Just read someone elses thread saying someone was cheating/hacking in thier game. Just got me curious.
I know on a couple occasions ive played against opponents who were not attacked by my forts and towers even though they had no monsters to take the heat from them. Like a level 5 walking into the middle of my base surrounded by towers and nothing happening.
So whats the consensus can and do people cheat or hack in demigod online?
Spooky you are making rediculous assumptions.
Hate to break it to you but Creep666 just proved your assumptions are wrong with his screen shots, in the build he was playing anyway.
My post was meant to show where it is possible that if the developers haven't specifically coded in protection, that works, there could be a vulnerability, according to your post the developers are infalable and "of course such data is checked"!
Peer to peer doesn't make the game any harder to hack than host/client or dedicated server UNLESS the only data sent between players is their keyboard and mouse presses and even then someone could write a hack that hits your interrupt button as soon as the opponent casts a heal.
A worked example for sake of argument:
Dedicated server
A client moves his character, the client sends where his new position is to the server. Or the client sends to the server he is moving forward, which is a shit way to code it because the client would have to send way more data. The server needs to check (specifically put in by developers as anti cheating) is it possible that his new position is there now given movement speed etc? The check has to account for lag, stuff like that maybe an exposive propelled him etc? Basically it's a lot harder to check than you think and is why Counter Strike has been plague with movement hacks since it's release.
Peer to Peer
Client A moves his character, it sends his new position to Client B. Client B has to specifically check the exact same things the dedicated server had to check, there's no difference.
The only other way Peer to Peer works is that Client A didn't send his new position, he in fact sent data to Client B saying he had his Demigod selected and he right clicked point x on the map. Client As machine then works out all the pathing for that Demigod, his speed and where he will end up himself. That's possible that this is how it is working, and if so it is a lot less vulnerable to hacking but then you have to assume this is what is happening in all cases, such as navigating the shop windows, you are assuming the player doesn't just send "I bought Vlemish Helm" to the other player. Again you are assuming the developers are infalable.
Also worth noting this second method is a lot harder to code because desynchronisation is hard to debug so it's not unlikely a few shortcuts would be taken here or there to get things working!
/tldr
Being told Peer to Peer stops hacking is pulling the wool over your eyes, believe me. It makes it possible for the developers to reduce the likelyhood but vulnerabilities are actually more likely to be all over the place than software bugs mainly because the usual way to find a vulnerability is to find a user who is exploiting it such as a hacker.
On a related note: the replays of Demigod and Supreme Commander are just records of a series of commands by each player. It's the same data as every player receives during the game itself. There is no technical difference for the game between a replay and the actual game. The game is just executing the commands that the game receives from each player and returns the result of the calculation after each tick.
The premise of most security flaws isn't just forcing what you want in, it's fooling whatever system it is to accept it as correct. P2P does make that harder, not only do they have to accept it as legitimate data but they also have to get the same result as you when processing it.
That's not infalible though, say for example you can make your client sell a vlemish helm even when you don't have one. You send the "I'm selling something" call out to everyone else, everyone removes the vlemish helm from your demigod and gives you gold without checking that there was a helm in the first place. Your response matches theres and no desynch occurs, yet you just got more gold than you should have. It may well check for consistancy in selling items and not be possible like that, but it just takes one loophole like that for a working cheat to emerge.
There may be other more esoteric quirks too, say there's a rounding up in calculating your starting position when moving, could you send thousands of miniature move commands to make the rounding error add up in your favour? Probably not but if you could it wouldn't cause a desynch.
I'm not saying DG is likely to be full of silly holes like that, I'm just saying a P2P system isn't inherantly secure just because it's P2P.
Yes, you're right, that might be an example of such a hole.
You somehow got the same point I was making accross, thanks.
That's not a hole at all. You've legitimately sent commands, and had their results processed. There's no glitch in that. It would also totally destroy the connection of the other players.
This guy must be using an exploit in-game to generate the gold, because there's no way to insert code into the games of others. I've been reading the thread and the entire argument of Haree78 and DroopyTheDog is that maybe not everything is checked. Well, I've got news for you, which is that everything IS checked. When you're talking about resources, e.g. art, sound, etc, that's not synced for obvious reasons. When you talk about, how much gold does player X have? That's synced. Everything like that is synced. The location of your Demigod, to whatever accuracy the engine uses, is synced. Even if you somehow magically inserted gold into your reserves and didn't cause a desync, the other players would not know and have no way to put that data on the end of game stats page, even ignoring the fact that when you spent it, you'd alter the game state.
some little facts to throw into the discussion
fact#1:
since the cheater always created new player profiles, the match always started with "xxx the Millionaire"-achievement.
fact#2:
the cheater himself said he was using a trainer.
You've never needed to alter other people's game files to cheat in anything, or the host's in a client/server setup, it's about sending false data that looks legitimate.
The point is just because it's P2P it's still feasably possible to send data in the right way to fool the other end in to thinking that's ok, it still depends on the program having the right types of checks to recognise legitmate commands sent illegitmately. (I.E. The selling items you don't have example, sold an item is a legitmate data to send but you shouldn't be able to send it without actually selling).
Again, I'm not saying DG has these problems, but saying it's impregnable just because it's P2P seems close minded. You still have to think about security properly.
I've just seen the method. Not going to link it here. Shall we say, .. .. just sigh. Who the hell decided that was a good idea?
Cheating enabled plus blingbling?
Fact is, if anyone can be proven to have cheated in Demigod (e.g. by replays), he would get his game account banned. That's why I'm rather cool about this matter.
There are many great features available to you once you register, including:
Sign in or Create Account
