Jump to content
  • Advertisement
Sign in to follow this  
skwee

Secure game files from editing by users

This topic is 4309 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi all. I'm working now on the game "PacMan". I created images but every user can edit them without any problem. How i can secure this images from user editing? I mean create maybe a new format that only i know how to open it, but it sounds hard. Any ideas? The same with the Game Map. Actually i can load the map in game with function that will fill the array with number 1,2,3,4 in this way (1-wall, 2-bonus point, 3-just terrain, 4-enemy), but lets say i want to save the map in separate file for example "Map.map". The first idea its just do the same as i did with array and them my file will look like this: 1 2 2 2 1 2 2 2 2 2 1 1 1 2 2 1 2 2 4 1 2 2 2 2 3 1 1 1 3 4 and etc. (Its just an example its not the real map). But then every use will come and change 4 to 1 and the map will not have any enemy. What are the ways to create .map file? One that will be very hard to edit and if he was edited to compare it with some key in game and that tell that the key is not correct => the map is not correct. Thanks a lot.

Share this post


Link to post
Share on other sites
Advertisement
The solution is to create an archive with all game data files in it e.g. ".pak" file - you can see that in commercial games. But I'd like to hear how to do that myself;)

Share this post


Link to post
Share on other sites
I heard about .pak files. I'm not sure but i think its a .zip file with extension of .pak and not .zip.
Ok i run a search query in google and i got this http://www.gamedev.net/reference/articles/article1991.asp
its look like what we need :)
I'll check it.
If some one else have another solution bring it up :)
Thanks again

Share this post


Link to post
Share on other sites
The first thing you should do is consider whether you really need to prevent editing of your data files. Is there any harm in it? Will people enjoy your game less?
(Oblivion is moddable, but I haven't seen many people making use of that to remove all the monsters, so most likely, people don't ruin the game even if they have the option)

Ok, so *if* you decide that you still don't want your files to be edited, there are several options. First, you could simply zip your files, and rename the extension. Obviously pretty easy to get at the original files, but it'll keep casual players out.
Or you could zip up *all* the files in one big archive, and rename it .pak or .whatever you like.

Or, of course, you could just store your file because no one has any clue what 1, 2, 3 and 4 means? True, they might find out by experimenting, but it's not immediately obvious, at least.
Or you could just store it as a binary format, which makes it less obvious what's inside. (Instead of storing the character '1' to a file, store the character whose ascii value is 1.

Or you could create your own archive format, even. It could consist of a simple header listing the file names of the contained files, followed by an offset to where the file starts. Or something. Creating file formats is easy. Just think up a structure, and make sure to stick to the rules you created.

Or you could use actual encryption, if you're serious about wanting to keep people out.

Share this post


Link to post
Share on other sites
A fairly simple way is to have the (binary) file data encrypted/decrypted with a simple xor algorithm (XOR each byte with a rolling pattern of numbers). This will block most people from accessing the data. A dedicated hacker can always look at your code to see what the program is doing and do the same thing themselves to edit the data.

Likely such a solution is still 'good enough' for you.

Share this post


Link to post
Share on other sites
Ok you may right about prevent users from editing the data files. Let say that editing images/music its not so harm, BUT editing map it is harm. Cause In the future i want develop MMORPG so if the user will be able to edit the map it will allow him to move in close area that other players cant move there.

And BTW if u mentioned zip files: as i know SDL can open .zip files but what about .zip files renamed to .somethingelse can SDL open zip file with other extension?
Thank a lot again.

Share this post


Link to post
Share on other sites
For multiplayer games, I believe you would want to calculate all the movement on the server, because you can never trust the players to not cheat (since however hard you try to make it, somebody will be able to break it). So it still wouldn't matter if players could edit their copies of the data files - the server will make sure they don't do anything that's not allowed. And in single-player games it doesn't matter since you should let the player do what they want.

Share this post


Link to post
Share on other sites
Quote:
Original post by Excors
And in single-player games it doesn't matter since you should let the player do what they want.


Quoted for emphasis.

Further, they effectively can do what they want, given time and patience, no matter what you do. The best techniques for hacking around encryption *bypass it entirely*.

Note that, no matter how weird your file format is, your player already owns a program that understands it *completely* - it's called your game. The best you can do is make it harder for the user to reverse-engineer everything than it would be to recreate your game from scratch - and it's really not worth it, in general.

Besides, being able to edit your save files is *very* convenient for *testing* your program. :)

Share this post


Link to post
Share on other sites
I agree with Zahlman for single-player or "offline" games. What harm is there to a player modifying their copy of the game? The worst they can do is ruin the game for themselves.

If you still want to go the pain of making your game files hard to tamper with, you could use digital signatures or hash codes (SHA1 for example). However, depending how good the signature is hidden within the executable a simple hex-editor might be enough to alter it. In the worst case the player would have to decompile/recompile the executable or library file. Thanks to the internet anyone could enjoy the cracked game if the hacker decides to distribute it.


When it comes to online games you should prevent modifications that break the game or give unfair advantages (cheating) to certain players. For one thing you could use the same technique described above. You should, of course, verify the signature against a server side key and not one that is stored within the executable. This can, again, be circumvented by using a cracked executable that always reports the correct signature.

The next step, like Excors said, would be to counter-check any user input against server side rules. You could/should still have client side checks for the sake of speed and a server side "sanity" check every few game ticks. If the players position or any stats have changed in an impossible way you could re-position the player, alter the stats of kick the player of the server.

Share this post


Link to post
Share on other sites
Short answer: you can't prevent the user from editing the data files. You could use asymmetric encryption, where the data files are encrypted with your private key, but then the user could just edit the binary and replace the private key (or even intercept the request to load the file, and load it from somewhere else). If you want to prevent cheating, you'll need another method - one that isn't client-side.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!