K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Discussion about the MAME Championships
http://sawys.ifrance.com/K7.htm

Moderator: Knockout Coordinators

Haze
MARP Knight
MARP Knight
Posts: 347
Joined: Sat Mar 23, 2002 5:04 pm

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by Haze » Wed Nov 03, 2010 9:32 am

We've been over this with encryption before.

MAME is open source, anything you link it to must be open source. In order to play it back it must be possible to decrypt it, that code must be available. In order to record it, it must be possible to encrypt it.

Admittedly recording with a 'daily encryption key' would prevent casual cheating, but it wouldn't be hard for somebody determined enough to write a program which simply re-encrypts with the required key. It's not a bad idea, nor is simply requiring a specific input sequence (although the people playing would have to have daily internet access to check for the 'current' key) but it's not foolproof.

The main issue with encryption is you once again start to produce inps which are a pain to playback, and definitely won't work in the mainline builds, because you're just bloating up the system in ways that MAME doesn't need.

End of the day you're relying on the good sportsmanship and honesty of the players involved. If 'show your cards at the last minute' is their preference, and they're absolutely determined to do this, then there will always be ways. I think it's just the nature of the competition.

User avatar
gameboy9
MARP Seer
MARP Seer
Posts: 683
Joined: Wed Feb 06, 2002 3:31 pm
Location: Pennsylvania, USA
Contact:

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by gameboy9 » Wed Nov 03, 2010 11:55 am

Well Haze, I fear that you're absolutely right. While Spectaculator is closed source (I think), which makes 99.9% honest competitions possible, it is a big issue that MAME has to be open source. It's understandable that it is open source, but it doesn't help if we want to run a 99.9% honest competition. Well, the only way we can get around that, then, is to completely write a new emulator from scratch. Obviously, that's quite unfeasible.

This being said, I should be a realist and ask myself this: how many times do you really think that recordings are being hacked? This answer... well, if it's not zero, it's probably very close to it.
Gameboy9 - Founder and coordinator of MARP Time Trials and Olympiad
Founder - Home Action Replay Page - http://www.homeactionreplay.org
http://gameboy9.marpirc.net

User avatar
mahlemiut
Editor
Posts: 4121
Joined: Mon Feb 04, 2002 10:05 pm
Location: New Zealand
Contact:

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by mahlemiut » Wed Nov 03, 2010 5:47 pm

FUSE is open-source, however, including libspectrum, which provides RZX functionality and the 'digital signing' done using libgcrypt.
- Barry Rodewald
MARP Assistant Web Maintainer
Image

User avatar
shoesama
MARP Serf
MARP Serf
Posts: 116
Joined: Mon Oct 04, 2010 12:41 am

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by shoesama » Wed Nov 03, 2010 6:22 pm

If for some reason we end up using this, would the encryption keys be downloaded files or would they be codes that we input?
The king of lamer - winner of K8

User avatar
MJS
MARP Knight
MARP Knight
Posts: 367
Joined: Mon Jul 29, 2002 10:07 pm
Location: Buenos Aires, Argentina

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by MJS » Wed Nov 03, 2010 6:54 pm

Haze is right, it is (and will always be) possible to cheat the 24h rule whatever we do.

That's why I wouldn't bother doing anything sophisticated to prevent cheating. Something very simple like entering special initials is enough, IMO.
It shouldn't bother honest players, and it should at least make it more difficult for someone trying to submit an old replay (now you only have to change the date of your computer, it's ridiculously easy).

It's not like there are thousands of cheaters among us (if anyone) but ONE cheater can ruin the tournament for everyone, and that sucks.

User avatar
Kale
MARP Seer
MARP Seer
Posts: 626
Joined: Fri Mar 08, 2002 5:53 pm

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by Kale » Wed Nov 03, 2010 7:31 pm

Maybe you aren't getting the point that Barry is issuing.

RZX is an open-source encryption library, that is used to avoid this kind of cheating on Spectrum emulators. You can freely put this kind of encryption inside the emulator and live happily with it.

