Online multiplayer in RMVXAce, is it possible?

[??????]

Well, PiNG was just a small test I threw together in a few days after I obtained my server. For such a small project I didnt deem it necessary to go overboard with hiding the data.

Since then I have done a LOT of different things to enhance security - such as hiding that secure data within the dll itself. But the thing is, when ANY server-client code is left within the script editor, its only a matter of time before someone figures a way to abuse it somehow. :/

 

[Tsukihime]

Ok so the messages are now being handled by a dll.


Are there any other security issues that you can think of?

But the thing is, when ANY server-client code is left within the script editor, its only a matter of time before someone figures a way to abuse it somehow. :/

Can you elaborate what you mean?


Why are you leaving server code in the client?

 

[??????]

ahh yea, I could have worded that better..

Lets say you have this method.

def method_to_process_POST(x,y,z,a)  @post_api ||= Win32API.new('dllname','funcname','#{x}','#{x}')  @post_api.call(y,z,a)end
At some point within your ruby code your gonna have to call that to process your post. this is the kind of thing that is left exposed and could be abused.
Obviously, for things like this the way you write the code itself has a huge impact on how secure it is as well.
 

 

[Tsukihime]

Anyone can attach a debugger to your game while they're playing it and they'll see all of the method calls anyways. Want to introduce a custom exe that comes with anti-debugging functionality? Those will likely be subverted anyways.


Someone that has the ability to look at your code and figure out that you're using a particular DLL, a specific method, what you're passing to it, and can then reverse it and write their own calls is going to destroy your security regardless.


If you're worried about people tampering with your requests, have your server send a nonce to your client.


Have your client do something with that (preferably somewhere that is fast and not obvious) and send it back. This means that someone needs to actually go into your DLL and figure out how to build those messages.


I do not see this as a point on why RM is too insecure for netplay. It's just the potential that someone who knows anything about reverse engineering will have a somewhat easier time.


Your average player will not be able to crack it, regardless whether they know that you're making a DLL call or not.


Now the real problem in any game is someone that CAN hack it, to produce a tool that regular people can use, and distribute that. This has been going on since forever, and is not something I would even bother trying to defeat.

 

[Imploded Tomato]

Honestly, I'm not that concerned about security issues. I'd be happy with just one online feature like Player versus Player. Then again if you wanted to, couldn't you have character stats stored on a server? Say your game has a limit to how high a character can reach his stats during single player play through and if someone wanted to hack the stats by abusing the net code, couldn't you just program a global event that would force the stats to stay as a constant once you've hit your assigned maximum stat limit? 

So say you wanted to take on the task yourself, what tools would you need to program a multiplayer feature in your game project such as PVP or COOP? I'm assuming RGSS3 and Ruby could handle the task alone?

 

[??????]

Oh for sure, there will always be people who can break into things, nothing is ever gonna change that. Best one can do is make things at least a llittle time consuming for them in the hope it will act as a deterrent - ie, not worth the time..

@Encrypted Knight - yes, having limitations like that on your server would help for certain things such as using cheat engine to make your hp 50million.

Personally, I use Ruby, C++, PHP (for processing server requests - server side) and also MySql (for databases - server side).

 

[Sato1999]

No, it was made with a engine called AEGIS 

No!

My life was an entire lie!

 

[Engr. Adiktuzmiko]

What aspects of an RM game would take away from the online experience when you're using "other engines"?

I'm talking about technical things there, like the speed of processing of RM, especially for graphical things. Going on with my comparison, on my computer for example, a few simple concurrent animations or other graphical updates (char sprites, etc) is enough to reduce FPS of the game. Now couple that with the possible amount of data to be synchronized and additional graphic updates that comes if you turn it into an MMO, that would present a possibly huge amount of FPS drop.


The only other engine that I've managed to use (I've tried some others but the dev kits are too power consuming) would be wc3's engine which was made like what, more than a decade ago? With it I could run several "animations" in the map without any FPS drop, along with high res textures and high poly 3D models. Though I've also tried some samples made on UDK and even with the graphics quality of the 3D models used there, it also runs fine.

 

[Shaz]

Moving to General Discussion, because it requires a huge amount of scripting, and you're not going to get anyone to do it for you as a script request (if you searched, you would have seen this requested over and over and never done). All that's going to happen here is a discussion of can it be done, and some techniques that might help, but probably nothing more.

 

[Protagonist7]

Hm, I wouldn't want to make an MMO, but something that might be interesting to do with multiplayer would be something like Pokemon. You 'link up' to someone else's game and can trade items and battle. Would that be possible?

 

[Shaz]

What is it with the necroposting?


Protagonist7, please refrain from necro-posting in a thread. Necro-posting is posting in a thread that has not had posting activity in over 30 days. You can review our forum rules here. Thank you.


Closing this.