Sandbox-survival anti-cheat system, is this realistic?

PlaceholderEntity

Hello! I'm making a game similar to Terraria and Starbound. The game has several modes. In one of the modes, your single-player items can be traded on multiplayer servers. Since hackers can edit save files, hackers can give themselves items. This would destroy any economy from existing. There are systems to prevent this but hackers tend to exploit it anyway. So I invented a system that hopefully would make hacking a lot harder. My goal is not a 100% fair economy. My goal is that it the economy won't get obliterated on day one. Please tell me what you think of the system and if you have a better idea.

History log
When the inventory is loaded, it gets checked against an action history log. If the log does not match the items found in the player's inventory, the added items are removed.
Plausibility judge
Hackers that try to fabricate history logs to try getting items can succeed, but impossible events in the history log are detected by a script. If the hack is detected a few times, the items are removed and the player's other items become untradeable (in case they succeeded in fabricating history logs earlier).
What I hope this achieves
This would not stop a determined cheater. But it will hopefully make it harder and riskier to edit saves. I would be fine with black markets that sell hacked items. I just don't want item scarcity to destabilize completely. I could also add encryption to add another complexity layer.

kuligs2

PlaceholderEntity dont think this is what would work, its still hackable cuz the logs are local.

What would work is to have some kind of decentralized ledger that you update or something.. could crypto give what you want without investing in centralized server?

i would like to know a solution to this problem.. i was thinking about similar way to persist the data and not having the centralized server..

So far i havent looked into it more than surface level

EDIT:

OK blockchain requires someone runing node and keeping it synced up 24/7.. it would be easier to have server validate that thing..

AI says this:

Secure SP+MP inventory (P2P Godot 4, no server):
Run everything as host mode (singleplayer = local host).
Authoritative data lives only in memory on host. Save file is encrypted + checksummed.

# Host-only (works in SP and MP)
const SAVE_PATH = "user://inventory.dat"
const HASH_PATH = "user://inventory.hash"
var inventories: Dictionary[int, Array[Item]]  # authoritative

func save_inventory():
    if not multiplayer.is_server(): return
    var data = FileAccess.open_encrypted_with_pass(SAVE_PATH, FileAccess.WRITE, "your_secret_pass")
    data.store_var(inventories)  # or JSON
    data.close()
    
    var hash = FileAccess.get_sha256(SAVE_PATH)
    var hfile = FileAccess.open(HASH_PATH, FileAccess.WRITE)
    hfile.store_string(hash)
    hfile.close()

func load_inventory():
    if not FileAccess.file_exists(SAVE_PATH): return
    var stored_hash = FileAccess.open(HASH_PATH, FileAccess.READ).get_as_text()
    if FileAccess.get_sha256(SAVE_PATH) != stored_hash:
        push_error("Save tampered! Resetting.")
        inventories.clear()  # or delete file
        return
    var data = FileAccess.open_encrypted_with_pass(SAVE_PATH, FileAccess.READ, "your_secret_pass")
    inventories = data.get_var()
    data.close()

# Pickup / trade (same as before)
@rpc("any_peer")
func pickup_item(item_type: String):  # only host runs
    if not multiplayer.is_server(): return
    # create unique item, add to host's inventories
    rpc("sync_inventory", inventories)  # overwrite all clients

@rpc("any_peer")
func trade_item(item_id: String, to_id: int):
    if not multiplayer.is_server(): return
    # validate + move atomically on host only
    rpc("sync_inventory", inventories)

Result:

Singleplayer: your local host = ledger. Tamper = detected on load.
Multiplayer: whoever hosts loads their save as truth. All trades go through host RPC only.
Dupes impossible: item exists once on host, synced by overwrite.
No blockchain needed. Works instantly.

Change password per game or derive from hardware ID for extra hardness. That's the max security possible in pure P2P.

Derive key (no hardcoded secret):

var secret = OS.get_unique_id() + ProjectSettings.get_setting("application/config/name")
var data = FileAccess.open_encrypted_with_pass(SAVE_PATH, FileAccess.WRITE, secret)

Checksum still catches any edit.

Rainfollower

PlaceholderEntity nothign is safe on a client. If you want controllable economy, you will have to keep it on server.

Toxe

PlaceholderEntity Anything stored locally can be manipulated, so make the server the single source of truth. Also encrypt the client-server communication, like HTTPS, to make things harder. But no matter what you do: never trust the client.

PlaceholderEntity

kuligs2 Thanks for the idea! Although you're idea is still not perfect against experienced hackers, but it adds a very strong protection layer. It prevents basic file tampering attempts, while mine prevents logical inconsistencies. Both can be hacked. But both makes hacking it much harder for the lazy. The reason I believe in my idea is because although history logs can be tampered, a judge script verifies the history. A hacker would have to reverse engineer the judge script. Here's several layers to prevent casual hackers:

Encryption + checksum (your idea)
This tries to prevent save editing.
A. Save inventory encrypted.
B. Generate checksum.
C. On load:
verify checksum
decrypt data
Result:
Someone opening the file in a text editor can’t easily modify it.
Basic tampering is detected.
But determined attackers can still:
extract the key
recompute the hash
rewrite the save.
History + judge system (my idea)
This tries to prevent logical inconsistencies.
Example checks:
rare items must originate from real events
crafting chains must exist
boss kills must be plausible
trades must be mutually recorded
This layer is what makes cheating labor-intensive.
Someone can still cheat, but they must fabricate entire believable histories, not just change numbers.
Host-authoritative multiplayer
This protects multiplayer sessions.
Examples:
Only the host can create items.
Trades are validated by the host.
Clients cannot directly modify inventories.
This prevents things like:
duplication during a multiplayer session
item spawning through RPC abuse.
But again, it doesn’t stop offline save editing.

Some hacker determined enough will eventually try to destroy the economy. My goal isn't a perfect economy. My goal is that items will have some sort of value, which Terraria and Starbound doesn't even attempt to do.

kuligs2

Rainfollower i wonder how valheim does it? they dont have it seems centralized servers, save files are local, and you can play with your char on other servers/worlds, and even transfer items from one world on to another.. i havent looked into hacking the save game files..

PlaceholderEntity

Rainfollower Yep. My goal isn't 100% protection against cheating though.

JusTiCe8

Not to mention going through the whole logs to authenticate a possession is just insane, nothing stop a player to play 24/7 and accumulate GB of logs, be sure an item picked with insane luck just in the first hour of the game is legit then check it on 6000+ hours of gameplay... good luck with that.

Pickup may need to be uniquely identified on a server and dropped in the game, then server can keep who owns what in a simple database, and keep sales to update actual price based on offer & demand. Pickup needs to be protected in some way as well as sales.

PlaceholderEntity

JusTiCe8 The log is not infinite. It doesn't work like that. It is simply a verification system for items. A script checks if the recent logs actually make sense. If a impossibility occurs, the player has obviously cheated. It doesn't detect extreme luck; it detects fundamentally incorrect events (like mining gold on surface, beating a boss that only spawns in the desert etc.).

kuligs2

if your multiplayer is going to be p2p and it will, then any host is pretty much any client..

EDIT:
IMO the best bet is to set up a dedicated server that pipes through the user data and validates its legitimacy.. It will cost you with data and server storage.

PlaceholderEntity

kuligs2 That's an interesting idea. Encryption and non-client verification may be the closest we can get to a offline + online economy. That way, hackers can't reverse engineer as easily.

kuligs2

PlaceholderEntity isnt this industry standard? i mean what if server goes down? people cant play because they cant validate things?

PlaceholderEntity

Players can still play. They just can't trade their items.