So, how one protect the leaderboard from hacking?
I've searched around and seems like there is no encryption available. I don't care much about hacking items but Leaderboards may discourage other users from trying the scores,..
any ideas/suggestions?
Unless you at some point store the scores into a file on disk (before submitting to GameCenter) it is quite difficult to hack the leaderboards score as it would involve live-editing the memory of your app.
I don't know much about the internal security systems built into GameCenter but I don't think it is that straight forward to intercept and manipulate the leaderboard score as it is probably encrypted.
If you do store the scores locally it is much easier to hack and also a bit difficult to prevent.
A typically used way in cryptography to ensure data integrity is to create some sort of hash-value based on the data you wish to protect and a secret key.
The secret key can still be found within your program by experienced people but you have reduced the amount of people who can hack your app to a fragment of what it was before.
When you update the score in the file on disk you also update the hash value (called a HMAC).
When you load the score from disk you check that the stored HMAC value is identical to one you create just after loading. If they aren't equal then the score was manipulated.
I see.. but this would work for scores for the current play. Let's say a good player can make 3000 points in a round, but with many plays, it reaches 300k points.. to make up to 300k points the game would need to save it to the disk, right?
Is there any example for hashing scores with iOS?
thanks
That makes sense yes. You need to store it somewhere if you wish the user to build uppon the previous score as he/she plays.
I don't think there are any special hashing functions available in the iOS runtime at the current time you you can always make your own kind of checksum-like value. It might not be as secure but it is at lease very obscure.
Again, "security through obscurity" is not a good security practice but it will reduce the amount of people who want to bother try to cheat in your game. When the user actually have the app in hand then it is probably the best thing you can do in practice anyway.
One example would be to calculate the checksum like this:
It appears pretty random based on the score input but will be the same every time.Code:checksum = Int(Abs(((((score xor 175623456)*126166)*(((score xor 17694546)+593)/7)-((564813-score)/9)) mod 676851)*6))
I tested here and it works well enough I guess. Thanks very much!
There is an app you can get on cydia that let's you send fake scores to GameCenter directly.
One of my testers did it before I even added GameCenter scoring, so there is nothing you can do to prevent it inside your app. Apple is going to have to fix the issue.
dammit. Thanks for the info Urbanmonk.
A good way to fight it is to make the daily or weekly scores the default tab. The "hacker" would have to submit the score everyday if they wanted to stay at the top of those, and then have your app automatically submit new scores when players play.
That might annoy more savvy users that monitor their data usage though. Having the ability to turn the feature off could help with that.
that's good idea! thanks Urbanmonk!
Posting Permissions