And ... I really don't believe that an idiot like Neill Corlett wants to crack the encryption on this, mainly because, well, it's effing complex and not worth the time spent plus you can always call the authors if whatever hole in their security would be found.

For more info -> http://www.worldofspectrum.org/RZXformat.html (check in particular part 3: security)

Finally, as my POV as an official MAMEdev, I state that a secure cheatproof inp system must be inside the official binary too ... but will see how Barry will implement this then we decide, since my encryption/decryption skills are basically near to –273°C :P

User avatar
MJS
MARP Knight
MARP Knight
Posts: 367
Joined: Mon Jul 29, 2002 10:07 pm
Location: Buenos Aires, Argentina

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by MJS » Wed Nov 03, 2010 9:14 pm

Kale wrote:Finally, as my POV as an official MAMEdev, I state that a secure cheatproof inp system must be inside the official binary too
That would be awesome :D of course this is better than my proposal (and we can always do both things if we want)

Btw, great work on MAME and MESS Kale!

The_Pro
MARPaltunnel Wrists
MARPaltunnel Wrists
Posts: 459
Joined: Sat Aug 21, 2004 11:10 pm

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by The_Pro » Thu Nov 04, 2010 12:12 am

I forfeit, little time and game just pisses me off.
Aurcade - Find the coin-op games you want to play!

User avatar
gameboy9
MARP Seer
MARP Seer
Posts: 683
Joined: Wed Feb 06, 2002 3:31 pm
Location: Pennsylvania, USA
Contact:

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by gameboy9 » Thu Nov 04, 2010 10:51 am

Kale wrote: And ... I really don't believe that an idiot like Neill Corlett wants to crack the encryption on this, mainly because, well, it's effing complex and not worth the time spent plus you can always call the authors if whatever hole in their security would be found.
While I'm not one of the fans of Neill Corlett, especially with what he did to AlphaMAME, I should think in a more neutral light: I actually think we should welcome such contributions... at least if he's helpful... which I guess is the $64USD question.

Anyway, the RZX thing should work very well. Hopefully we'll be able to give it a go. :)
Gameboy9 - Founder and coordinator of MARP Time Trials and Olympiad
Founder - Home Action Replay Page - http://www.homeactionreplay.org
http://gameboy9.marpirc.net

Haze
MARP Knight
MARP Knight
Posts: 347
Joined: Sat Mar 23, 2002 5:04 pm

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by Haze » Thu Nov 04, 2010 11:20 am

Kale wrote:Finally, as my POV as an official MAMEdev, I state that a secure cheatproof inp system must be inside the official binary too ... but will see how Barry will implement this then we decide, since my encryption/decryption skills are basically near to –273°C :P
It won't happen, it's not a goal of MAME. The code should be simple, and functional, not obfusicated and overloaded with encryption to hide how it works etc.

The goals of MAME and an 'anti cheating system' are completely opposite to each other.

There is _no such thing_ as a cheat-proof encryption scheme if your emulator is fully open source. You can make the code difficult for people to understand, and therefore harder to hack (there is commercial software that does exactly this, converthing entire source codes to random symbolic macros and such) , but that goes against the very nature of an open source project like MAME. The RSX thing provides no *real* security as long as the code is open. There is a paragraph that as much as admits that (relying on emu authors to implement a hard to hack signing system) That implies something which MAME would not want to do, because it implies obfusicating the code *on purpose*.

Any signing of the emulator can be faked, re-recording can be hacked in, and any unsecure inp and be re-recorded as a secure one with _very_ little effort if somebody was to want to do it. It you're talking about old pre-rawinput versions of MAME you could even run a 2nd copy of hacked MAME to feed the inputs into the main one without even altering the 'secure' binary *at all*

The MAME rules on including any closed source libs are very strict, exactly to prevent people doing things like this with closed libs, the idea of an open project is that things will always be open and always reusable and there is no platform / library lockdown where a depdencey on somebody else's (license incompatible, or closed) library is created.

