packets).. Okey, let's say the client doesn't know anything about the invisible characters.. When a character casts an spell, he has an "Overhead" message, like "VAX IN TAR" or things like that.. So, you can see the position of the character that casted that spell.. People often send an empty chat (it is fair in the game) so, whoever is able to read the chats and look for an empty chat (full of spaces), he knows where an invisible char is..

And all things like that. It is possible to do all those things to put the ALL the stuff in the server, but it would be a whole different game.

This game is a very dinamic game, every player make a lot of things, and having all this things in the server will make it totally unplayable.

Sorry for my bad english. (Im a friend of alcuadrado, who can't comment in the other post, sorry if this is not an answer)

Marco
I'm sorry, but these are very serious design flaws. Either they are solved, or it would be pointless to do anything.
Lo'oris
Indeed @Lo'oris; having the code available and inspectable at runtime doesn't really change the opportunity for cheating much. I mean, people can do all sorts of crazy runtime inspection of memory even if the code is written in C, and code written in C is typically *more* susceptible to these sorts of attacks because it's often written expecting it'll be "secure."
dash-tom-bang
The game was made like 11 years ago, in visual basic.. It obviously has design flaws.. But, the essence of the game is something like this.. The client must know about the visible characters (you can see them).If you can see them, you can make an "auto aim" so you don't miss any spell.. Or for example, when your life is decreasing, you can make a macro to drink potions, so you never die :PThere are things that, if we change them, the game would be completely different and will lost its essence..
Marco
Then forget about the game and just create a 2.0 version of it.
Lo'oris
Those flaws are present regardless of the language though. That was my point.
dash-tom-bang
+2  A: 

I would suggest an upgrade path from VB6 -> VB.NET. Visual Studio would take care of most of the conversion process for you. After you get it properly ported, you could convert it to C# if you want. Then you'll have to create workarounds for non-portable(Windows only) features and those not supported by Mono.

Evans
It would be solve a problem and get another... and open technologies are prefered :)
alcuadrado
@alcuadrado: it's better to incrementally solve your problems and make progress than it is to try to solve them all at once and never finish.
dash-tom-bang
Besides... there's an open source VB.NET compiler (in mono), so that actually is a (somewhat) open technology.
Andrew McGregor
+2  A: 

I don't get it. You want to rewrite a free software program and make it closed source? I guess you can do it if you rewrite everything, but since now it is open, the protocol is open too.

So, even if security through obscurity was fine (and it is not), you would not have it anyway since there is no obscurity.

  • in no occasion the client should be authoritative about anything more than what he wants to do (and even in that case, it's the server who decides if he can do it, and what is the outcome)
  • in no occasion the client should know things he is not supposed to show

fail those, and everything else won't matter any more.

If the overall design is flawed, either fix it or stop worrying: it is pointless to brush your teeth if a tiger is eating you.

Lo'oris
The project is open source, but the official server keeps a closed soruce project to add extra security, and that would never be open source (unless things changes a lot).The client hasn't got any responsibility else than the interaction with the user and the server. But for performance issues, it caches extra inforamtion that should not be inmediately visible for the user, and that must keep hidden...And there are more stuff like that. For example, if you don't avoid macros, you can automate some PVP actions and have lots of advantage, etc..
alcuadrado
The point is: keeping the server closed **does _not_ provide extra security**. It's clear you don't know how to do security (no offence intended) so just accept what people more knowledgeable tell you ;). About the rest, I've already answered. Sorry for being rude, really, I didn't mean to, I just have no other way of expressing what I mean.
Lo'oris
I'm not offended at all man (Y) I'm far away from being an expert in this field, that's why I ask :)
alcuadrado