So what stops them from editing the text file anyway, putting in 1,000,000 and then the game decoding that back into 605,578? Highscore = ((1000000 - 829) / 1.65) + 20 // decoded back to 605,578 Then they realize, the score gets lowered for some reason after entering it. So they just enter in a bigger number next time they hack and their score then increases again.
Sorry I forgot to mention. All you do is save the original value of the highscore from the game along with the encoded value, but don't use it. Just compare the decoded score against the original and if they don't match..well you get the idea
you do realize you cannot hack your highscore, so that it will be displayed online. Someone could just change both value to the same value. You method is not fail-proof as we can just input numbers and test it out. There are much easier ways to hack a game.
Too easily hackable even if you do the above step. Wouldn't a hacker just change both? And games can only save files in a few selected places, a hacker will look in all of them. Encrypt the entire save file, and use an encryption method that generates lots of random numbers (i.e. 3000=56, 56=9001, ect). But you also have to make it so that not every output variable equals an actual number; ie, if the output variable is 3141, that doesn't equate to any high score. Otherwise I could just put in a few different numbers and see which one is highest. And if I had enough time I could create a rainbow table, or just make a script to run through all of the numbers, or look through your code to see as it has to be unencrypted before you can load it. PS. If you're using algorithms as simple as that, anyone with a basic understanding of linear algebra (8th grade) would be able to crack your equation.
I'm sorry I'm not sure if I explained everything clearly.yes the value would be crackable if you know 8th grade algebra but only if you know the values 1.65, 829, and 20. Plus you can use any math you want, I was just providing a simple example. If the game compares the value of the original score to the decoded score, and turnes out they don't match, you could reset the high score to 0 if you want. Okay here's another example. Imagine this being in a text file: high score 2310 encoded high score 69340 If you can figure out what the equation is by knowing only those values, let me know. but if the cheater tries to change the values randomly and they don't match, the game doesn't accept the highscore and can reset it to 0.
I'm going to get a few more highscores normally, let's use 3000 for this example. I'm going to form the equation (3000-x)/y+z=encrypted high score, convert it to Y= form, and run it through a 3D grapher. Then I'll do it for numerous other high scores. Where everything intersects is the values of x, y and z. Then I add the values of x, y, and z into the original equation and I can get normal and encrypted high scores for any number.
BUT how does the cheater know the form of the equation?? FYI the last example was ((2310 + 19) * 30) - 530). It could be in any form! I can add square roots if I wanted to. But as long as you do not know the form of the equation you cannot solve the values. and without the values of the equation it's very difficult to cheat. Sounds like a lot of work just to hack a number that represents your high score in a simple video game huh?
maybe try using an XOR encryption involving the device identifier and some formula. Its confusing enough that the text file will be so jumbled that the user will not work out it involves the device identifier and the XOR key will be different for every device so even if they work out the XOR key, it will only work for their device (unless they work out the key, then the formula that involves the device identifier ). Did that make sense?
Yes, you can. You can play the game multiple times, noticing the trend between your score value and the "encrypted" value, then reverse engineer the equation from the values. If you really want to pursue this route, then you'd need something like a block cipher with the (very long) secret key hardcoded in the program -- but a good hacker could easily extract the secret key. You're essentially talking about DRM here, which is always crackable. Encryption schemes are designed to prevent Michael from intercepting a communication between Alice and Bob. They just don't work when Michael and Bob are the same person.
OK, now your good. I was basically saying that the current encryption was hackable, but if you use a unique and confusing equation you're safe. He said what I said but without actually explaining it.
OK, I will rephrase. With 3 sets of values i could put them in my ti83 and have it write an equation in any form( linear, quadratic, sinusoid, even logarithmic), that would match your equation . All it would take is five minutes of guess work and some algebra1 and calculator knowledge
I think you guys are missing the point. It's just supposed to be a simple way of preventing cheaters from modifying the highscore. Everything you're discussing seems very complicated when some 90% of iOS users don't even know how to get into the file system.
I'm sure it'll work against them though. if anyone finds my idea helpful then great but I doubt it since most of you seem arrogant.
I actually used a similar idea in my game. On initial release it was somewhat easy for jailbreakers to hack highscores. I came up with some convoluted equation in a game update that takes place when your score is saved, although there is no "second number" visible anywhere for the player to work with. The hacking ceased. One aspect of this scheme that I later removed was the resetting of all player scores and game info if a score was hacked. I can't remember the details, but I got complaints and ended up wiping that part out of the game
It's a sound idea in principle, but as previously mentioned, it can be reverse engineered fairly easily. What I've done for my games is to generated a salted hash of the score, and store the hash-value in the score tables alongside the score. I then regenerate the salted hash each time the score is downloaded from the table and make sure the hashes match. So basically, I convert the numeric score to a string, add some custom characters to the string, and then use a hashing algorithm to create a numeric hash from the string. It could still be reverse engineered if someone analysed the assembly code of the App, but it is much harder to manually hack the scores.
What's the point of hacking scores anyway? It's not like people who get to the top of leaderboards are going to be hailed or something.