At the end of the day your 'special initials' system is a lot more effective than any technological measure, although if somebody forgets after the joy of getting a high score, they're going to be mighty pissed off with even that.

I still applaud Neill Corlett for what he did with AlphaMAME, simply for proving that such solutions are unworkable, and the only thing you're creating is a very false sense of security, and hoops for everybody else who wants to use the system normally. This might not be a popular opinion here, but the only thing you can do is trust your users.

User avatar
sikraiken
MARP Seer
MARP Seer
Posts: 717
Joined: Wed Feb 06, 2002 3:28 pm

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by sikraiken » Thu Nov 04, 2010 11:39 am

Some security is good, after some point it isn't anymore helpful than less encryption is, though. You cannot develop a cheat-less system, it will always be possible to use hardware or software macros which are completely external to the system and are undetectable. The only fool proof system would be one where everyone played live in front of each other.

User avatar
MJS
MARP Knight
MARP Knight
Posts: 367
Joined: Mon Jul 29, 2002 10:07 pm
Location: Buenos Aires, Argentina

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by MJS » Thu Nov 04, 2010 12:35 pm

The problem with the special initials is that you are showing proof that the game was played that day at the end of the gameplay (can be faked).

If somehow we could show the proof at the beginning of the gameplay, and it would affect the gameplay (enemy behaviour, random stuff, etc) then we have solved the problem.

User avatar
gameboy9
MARP Seer
MARP Seer
Posts: 683
Joined: Wed Feb 06, 2002 3:31 pm
Location: Pennsylvania, USA
Contact:

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by gameboy9 » Thu Nov 04, 2010 1:06 pm

Haze wrote: The MAME rules on including any closed source libs are very strict, exactly to prevent people doing things like this with closed libs, the idea of an open project is that things will always be open and always reusable and there is no platform / library lockdown where a depdencey on somebody else's (license incompatible, or closed) library is created.
... and, if you think about it, that's sad that they will give zero consideration to creating something secure for competition purposes. Perhaps understandable, to be fair, but sad.
Haze wrote: I still applaud Neill Corlett for what he did with AlphaMAME, simply for proving that such solutions are unworkable, and the only thing you're creating is a very false sense of security, and hoops for everybody else who wants to use the system normally. This might not be a popular opinion here, but the only thing you can do is trust your users.
I think, if my memory serves me correctly, that it wasn't Neill's actual hacking that rubbed us(or at least me) the wrong way, that part could have easily been appreciated, rather it was how he handled the incident on our forums and our IRC channel. Now, this being said, this was something that happened seven years ago, so it's probably best for us to move on. :)
sikraiken wrote:The only fool proof system would be one where everyone played live in front of each other.
That, unfortunately, is also true. Can't do much about that, can you? Except perhaps filming on a camera... which is also unfeasible. Guess the initials may be the way to go, but the issues of accidental error surely are too great. So I refer myself back to the "how often are our recordings hacked" question. I also ask myself how often we play for prizes here... and my serving memory tells me that that answer is not often at all, especially recently.
Gameboy9 - Founder and coordinator of MARP Time Trials and Olympiad
Founder - Home Action Replay Page - http://www.homeactionreplay.org
http://gameboy9.marpirc.net

User avatar
shoesama
MARP Serf
MARP Serf
Posts: 116
Joined: Mon Oct 04, 2010 12:41 am

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by shoesama » Thu Nov 04, 2010 2:33 pm

There's prizes? Can I have a prize if I submit my inps early?

it could be called something like

DUMB SUBMISSION AWARD
The king of lamer - winner of K8

User avatar
MJS
MARP Knight
MARP Knight
Posts: 367
Joined: Mon Jul 29, 2002 10:07 pm
Location: Buenos Aires, Argentina

Re: K8 - Round 2 - Puzzle Bobble 2 (pbobble2j)

Post by MJS » Thu Nov 04, 2010 3:00 pm

Hey shoesama solve this and you'll get your prize: :P

Image

Post Reply