You shall not cheat

Today I’m disclosing something which really makes OCTGN 2.0 shine: it comes with built-in anti-cheating.

It’s very unfortunate that most of the major card softwares are plagued with cheating. I won’t give any links, but it’s not hard to find software for Apprentice, or Magic Workstation, or others; that allows you to see cards face down, or influence the games in many other ways.

And knowing that cheating is possible ruins the game, even if you don’t cheat. Imagine that your opponent makes an incredible bluff and turns a lost game into a win. This should become a story told by generations of gamers. But because cheating is possible, you will always be doubtful, and the “grand master at cards” becomes a “cheater, probably”.
There are three ways to avoid cheaters, amongst which two are working:

  • The game uses a trusted server, which keeps all informations and checks that players aren’t doing things that they shouldn’t do. Commercial software, like Magic Online, uses this approach.
  • The game tries to check that the player hasn’t hacked his client, and is not running any cheating sofware. Unfortuneately, history teaches us that such an approach cannot work. It will always be hacked. Most of the free software out there tries to get away using this solution.
  • The game uses a technology that just makes cheating impossible. The problem is that this is quite hard, and the software must be designed from the very beginning to support this. We are lucky: OCTGN 2.0 falls into this category (and feels very alone).

The trick behind this is that your client simply does not have all the information about the game. E.g. if your library is shuffled, you cannot know what the top card is without asking your opponent’s client for help. So it is impossible to peek at your deck without your opponent knowing it. And so it goes for most of the other aspects of the game: e.g. you cannot exchange face down cards on the table, you cannot look at your opponent’s hand, and so on.

What’s really beautiful about that is that OCTGN can stay open source. You can grab the source code, modify it, and build a new client. Do whatever you want, you will never be able to build a cheating client, because the underlying protocol makes it impossible. The technology needed to achieve that is pretty complicated, and I won’t go into details, otherwise I guess nobody would read this post to the end! 😉

Unfortuneately, this has some bad side effects:

  • Every time you reveal a card, you must get some information from the network, which is slow. That’s why you’ll surely notice a small delay when cards are revealed. But has been built to hide this problem as much as possible, and the result is very good.
  • Because the information is distributed amongst players, it creates very hard problems when a player gets disconnected or leaves the game (information gets lost). For now, the game just ends and you cannot continue. Hopefully a better solution will be found later, but this is an open issue.

Ok, it looks like this text is long enough, so I’ll stop here.

Thanks for being with me, and bye bye for now.

Explore posts in the same categories:

19 Comments on “You shall not cheat”

  1. Anonymous Says:

    Looks cool! I’m curious about the actual implementation though, and how well it scales to multiplayer games.

  2. AkumAPRIME Says:

    Hmm… while I am Very happy you have taken anti-cheating seriously, not being able to reconnect to a game is a serious problem. As a world traveller with (often) shitty net connections, I get relatively frequent DCs. I hope this issue is also taken into consideration as being able to start and resume games is an option I find Highly desirable. Please keep us informed. (well I’m sure you will, or else what’s this whole thing for anyway right?)

    Im sure I don’t need to say it but, Keep up the great work.

  3. eyerouge Says:

    It’s always a good thing to make it harder for people to cheat. Doing it with success is however almost an impossible task, and I wouldn’t dedicate all _too_ much time on the issue or let it be prioritized before any other game functionality. I’m not saying you do that, just venting my thoughts. It’s also clear that your solution demands that it’s implemented fairly early in the coding (maybe, don’t know how you done it this far or which programs in the .net suit you use). This is of course always far better than coping with it after some releases and try to “inject” the anti-cheating in already written code since it would requier re-writing it.

    Am I a cheater? No. But the ones who do cheat aren’t that important or interesting players anyway. Players that cheat also tend to ruin their game and are likley to play less since they know the outcome of the game at the start of it. I can’t even imagine how a player that cheats actualy thinks he masters the game and feels good at it. It’s probably something that they don’t do, which leads us to believe that they cheat of other reasons (yes, I know they cheat nevertheless but understanding what drives them can maybe help predict how much cheating is probable).

    If a client has the info about the other players cards, but not own cards, wouldn’t that make it possible to cheat using the info it _does_ have: Looking at the other players cards, since it has the info on them, shouldn’t be an impossible task if you’d modify parts of the sourcecode or use third party crap. My point is that as long there is info it’s almost always possible to cheat. I’m sure you’ve already thought if this and that the explanation lies in the tech-part that you didn’t dare unveil. But if it isn’t a 100% cheat-proof, is it then worth it, with the drawbacks of slower cardfetching and problems with the disconnects?

    How slow is getting a new card when you have a low ping, say below 50? It can’t be that slow, it’s hardly any info at all that needs to be sent – chatting on MSN will in most cases result in more beeing sent, but I’m not sure if MSN connects directly even if I think it does.

