How to dissalow modified clients in an open source client-server project? [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 6 years ago.

Improve this question

Suppose I have an open source client and server software, both fully open source.

How can I make sure modified clients cannot connect to the un-modified server? Or detect modified clients? For example to prevent cheating in open-source massive multiplayer online games?

I cannot find anything on this subject and excepf for empty google searches I don't know where to start looking for information on this subject so I thought maybe someone here can answer this or even point me in the right direction to get the answer.

Answer 1

To do this perfectly would be either extremely difficult or impossible. You can add code to the client that will cause it to take a hash of itself and transmit that, then compare that hash server-side to known unmodified hashes, but a skilled programmer could easily fake a valid hash using such a method. You're better off making sure modifying a client doesn't grant an advantage when playing online.

Answer 2

It is impossible to do this 100% reliably. You're trying to come up with a way that a system completely controlled by an adversary can be trustworthy, which is never going to be the case. As long as there is a client program that is trusted by the server, people can modify it to do what they want.

The solution is to not trust the client. Do not give it information it does not need (assuming you're making a game, to prevent things like wallhacks), and perform sanity checking on the data it is sending to the server (to prevent things like speed hacks). Additionally, allow people to view the server state and how it changes from each client's point of view. This will allow server administrators and other players to detect things like aimbots.