Cheating at Multiplayer Online Games
An-Cheng Huang
Bruce Maggs
A small confession…
Your professor is a notorious cheater
Types of MOG:
Categorization by Genre
• First-Person Shooter (FPS)
• Role-Playing Game (RPG)
• Real-Time Strategy (RTS)
First-Person Shooter (FPS)
Game world
Player character
Weapons
Aim + shoot
Call of Duty, Activision / Infinity Ward
FPS (cont.)
Game
world




Role-Playing Game (RPG)
Game world
Player character
“Weapons”
Accomplish task,
Improve (virtual)
ability, accomplish
harder task, etc.
Diablo II, Blizzard Entertainment / Blizzard North (?)
RPG (cont.)
Game
world





Real-Time Strategy (RTS)
Game world
“Units”
Explore, build,
combat
Rise of Nations, Microsoft
RTS (cont.)
Game
world












Categorization by Persistency
• No persistency
• Persistent player information
• Persistent game world
• Persistency
– Local: e.g., run a persistent server for a few friends
– Global: e.g., game company hosts servers for all
No Persistency
Before
gaming
session
During
After



Persistent Player Information
Before
gaming
session
  
During

After
 



Persistent Game World
Before
gaming
session
During
After









Interesting Combinations
n: Number of players in a game world
• n<=64 (16-32 mostly), no persistency, FPS: e.g., CoD
• n<=8 (2-4 mostly), no persistency, RTS: RoN
• n<=8, persistent player information, RPG: Diablo II
• n>1000, persistent game world, RPG: EverQuest
• n>1000, persistent game world, FPS: PlanetSide
PLATO Computer System
• PLATO IV Developed by the University
of Illinois and the Control Data
Corporation
• 1961 timesharing PLATO II begins
• 1964 invention of plasma panel
• 1968 PLATO IV begins
• Spun off as “NovaNET” late 1980’s
• Revived at www.cyber1.org
Innovations
•
•
•
•
•
•
•
•
•
first LARGE on-line community
invention of the plasma panel
multimedia
“personal notes” – email
“group notes” – newsgroups
“consulting mode” – desktop sharing
widely used “term talk” (like Unix talk)
Shared memory enabled multiplayer games
IBM correctly attributes Lotus Notes to PLATO
Hardware
• Control Data mainframes designed by
Seymour Cray
• Cyber 70, 176, CDC 6600, 7600
• Magnetic core memory
• 60-bit words, 6-bit characters
• One’s-complement arithmetic
• Up to 1000 simultaneous users
• (NovaNET runs on Alpha today?)
PLATO IV Terminal
https://digitalanalogues.wordpress.com/2011/04/22/it-really-is-deja-vu-all-over-again/
• 512x512 plasma panel
• 1200 baud connection to mainframe
• Stream of commands for displaying text
and symbols, and for drawing lines
Multiplayer Games
• Dungeons and Dragons
– e.g., oubliette, avatar
• Space
– e.g., spasim, empire
• Warfare
– e.g., airfight, panther
Empire
Empire Basics
• I am  shrike , a proud Klingon / Kazari
• Becoming a member of the Federation, a
Vulcan/Orion, or a Romulan is equivalent to
turning in your private key
• The goal is to conquer the universe
• Ship fires phasers, photon torpedos
• Firing at correct angle inflicts more damage. To
fire phasers at angle 233, type “f 233 NEXT”
• Ship makes a hyperjump when you replot the
screen, based on time since last replot
Empire
The Clone Brothers
• I built a device that you plugged a keyboard
into, and then it plugged into two separate
PLATO IV terminals
• Small circuit waited for both terminals to
acknowledge keystroke before telling
keyboard
• Why? Fly two ships to same location in
empire, then have double the firepower!
• Nicknamed the “Clone Brothers” device
migrated to different clusters of PLATO
terminals around campus at U of I
PLATO V Terminal
• Plasma panel and CRT versions
• Same 512 x 512 display
• 8080 processor implemented all
graphics
PLATO V Terminal
From http://plato.filmteknik.com/
First-Person Shooter Bot
• 8080 had access to stream of commands sent to
terminal from mainframe
• I wrote assembly code to determine angles to
enemies on the screen (using an arctan look-up
table)
• Program displayed exact angle above each
enemy, with keyboard shortcuts to fire phasers
or torpedos at that angle
• Also displayed a growing ellipse around ship to
indicate distance of hyperjump
• Possibly the first first-person shooter bot? 1979?
Avatar
Avatar Basics
• Players join different guilds, e.g., fighter,
magician, cleric, and gain different
capabilities
• Players form groups and enter the dungeon
together to fight monsters and gather
treasures
• At one time possibly most popular multiplayer on-line game in the world
• Co-authored with David Sides and Andrew
Shapira, with help from many others
• My current character is dead on level one
Avatar
Duplicating Magical Items
• Strategy: give all of your magical items
and gold to a friend, the crash the game
before the changes to your character
are recorded to disk!
• Negative: “unfair” and throws the game
economy out of whack
• Positive: we quickly find out about
serious bugs
Best Consulting Gig Ever
• I am hired by Jagex, maker of
Runescape to document that third-party
bots really work
• My character is exempted from being
banned for using bots
• My kids complain that I am a cheater
Runescape
How do the bots work?
• Runescape is a Java applet
• Bot maker provides Java applet
container
• Bot does not scrape the screen, but
instead examines the byte code
• Bot determines position on screen of
character, objects, etc.
Anti-Bot Measures
• Code is rearranged in different
instances of bot
• Ultimately, all data stored in one master
array, permuted in random order, killing
bots!
• Many players quit when bots were
defeated
Latency Compensation in Half-Life
• [Bernier GDC01]
• Naïve approach: dumb client
render player1
at (x1,y1)



