Read on Twitter
[Thread] Fix Cheats in videogames: The @FallGuysGame example
After doing some research to understand how cheats are used in Fall Guys, I've found that there are two distinct types of cheats:
- Position manipulation cheats
- GameObject Signature Recognition 1/x
#FallGuys
After doing some research to understand how cheats are used in Fall Guys, I've found that there are two distinct types of cheats:
- Position manipulation cheats
- GameObject Signature Recognition 1/x
#FallGuys
First of all, lets describe these kind of cheats.
Position manipulation cheats are cheats that will mess the with position of the player.
Fall Guys uses Client-Authorative networking, which gives the client the authority on the player's position
This technique has the benefit 2/x
Position manipulation cheats are cheats that will mess the with position of the player.
Fall Guys uses Client-Authorative networking, which gives the client the authority on the player's position
This technique has the benefit 2/x
Of being simple to use, mainly when you want to have a physics-heavy game, you don't want the player to be out of sync on its own device.
The flaw of this technique is that the client has power on its position.
Most hacks uses position swapping in memory directly to enable 3/x
The flaw of this technique is that the client has power on its position.
Most hacks uses position swapping in memory directly to enable 3/x
position manipulation, it can simply be done with only Cheat Engine.
But in the case of fall guys, it seems that MonoInjector is used and, doing so, they can directly swap existing code with their own code very effectively.
For this kind of cheats, the best way to avoid them 4/x
But in the case of fall guys, it seems that MonoInjector is used and, doing so, they can directly swap existing code with their own code very effectively.
For this kind of cheats, the best way to avoid them 4/x
is to NOT have the client have the full authority on its own position.
Many techniques exists:
- Validate position on server-side with simple checks (which can still lead to cheat, but less effective cheats).
- Use a Server-Authorative model (using Prediction 5/x
Many techniques exists:
- Validate position on server-side with simple checks (which can still lead to cheat, but less effective cheats).
- Use a Server-Authorative model (using Prediction 5/x
for example).
The Server-Authorative system is the best way to avoid cheating. That's why you didn't see players fly in CS:GO for example.
BUT, it has a big problem with our current example: Physics must be synced with the local player.
Which is a pain in the ass to deal with 6/x
The Server-Authorative system is the best way to avoid cheating. That's why you didn't see players fly in CS:GO for example.
BUT, it has a big problem with our current example: Physics must be synced with the local player.
Which is a pain in the ass to deal with 6/x
using a Server-Authorative approach.
But it's still not impossible, it will need a very big rework of the current networking engine tho (with physics rewind techniques, ...).
Then, let's talk about GameObject signature recognition.
I've found this gif, and it seems very 7/x
But it's still not impossible, it will need a very big rework of the current networking engine tho (with physics rewind techniques, ...).
Then, let's talk about GameObject signature recognition.
I've found this gif, and it seems very 7/x
explicit on what it does:
It will remove all the doors in this case.
It's because the real doors and the fake ones are using two distinct IDs/GameObjects.
The Cheat is able to recognize them by using the IDs or the GameObject directly... Which is fairly simple to do. 8/x
It will remove all the doors in this case.
It's because the real doors and the fake ones are using two distinct IDs/GameObjects.
The Cheat is able to recognize them by using the IDs or the GameObject directly... Which is fairly simple to do. 8/x
One way to deal with it would be to use the same game object/network ID for all the doors, and use RPCs that will destroy or not the door (making it Server-Authorative and the client will be incapable of recognizing the good door).
It has the same flaw as before: 9/x
It has the same flaw as before: 9/x
The physics sync will have some lag on the door explosion (because, only the server knows which door is a passable door, it will need to send the information to the client WHEN it should get destroyed, but we are talking 200ms of wait time for a client that is having 100ms 10/x
ping with the server (sending its position + receiving the destroy RPC, 100+100ms (RTT)), which should not be too bad for the players I think. Could be a good way to avoid these kind of problems (the Balls in the football game seems to be Server-Authorative and the lag 11/x
on them didn't seems to bother players, it should have the same kind of lag on doors).
In conclusion:
Dealing with cheating in videogames is a nightmare. Most online video games have cheaters, and uses different techniques to get rid of them. 12/x
In conclusion:
Dealing with cheating in videogames is a nightmare. Most online video games have cheaters, and uses different techniques to get rid of them. 12/x
The case of Fall Guys is very specific tho: It is clear that the devs have made a fun casual game, where they didn't expected to have cheaters.
But every games have cheaters... Even casual ones !
It is important to never trust the client, and have a design already capable 13/x
But every games have cheaters... Even casual ones !
It is important to never trust the client, and have a design already capable 13/x
of avoiding most of easy cheats, by providing Server validation for example.
Even casual games needs to be prepared for cheaters nowdays :/ !
Good Luck and Have fun !
Even casual games needs to be prepared for cheaters nowdays :/ !
Good Luck and Have fun !
