How do I save game data at like a save point? I know how to use input and output files with c++ but the problem with that is a player of the game can easily go into the file and edit the numbers to change the character and where he is in the game. I don't want to allow someone to edit the save data that easily. Any ideas?
0
Game Save Data
Started by BahDragon, Mar 02 2012 12:01 PM
16 replies to this topic
Sponsor:
#2 Members - Reputation: 151
Posted 02 March 2012 - 12:20 PM
you could make the file so confusing that no one knows how the data is acutally saved 
or maybe encrypt it in some simple way (i don´t assume client try to crack the file that hard)
if thats not your thing you could search the web for the methods that are used be companies or just take a look in some savefiles yourself
or maybe encrypt it in some simple way (i don´t assume client try to crack the file that hard)
if thats not your thing you could search the web for the methods that are used be companies or just take a look in some savefiles yourself
#3 Members - Reputation: 1054
Posted 02 March 2012 - 12:51 PM
I like the idea of encryption
You could use the Ceasar Cypher: When you're encrypting a bit, add a fixed value to it before writing it to file. If your addition value is +2, then A => C. It's super simple to implement and its also pretty simple to thwart. You could make it slightly more complicated by using a pseudo random number generator to generate your fixed values. The key is that the sequence of random numbers needs to be the same every time. So, if you generate a random value between 1->26, and then add that value to your byte, you'd get something like:
Unencrpted string: {AAAA}
Random Numbers: {13, 21, 4, 16}
Encrypted String: {A+13 => N, A+21 => U, A+4=>D, A+16=>Q}
So, if someone knows that their health is 16 and they open up your file to look for that value, they won't find it But, if they are really determined and reverse engineer your code to figure out what encryption algorithm you're using and the random number seed you're using as a key, then they can easily decrypt and encrypt your saved data file. I'd probably not concern myself with the 0.01% of the population who might do that.
If you want to use a nuke to hammer a fly, you could look into using AES 256 bit encryption. Nobody will crack that without extreme effort and hardware. It's military grade
You could use the Ceasar Cypher: When you're encrypting a bit, add a fixed value to it before writing it to file. If your addition value is +2, then A => C. It's super simple to implement and its also pretty simple to thwart. You could make it slightly more complicated by using a pseudo random number generator to generate your fixed values. The key is that the sequence of random numbers needs to be the same every time. So, if you generate a random value between 1->26, and then add that value to your byte, you'd get something like:
Unencrpted string: {AAAA}
Random Numbers: {13, 21, 4, 16}
Encrypted String: {A+13 => N, A+21 => U, A+4=>D, A+16=>Q}
So, if someone knows that their health is 16 and they open up your file to look for that value, they won't find it
But, if they are really determined and reverse engineer your code to figure out what encryption algorithm you're using and the random number seed you're using as a key, then they can easily decrypt and encrypt your saved data file. I'd probably not concern myself with the 0.01% of the population who might do that.If you want to use a nuke to hammer a fly, you could look into using AES 256 bit encryption. Nobody will crack that without extreme effort and hardware. It's military grade
Eric Nevala
Hobby: Game Developer
Currently employed as: Sr. Sharepoint Developer in Afghanistan
Hobby: Game Developer
Currently employed as: Sr. Sharepoint Developer in Afghanistan
#5 Members - Reputation: 1863
Posted 02 March 2012 - 03:27 PM
The people that care to hack your save game data are going to hack your save game data, regardless of any encryption or obfuscation. Everyone else doesn't give a shit. You might as well reduce your development time by not going out of your way to complicate things overmuch.
#6 Members - Reputation: 101
Posted 03 March 2012 - 04:03 PM
The people that care to hack your save game data are going to hack your save game data, regardless of any encryption or obfuscation. Everyone else doesn't give a shit. You might as well reduce your development time by not going out of your way to complicate things overmuch.
I agree with the above. people will hack the save data if they want to. however, if you really want to encrypt the save data, I would suggest developing an enigma-based encryption algorithm.
#7 Members - Reputation: 1054
Posted 04 March 2012 - 06:44 PM
The people that care to hack your save game data are going to hack your save game data, regardless of any encryption or obfuscation. Everyone else doesn't give a shit. You might as well reduce your development time by not going out of your way to complicate things overmuch.
I think the cryptographic community would strongly disagree with you. A file encrypted with AES256 would take longer than the age of the universe to break via brute force. It's certified by NIST to process up to top secret data, so save game files would probably be pretty safe. I'm betting that there's code floating around somewhere out there which implements AES, so adding it would be relatively trivial.
Enigma ciphers? Uhm, no. If the allies were able to break that during WW2 with rudimentary computing power, it doesn't speak well towards the security of the cipher. I strongly suggest using AES since it meets modern security standards.I agree with the above. people will hack the save data if they want to. however, if you really want to encrypt the save data, I would suggest developing an enigma-based encryption algorithm.
