I used the packpanda method to create an installer a week ago to see how it worked, and noticed it leaves the python file in the wide open to be altered by any Tom, Dick and Harry. How can this be changed?
Say I created a complete program. Let’s say it’s a remake of Super Mario Bros. I want to distribute it to other people, but I don’t want it to be alterable in any way, similar to an .exe file. Is this possible if I use the python code?
If not, is it very difficult to use the Panda3D libraries from a brand new C++ project in Visual C++?
Because I’m thinking of using Panda3D to make an online game, and security is absolutely vital. Everyone’s play experience would be ruined by anyone who knows how to modify the code.
Security would not be an issue if you let the server decide if a player should move, get an item, gain health, etc. Sometimes this might seem impossible, but it is doable, otherwise a lot of players in WoW, or similar, would be immortal and could afford everything.
What you are requesting will not prevent people from using a memory hacker (or whatever they are called).
This is how people normally does shady things in (older) onlinegames. Never done it myself for these kind of games, but I have used it in singleplayer games from time to time.
(Google around for a program called “Poke” for windows, or “iHackGamez”, I think it is called, for OSX)
If someone had access to the code and was using a modified client, the other players would see the actual status of the cheating player, and would be able to kill him/her anyway if the server has the last word in every action, while the cheater would run around in the forest and suddenly get a YOU_ARE_KILLED packet from the server and drop dead.
Having said that, I fully understand that this is an issue that needs to be fixed. Not everyone wants to share their coding secrets.
People are going to modify your code, exe or no. How else do you think there are hacks all over the place? There is not much reason to hide the source code for a client in a client/server game, since you would do most of the work that should be secure on the server side where no one has access anyway.
The number one rule of online games - never trust the client!
Hiding the source is really not worth it, it will take you more time to set up a hiding scheme than it will take hackers to figure out how to break it, this is a fact. I don’t know why so many companies go to so much work with cd keys and drm and rootkits and the like, when cracks are always available the next day or sooner.
If you really want to, there are ways to hide the source, but it won’t be like turning a switch. The easiest solution would be to encrypt all of your files except the main script, and then decrypt them when files are imported. Slightly better would be to download most of the client code, besides login, from the server and never actually store it on the hard drive.
You can also bypass memory hacks and do packet sniffing, the inject or replace network packets. You will gain security with a server that is not just authoritative (server state always overrides client states), but is intelligent enough to know if the instructions it is receiving from the client are correct. Server source can be open as well yet still secure, there are examples of this out and about on the internet
