Game networking consultant Glenn Fiedler notes how a number of The Division hacks suggest developer Ubisoft Massive may have implemented a fundamentally insecure "trusted client" networking model.
"To me this displays a fundamental misunderstanding of how FPS games are networked."
- Game networking consultant Glenn Fiedler
Last month Ubisoft launched its multiplayer action-RPG The Division, and shortly thereafter people began comparing notes on how the game's design could be glitched, exploited or outright cheated.
Video game networking consultant Glenn Fiedler took notice, and in a recent blog post he explains why some of the ways Division players exploit the game (using client-side cheat tools to teleport or give themselves infinite health) suggest developer Ubisoft Massive may have implemented a fundamentally insecure "trusted client" network model.
"I sincerely hope this is not the case, because if it is true, my opinion of can this be fixed is basically no. Not on PC. Not without a complete rewrite," writes Fiedler, who has worked on (among other things) the online architecture of Titanfall & Titanfall 2, as well as multiple God of War games. "Possibly on consoles...but not on PC unless they completely rewrite most of their netcode and game code around a server-authoritative network model.
Fiedler goes on to give a simple explanation of the differences between a "trusted client" network model (where each players' game client sends its actions to the game server to be verified) and the "server-authoritative" model used in games like Titanfall and Call of Duty, where the server is running its own game (the "REAL GAME") based on input from each players' individual game, then feeding the results it sees in its own game back to the players.
"The key idea behind this network model is that the server is THE REAL GAME. What happens on the server is all that counts and the server never trusts what the client says they’re doing," writes Fiedler. "If a competitive FPS was networked the other way, with client trusted positions, client side evaluation of bullet hits and 'I shot you' events sent from client to server, it’s really difficult for me to see how this could ever be made completely secure on PC."
Fiedler goes on to note that he's "rooting for the dev team on this one," and his full blog post on the topic is worth reading if you're not a network programmer but nevertheless have an interest in online game networking and design.
You May Also Like
.png?width=300&auto=webp&quality=80&disable=upscale)
