how to avoid cheating via the javascript console

Place for questions and answers for all newcomers and new coders. This is a free for all forum, no question is too stupid and to noob.
Post Reply
uh oh
Posts: 17
Joined: Sun Jul 27, 2014 7:28 pm

how to avoid cheating via the javascript console

Post by uh oh »

Hi, it seems to me that in a javascript game its pretty easy to cheat via the browser’s console. Is there a way to hide objects from browser users or some other way to prevent cheating?
sniko
Posts: 23
Joined: Fri Jan 17, 2014 2:56 pm

Re: how to avoid cheating via the javascript console

Post by sniko »

Obfuscation, perhaps, but then it's not 100% guaranteed. I would validate requests (if they go here) on the server end, just to be sure. If they don't, and it's a client-only thing, then you're out of luck - unless you do some hardcore obfuscation.

http://en.wikipedia.org/wiki/Obfuscation_(software)

http://en.wikipedia.org/wiki/Security_through_obscurity
Image

Code: Select all

class Life extends Bitch {
  //...
}
User avatar
Verahta
Posts: 441
Joined: Wed Aug 24, 2011 1:50 am

Re: how to avoid cheating via the javascript console

Post by Verahta »

This is something I've been worried about too. If you are building a game with a Node based stack what is the best route to go for security?
"In order to understand recursion, one must first understand recursion".
sniko
Posts: 23
Joined: Fri Jan 17, 2014 2:56 pm

Re: how to avoid cheating via the javascript console

Post by sniko »

Verahta wrote:This is something I've been worried about too. If you are building a game with a Node based stack what is the best route to go for security?
From my limited understanding of NodeJs, it does stuff with the server (client -> server). You'd validate and sanitize user inputs and requests on the server end.

(Forgive me if I'm wrong. I've never used NodeJS)
Image

Code: Select all

class Life extends Bitch {
  //...
}
User avatar
a_bertrand
Posts: 1537
Joined: Mon Feb 25, 2013 1:46 pm

Re: how to avoid cheating via the javascript console

Post by a_bertrand »

basically YOU CANNOT prevent people to hack a javascript game. Yet you could double check each action on the server side... at the cost of an higher load on the server side.
Creator of Dot World Maker
Mad programmer and annoying composer
User avatar
Chris
Posts: 1580
Joined: Wed Sep 30, 2009 7:22 pm

Re: how to avoid cheating via the javascript console

Post by Chris »

a_bertrand wrote:basically YOU CANNOT prevent people to hack a javascript game. Yet you could double check each action on the server side... at the cost of an higher load on the server side.
You can obfuscate your code to make it harder to manipulate. But memory editors can still filter data and manilpulate it so there's a way around that too.

When putting javascript live, make sure everything is instantiated from an anonymous function, this instance will not be accessable by basic tools.

Code: Select all

(function(window,documnet,undefined){
 // all javascript here
})(window,document);
Correct, lol is not accessible.

Code: Select all

(function(window,documnet,undefined){
 var lol = 1;
})(window,document);
Incorrect (lol will be stored in the global scope):

Code: Select all

(function(window,documnet,undefined){
 lol = 1;
})(window,document);

The only real solution is to stream the video to the client, and do all processing server-side. This would require a socket, a lot of knowledge in the graphics pipeline, and a very fast server. A major down side to this is bandwidth usage and internet speeds.
Fighting for peace is declaring war on war. If you want peace be peaceful.
User avatar
Verahta
Posts: 441
Joined: Wed Aug 24, 2011 1:50 am

Re: how to avoid cheating via the javascript console

Post by Verahta »

If you can't prevent script kiddies from cheating, is there a way to simply detect the alterations they make to the DOM or whatever so you can at least banhammer/suspend them?
"In order to understand recursion, one must first understand recursion".
User avatar
a_bertrand
Posts: 1537
Joined: Mon Feb 25, 2013 1:46 pm

Re: how to avoid cheating via the javascript console

Post by a_bertrand »

Chris: even if you enclose your variables all the browser now have JS debuggers, which allows you to put a breakpoint where you want and then modify live the value even within a function. So no that doesn't help.

Obfuscation could somehow slow down the hacking but not prevent it.

Whatever runs on the client side must be considered un-secure, and therefore either you accept it as is, or you need to check every action on the server side.
Creator of Dot World Maker
Mad programmer and annoying composer
User avatar
Chris
Posts: 1580
Joined: Wed Sep 30, 2009 7:22 pm

Re: how to avoid cheating via the javascript console

Post by Chris »

Verahta wrote:If you can't prevent script kiddies from cheating, is there a way to simply detect the alterations they make to the DOM or whatever so you can at least banhammer/suspend them?
Nope. Well there is, but you can bypass that aswell.
Fighting for peace is declaring war on war. If you want peace be peaceful.
uh oh
Posts: 17
Joined: Sun Jul 27, 2014 7:28 pm

Re: how to avoid cheating via the javascript console

Post by uh oh »

That’s funny, I still find it a little hard to believe that all those huge html5 games out there are so ridiculously prone to hacking and cheating.
Post Reply

Return to “Beginner Help and Support”