    Do you use any kind of encryptions? Wouldn’t that just be enough if applied to the correct processes?

    That could also work as a primitive way of solving the DC issue: Let (parts of) the game be autosaved once in a while with ie. a key that the other players client sent out.

  4. Anonymous Says:

    I still prefer the trusted server solution. It’s fast and perfect for tournament play (using a third-party server). For casual play, I think eyerouge is right in that cheaters are either uncovered very early because they can’t just restrain themselves from cheating ‘just a bit’ or they will get tired of the game really quickly.

    Thinking about this issue, I came upon the idea that a server model similar to fps servers architecture could work out well. Players (guilds/clans/leagues) interested in having reliable, trusted servers, they could host a server which can host something like 10 games at the same time.

  5. jods Says:

    I can see that the disconnection is a major concern. I really want the re-connect back, too. I am sure I’ll find a solution… I actually already have one, but it’s a tradeoff between responsiveness (which is always useful) and the reconnect (which is seldom useful, at least for “normal” connections).

    About the performances, I’m not too much worried. It was on my mind from the beginning, and from the early testing it seems good enough. Further testing, and multiplayer games will be good indicators.

    Having a trusted server is really the best solution. It’s the simplest to program, and it creates no problems with disconnections, etc. This came up often during the discussions between developpers. But in the end, we just looked at the facts: the majority of OCTGN games are played p2p (without a 3rd party server). So this was the main scenario we had to support.

    About the complexity of it, and the fact it could be hacked, let me answer. It’s already implemented and works very well, so it is not the question of “should we do it” anymore. And I strongly believe that it’s not possible to hack it. Here’s why: it’s not that I don’t know my cards, it’s that the information about cards is splitted between you and me.
    If my deck is shuffled, neither you, nor I, know what the top card is. We both know “half of the card”. So without the collaboration of another player, cheating is plain impossible, whatever you do. (Of course, the implementation is more complicated than that, and it involves way to check that nobody has changed the top card, or influenced the shuffle in any way.)

    Let me conclude this comment with a political aspect. Many players of other systems have complained about the many cheaters on their games. This brings up 3 points:
    a) If 2.0 is cheating proof, this will be an excellent argument to convert players from other systems to OCTGN. Something I’m sure everybody wants.
    b) OCTGN is quite low profile now. But if should 2.0 ever become popular, I don’t want to see all the cheaters coming to it.
    c) With a “conventionnal” system, it would be impossible to make OCTGN truely open-source, and prevent very easy cheating.

  6. Anonymous Says:

    How big is the dev team? 🙂

    The more I read this blog, the more I take octogn seriously, you guys seem to think before acting, which is sometimes hard to find in new development projects. I believe opensourcing a project like that will make it more secure and better in the end.

    Funny how I don’t even play Magic (or any card game) but I’m really interested in the development of CCG-playing apps, especially the network and AI part (no AI planned yet, I know 😦 ). If only it wouldn’t be in VB, maybe I’d lend a hand 😛

  7. Zchinque Says:

    The anti-cheating thing sounds really good, but there is one thing that worries me about what you say…
    Is it so that if one player leaves the game, the game stops, or did I misunderstand something? I often play multiplayer games, and since we’re usually four players, we’ll be twice as likely to have a disconnect as one with two. That’s not terrible, since disconnects rarely happens. However, when a player is killed he/she often leaves the game, unless she is up for another round afterwards. Will this cause the game to stop? If that is how it works, then I’m not sure how easy it’ll be to do a multiplayer in OCTGN 2.0.

    On a different note, will it be possible to group decks? What I mean is this; I build alot of different decks (most of which never sees play ;)), some are intended for multiplayer, some for duels, some are extended decks, some are prismatic, and so on. I think it would be very practical if I could somehow easily keep these ‘groups’ apart. Is it possible that we might see such a feature?

    Thanks for the updates Jods. They’re looking good, and I’m looking forward to OCTGN 2.0. 🙂

  8. AkumAPRIME Says:

    anti-cheating should be high priority because we want to draw a large crowd and that means the inevitable cheaters. Glad you’ve already found a way around the disconnect issue.

    @ Anonymous, is that your nick?

  9. jods Says:

    > How big is the dev team?

    From the beginning it was planned that 2.0 would be very open and well defined, so that other people could build other clients.

    The definition of how 2.0 should work was the common work of mainly 3 persons.
    I am creating this .net client alone, while the other 2 are doing a java version, although I haven’t had any news for some time.

    I am helped a lot for the testing by Fork, and the administrative team at cardfloppers help the development however they can (they provide some space on the forums, a wiki, some advice, etc.)

