# Unity Hack my online high score (updated)

This topic is 4892 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

Just a few suggestions. I'm at work at the moment so I can't actually try the app.

1). When you submit your score, are you making sure the data is coming from your game and not elsewhere? (It's obvious, so you might have done this already).

2). Make sure the data positions in memory change with each run. It slows down casual hacks. Might want to go as far as to change them every level.

3). Few apps write directly to memory. Most use ReadProcessMemory/WriteProcessMemory. Do a systemwide hook if you can. In your hook, kick out any calls to those functions.

4). If you can afford it, lock down your memory until you absolutely need to write to it. Cheat programs can't write to your memory if you lock it down and keep it that way even if the memory attributes are changed remotely (through VirtualProtect/VirtualProtectEx). (See previous suggestion. You might want to hook those also).

That's all I can think of at the moment

##### Share on other sites
well first off i must apologise to JESUS for my stupendous hackings. as you may notice your FIARY WALLS OF DOOM have perhaps been penetrated leading to the hacking of your table. this was quite easy my good buddy and i suggest you attentionalize these monstrous flaws immediately. again i apologise sincerely for this but it is the only way to full enlightenment. thank you friend for accepting.

~ longtime lurker

##### Share on other sites
Patbert,

You could use the afore-mentioned methods of detecting hacked scores and then allow the hacked high scores to remain - and attach a label to them that says "hack score." The hackers will know that they hacked you, that you know that they hacked you, and that everyone will know it's a hack score. Real players can disregard the dumb scores.

XY,

You're not contributing anything here.

"Fiary" is spelled "Fiery."

Attentionalize is not a word.

Typing in ALL-UPPER-CASE LETTERS is really annoying.

It's not a sin to hack when someone asks you to.

--Torus

##### Share on other sites
Some good suggestions there, I'll have a look into them.

Quote:
 -Have a data verification variable like what bjle said, maybe even make it the ~ operator of the score, and make it have every operation the score has, and if they don't match up after an ~ it's most likely because of a hack.

Good idea, is this best checked server side or client side?

Quote:
 1). When you submit your score, are you making sure the data is coming from your game and not elsewhere? (It's obvious, so you might have done this already).

Unfortunatly I'm submitting the scores the lazy way, ie. system("start http://...") so I'm not sure how to do that.

Quote:
 well first off i must apologise to JESUS....

Consider those firey walls of doom attentionalized [lol]

Quote:
 You could use the afore-mentioned methods of detecting hacked scores and then allow the hacked high scores to remain - and attach a label to them that says "hack score." The hackers will know that they hacked you, that you know that they hacked you, and that everyone will know it's a hack score. Real players can disregard the dumb scores.

Good point, but I fear it may just encourage hackers to try adding a fake score that doesn't have "hack score" next to it. One way I could do it is to display a hacked score but not save it to the database, just hope they don't press refresh or link the hacked score to an IP address so it only displays that score to that particular IP.

##### Share on other sites
Encrypt and Decrypt before sending.
Include multiple forms of the encryption/decryption.
Send a packet which contains values which points to other values which will lead to which encryption method used.
Remove the pointer char's out of the packet, decrypt the full packet.

With that said, there is NO way to fully it except by monitering evrything on every player within a time-frame cycle. Like bunkbuster does in BF1942.

##### Share on other sites
Update!

I've added a bit more security to the game, it should prevent the lazier cheaters anyway. You'll need to download the updated version (same link as above). Please try it out and see if you can hack it, hopefully it should take a little longer this time. (Hint: one of the ways I've used to put off hackers is to pretend the highscore has been saved to the database, so check it really has been saved)

Thanks everyone!

##### Share on other sites
Quote:
 Original post by PatbertUpdate!I've added a bit more security to the game, it should prevent the lazier cheaters anyway.

Bingo! I tried for a bit, but couldnt figure out how to crack it. (The crashing when a debugger tried to auto alt-tab it made me give up.) It looked like you had a second variable that it would check against created with some kind of algorithm involving xor...but I might be totally wrong.

##### Share on other sites
Great! You're right, each number that needs protecting (score, level, lives) also has another number that is XORed with a key. That way it can look like the score has been hacked when it actually hasn't. I'm surprised you managed to work out it was xored with something though. Whoever made tsearch is an evil genius. I'm not sure why it crashed when you used auto alt-tab though. I may try Maega's suggestions about VirtualProtect though.

##### Share on other sites
Hmm, I notice someone has managed to hack the highscore again. All they've left for clues is this:
3	7747	1	SETNEWSCOREFUNCTION4	5842	1	DEBUGGER
I'm pretty sure I compiled it without debug info so I don't know how they managed to call the function that sets a new score. Anyone have any ideas how to prevent this? I'm guessing doing a systemwide hook like Maege said would help, anyone have any more info on that?

##### Share on other sites
I just used a debugger (ollydbg) to search for the function. After that, I patched the exe to increase the score with 0x7F instead of 1.. A systemwide hook won't help when the exe itself is modified.

1. 1
Rutin
42
2. 2
3. 3
4. 4
5. 5

• 9
• 27
• 20
• 14
• 14
• ### Forum Statistics

• Total Topics
633387
• Total Posts
3011608
• ### Who's Online (See full list)

There are no registered users currently online

×