Fix Save Game Exploits!

Probably true, but technical competence is only part of the equation. Not every technically competent person who would exploit a game loophole will go and modify game files if the exploits are patched up.

I'm not sure what this means. Can you clarify? "What reads from the HP" is a function that returns the value at a specific memory address at run time. You can't "replace with blank" code that is already compiled in the binary. It's immutable.

Not possible. In the example, the store health is a temporary variable that exists at a random location in memory for a few miliseconds and then is gone. Impossible to know where it's going, where it is, or to freeze execution at exactly the moment in time in which it is stored.

So you autoSave() at the moment the player clicks on a chest, but before revealing the result to them.

Monster Zoo doors should also trigger autoSave(), as well as teleport pads, etc. Basically any "major event" which the player might want to roll back can be tagged with an autoSave() to patch the hole.

Trust me on this topic. I've been designing strict anti-cheat/exploit measures for a combination online/offline poker game with millions of players, tens of thousands of hands played per day and a very active leaderboard community. I literally patch these holes for a living. =)

 

Auto-saving on everything is kind of bad right now. The autosave is the only thing that assures you can have a properly generated level. I ran through a good portion of level 9 making sure no enemies were spawning before I reloaded the autosave. Once they iron that out, I wouldn't mind autosaves in such cases.

 

Kerchunk: 123stw is talking about modifying the binary to change the code that it executes. At some point the code will have to say "Is the player cheating?" and bail if the answer is yes. So you just modify the bit that checks for cheating to always say no cheating is happening, and the program thinks everything is hunky-dory.

On-the-fly memory modification is trickier, but not impossible. I'd wager that key objects for DoD (particularly the player) get initialized in a very consistent order which puts them at a consistent offset in memory. Even if it's not perfect, searching a region with a little pattern-matching (e.g. "I know my skills have IDs 1, 4, 5, 8, 11, 14, and 18, and there's a list of them right next to my current HP value") will get you what you need rather quickly.

 

@Kerchunk
Yeah pretty much what Derakon said, code injection to break the check so it just returns nothing (or no) every time. If it only kill on yes, then either works.

As for auto saving on every event, the save is still in your system. It's not very hard to manually back up saves (even easier, make it "read only" just before you open a chest).

I am really no expert in game security. I am just listing the things that an amateur like myself can use to bypass the checks under the assumption that, if I can do it, someone can probably do it better.

 

@Kerchunk & Topic

I never looked at the global scores of DoD before (I´m not a competitive player, only with myself ) but I read this thread and looked at them afterwards.
I was shocked how easy that cheating, hacking or other illegitimate ways must be and how shameless they cheat (800 KK on GR PD). Must be a slap in the face for those who try to compete.

Like I said, I don´t care about these scores but others do, so this should definitely be addressed in some way.

This is maybe not a good suggestion (I´m not familiar with cheat-protection) but isn´t it possible to make clouded saves + autosave (after the bugs are out) and make the leaderboards only accessible for characters / savegames that are in the Steam Cloud System? And when you create your character you can choose between local or cloud save?

 

That doesn't help any though, because you're still modifying the save locally.

The only remotely reliable way I know of to prevent savefile abuse, memory hacking, and the like is to perform all game logic on a trusted server, with the client just sending input and receiving new game state information.

 

Ah... okay. That´s sad for the competitive players, because I assume that´s too hard to pull off or too expansive.

BTW: I looked at the steam leaderboards of other games I like and this kind of cheating seems really common here, because I couldn´t find a single game without obvious score cheating among them. Considering that some of those games have a larger audience than DoD (and due to that budget) and that they couldn´t find a way to prevent cheating either, I´m pessimistic regarding the DoD leaderboards.

 

I'm in the "what's the point?" camp. The global leaderboards are meaningless. As people mentioned, it only really caters to one playstyle. It is a single player game, the time and effort is better spent in creating new content and balancing the existing content.

 

Jesus, you sound like the whiny little obese mouthbreather with gynecomastia who rats on everyone in class and reminds the teachers that he didnt check the homeworks.

SO WHAT if people savescum? Why should the developers strive to make it harder because some dweeb like you can feel righteous about roguelike playing?