Secure the game server on NAT from cheating

Hey guys

I am interested to know your opinion about this topic.

First a brief story about game structure:
It is going to be a multiplayer RPG. Players can host games or request to join other games. A game consists of multiple levels and around 5 players (it can be more or less). Each game going to have its own physics space, …

There can be MANY games running simultaneously.

As I am not sure how the user base will grow up and how many game instances can be handled in a VPS/Cloud simultaneously (considering it should run the physics,…) and how many VPS/Cloud I will end up to need and how much they will end up to cost.

So I thought If possible I let players be able to host games locally on nat to take out the pressure and cost of running game servers on own VPS/Cloud.

So after a user purchases game, he can hosts a game server and register it on master server so other players around the world can see it and request to join it.

Doing so will open the gates for cheatings. A hacked game server can decompile code, modify entity data and increase/decrease stats and I won’t be able to do anything about it and that’s fine I can yet let other users report a suspicious server and I can flag that server so it will up to a player to take the risk and join to that server or not.

But there is one more thing, I want to be able to prevent an unpaid server from being able to host other players.

Ok, the simplest way is to do it on the master server and do not let an unpaid server to register it’s addresses so other players won’t be able to see it, but a hacked client can bypass this and instead of asking the list from the master server, get it from an unknown source.

So I thought one way might be to take out one of the systems that the game server needs and run it as a JME RMI service from a VPS. So there I can check if the game server is not registered I can simply reject it.

One such system that can be run as service and does not need an update loop is PlotSystem that controls how the game story reveals. It receives events from the game server like quest event (i.e quest completed), dialog events (i.e dialog option selected), … and responses by sending commands to the game server. (i.e activate another quest, add component X to an entity of type Y, …)

Do you think this is a good idea? Do you have other ideas?

Regards

I guess another idea might be to compile the code to native binary code (using GraalVM) which I guess will make decompiling impossible or very hard. Yes?
But I think I won’t be able to use scripting languages anymore?

You’re never going to be able to stop hackers or crackers if your server software is available to download. Every popular game is a victim of it.

The best thing you can do is not exploit the situation to the point where it’s not monetarily fair for people. Provide bonuses for legitimate users that hackers won’t get, etc. For example if they register it as official they get their profile data, friends list, etc that’s only available with a valid server key. Ban lists are good, too, so they have a peace of mind that reporting hackers helps legit servers, whereas cracked servers are like the Wild West.

Just remember that if someone has taken the time to crack your game - in a way it’s a compliment. You have a very popular piece of software on your hands and are probably making a lot of money. It increases user base and popularity and will result in more sales because more people talk about it. And it’s always a nice feeling when you actually buy the legit game and get those sweet perks that make the experience that bit better.

I guess the general gist of it is to focus on making a legit experience better than a hacked experience rather than an impossible task of stopping cracked servers.

I mean if we want to talk about actual ways - I wasn’t the architect in this particular situation but I do remember the bones of the idea.

You have an interface on the client with no implementation and only stream the implementation To the client when a valid login occurs. I’d have to look at the code again to actually know how it all worked.

I have to also say that in my opinion it Didn’t work out for us. I mean it worked but it became far less popular. I genuinely believe from experience that perks for legit-ness is the way to go.

Thanks so much for your awesome explanation @jayfella. I will remember your advice.

Yeah, indeed a nice idea. Thanks for your proposal. I need to think about a list of such bonuses. Will appreciate if anyone wants to add to it.

This one is also cool, did not know this is possible to stream the implementation to the client and runt it there, I was thinking this is just possible with RMI that you actually run it on the backend.
I think I can take use of this on my plot system as well. Thank you.

Two things:

1. if code runs on someone’s machine, they can do anything to it. It’s impossible to prevent anything.

2. people who steal you’re game aren’t lost customers. That’s not missed revenue. If they had been forced to pay for it then they just wouldn’t have bought it.

If you’re trying to prevent stolen servers from listing themselves in your master list then that’s easy. Require a paid account to register a server in the list.

For everything else, you’ve already wasted more money on this (in time spent) than you will get back.

Edit: what you want to do is make it really easy for the folks who would pay to pay and really inconvenient not to pay. And these are the customers you actually want long term anyway.

Yeah, got that. I am thanks full to you guys for your tips.

As Jay suggested going to provide bonus services for paid accounts,… to encourage them to pay. Of course, this will be more interesting and easier to do than trying to prevent from hacking

I have some JSON assets like entity prefabs, scene prefabs,… that are used by game servers. Does it make sense I provide those JSON files via Http REST service to game servers?

And one more question, do you think chat service should be a game server side service that is done via JME networking or should be a master server side REST service?

Depends on the kind of chat, I guess… but chat messages closely resemble game state since they get broadcast to all/some players. That’s something your game server is already doing but is tricky to do in REST calls.

As to the JSON stuff, I don’t know because I don’t know the intent. Why wouldn’t you just include those in the game itself?

Yeah. It’s a http resource, though you might have an endpoint that has a list of URLs that point to the resources. That way you would have a static endpoint to check that could contain versioning, too, with dynamic urls. These http resource urls should be outside your api subdomain though because they are not part of the api.

As for a chat service, I would probably use a websocket.

1- I thought it might be nice to protect those resources behind REST calls to be accessed only by legitimate game servers. Do you think this is redundant?
2- I can dynamicaly add/update them without any extra action needed from game server side.

For my company’s engine, we host our game assets via http. We have two methods for doing so. The first is to use an embedded webserver in the game server using NanoHttpd. The second when dealing with multiple game servers using a javaee management application to manage the servers and host the resources. This is all built into our inhouse MMO RPG engine. Built on top of JME of course:)

By hosting assets via rest API, we can restrict DLC/paid content downloads.

You can authenticate using headers. Pass the user api key to determine their permissions and ability to use the given url.

A cookie will do this automatically.

(1) a legitimate game server then can distribute it to everyone. And the down side is that if your server is down for some reason then no one can play.

(2) is an ok reason but you may want to let the game play with the last downloaded one if your servers are failing.

…or be prepared for the tech support burden every time your server goes down for five minutes. (I only had one Mythruna game server and users could host their own and I still get the occasional message on my forum about how the Mythruna server is down.)

I see, Right.

But regarding downtimes, anyway, they won’t be able to play if the master server is down, they can not log in,…

Prepare your butt hole.

These days cloud servers rarely gets down I guess

Only has to be down for them to matter… some link from country X is down or whatever.

Just be careful and weigh the costs versus the benefits. For every user that complains when they can’t play, there are probably 5 others who just played something else instead… and may never come back. If your ecosystem or business model relies on continuing players then that loss is a hidden cost.

Will see. If this become a thing as you said then I guess I may need multiple master servers in sync so if one goes down the other can take the job.

It will save you a lot of headache and problem solving if you separate each service. Don’t put all API services in the same container. Have an user auth service, server auth service, whatever, so if any area goes down you can display which part is experiencing the issue to the player and most importantly only have to deal with a specific section instead of a huge codebase that has affected everything.

This way if scoreboard or stats go down it’s no biggie and the rest of the services are fine to let the users continue.