Welcome, Guest. Please login or register.

Login with username, password and session length

 
Advanced search

1411512 Posts in 69376 Topics- by 58430 Members - Latest Member: Jesse Webb

April 26, 2024, 06:44:21 PM

Need hosting? Check out Digital Ocean
(more details in this thread)
TIGSource ForumsDeveloperTechnical (Moderator: ThemsAllTook)[deleted]
« previous next »
Pages: 1 2 [3]
Print
Author Topic: [deleted]  (Read 7905 times)
st33d
Guest
« Reply #40 on: February 01, 2010, 01:44:52 PM »
Yeah, unfortunately Cheat Engine is a very comprehensive tool. You can use it to search for ranges of numbers, different datatypes, you can freeze the operation of the program and also lock memory addresses at given values - so even if you detect that your game is being hacked and try to circumvent it by forcing the value back, too late, it's already got you by the balls.

Adding a small amount to a value, or even hiding it in another datatype won't work on a cheater with a programmer's imagination.

I would say it's worth the time downloading Cheat Engine and experimenting with different attacks. You're not going to formulate a concrete defence unless you familiarise yourself with the weapons you're facing. That's how I came up with my method, I sat down with Cheat Engine and tried to outwit myself from both sides.
Logged
Chromanoid
Level 10
*****



View Profile
« Reply #41 on: February 01, 2010, 02:33:15 PM »
especially for flash games i have some half-baked ideas that might work (security through obscurity):
load a special highscore swf during runtime. the name of this should be randomized (server knows the name via sessionid)... make a little vm in as3 that handles the scoring of the game (verification, adding of score points etc). the vm uses different algorithms to encode the highscore (to be valid) and decrypts/encrypts each line of its byte code before/after execution. the vm is in the highscore swf loaded during runtime. by randomizing the algorithm of encoding etc. it is very hard for a hacker to reverse engineer this. the bytecode for the vm could be delivered within images. the images are encrypted sessionid dependent... (this might work without a vm too) Smiley

during gameplay one could ask the server for some random numbers. these may be used to trigger some score giving points. the "score history" has to be submitted along with the highscore. the highscore is signed with the previously submitted random numbers... the random numbers submitted during gameplay could be used to verify the gameplay time too.
« Last Edit: February 01, 2010, 02:56:07 PM by Chromanoid » Logged
BorisTheBrave
Level 10
*****


View Profile WWW
« Reply #42 on: February 01, 2010, 03:32:59 PM »
So how would you use the Cheat Engine to beat the random offsetting approach? It seems to me there'd be nothing obvious to search for, you'd not be able to find either memory location.
Logged
st33d
Guest
« Reply #43 on: February 01, 2010, 04:04:07 PM »
In this situation:

I randomly added a number less than 0.0001 or something like that

The first thing you would likely search for in the event the memory address for the score is missing is a string representation of it or a number somewhat near the actual score. You can use an ascending or descending search (scores generally always increase in value) or look for a range that the number is likely to fall in.

The search gives you a selection of memory adresses. You then repeat search for a pattern in the behaviour of the variable you're looking for. That weeds out memory addresses that don't follow the pattern. It does most of this automatically for you.

That's why I went for adding a big random number to the score. The pattern is unpredictable.
Logged
Pages: 1 2 [3]
Print
« previous next »
Jump to:  

Theme orange-lt created by panic