Official forums for BZFlag.org

How about an area that is pitch black once you enter it, but will light up if it contains an active bullet. Bullets allow you to see for as long as they last, but you have to watch out for ricos. Radar only works when there is an active bullet in the region. Your radar can't see in from outside and ...

With an authoritative server, there will certainly be instances of "Hey! I dodged that", but that's fine. It will be the same for everybody so it will be fair. At the moment some cheating is hidden behind apparent lag/jit. With an authoritative server it will be in the interest of people t...

Firing Squad, I do not think this could be reliable, even with closed source. Mac O X for example puts the libs at random positions. BZFlag could be put in RAM around the "fragment" so ranges are not guaranteed to be correct. Even the code part could grow at runtime in Mac OS X (I really ...

Well I'm glad that it was interesting at least. I really enjoy playing BZFlag and frankly I don't get the mentality that thinks winning by cheating can be rewarding. Nevertheless, I'm fairly certain that I witness it regularly and certainly the accusations start to fly once anyone reaches a certain ...

Not distributing the source code violates the BZFlag license and therefore could not use BZFlag code. Like I said way back here 1) we can not distribute closed source binaries, it's against the license. That's enough for me. Not feasible then. :( Since then I have agreed that it cannot be implement...

how does the server get that config with valid ranges? what are the ranges? This is beginning to get a little technical given that it will not be implemented but... The simplest method would involve asking the client (when run with the appropriate switch and passphrase) to output the routine number...

so the valid client has to be running? how does the server verify that? is it running it's own client code as well to verify it? or can the keys be pulled from a binary file on the disk? The server does not verify it. This will not allow a server to identify a cheat. It will provide a tool for an a...

Because the modified client "knows" what an unmodified client looks like,the cheater modifies the "checkcode" routine to send a response back that says, basically, "I am unmodified". Cheater wins, coders waste their time. All the code is open, so everyone can see anyth...

There are ways around this. Like I said, it's not full-proof, just extremely difficult. Hopefully to the point that it becomes unfeasible. I'll try to clarify by imagining a scenario as if I am the hacker. First attempt: I have a valid client running and also my cheat client: My cheat client starts ...

what prevents a moded client from computing it's own validation value based off of faked info then just sending a CRC that works with the faked info at the end? The same "validation value" that is used to encrypt the results for the binary code queries, is also used to tag messages to the...

what "messages" are you talking about? messages containing offsets or something? also what happens if the client drops connection? are all droped connections cheaters? All messages from the client to the server should carry a validation value that is calculated using a key that is not rev...

How is this key communicated to the server? Upon sign-off, the last thing sent is this initial encryption key. In order to check if a client was "unofficial", you locate this message and then go back to the start and validate all messages to the server. If the CRC value does not match the...

Your system dosn't ensure that the code is not modded, it simply ensures that the message from the client match some known good set, and that message can be faked by simply changing where it gets it's information from. Not a "known" good set, rather an unknown but easily verifiable set. T...

so the server has to have a copy of all possible valid clients? since the cheater could also have access to the server code that does this validation ( as it is open source ) could they not just go get valid responses from an unmodified client and send those back. No. It's not enough to return the ...

As for the client building up a database of valid responses. How can you do this efficiently without modifying the client and therefore producing invalid results? Actually I can think of a way around this. :-) Once you locate the binary code where the 10 minutes difference is tested, you can alter ...

you seem to be implying that there would be some kind of binary offsets database on the server? Or is there some other method where you know that the response from the client isn't "official"? And how do you tell if that response is from unmodified code? if the client can also build up a ...

How do you define an "official" client? You do realize that different linux distros build their own binary, right? Or think about distros like Gentoo that are source based. How would you verify that all of these were legit? The game is open-source, so your idea is not going to work. I don...

Wow. What is stopping me from downloading the source for this "official" (??) version and changing the "true" to "false in the line that tells the server "I got shot, I am dead." as I did back in the 2.0.8-ish source? I wouldn't need to touch any of the other magi...

Once you remove them, how do you add them back? The client is under constant development and needs to be built regularly. The official source is in SVN, so the removals can always be tracked. For this idea, I intended that an official League build would be made from sources that were not publicly a...

1) we can not distribute closed source binaries, it's against the license. That's enough for me. Not feasible then. :( Without an official client, there will always be room for client enhancement. Unfortunately an authoritative server can not cater for enhancements to the client such as full-screen...

In order to mix thing up even more, the code could be peppered junk code and built. The junk code could be removed from the official sources. for example: #ifdef __UseJunkCode__ #define JUNK_CODE(Num,Str) {int x = Num; \ if (!x) \ if (x > strlen(Str)) \ { \ #include "JunkCode.inc" } #else ...

Only an official client will be able to respond with the correct results in all cases. It would be possible for a cheat client to build a list of valid responses, but it would take an extremely long time to do so. Even if a valid set of sources was used to make your build, the location of the routin...

Cheating is a problem, but also there is the problem of false accusations and the horrible suspicious feeling you get when your opponent just won't die. In order to get beyond this, we need a way for Admins to investigate accusations of cheating with a reasonable chance of success. In order for this...

It appears that version 3.0 will remove the need for kill detection and cheat detection so no point in developing it then for version 2. These would have been the most difficult features to implement anyway, so I'm happy that they will not be needed. Version 3 will have the server decide whether som...

There are many times that players, after a match, go to the replay server to settle some dispute. Some extra information could help with this. 1) Replay Speed Control The ability to control the replay speed would greatly enhance its usability. You could fast-forward to a particular part of the match...