If you do manage to hack it please tell me how you did it and (if possible) how I can fix it. I'm aiming for it to be secure enough to put off the more casual cheaters.
[Edited by - Patbert on June 18, 2005 6:08:38 PM]
Hack my online high score (updated)
Author
Challenge for all: Hack my high score! Download the game here (4.5mb) (don't get it off GDS, I haven't updated that yet). The highscore table link is here. Heres a screenshot of it in action:
If you do manage to hack it please tell me how you did it and (if possible) how I can fix it. I'm aiming for it to be secure enough to put off the more casual cheaters.
[Edited by - Patbert on June 18, 2005 6:08:38 PM]
If you do manage to hack it please tell me how you did it and (if possible) how I can fix it. I'm aiming for it to be secure enough to put off the more casual cheaters.
[Edited by - Patbert on June 18, 2005 6:08:38 PM]
Isn't it the second time you post this? (Do you have a list of changes since last time?)
This post could be on the game programming forum instead.
This post could be on the game programming forum instead.
Author
No, that was someone else. Maybe the game programming forum would be more apt.
edit: is there any way to move it?
edit: is there any way to move it?
Quote:Original post by PatbertClick "Report this Post to a Moderator", and ask to move it?
No, that was someone else. Maybe the game programming forum would be more apt.
edit: is there any way to move it?
Just modified the values with tsearch. You could store the high score as something other than what it is, or store it as [somebignumber]-[Actualscore] to make the variable hard to find. I dont think I'd be able to make a program that's secure though, so don't pay too much attention to me ;)
Author
Doh. I was a afraid of that. Good suggestion though, maybe a checksum along with the score would help too. Thanks for your help.
Quote:Original post by bjle
Just modified the values with tsearch. You could store the high score as something other than what it is, or store it as [somebignumber]-[Actualscore] to make the variable hard to find. I dont think I'd be able to make a program that's secure though, so don't pay too much attention to me ;)
Both of these are a bad idea, as they just make the hack take about a few seconds more to make. Idealy you'd want to make as many as the variables server sided as you can, as they can't be easily modified. If you can't there's a few things you can do.
-Verify your scores before they're submitted, get the amount of time the people were playing and calculate whether the score they got was possible within the timeframe.
-Have a data verification variable like what bjle said, maybe even make it the ~ operator of the score, and make it have every operation the score has, and if they don't match up after an ~ it's most likely because of a hack.
-Whenever you detect a hacker, never let them know they've been detected, let them play on with the game normally and maybe if possible make your high score list show their score just for them, but not anyone else. If they have the idea they've successfully hacked your game, they most likely will stop and go away.
-And well yea a checksum is good too.
I would first encode the score into some other code. I would then send a large (a few kb maybe) string of random bytes where some indices describes where in the string the real data is stored.
The real data is then stored at index F4, 24, and A7. Problem with this is that the hacker will try to get the same score many times and then figure out that some parts of the string doesn't change and work back from there. To solve this you could represent each score with many possible keys (randomly choosen).
Maybe a checksum on everything stored at some weird indices too.
You could also sample all the input and simulate the game on the server ;)
34235F4324A7D834DF834E... | | |The real data is then stored at index F4, 24, and A7. Problem with this is that the hacker will try to get the same score many times and then figure out that some parts of the string doesn't change and work back from there. To solve this you could represent each score with many possible keys (randomly choosen).
Maybe a checksum on everything stored at some weird indices too.
You could also sample all the input and simulate the game on the server ;)
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
