Jump to content
  • Advertisement
Sign in to follow this  
yanuart

What is the best to hide/protect highscore file

This topic is 4656 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi, since I assume my market wouldn't be consisted of soccer moms I feel like I need to protect the highscore system in my game as best (and easy) as possible. I was thinking about using a simple encryption method and simple 32bit crc but in case there are better or easier way to protect them then would you care to share your method ?

Share this post


Link to post
Share on other sites
Advertisement
If the highscore file is on a local computer, why bother protecting it? There is no real advantage of protecting the file if it's a game that people download and install.

Write it as a binary file. Most people aren't smart enough to edit those.

Toolmaker

Share this post


Link to post
Share on other sites
With rBlocks, I encrypted a string using XOR containing the score and a small key. I needed it to be a simple encryption because I had the user upload their highscore to my server so I needed to write the same algorithm in PHP to decrypt the score and key. It would then check if the key was correct and the score was valid. Sadly I took down the online highscores, but the source is available if you wanted to take a look at the encryption algorithm....

Share this post


Link to post
Share on other sites
I know this sounds a little awkward and long winded but I always thought you could hide a copy of each score within a graphic somewhere. Just have an image file amongst your data that looks perfectly innocent but a small patch of black could actually be dedicated to storing values of the top ten scores using the RGB values. To the naked eye the different shades of black would be almost unnoticeable. It may not even have to be an exact value, just something to use as a check.

Ok, so you'd be altering and saving that image file each and every time you log a high score, but it shouldn't really be slow and its different from the usual encryption techniques.

Share this post


Link to post
Share on other sites
I don't think it's possible to get perfect secrecy in this scenario. Since the user knows what their high score is, anyone that is able to analyze packets or trace through your code in memory is essentially going to have a known plaintext attack available to them.

So, essentially any encryption scheme is going to be good at weeding out people that don't know what they're doing. Anyone that knows what they're doing is going to be able to break it. So, just pick something and go with it.

Share this post


Link to post
Share on other sites
Quote:
Original post by ghosted
I know this sounds a little awkward and long winded but I always thought you could hide a copy of each score within a graphic somewhere. Just have an image file amongst your data that looks perfectly innocent but a small patch of black could actually be dedicated to storing values of the top ten scores using the RGB values. To the naked eye the different shades of black would be almost unnoticeable. It may not even have to be an exact value, just something to use as a check.

Ok, so you'd be altering and saving that image file each and every time you log a high score, but it shouldn't really be slow and its different from the usual encryption techniques.


I like the way you are thinking, however it will not hide anything in this case, why?
Well, a person who wants to hack the highscores would first want to know the file/files that contain the highscores. How can you find these files the easiest way? Well, play the game so that you will be able to set a new highscore and then simply list the game folder based on the "last changed-date" attribute...
This would normally narrow the search down to a -very- few files. Pretty much the save file(s), possible logs & highscore.

Then if you rely on a good algorithm, you're as screwed. Since the whole algorithm can be found in the executable.

However what you said about the images, I think this is how a lot of secret information is passed over the Internet since the algorithm is unknown (can't be read from the image) it is probably very difficult to even notice that there's hidden messages in a picture.
I think that the "messier" the picture, the easier it is to hide information in. I mean, if you have a completely "white" bitmap, and you put messages in it, the raw data of that bitmap would look -very- suspicious ;)

Share this post


Link to post
Share on other sites
I was thinking about a way to make sure that no one messed with my high scores list for a game that I made for my webpage. Although I haven't implemented it yet this is what I think would be a half decent way to do it.

If it is a web based game that runs on my web page I would have a script that generates the page that displays me game.

In my case its an applet so the script would generate a unique key identifier that would be passed to the applet when the page is loaded and another script that is directly called by my applet to submit the high score. The key to using this method so that nobody tampers with it is with the script that you use to submit the high score. As long as nobody actually knows the syntax or where abouts of that script then they can't mess with it. And the key is used to make sure that only if the applet was run off your web host can it submit a high score but that can be easily modified.

But I guess if someone is desperate enough they could download the applet decompile it and attempt to find the url of the script and the parameters that are sent. But there are ways you can make it harder to get around.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!