User Tag List

Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14

Thread: Protecting values against hackers

  1. #1
    Clicker Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)
    Literswater's Avatar
    Join Date
    Apr 2014
    Posts
    164
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Protecting values against hackers

    One of the extensions I really look forward to the most, is the connection to Google Game Service. I'll definitely use the trophy system. But there's one problem, and in preparation for the extension it might be nice to exchange some ideas.

    I also want to make online high scores available and I'm sure many have the same idea. However, just to test, I hacked some games I have. The sad thing is that it's relatively easy. Even with games made by big brands like EA's Monopoly you can root your phone and with a few clicks make yourself a billionaire and your opponent bankrupt. You input a value like score or money in a hacking app, you change the value in-game and input that as well, the app recognizes the hex the value is connected to and you can simply edit the value to whatever you like.

    Only a few other games made it pretty impossible (at least for me), or they patched the holes away over time. SimCity crashes for instance when you modify hex during the game. Even if there is one very difficult possibility to mess around with scores in-game it completely destroys the charm of online high scores.

    Does anyone have an idea to protect yourself against it? I'm pretty sceptical since so many games by big companies can be hacked so easily.

  2. #2
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleiOS Export ModuleSWF Export Module

    Join Date
    Oct 2006
    Posts
    270
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Really the most accessible way is obsufication which isn't really protection but it's better than nothing.

  3. #3
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleiOS Export ModuleSWF Export Module
    Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)iOS Export Module (Steam)Universal Windows Platform Export Module (Steam)
    Popcorn's Avatar
    Join Date
    Jun 2006
    Location
    Norway, Bergen
    Posts
    2,344
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    I have no experience with hacker programs, but I would assume that using the String Parser's MD5 signature feature would be a good protection.
    On setting a score, set a string to the MD5 signature of the score added with some secret word, but before that, test that the current MD5 signature of the score and the secret word matches the string. Then have an event that resets the score or something if the string doesn't match the signature.
    I can upload an example if necessary.

    Please someone correct me if my theory here is wrong.

  4. #4
    Clicker Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)
    Literswater's Avatar
    Join Date
    Apr 2014
    Posts
    164
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It'll require a lot of performance especially in action-packed games. Not only that.. I think it'll put you in an constant hack-patch-hack-patch battle with no end. So far, the only real solution I've come across is to require internet connection and have a server run these calculations.

    It's a shame that it's so easy to do. :/ With my own game it hardly took a minute to give me 9999 points for any level.

  5. #5
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator Pro
    SoftWarewolf's Avatar
    Join Date
    Jul 2006
    Location
    Norway
    Posts
    927
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    obfuscation works like a charm, i have a fairly big online game with thousands of attempted "hacks", and also a game that rewards real money with thousands of users, and nobody have managed to crack this ridiculously simple format:
    never store your scores with it's true value, instead of starting at 0, just start at 76 (or whatever, let's call this value A), and recognize that the true value should be value-76.
    In addition to that, you should have a score verification value, which is f.ex (score*3)+52 (let's call this value B), so this one starts at 52 and then you always add three times as much to this value. f.ex you pick up something that is worth 10 points, you add 10 to value A, and 30 to value B.

    then just verify that value (A - 76) == ((B - 52)/3) and if it's not, just reset them, a = 76, b = 52.


    and be careful with values that affect your main value as well, somebody did successfully crack my in-game currency in this way:
    i had a few items you could buy, at 200,500,1000 coins or whatever, this value was an alterable value that would change the in-game currency count. so if you buy the item at 500 coins (value C) it would set A - C and B - C*3.

    anyway they managed to find this value (500) and change it to (-9999999), giving them tons of cash when purchasing the item.

  6. #6
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleUniversal Windows Platform Export ModuleSWF Export Module
    paobrasil's Avatar
    Join Date
    Apr 2012
    Location
    Rio de Janeiro, Brazil
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I dont think that have a perfect way to protect it. GTA V it's a million game with a lot of people working on it, and in minutes after launch for PC, some hackers got access to encrypted files of the game. Same case it's for Real Racing 3, AngryBirds....

