Lua Memory Editing?

[dreadnought]

Is there a possibility of my Love2D game getting memory edited? I know there's always a chance of decompiling and whatever but I'm more worried about memory editing and if it is possible are there any good protection methods?

[Plu]

There's nothing much you can do about it, since the whole program and all its memory are running on the host computer which is outside of your influence.

Why are you concerned about memory editing?

Also, there's not so much "risk of decompiling" as there is the simple ability to read the source code of any love program you distribute. Lua source code is entirely open and there's not really much you can do about that.

[dreadnought]

There's nothing much you can do about it, since the whole program and all its memory are running on the host computer which is outside of your influence.

Why are you concerned about memory editing?

Also, there's not so much "risk of decompiling" as there is the simple ability to read the source code of any love program you distribute. Lua source code is entirely open and there's not really much you can do about that.

Right but if I distribute it as an exe and do some basic packing and protection they won't be able to read the source code that easily. I'm concerned about memory editing because it'll affect the game-play since there's networking involved but I guess I can just implement some sort of anti-cheat to see if the new position is outrageously different from the last one. Isn't there a way to run Lua applications in a safe environment or sandbox/virtual machine?

[Zilarrezko]

Not much that I can think of for Löve networking security. That's mostly something that the Lua socket team would worry about (or whatever networking server you're using). It's hard enough for my late beginner cheat engine skilledness that almost every variable in Lua is a double or string, and finding pointers is a pain.

The best thing that I can think of is create a series of checks every so often to see if a variable actually changed by the amount/number it was suppose to change, then throwing the error/crash. But that will bog down server side if you use it too religiously (if you use it server side).

Not sure, But I think it's more of something the server coders would implement. Although I'm no expert on any of the subjects I just talked about.

[Plu]

For networking there's a number of solutions available. It depends heavily on how many people you expect will be invested in trying to cheat at it, of course.

One of the safest ways to prevent cheating in network based games is to use a command-architecture where the client cannot change anything, but can only send requests to the server to update something. This makes it easy for the server to have a list of valid commands for each client, reject anything outside of it, and handle anything inside the list and then respond with the new game-state.

This makes the client into basically a view that can only receive current gamestate data and push out commands, without being able to actually modify anything. (Obviously things like animation can still be done on the client since they are not changes in the state of the simulation; but any kind of gameplay update to an entity should be done by pushing a command and receiving the entity's new state from the server)

[undef]

For networking there's a number of solutions available. It depends heavily on how many people you expect will be invested in trying to cheat at it, of course.

One of the safest ways to prevent cheating in network based games is to use a command-architecture where the client cannot change anything, but can only send requests to the server to update something. This makes it easy for the server to have a list of valid commands for each client, reject anything outside of it, and handle anything inside the list and then respond with the new game-state.

This makes the client into basically a view that can only receive current gamestate data and push out commands, without being able to actually modify anything. (Obviously things like animation can still be done on the client since they are not changes in the state of the simulation; but any kind of gameplay update to an entity should be done by pushing a command and receiving the entity's new state from the server)

That's what I thought as well.
These days it shouldn't be too much to let the entire game be computed on the server(except for the graphics).
It's like in an MMORPG where the server tells you where you are, and you tell him what you want to do.

[dreadnought]

Thanks for all of the answers I was planning on doing that sort of Authoritative server model anyways so thanks for all the good answers!

[Inny]

I always viewed it as grand flattery if someone considered your source code to be valuable enough that they'd want to steal it or mod the game.