War of the Voxels is an upcoming free first person shooter. The world is completely destructible, and either randomly generated or custom-made maps can be loaded.
Cheating is an inherent aspect of online gaming. As such, we've built in countermeasures ever since networking was added.
Posted by untitled on Feb 16th, 2013
Cheating and hacking is a rather large issue in multiplayer games, particularly in the FPS genre. Common hacks that can ruin gameplay for other players include flyhacks, speedhacks, aimbots, and wallhacks.
In order to discourage hacking, War of the Voxels takes a "multiple lines of defense" method of preventing cheating. There are three lines of defense:
Frequent weekly code obfuscation
War of the Voxels is especially vulnerable to hacks, as it is written in C#, a language which can easily be decompiled. Most C# applications can easily be decompiled and recompiled with changes. However, War of the Voxels is obfuscated; when decompiled, instead of seeing the original variable and method names and control flow, a decompiler would see:
This obfuscation of the code primarily accomplishes three tasks:
Of course, this line of defense only works as long as someone is maintaining the weekly updates, and therefore is not a good option for final versions.
A strong authoritative server
To combat any cheats and hacks that make it past the obfuscation layer, we've tightly integrated security into the networking code. Our networking has been designed specifically with three goals in mind:
What does this mean? Put simply, we want to disable most hacks without sacrificing the gameplay experience. One major category of hacks that this line of defense prevents is movement hacks. All movement code is authoritative. When a player presses the "move forward" key, the client sends a request to the server to move forward. To mitigate the effects of lag, the client simulates both other players and the current players locally. When the server receives the input messages, it processes them and determines the master authoritative position. This is then sent out to all the clients, which correct their predicted positions to the server's authoritative position.
So what does this mean?
Well, since input is handled on the server and is merely simulated on the client, a client who attempts to "flyhack" or "speedhack" by modifying their position is only fooling themselves.
Heuristic analysis of a player's actions
Finally, we apply some heuristic analysis on player actions to determine if an action was legitimate. For example, a server may collect information on a player's kills over a match. If the server recognizes that, for example, Player A has been killing with headshots for a large portion of their kills, the server may temporarily disable one-shot kills and see if the player's performance worsens. The server may also check how fast a player turned to shoot someone. If the victim was out of a player's field of view, and the player turned around 180° in less than 100 milliseconds, the server might flag the action and make the player's shots shoot inaccurately or deal less damage.
Putting it all together
The result of these three lines of defense is an extremely flexible and secure online gaming experience. With hacks either completely defeated or disabled to the point that a human could defeat them, hacks can quickly become obsolete and "useless".