Sunday, December 22, 2013

From Breaking To Making

I definitely had a lot of fun RE'ing PunkBuster. It was enlightening seeing the types of challenges Game Developers have to cope with to make their games fair. As expected, PunkBuster is totally doing it wrong. Building a system that is modifiable by an attacker will never be safe. Luckily, it appears there is now an alternative. Since the BattleField 4 release, a new kid has arrived on the block and they are doing anti-cheating the proper way. And what is that way? By monitoring actions and results *server side* using statistical and behavioral analysis. If this topic interests you, I highly recommend checking out Fair Fight's FAQ. So yeah soon cheating will be harder, provided GameBlock's implementation is sound and easy'ish to implement in games. So where does that leave me? Wanting to build my own game obviously.

Online game development is not easy, it requires a developer to be knowledgeable in a lot of very unique topics.(Of course in 99% of the cases, these topics would be covered by multiple people!)

  • Art & Design
  • Physics
  • Responsive interfaces
  • Combat & AI
  • Network Programming
  • Scaleability
  • Data structure and management 
  • Security

I think what interests me the most of all of those above topics is Network Programming. Building a safe, fast, reliable and scaleable network protocol that can handle thousands of concurrent users is an extremely fascinating topic. So I think I will start with that and hope everything else just comes together (wishful thinking).

Here's my current thought process.

  1. Study current MMO / FPS game's network implementations and code if available.
  2. See if it is possible to exploit WebRTC's RTCDataChannel to get browsers to send data not peer to peer but get access to the UDP transport to implement a custom game protocol.
  3. Build a custom protocol and server in Go.
  4. Build a simple WebGL (Probably using threejs game UI.

Of course everything depends on #2. So I will be spending the next few days PoC'ing that out. If that fails... well we will see.

Saturday, September 14, 2013

Finally published The PunkBuster Wiki

Bet you all thought I was dead right? Well, not really, I had to privatize my research until I felt I had made enough progress to publish. This last week at the 44con security conference in London I presented my research. All of the work I did had been documented over at github in a private wiki until I could release, which I was finally able to do. So head on over and read up on how it all works :). Enjoy!