antihacking vs cheat engine
Blitz3D Forums/Blitz3D Programming/antihacking vs cheat engine
| ||
| Hey, i was wondering, if any 1 knows a way to keep people from hacking my game , by simply using a cheat engine (example: for them to search for their score then let the value change. then search again and repeat until they find the address of the score , and simply changing it's value. Thus hacking thier way into the highscore list)? |
| ||
| One simple and not very effective way (just thought of it) is to make your game fullscreen. Then when they open the hacking program, it'll minimize. There are probably easy ways to overcome this though. |
| ||
| Perhaps you can use some form of encryption/decryption on the Score. |
| ||
| Yeah encode the score, possibly over a number of bytes. Have a score type. Each time the score changes, put it in a fresh instance of the type. Have other unused variables that change randomly when the score changes. This stuff will deter the casual cheater. |
| ||
| You could store the scores in the code in multiple places and with multiple copies. This way any attempt to hack the scores will show up easily and you can take appropriate action. (format C: /y /y for example). |
| ||
| Ooohhhh that good idea :D |
| ||
| One simple and not very effective way (just thought of it) is to make your game fullscreen. Then when they open the hacking program, it'll minimize. There are probably easy ways to overcome this though. Alt+tab? :) What about storing the scores as encrypted strings both in memory and when saved on the disk by converting each number's, shifted by a simple key pattern and then shifted up into the letter range by adding 10? to the ascii value. (to change numbers to letters (and back again) simply add/sub the number of characters between 1 and A using the chr & asc operators). This would probably not confuse an experienced cracker but it would do for everyone else simply searching through the scores with a hex editor. ie (needs to be processed one character at a time): score=923456 key=213321 encrypted=KCFGGG so to unencrypt again using key: (K-2)=I=9), (C-1=B=2), (F-3=C=3) etc... To make it look more confusing, rather than shifting from 1 to A, why not push it right up into the extended character set (128+) so it looks like total "gobbeldegook". |
| ||
| To be honest the amount of work required to make this feasible isn't really worth it... some simple encryption will keep casual cheaters at bay but nothing is going to make it completely secure... even some of the strongest DRM for commercial games gets hacked in 4 days tops... |
| ||
| work required?!? this can be done in about 10-30 minutes using 1 type 2 functions 1 constant made of a few lines of code that wouldn't even fill half the page. Youre right about nothing being "crack" proof tho', but this is a very simple encryption, more than adequate for a scoreboard. He isn't trying to lock down the next halflife game. |
| ||
| How to hack a EXE to cheat. 1) Look for filenames like heightMap. ord B3d Models. Often programmers uses standard collision data from this files. manipulate the data files. 2) How to overcome a program that checks game.exe copy game.exe to hackedgame.exe and run the hacked one :=) I hade some fools that flew around in voidrpg cause of chaning the height map. and later the position of the objects.. i had to crc every file. and crypt the source code filenames.. i WON that battle :) No you cant trust the code |
| ||
| Alt+tab? :) LOL actually I meant you wouldn't be able to hack it when it was minimized until I found out something was wrong with my head :D |
| ||
| You could store the scores in the code in multiple places and with multiple copies. woah very good idea! i think i got it this time!
; anti hacking with cheat engine example
While Not KeyHit(1)
If KeyHit(57) ;space bar
score1 = score1 + 1
score2 = score2 + 1
score3 = score3 + 1
score4 = score4 + 1
score5 = score5 + 2
score6 = score6 + 2
EndIf
Print "score: "+(score5/2)
If score1 <> score2 Or score2 <> score3 Or score3 <> score4 Or score4 <> (score5/2) Or score5 <> score6
RuntimeError("OMG!! u are a disgrace to all hackers everywhere!!!") ; of course you wouldn't make the errors THIS obvious
EndIf
Wend
but unfortunatelly, it would almost be impossable to actually keep the place where the scores are saved "unhackable." but aleast it will keep the causual cheaters away ^^. The only way (that I know ) around this is online highscore saving. Which is also a bad idea, cause usually the address would be plain obvious, that the score data is saved in the address. ex: http://www.hackable-online-game-high-scores.com/highscores.php?name=average_hacker,&#score=99999999 but even if this was also encrpted .this would still be easy to hack :( |
| ||
| Honestly, id finish the entire game before I worried about security. The above code will not work either. Youre still changing the same integer values at the same time. Im not much of a cracker, but just watching that in memory is a dead give away that that is where your value is. The only experience I have in hacking memory code is from snes emulation haha. What you need to do is have a hash table lookup with encryption, as well as to have a non-realtime counter for the scores. For instance create a timer that once finished updates a type object for that score. Have that timer execute anywhere from 50millisecs to 2 seconds. Of course you should update the display timer visible to the player in real time. But the one you actual track and go by should not be. So yeah, basically encrypt a type object that is timer based, and have it use crazy string values. No hacker in the world would waste their time trying to crack that. :) |
| ||
| Honestly, id finish the entire game before I worried about security. The above code will not work either. Youre still changing the same integer values at the same time. Im not much of a cracker, but just watching that in memory is a dead give away that that is where your value is. The only experience I have in hacking memory code is from snes emulation haha. What you need to do is have a hash table lookup with encryption, as well as to have a non-realtime counter for the scores. For instance create a timer that once finished updates a type object for that score. Have that timer execute anywhere from 50millisecs to 2 seconds. Of course you should update the display timer visible to the player in real time. But the one you actual track and go by should not be. So yeah, basically encrypt a type object that is timer based, and have it use crazy string values. No hacker in the world would waste their time trying to crack that. :) ...what? that was so confusing i barely understood that. i got lost after u said honestly ^^. anyway wouldn't this process of hash tables and randomizing serouisely eat up your cpu performace? |
   |