If you use AES, your game data won't be hacked by someone decrypting it. They'll have to modify the game data while its sitting in memory.
Eric Nevala
Hobby: Game Developer
Currently employed as: Sr. Sharepoint Developer in Afghanistan
Hobby: Game Developer
Currently employed as: Sr. Sharepoint Developer in Afghanistan
#8 Members - Reputation: 749
Posted 04 March 2012 - 07:11 PM
...but the problem with that is a player of the game can easily go into the file and edit the numbers to change the character and where he is in the game.
What exactly makes you say that?
Unless you are storing variables in a human readable, XML or INI like format (and you really shouldn't be), then it shouldn't be "easy" at all.
I think the notion that you should encrypt the game saves is just plain silly. Encryption should be used for bank account transactions and nuclear launch codes. What difference does it make if somebody out their decides they want to cheat at a single player game? Is the safety of the free world at stake?
Simply storing your data in a binary format that can quickly be loaded into memory and used without any type of conversion or parsing is going to be good for performance and will already be difficult to figure out when it comes to cheating.
#9 Members - Reputation: 520
Posted 05 March 2012 - 08:09 AM
But if it's encrypted, how is the game supposed to be able to load its own save game files? If it uses the encryption key to decrypt it, then someone will be able to hack that from the executable. Whilst this will be harder than simply reading it from plain text, this is still a case of obfuscation, and therefore could be broken more directly.I think the cryptographic community would strongly disagree with you. A file encrypted with AES256 would take longer than the age of the universe to break via brute force. It's certified by NIST to process up to top secret data, so save game files would probably be pretty safe. I'm betting that there's code floating around somewhere out there which implements AES, so adding it would be relatively trivial.
I do agree though that if one did want to do something like this, one might want to look at modern methods, rather than messing around with things like Caesar ciphers. Is there a known good solution for this problem? I guess this is similar to issues of DRM (though IIRC in some cases DRM systems have the advantage of hardware support).
Though I agree with others that (for single player at least) it's not worth worrying about. Perhaps save as binary just so it isn't totally trivial, but if someone wants to spend time hacking it, who cares? (And if someone releases a game-save-editor as sometimes happens, then they're creating extra awareness and advertising for your game!)
https://freecode.com...jects/conquests - Conquests, Open Source Civ-like Game for Windows/Linux
https://freecode.com...cts/gigalomania - Gigalomania, Open Source RTS for Windows/Linux/OS X/Symbian/Android/Maemo/Meego
https://freecode.com...cts/gigalomania - Gigalomania, Open Source RTS for Windows/Linux/OS X/Symbian/Android/Maemo/Meego
#11 Members - Reputation: 1054
Posted 05 March 2012 - 04:32 PM
I don't know about Russia, but it's not illegal in the US. The supreme court ruled that encrypted data falls under the protections of free speech. And you certainly won't get in trouble if you're encrypting data which isn't related to criminal activity.Using strong encryption keys in your game would make it illegal in USA and Russia.
However, there ARE export regulations on strong encryption software to designated countries. Though, I think it's kind of pointless since the strong encryption algorthims are publicly available.
Eric Nevala
Hobby: Game Developer
Currently employed as: Sr. Sharepoint Developer in Afghanistan
Hobby: Game Developer
Currently employed as: Sr. Sharepoint Developer in Afghanistan
#12 Members - Reputation: 107
Posted 09 March 2012 - 10:45 AM
Maybe you already know about Binary IO, but let's assume you don't.
If you save data in text format, it will be easy for people to edit the save game. When saving in text format, your numeric variable's values will be saved as the number represented in ASCII character. As you probably know, there are 256 ASCII characters. These characters take exactly one byte when you save them in a text file.
The text file will look like something like this:
If instead you save your data in binary format, your numbers will be saved as the byte's number itself (from 0 to 255). If you want to save larger number than 255, you will need more than one byte (each byte is 8 bits). When saving in binary format, you normally often don't need to play with such details manually. Your file will look like a bunch of random characters, and those willing to hack it should deserve to be successful (in my opinion).
http://courses.cs.vt.edu/~cs2604/fall02/binio.html
If you really want to make it harder to hack (it's always possible to hack an encryption method when it can be decrypted by your program), you must use encryption methods. You can create your own encryption method using some mathematical operation on number, or you can use existing ones.
If you save data in text format, it will be easy for people to edit the save game. When saving in text format, your numeric variable's values will be saved as the number represented in ASCII character. As you probably know, there are 256 ASCII characters. These characters take exactly one byte when you save them in a text file.
