Hackers & Anti-Hack techniques...
This is probably not the sort of thing new members ask often, but I'll get right to the point.
One of my many goals is to someday make an immersive character and story driven RPG. The games that probably hold the most sacred spots in are heart are FF I, II, & III, as well as the original zelda, and then of course the absolute masterpiece that was Chrono-Trigger. But I also remember figuring out how to stack books on my NES controllers and make my FF-II character grind low level monsters for exp while i was at school. Now-a-days kids don't have to precariously pile books and hope their toon does not die before they get home from school, they simply get a Hex-Editor and instantly change EXP, Gold, Stats or whatever.
RPG's and levelling character type games are the "easy targets" for this kind of device/app hacking but surely it is important to many games and devs, especially ones with IAPs.
So i was considering possible anti-hack measures and for now I was thinking that there are two distinct possibilities that might work well.
1. set it up so that numbers that are displayed to the user are not used for game mechanics, and are not the SAME as the numbers used for game mechanics.. IE player display = lvl 1. 84 EXP, monster X = 2 exp per kill... game data reads player exp 1680, monster X = 40 exp per kill. If player hacks and hex edits 84 exp.. it will not cause him to level up, but rather just change the EXP displayed on his character sheet (which will reset the next time an event occurs that checks game data for EXP)
2. set it up so that the game periodically checks certain values against each other, and if a mismatch occurs perhaps lock up game and require app / game account to be deleted and re-installed.
option 2 here obviously has the advantage of letting the hacker know that there are measures in place, and not allowing said hacker to continue playing the hacked version of the game, but has the disadvantage of being tremendously harder to engineer in my mind. (Even with only a couple weeks under my belt I could easily set up system 1.)
Thoughts?
Grim
One of my many goals is to someday make an immersive character and story driven RPG. The games that probably hold the most sacred spots in are heart are FF I, II, & III, as well as the original zelda, and then of course the absolute masterpiece that was Chrono-Trigger. But I also remember figuring out how to stack books on my NES controllers and make my FF-II character grind low level monsters for exp while i was at school. Now-a-days kids don't have to precariously pile books and hope their toon does not die before they get home from school, they simply get a Hex-Editor and instantly change EXP, Gold, Stats or whatever.
RPG's and levelling character type games are the "easy targets" for this kind of device/app hacking but surely it is important to many games and devs, especially ones with IAPs.
So i was considering possible anti-hack measures and for now I was thinking that there are two distinct possibilities that might work well.
1. set it up so that numbers that are displayed to the user are not used for game mechanics, and are not the SAME as the numbers used for game mechanics.. IE player display = lvl 1. 84 EXP, monster X = 2 exp per kill... game data reads player exp 1680, monster X = 40 exp per kill. If player hacks and hex edits 84 exp.. it will not cause him to level up, but rather just change the EXP displayed on his character sheet (which will reset the next time an event occurs that checks game data for EXP)
2. set it up so that the game periodically checks certain values against each other, and if a mismatch occurs perhaps lock up game and require app / game account to be deleted and re-installed.
option 2 here obviously has the advantage of letting the hacker know that there are measures in place, and not allowing said hacker to continue playing the hacked version of the game, but has the disadvantage of being tremendously harder to engineer in my mind. (Even with only a couple weeks under my belt I could easily set up system 1.)
Thoughts?
Grim
Comments
http://forums.gamesalad.com/discussion/33639/gamesalad-obfuscator
What I am talking about is end user hackers. Hex Editors simply monitor system memory (hexidecimal) values, and look for matches to a user inputted value. Because the hacker is only searching for values, variable names and mathematical formulae do not need to be known or understood.
Something like (from above):
1. Search IPhone memory for all memory addresses whose value is "84"
2. Kill monster X.
3. Search previous search results for a value of "86"
4. Overwrite "86" with "99999"
(Game character exp or $ instantly changed from 86 to 99999)
Honestly the reason I bring this up is that I play a lot of iPhone / IPad games, one of them I play the most is a trading card / battle game and people "hack" in it all the time.
There are multiple reasons why it would be good to stop this behavior, but one of the biggest is that if you offer IAPs that are "items" like say a healing potion.. You would not want people to be able to clone these items and use them infinitely... Worse, if your theoretical game had a marketplace where players can buy and sell to each other, you do not want cloned items and IAPs to devalue legitimately purchased or earned items.
For reference: http://en.m.wikipedia.org/wiki/Game_Genie
Grim
New to GameSalad? (FAQs) | Tutorials | Templates | Greenleaf Games | Educator & Certified GameSalad User