Player1
forward
forward
render player1
at (x1,y1)
Response time for player:
round-trip to server + server processing
Predicting Where I Am
render
player1
render
player1
render
player1
render
player1
atat(x1,y1)
(x1,y1)
at
at(x1,y1)
(x4,y4)



Player1
forward
forward
forward
forward
forward
render player1
at (x1,y1)
Predicting Where You Are
• Updates about other players’ locations not continuous
• Extrapolation (dead reckoning)
– At last update, player2 is at (x1,y1) facing N with speed S
 It should be at (x2,y2) now
– Not good: in FPS, player movement very non-deterministic
• Interpolation
– Impose an “interpolation delay”
for rendering
Now
Now
Int. delay
Now
Update3
(x3,y3)
Update2
(x2,y2)
time
Update1
(x1,y1)
Lag Compensation
• Interpolation introduces a fixed lag (int. delay)
– E.g., always see where you were 100 ms ago
– Need to lead the target when aiming
– Require players to extrapolate!
• Server-side lag compensation
– Server uses the old location to compute hit/miss
– Allows natural aiming/shooting
– Possible weird experiences for players being fired upon
 tradeoff for better game play
Fair Message Exchange
• [Guo et al. NG03]
• Look at “fairness” in client-server games
P1
(4 ms)
room
P3
 P3
P2
(3 ms)
P3
(1 ms)
P1

P1
P2
P2
Fair Message Exchange (2)
• Different latencies can make the game “unfair”
Server
t=0
t=8
t=11
t=19
P2
(RTT 5)
P1
3
P3
(RTT 10)
(RTT 15)
P2
P3
time
1
4
P1
Fair Message Exchange (3)
• Fair-ordering delivery without synchronized clocks
(a simple case)
P3
P2
P2,3,18
P2,3,18 P3,1,16 P2,3,18
Server
t=0
t=8
t=11
t=16
t=18
P2
(RTT 5)
P1
3
P3
(RTT 10)
P2
(RTT 15)
P3
P1
1
4
Server waits (here 15) before performing action.
Ordering based on response time.
t=19
Cheating Strategy
• Introduce artificial delay between client
and server
• Lie about how long it took to respond (or
take advantage of server thinking
update was received last)
• Server will think client was first to shoot,
even though it receives message last
Cheat-Proof Playout
• [Baughman & Levine INFOCOM01]
• Two types of cheats
– “Suppress-correct cheat” under dead reckoning (extrapolation)
predict
 P2
P1
here
here, actually
– “Lookahead cheat”
  P2
?
?
here
Cheat-Proof Playout
• [Baughman & Levine INFOCOM01]
• Two types of cheats
– “Suppress-correct cheat” under dead reckoning (extrapolation)
– “Lookahead cheat” game advances in frames
do nothing

duck
P2
P1
fire

P2
P1
fire
Security
• How are cheaters actually cheating in reality?
“Duping” in D2
(persistent player)
A
B
A
B
Crash server
(s.t. not saved)
A
Exit &
save
B
Maphack for RTS
(should only see
occupied area)
modify game client
to display everything
Security (2)
• Video card driver / texture, auto-aim / auto-shoot bots
transparent