    > no AI planned yet, I know
    This was discussed many times before.
    I believe that it’s not a “not planned yet” thing. If you want AI, you first need to enforce rules. And to enforce rules, you really must think about it from the very beginning. It’s very complicated and needs a lot of support from the client.
    So OCTGN will stay without AI. Or we’ll have to re-design the core system from scratch.

    > Is it so that if one player leaves the game, the game stops, or did I misunderstand something?
    As of today, it is so. But this is work in progress and I’m going to work on a solution.
    Leaving a multiplayer game is a predictable action, so it’s easy to devise a protocol where the player shares the information he keeps before leaving.
    Disconnection is more tricky because it’s unpredictable.

    > On a different note, will it be possible to group decks?
    Good question. Thanks for asking! I think this is worth a post, so stay tuned!

  10. BlackMamba Says:

    @ AkumAPrime: No, I guess my nick would be blackmamba.. but I’m not much a nick person 😛 So… you can call me BM 🙂 I’ve been observing this blog for a couple of weeks but now it’s time I reveal myself 😛

    @ jods: Seeing as how you were on the magic-project dev team, you should be familiar with how they implemented the rules. It has always been (one of) my dream to devise a generic rule system which could be edited/created by the users (even extended) for any CCG. Leaving some space in the octogn core for future rule-based gameplay would have been cool 🙂

    Did you consider using a very modular core architecture (à la SharpDevelop) ? It can turn an app into a very extendable framework.

    Tu dois parler français aussi si tu as travaillé sur magic-project 😛

  11. jods Says:

    @ BlackMamba: I never was too much involved in the magic-project. I helped build some cards, and shared ideas about how the system should be designed.
    “Leaving some space in the octogn core for future rule-based gameplay would have been cool”
    Yes, but it would have been a HUGE amount of work. Because I was involved in the magic-project, and because I had a similar prototype on my side, I really know what I’m speaking of. Moreover, rules enforcement is something that many users of this community don’t want.

    “Did you consider using a very modular core architecture (à la SharpDevelop) ? It can turn an app into a very extendable framework.”
    The core is modular yes, but not as you mean it. OCTGN is not just an empty shell which loads dynamically the wanted modules. It’s more monolithic. This doesn’t prevent me to create some extendability points, allowing plugins to be loaded (and this is planned for some aspects, but it’s a secret for now…).

    Hé oui, je parle français… 😉

  12. Discord Says:

    Back from hiatus…

    Jods, have you considered that your anti-cheating mechanism can potentially OPEN the game to even more abuse?

    If the client is solely responsible for a player’s cards, with no server governance, then couldn’t a hacked client make every draw a tutor?

    In my opinion, this would be a lot worse than someone seeing my cards.

    Anyhew, don’t mean to be the doomsayer. Keep up the good work, and hope you find a solution.


  13. jods Says:

    > If the client is solely responsible for a player’s cards, with no server governance, then couldn’t a hacked client make every draw a tutor?

    Good try, but you cannot. Although your opponent doesn’t know what your top card is (and neither do you), his client can check that you really drew this card and no other one.

    For the sake of clarity, I’m describing the things in a much simplified version in this blog. The technology behind it is quite complex, and has been thought to prevent any form of cheating (well, at least any cheating that may be interesting).

  14. BlackMamba Says:

    I think we are all very curious about the actual implementation. Commit it to the cvs, for christ’s sake 😛

    On another note, I saw that you are indeed coding in c# (if the cvs is correct), so sorry for assuming you were doing it in vb 🙂

  15. AkumAPRIME Says:

    Hey Jods, Do me a favor and upgrade to WordPress 2.0 so I can RSS your blogs, TY!

  16. roblethal Says:

    There are 2 feeds for this site Akuma, one for Comments and one for topics… whats the problem??



  17. jods Says:

    “I think we are all very curious about the actual implementation. Commit it to the cvs, for christ’s sake”
    I’m not advertising the CVS too much, since the work is under heavy progress. But since you’ve find it, I can tell you that the whole implementation is commited. Just don’t expect to find a module called “Cheating-protection”, the protection rather lies in the underlying protocol and the way information is stored. I would say that it is very hard to understand the whole big picture without some higher-level documentation (which exists, but won’t be made public before the full release). If you really are curious, try to understand what the CardIdentity class does, its relationship to the Card class, and how shuffling work.

    “Hey Jods, Do me a favor and upgrade to WordPress 2.0 so I can RSS your blogs, TY!”
    Sorry akuma, but since this blog is hosted by, I have little control over the version they use. Although I would expect them to use the latest version of their own stuff!
    As Rob has pointed, there are RSS feeds available, both for entries and comments. The links are at the bottom of the page.

  18. AkumAPRIME Says:

    weird… I’ll retry

  19. AkumAPRIME Says:

    Yeah it works fine now… weird… ok, sorry to hijack the thread too!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: