Making A Hack Proof Game In Javascript
Solution 1:
What is stopping someone from copying the game onto their computer, and injecting functions and modules to cheat?
Nothing.
Is there any fundamental way to protect people from doing this sort of thing by designing your game code in a certain way?
Nope.
Solution 2:
This is why most JavaScript games rely heavily on a server state, to prevent cheats.
Solution 3:
In short, no. However, you can obfuscate Javascript to make it much more difficult.
For things like scores, a user could in theory POST any score to your handler script. In this case you could use a session and regularly post back to the server through AJAX.
Solution 4:
Some thoughts
Server side:
Store the games internal state sever side and check the input send by clients on the server.
Autoaim: Create fake sprites which are invisible to normal players, if they get hit too often you have a bot. (will not always work as the bots may be updated to check for invisibility)
check client reaction time to changes on the server, check for too many too fast reactions. (has to accept a large number of fast responses before reacting as a human could react fast and the time has to account for the network delay to catch anything). Give the player some sort of captcha, a regular player would never see it.
Client side:
use obfuscation to make it harder to interface with your code
check for functions defined in the hacks you know about. Has to be modified/updated often as the creators of such hacks can work around those.
Game design: making your game less repetitive this makes it harder to write tools/bots for it.
update the client to change parts of its structure from time to time. While this will not stop bots it will take work to keep them running. Either make it transparent to the user or disguise it with a new feature.
Important: make sure your server interface checks the user input, obfuscation and client side checks wont help against someone writing their own client.
Solution 5:
I like the question, and while there are probably better answers, here are a few off the top of my head that may (or may not) work:
- Obfuscation. Yea, it's not guaranteed and someone can eventually get to it, but it's a pain in the butt to deal with sometimes.
- Generate the JS with a new temporary token each time. You may be able to templatize the .js running the code and insert a server generated token that differs per each instance. The token could be temporary and it could be one way to validate the authenticity of the code
- There's probably some way to determine the proper location of the script being run - but this could probably be faked
In general, its hard, and all of the suggestions above can be worked around. I guess the key is to make it hard for them to cheat, but given that there are cheaters for even secure online mode games, it's going to be hard to prevent JS games from being susceptible to that as well.
Post a Comment for "Making A Hack Proof Game In Javascript"