  7. #7
    Clicker Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)
    Literswater's Avatar
    Join Date
    Apr 2014
    Posts
    164
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SoftWarewolf View Post
    never store your scores with it's true value, instead of starting at 0, just start at 76 (or whatever, let's call this value A), and recognize that the true value should be value-76.
    In addition to that, you should have a score verification value, which is f.ex (score*3)+52 (let's call this value B), so this one starts at 52 and then you always add three times as much to this value. f.ex you pick up something that is worth 10 points, you add 10 to value A, and 30 to value B.

    then just verify that value (A - 76) == ((B - 52)/3) and if it's not, just reset them, a = 76, b = 52.

    Must say I like this trick, but yeah.. Like PMpaobrasil said, it'll put you in a position where you continuously patch to protect against a continuously updating hack. And with an online high-score, it's pretty unacceptable when a person manages to upload a hacked score even once. I think I will stick to the trophy system only.

  8. #8
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator Pro
    SoftWarewolf's Avatar
    Join Date
    Jul 2006
    Location
    Norway
    Posts
    927
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    It shouldn't even happen once, you are assuming someone is going to break it, but i don't think it's likely if you are just a little bit careful with your values. (my game with over 300.000 downloads and online highscores has never been cracked, using an obfuscation method similar to my example)

  9. #9
    Clicker Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)
    Literswater's Avatar
    Join Date
    Apr 2014
    Posts
    164
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is the game I want to protect against hackers because it's the simplest one to start with: https://play.google.com/store/apps/d....waterwarp.dzt

    No in-game currency. Just one specific value which is the score that increases as you collect candy. The version currently online is extremely easy and straightforward to hack.

    At one point I just gave up with scepticism, after I managed to break into my game of SimCity which is made by freaking EA (I reported the loophole to them).

    But weirdly enough.. if I use that obfuscation method in my own game after I decided to give it a shot and got the hang of its mechanics, I simply cannot break into my own game without (of course) using knowledge directly from the formula I use. I can't hack values directly and can't find a loophole or way to work around it. My game just crashes when I try something (because I cause the game to shut down when the score verification fails). My immediate conclusion was that maybe a more experienced person could pull it off easily, but not a single succesful hack in a game with over 300,000 downloads is no joke.

    I don't understand how EA makes games where an inexperienced hacker can get into its in-game currency and pretty much everything else, yet you use a very quick and simple to implement trick that seems to work flawlessly after so many downloads.

    I can't explain why the big ones are so hackable, but the facts show that your trick is very reliable so I'll just update my game and thank you for the tip!

  10. #10
    Clickteam Clickteam
    Fernando's Avatar
    Join Date
    Dec 2006
    Posts
    6,083
    Mentioned
    138 Post(s)
    Tagged
    3 Thread(s)
    Android plus have some features to save preferences, string preferences are encrypted and can only be read by the device if you get that file and transfer to other devices it could not be read.
    Regards,


    Fernando Vivolo

    ... new things are coming ...

Page 1 of 2 1 2 LastLast

Similar Threads

  1. Protecting Leaderboard scores
    By SevenSails in forum iOS Export Module Version 2.0
    Replies: 8
    Last Post: 23rd January 2013, 05:42 PM
  2. Chinese hackers stealing games
    By ColdFire in forum SWF/Flash Export Module Version 2.0
    Replies: 8
    Last Post: 13th August 2011, 11:50 PM
  3. Protecting a clock based game
    By Shawn in forum Multimedia Fusion 2 - Technical Support
    Replies: 5
    Last Post: 15th April 2011, 08:24 PM
  4. Protecting Files
    By Fimbul in forum Multimedia Fusion 2 - Technical Support
    Replies: 23
    Last Post: 31st July 2009, 12:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •