How can I prevent players from altering game results?

Question

question

spynorbays asked Aug 2, '21

How can I prevent players from altering game results?

I'm using Playfab Matchmaking to match 2 players, the player that is assigned to Team 1 creates a Steam server and the player on Team 2 joins the session automatically.

Player1 sends the match result to a Cloudscript function at the end of the match, which takes the game result (0: lost, 0.5: draw, 1: win) and the opponent entity as the variables.

The Cloudscript then compares the ratings of the player that sent the result and the opponent, then adjusts the new ratings using the Elo rating system.

It all works without any problems except I'm worried that if a hacked client were to be in Team 1, they could force the game result to be 1 (win condition) every time and set the opponent entity as anyone they want.

I'm not very sure how to secure this so a hacked client won't be able to alter game results, how can I achieve this without a dedicated server?

CloudScript multiplayer Matchmaking

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2021-08-03T04:08:59Z

Seth Du answered Aug 3, '21

Anti-cheating in multiplayer game is hard to implement when without dedicated servers because all the data is retrieved from clients, which cannot be trusted. The best result is to reduce the possibilities and increase difficulty for anti-cheating. You may find more help from corresponding developer community, and I suggest using Cloud Script/Azure Function to collect the gameplay log from time to time during the game and compare the data for all members in a game.

2

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

spynorbays commented · Aug 03, 2021 at 06:26 AM

Where is the best place to store the gameplay log? Would it be ok if I store it in the Player Data?

0 ·

Seth Du ♦ spynorbays commented · Aug 03, 2021 at 07:47 AM

It is recommended to store in Player Read-Only Data or Player Internal Data, where players cannot update through client API.

0 ·

Answer 2 · 2021-08-04T01:51:22Z

Greg Quinn answered Aug 4, '21

I ran into a similar situation working on a game a while back.

There are several approaches you could take to mitigate this...

1.) Each time a point is scored, send a result to PlayFab, storing this result, i.e who the player was, and the point scored. Send the result from both clients.

2.) At the end of the game, send the final score from both clients, and query the results, and confirm that the end result adds up to what was sent from both clients, and then process the ELO. (You're processing the ELO on the server aren't you?)

3.) If the results don't match, one (or both) of the players was cheating, flag these players, and if a player receives continuous flags, perhaps 3 strikes, ban them.

1

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

spynorbays commented · Aug 04, 2021 at 04:00 AM

Yeah ELO process is done on the server when the player on Team 1 sends the match result. But I think I'll rework how the match results are sent, so it's harder for players to cheat.

I'm thinking of making it so when the match ends, both players will log the last game they played in their Player Data. This includes the opponent they played against and the result of the match.

The player that is in Team 1 will send a message to the Cloud Script with their PlayFabId, indicating the match they're in must be complete. The Script will get their opponent from their Player Data and confirm if they have indeed played together in the last match. If they did, it will then compare the match results logged on both players.

If the game results are valid, it will continue with the ELO system and reset Player Data. If there's a mismatch in the game results (Like both players reading a win on their last game or different opponents) however, the match will not be counted.

Both players will gain "Suspicion Points" if there was a game result mismatch, if a player has too many suspicion points they're likely a cheater. Those suspicion points will decrease with time so innocent players won't get punished.

0 ·

question