i have been doing some thinking, and so far i have gotten only two good ideas for preventing cheating, but here goes:

(1)include and extended beta, with a series of 3-4 beta phases. it would be online only, unless there is a way to make the disk not work after the beta testing is done. so basically, the same method that other online console games are doing (EX: everquest online adventures).

(2) when the game is released, allow players to volunteer the be moderators. it would of course include several interviews, such as by phone, and a background check. these moderators would be given a special disk that allows them to play the online version only, and they would have moderate weapons and armor, and the stats to equip them. they could level up, but they would not be able to drop or pick up items of any kind except for meseta, and only be able to buy itmes from the tool shop, such as mates and fluids. they would basically be super characters, but not be able to exploit that. they would go around online into unlocked rooms, looking for people who are trying to exploit the game or hack it. they could also have a way to enter locked rooms? and they could recieve guild cards from anyone with a click of a button, because cheaters dont give out guild cards. they could also log chats and store pictures of cheating if necessary, and be able to send those directly to ST.
-----------------------------------------------------
this is only a suggestion, which may be improved. please post any suggestions on this matter, but no insulting other peoples opinions.

For future incarnations of PSO, I would propose the ability to log the serial number of any player you encounter, whether it be in the lobby or game. You don't have to have their card in order to get their number. This way, if anyone you suspect is blatantly cheating, you can report their serial number to Sonic Team whether by phone or via a web site. Sonic Team should then monitor this individual for inappropirate activity. If he's caught in the act, then...insta ban!!!

On 2002-12-02 17:37, Sapphire87 wrote:
insta ban!!!


To add....

Instant permanent pan.

Nice idea indeed...sadly won't happen...

I think they should have a check any time you go online. the computer would check for foriegn programs or programming "flaws" and instantly disconnect the player. or they would automatically recieve the most recent patch.

On 2002-12-03 17:39, Meesh wrote:
I think they should have a check any time you go online. the computer would check for foriegn programs or programming "flaws" and instantly disconnect the player. or they would automatically recieve the most recent patch.


That's exactly what they were doing on the Dreamcast PSOv2.
They were checksumming the code and sending it to the server, that would then detect alterations of the code in memory.

The cheater answer has been simply to hack that code to make it send the checksum that the server expected.

There's no reliable way for the server to check what's actually going on the software running on the console, simply because it's that very same software that actually perform the check and sends the result to the server. Hence it can be hacked into fooling the server so that from the other end of the wire, everything looks ok.

The game is prone to cheating by design. Only if they:
- Implement online characters, stored on the servers, and either drop offline mode or remove the ability to bring an offline char online,
- Implement a true client-server protocol that would be slower, but where everything in the game actually occurs only on the server and is only displayed by the console,

they would be able to reach the security level of MMOGs like Anarchy Online, EverQuest, Earth & Beyond, DAoC, Neocron, and such.

<font size=-1>[ This Message was edited by: MORB on 2002-12-06 14:21 ]</font>

On 2002-12-06 14:20, MORB wrote:

The game is prone to cheating by design. Only if they:
- Implement online characters, stored on the servers, and either drop offline mode or remove the ability to bring an offline char online,
- Implement a true client-server protocol that would be slower, but where everything in the game actually occurs only on the server and is only displayed by the console,

they would be able to reach the security level of MMOGs like Anarchy Online, EverQuest, Earth & Beyond, DAoC, Neocron, and such.

<font size=-1>[ This Message was edited by: MORB on 2002-12-06 14:21 ]</font>


Although this is the best way to prevent cheating in any type of ORPG or MMORPG, it doesn't insure that PKing, item hacking and duplication of rares to be impossible. There still is loop holes in this type of security, but the positive aspect about having this type of interface is that server patches can be constantly added to block certain flaws in server operations. But it still takes motivation and a lot of funds to code these server patches, which sadly, most game publishers (or whomever actually pays for the maintenence of how the servers are ran) aren't willing to put forth the extended and routine effort it takes, but the idea of making an extended beta testing session is a good way to get the most kinks out of any type of game.

Actually, that is safest way. Get rid of Offline Mode completely or make it so that offline characters cannot be taken online. At the rate American players are paying anyway, there is no excuse whatsoever as to why there is no server-side saves.

Trying to hack through a server-side saved game will require a "little more skill" than simply using a Code Breaker. Not only that, but Sonic Team has much much much more greater grounds for taking legal action. The only way to really cheat through an online only community is to either exploit a bug (which can easily be patched) or hack through the server itself. That takes intelligence and a bevy of knowledge on computer programming, something a majority of PSO cheaters don't have. Right now, Barubary isn't actually hacking per say, all he's really doing is bypassing certain things in the servers and manipulating HIS data saved on HIS memory card. Because when actually attempts to "hack" the actual server, again, that is actual tight ground for Sega to take legal action and get him arrested since servers are private property.

the best way is for rares to have ID numbers, then if one is duped, it would be deleted

I agree for the item numbers, not only that but each item would be unique to yourself unless you gave it to someone.

I do agree with the serial number thing and the uber users, but then you'd have to have an uber user in everygame on every ship in every lobby. And I'd say this uber users should be about to pick up items becuase that would give them away as 'The Police' and people would tag that name and get all quiet. Also if they can pick up items that can see if they are n00bed or not. Then 'arrest' said n00b. So undercover work AS a n00b for the ST police.

IF the device is attached to the system then the system can detect it right? Just send a signal to all ports on the GC and if a device is detected then the person is disconnected or can't log on. Then again said company could manufacture it to only go on the modem slot so you can't hack online because you CAN'T get online, but I heard it was MicroDVD software.

I have a feeling PSO isn't n00b proof...which I DO hope SEGA can sue on, for loss of buisness when we all get tired of being n00bed and quit! I mean we ARE paying such high online fees for their anti-n00bing dept. right?

Some of you guys don't seem to realize how difficult it would be to create serials for EVERYTHING. Sonic Team would probably charge us $20/month.

Think about the IMMENSE database Sonic Team would have to create. Every new item generated by the server would need a serial, waiting for items to appear while online takes long enough. Imagine if the servers had to apply a serial on each and every single one before it can appear for pick up. Then they'd have to store that info for as long as PSO:EI&II lives, even if said player who found the rare quits PSO and deletes his/her character.

Ask yourself, how many games are created every day in PSO? How many boxes are opened? How many items are genrated?

And again, there is still an Offline Mode, this does not stop Offline cheating. How do we know there isn't a code wherein the cheat device can dupe an item and change its serials every time so that it won't have an exact copy? The Offline Mode gives too many looholes. Why Sonic Team insists on keeping it, only God knows.

Why keep an offline mode...because I wouldn't have even been BUYING the game if it was online only. Thus loss of revanue... It's a game you can play and beat offline and get satisfacion from, don't need expensive online accounts and access fees...

I bet Everquest and Asheron's call and both very exellent games but guess what..I'M NOT BUYING THEM, why..because they are online only...

Consider yourself in the very small minority.

If it came down between a choice of a) satsifying the minority and having rampant cheating or b)alienating the minority and getting rid of 99% of the cheating. I would choose choice "b" in a millisecond as I'm sure many other PSOers who play online would.

The only reason most people even play offline is so that they can open up the areas for online.

What is so difficult about getting online?

1. Compatible ISP (which is basically, anything besides AOL).
2. Credit Card.
3. $9/month.

Was that so bad?

On 2002-12-01 06:24, ancalagon wrote:
(2) when the game is released, allow players to volunteer the be moderators. it would of course include several interviews, such as by phone, and a background check. these moderators would be given a special disk that allows them to play the online version only, and they would have moderate weapons and armor, and the stats to equip them. they could level up, but they would not be able to drop or pick up items of any kind except for meseta, and only be able to buy itmes from the tool shop, such as mates and fluids. they would basically be super characters, but not be able to exploit that. they would go around online into unlocked rooms, looking for people who are trying to exploit the game or hack it. they could also have a way to enter locked rooms? and they could recieve guild cards from anyone with a click of a button, because cheaters dont give out guild cards. they could also log chats and store pictures of cheating if necessary, and be able to send those directly to ST.


But cheaters already have this power. When I see you in the Gamecube PSO, I see your guild card number (since the server is dumb enough to tell everyone it). Logging chats to a file is easy for me. I have a capture card in my PC to screen shot anything.

-- Barubary

On 2002-12-02 17:37, Sapphire87 wrote:
For future incarnations of PSO, I would propose the ability to log the serial number of any player you encounter, whether it be in the lobby or game. You don't have to have their card in order to get their number. This way, if anyone you suspect is blatantly cheating, you can report their serial number to Sonic Team whether by phone or via a web site. Sonic Team should then monitor this individual for inappropirate activity. If he's caught in the act, then...insta ban!!!


The client already has this ability. The block user feature actually stores the guild card number of the blocked users, even though the client doesn't show them if you blocked them through email or when they were in a room with you. What Sonic Team really should do is give you a mechanism to report users that you've blocked to Sonic Team with a text message attachment for explanation. That, or they could display an encrypted guild card number in the block list with which you could report someone.

Serial Numbers and guild card numbers are equivalent. If you know one, you can "easily" calculate the other. The Access Keys are the reason pirates can't play online.

-- Barubary

Server-side saving is actually not necessary. It is possible to create a secure environment without always saving on the server.

What you can do is save on the client, but make it so that the data is digitally signed by a private key that only the server has. The client would simply save the data exactly as the server sent it. If a client modified it, however, the server would know immediately by checking the signature. So despite being saved on the client, they are secure from cheating. This is exactly how session cookies work on the Web. PSO World uses this system for the forum security.

In PSO's case, server-side saving is not the only thing necessary. A complete redesign of the online protocol would also be required. PSO's server is not much more than an IRC server, in that you join "channels" in which you talk, and everyone in the same channel receives that same message. This is true for both game events - attacking, walking, ... - and chat messages.

In PSO, the server has no idea what is going on inside the game. It is simply a message relay system. While the server has the ability to check for specifically invalid messages, such as removing a Nei's Claw from the bank, it simply cannot prevent other types of cheating without a major redesign of the whole game. In a very strict PSO server environment, a cheater would simply have to keep sending "I killed Dark Falz and she dropped a Red Saber" a million times in order to dupe Red Sabers. Because the existence of Dark Falz is only known to the clients, the server cannot (easily) know whether you've killed her already.

In short, what Sonic Team needs is a rewrite of the game protocol in which the server controls every aspect inside the game. I think storing save files on the client is a very good idea, as it makes the servers much cheaper to run. And you don't compromise any security by doing so, as long as you digitally sign the data and only manipulate it on the server.

-- Barubary

Well, digital signature on the save would work, but then the game couldn't be played offline anymore. So, it wouldn't have any advantage over server-side saving.

Why even go to that extent of digital signatures? Why waste your time? Like the poster above me stated, either way, the result is the same: you get rid of Offline Mode.

With the money PSO players are paying right now, it's ridiculous why they can't afford server-side saves.

On 2002-12-24 04:18, MORB wrote:
Well, digital signature on the save would work, but then the game couldn't be played offline anymore. So, it wouldn't have any advantage over server-side saving.


The primary advantage is that Sonic Team will not have to manage a character database on their servers. They would, as they have since Version 1, have to manage a simple character list to prevent save backup/restore, since digital signatures in a sense will always be valid.

You *could* have some offline features, such as an offline mode that lets you play with your data but not modify anything important (such as rare items).

-- Barubary

On 2002-12-29 14:22, Barubary6 wrote:

On 2002-12-24 04:18, MORB wrote:
Well, digital signature on the save would work, but then the game couldn't be played offline anymore. So, it wouldn't have any advantage over server-side saving.


The primary advantage is that Sonic Team will not have to manage a character database on their servers. They would, as they have since Version 1, have to manage a simple character list to prevent save backup/restore, since digital signatures in a sense will always be valid.

You *could* have some offline features, such as an offline mode that lets you play with your data but not modify anything important (such as rare items).

-- Barubary



I don't think the console audience would sit well with a game where the majority of the game must be played online.

Using that scheme, can you get new rare items offline or advance in levels?