[dirGames-L] Cheating and stealing and hacking oh my.

Duck duck at robotduck.com
Wed Feb 1 16:45:02 EST 2006 

Wednesday, February 1, 2006, 4:13:08 PM, Gene wrote:

GE> For example if a player knows he has 100 hitpoints, he searches the memory
GE> for 100 as an integer in ArtMoney. He (or she) keeps changing memory address
GE> until he finds the right one.

GE> I'm having the biggest problem with players changing their names on they fly
GE> to....

You don't really need to check the values every frame, do you? I would have thought you'd only need to check the values at each moment that you want to do something useful with them.

For scores and other sensitive numeric values, I have handlers that I use to get and set 'encrypted' values. This isn't strong string based encryption, it's simple mathematical obsfucation, and so it's very quick, but it means that anyone using a memory hacker has no idea what number to look for. Each handler also generates a quick checksum (again a very simple few mathematical operations on the number), which helps detect whether the number has been changed by a memory hacker - should they deduce what number to change even with the obsfucation. If the checksum does not match the last stored value, a 'cheat' is detected. It goes a bit like this (pseudocode):


--------------------------------------------------------

on setVar varName,n

  v = (the maxinteger-(n*3.1))  -- obsfucate value
  c = simpleChecksum(n)         -- get simple checksum
  encryptedArray[varname] = [ #value:v, #checksum:c ]

end


on getVar varName,value

  -- check that stored checksum matches stored value
  storedChecksum = encryptedArray[varname].checksum
  recalcChecksum = simpleChecksum(encryptedArray[varname].value)

  if storedChecksum <> recalcChecksum then
    cheated = true
  end if

  return encryptedArray[varname].value
end


on simpleChecksum n
  return (n * 95) mod 999
end

--------------------------------------------------------

You could also implement something similar for strings, wherein the checksum for the string is also only ever tested when you need to 'get' the variable for some purpose.

Hope this helps.



- Ben

_______________________
 duck_at_robotduck.com 
   www.robotduck.com

More information about the dirGames-L mailing list