Jump to content
  • Advertisement
Sign in to follow this  
Patbert

Unity Hack my online high score (updated)

This topic is 4916 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Challenge for all: Hack my high score! Download the game here (4.5mb) (don't get it off GDS, I haven't updated that yet). The highscore table link is here. Heres a screenshot of it in action: If you do manage to hack it please tell me how you did it and (if possible) how I can fix it. I'm aiming for it to be secure enough to put off the more casual cheaters. [Edited by - Patbert on June 18, 2005 6:08:38 PM]

Share this post


Link to post
Share on other sites
Advertisement
Isn't it the second time you post this? (Do you have a list of changes since last time?)

This post could be on the game programming forum instead.

Share this post


Link to post
Share on other sites
No, that was someone else. Maybe the game programming forum would be more apt.

edit: is there any way to move it?

Share this post


Link to post
Share on other sites
Quote:
Original post by Patbert
No, that was someone else. Maybe the game programming forum would be more apt.

edit: is there any way to move it?
Click "Report this Post to a Moderator", and ask to move it?

Share this post


Link to post
Share on other sites
Just modified the values with tsearch. You could store the high score as something other than what it is, or store it as [somebignumber]-[Actualscore] to make the variable hard to find. I dont think I'd be able to make a program that's secure though, so don't pay too much attention to me ;)

Share this post


Link to post
Share on other sites
Doh. I was a afraid of that. Good suggestion though, maybe a checksum along with the score would help too. Thanks for your help.

Share this post


Link to post
Share on other sites
Quote:
Original post by bjle
Just modified the values with tsearch. You could store the high score as something other than what it is, or store it as [somebignumber]-[Actualscore] to make the variable hard to find. I dont think I'd be able to make a program that's secure though, so don't pay too much attention to me ;)

Both of these are a bad idea, as they just make the hack take about a few seconds more to make. Idealy you'd want to make as many as the variables server sided as you can, as they can't be easily modified. If you can't there's a few things you can do.
-Verify your scores before they're submitted, get the amount of time the people were playing and calculate whether the score they got was possible within the timeframe.
-Have a data verification variable like what bjle said, maybe even make it the ~ operator of the score, and make it have every operation the score has, and if they don't match up after an ~ it's most likely because of a hack.
-Whenever you detect a hacker, never let them know they've been detected, let them play on with the game normally and maybe if possible make your high score list show their score just for them, but not anyone else. If they have the idea they've successfully hacked your game, they most likely will stop and go away.
-And well yea a checksum is good too.

Share this post


Link to post
Share on other sites
I would first encode the score into some other code. I would then send a large (a few kb maybe) string of random bytes where some indices describes where in the string the real data is stored.

34235F4324A7D834DF834E...
| | |

The real data is then stored at index F4, 24, and A7. Problem with this is that the hacker will try to get the same score many times and then figure out that some parts of the string doesn't change and work back from there. To solve this you could represent each score with many possible keys (randomly choosen).

Maybe a checksum on everything stored at some weird indices too.

You could also sample all the input and simulate the game on the server ;)

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!