Generally the opinion round here is that you have two options:

1. Store the save file on a server you control and make the game online only
2. Don't bother (or at least, don't bother with anything more complex than a binary file format and a checksum)

Anything stored locally is subject to reverse engineering by a skilled cracker. If a binary file format or a really simple encryption puts it into the "not worth the effort" basket for 95% of your users, then that's good enough. 4.9% will then download an editor written by the 0.1% who saw your encryption as a challenge.

But honestly, I doubt I'd even worry about that. If a user wants to cheat and change their save somehow (adding items, health, etc) as long as it's a single player game, they're not really harming anyone.

If it's a multiplayer online game... then the save should be on the server.

1) If it's on their computer, it's modifiable. The end.

2) No matter how difficult you make it to crack, the only way your scheme won't get cracked is if nobody cares about your game. Treating the user like an enemy is a good way to achieve that goal if that's what you're after.

3) Modding of all forms - including save hacking - increases popularity and longevity of your game and your company/team. Heck, give users a save editor. And a level editor. Your game will be more popular as a result. It will very possibly be that the only thing most people buy your game for is the mods!

4) Your job as a game developer isn't to control the player but rather to enable the players to enjoy themselves. If they enjoy themselves by turning into a Level 9000 Uber-Wizard-of-Doom - and the game isn't online multiplayer and hence storing saves on a server - then what possible reason do you have to stop them?

5) You have limited time on this Earth. Every second you spend pouring into save file lockdown is a second that you could have spent making your game better. Go make your game better instead of chasing this nonsense.

Well that's an issue then. My game is a card game (TCG) that I wanted to have players be able to play offline, and there was going to be multiplayer and trading.

So given that context... a TCG must be on the server. Entirely. Your client should be nothing but a dumb frontend that displays the data of what's happening on the server. Everything on the server: the players' card inventories, the card battle mechanics, everything.

It might contain an offline play mode or even an open-server play mode, sure, but that can't be used for competitive play. You might even embrace that and make the offline mode a "free-for-all" where players can use any card from a released set to build a deck, I suppose; I'd be surprised if some TCG hasn't already done that, and if not, you can be the first.

If the data is on the user's device they will be able to cheat; it's simply outright impossible 1 to prevent it. Protecting your files with encryption, by hiding them, etc. will stop casual users from being able to easily change things but will only briefly delay anyone with some basic cracking skills, and if your game is at all popular they'll distribute tools that automate the process so that casual users can cheat as well.


Does it actually matter if players want to cheat though? Since there isn't online multi-player it should only effect the cheating player and the local people they choose to play against, which may not be such a big deal -- if you learn more and decide to implement proper online multi-player at a later stage you can always do everything properly on the server then.


In your position I would just put some very minimal effort into it -- by for example using a custom file format -- and put your time into trying to make the game as good as possible instead. Remember that any time you put into this is time that could be spent on other development, and that the more complicated your "solution" is the more likely it is to cause bugs and/or falsely detect cheating and annoy genuine customers.

If you really want to pursue it you'll need to put in the effort to learn more about networking and servers so that all of the information and important logic is done server-side rather than on the user's device though. If that's something that interests you check out our multiplayer and networking forum FAQ, and maybe ask any further questions you have about it in that forum.


Here's a recent similar discussion on "hiding savedata to prevent save backp"; you'll note that advice is all very similar.

Hope that helps! :)

1. Impossible assuming we're sticking to practical suggestions and ignoring any silly nitpicking like having an armed guard follow every user around.

You're going to need to bundle a GPS dongle and make your game require a clear and constant signal in order to run. When the game loads a save you need to run a twelve-way hash/CRC/checksum on it. If any modifications are detected, immediately wipe the hard disk and email the GPS coordinates to your 'enforcement' department so that they can travel to the indicated location and deploy napalm.

This should give you about 24 hours of protection. The someone will bypass the dongle detection.