The text file will look like something like this:
1 8 4 1
If instead you save your data in binary format, your numbers will be saved as the byte's number itself (from 0 to 255). If you want to save larger number than 255, you will need more than one byte (each byte is 8 bits). When saving in binary format, you normally often don't need to play with such details manually. Your file will look like a bunch of random characters, and those willing to hack it should deserve to be successful (in my opinion).
http://courses.cs.vt.edu/~cs2604/fall02/binio.html
If you really want to make it harder to hack (it's always possible to hack an encryption method when it can be decrypted by your program), you must use encryption methods. You can create your own encryption method using some mathematical operation on number, or you can use existing ones.
Quote
Firemen get paid even if there's no fire, and that's a good thing -me
#13 Members - Reputation: 1313
Posted 09 March 2012 - 11:05 AM
I think the notion that you should encrypt the game saves is just plain silly. Encryption should be used for bank account transactions and nuclear launch codes. What difference does it make if somebody out their decides they want to cheat at a single player game? Is the safety of the free world at stake?
Simply storing your data in a binary format that can quickly be loaded into memory and used without any type of conversion or parsing is going to be good for performance and will already be difficult to figure out when it comes to cheating.
this
seriously, your development time is much better spent on gameplay than trying to avoid this kind of cheating.
#15 Members - Reputation: 100
Posted 13 March 2012 - 11:51 AM
I agree on just writing binary data. Write only the values to the file, then read it in a specific sequence to identify what those values mean. Or create a file structure that fits your needs (and make it simple, if it's possible), but you probably don't need to put the labels in the file.
As people have said before, if you are going to encrypt the file, how would you secure the key (it must be somewhere your code can read it, so other can find it too)? Is it worth the time and resources you'll need?
As people have said before, if you are going to encrypt the file, how would you secure the key (it must be somewhere your code can read it, so other can find it too)? Is it worth the time and resources you'll need?
#17 Members - Reputation: 1971
Posted 14 March 2012 - 05:08 AM
Guys, rot-13 encryption or simple xor with a short string wrapping around is really just as good as AES.
Both the key and the decryption algorithm must be part of the program, otherwise the game will not be able to read its own save files. Therefore, AES is none better than the simplest encryption algorithm. It adds absolutely zero extra security, no matter how advanced an algorithm and how long a key you use.
On the other hand, even a simple wrap-around xor encryption will make the data look "sufficiently random" so you are unable to make out a pattern with a hex editor or figure out what's what using a pen, paper, and a pocket calculator. And that's just how far 99% of the people will go, and it's just as good as you can get.
As a sidenote, the Enigma was not cracked with "rudimentary computer power", but failed by sheer arrogance. The Enigma (even the early model) was far ahead of its time and far beyond anything anyone could possibly have "cracked" until at least 30 years later.
It's well-documented by contemporary witnesses that the truth was much closer to what's pictured in a 1963 James Bond movie (a.k.a. some guy carrying "the magic super typewriter in a black suitcase" over the border at night with everyone else on his heels), except in this case "Bond" was a Polish factory worker near Warshaw stealing specimens of the rotators and the configuration info. It is also well-documented that code tables had occasionally been stolen and later repeatedly been captured on board of captured ships. Though tables were written in water-soluble ink and there was strict order on how tables and rotors had to be destroyed and the boat be sunk afterwards to avert capture, there exist many records of survivers that describe that this was often not done.
For propaganda reasons, and out of a sense of superiority that one can hardly understand nowadays the obvious facts were ignored. A few modifications were made over time, but these were little effective, again for obvious reason.
Both the key and the decryption algorithm must be part of the program, otherwise the game will not be able to read its own save files. Therefore, AES is none better than the simplest encryption algorithm. It adds absolutely zero extra security, no matter how advanced an algorithm and how long a key you use.
On the other hand, even a simple wrap-around xor encryption will make the data look "sufficiently random" so you are unable to make out a pattern with a hex editor or figure out what's what using a pen, paper, and a pocket calculator. And that's just how far 99% of the people will go, and it's just as good as you can get.
As a sidenote, the Enigma was not cracked with "rudimentary computer power", but failed by sheer arrogance. The Enigma (even the early model) was far ahead of its time and far beyond anything anyone could possibly have "cracked" until at least 30 years later.
It's well-documented by contemporary witnesses that the truth was much closer to what's pictured in a 1963 James Bond movie (a.k.a. some guy carrying "the magic super typewriter in a black suitcase" over the border at night with everyone else on his heels), except in this case "Bond" was a Polish factory worker near Warshaw stealing specimens of the rotators and the configuration info. It is also well-documented that code tables had occasionally been stolen and later repeatedly been captured on board of captured ships. Though tables were written in water-soluble ink and there was strict order on how tables and rotors had to be destroyed and the boat be sunk afterwards to avert capture, there exist many records of survivers that describe that this was often not done.
For propaganda reasons, and out of a sense of superiority that one can hardly understand nowadays the obvious facts were ignored. A few modifications were made over time, but these were little effective, again for obvious reason.
