[iOS] Checksum protect Save Data

Dom818

  • *
  • Posts: 1296
Along with being a developer for iOS, I have also taught myself how to hack iOS games. The games I am creating with iStencyl seem to have no protection on the save data at all. It is very easy, for me at least, to edit and cheat on the iStencyl games.

Is there a way to protect the data from hacking, maybe using checksums or even time stamps? This would greatly reduce the chance for hackers to access and mess up the data.

« Last Edit: September 10, 2012, 05:07:08 am by Dom818 »

marcwilhelm

  • *
  • Posts: 88
This especially is a concern for all of us who making Freemium or Free to Play games (the top grossing games in iOS & Android are dominated by these) using in game currency, virtual goods and oftentimes, persistent worlds.

Games that utilize a consumable "energy" metric to pause a players progress while they wait (or pay) for time in the real world to pass would have to check the time passed if a player switches to another app or closes the app.Is there any simple way capture a timestamp from a server or world clock? I apologize for gettings slightly off topic.

Play

  • Posts: 165
Unfortunately, I can't help with the protection of game data issue. But @marcwilhem

This thread contains discussion of a method of receiving a time stamp from a devices internal clock. For anyone interested in creating a time-based persistent world game with Stencyl (or interested in utilizing time more precisely for consistentency) it should be helpful:

http://community.stencyl.com/index.php?topic=9598.0

However, there is no protection against modifying that time value; any player can modify their devices clock to speed up processes. And players as knowledgeable as the OP will still easily be able to modify it, as well as any game atteibute's value, directly. I too would like to know if there is a simple way to retrieve a secure time value from a server.

Sunflower

  • Posts: 591
Well, once you have a way to reasonably secure your save data, you can also include the time of saving as well. Of course, player can set the device clock to some time later or so, but once the game is run, the later time is stored. What is the advantage of that?

Well, when the device time is *earlier* than the saved one, you can be pretty sure that someone tampered with device clock (with exception of time change >.<). How would you proceed with that, I don't know, but there's still a possibility of detecting time hacks (unless player decides not to switch the device clock back to original state, but most of users probably wouldn't bother with time-changing when the game doesn't accept going back in time, I suppose O.o')

marcwilhelm

  • *
  • Posts: 88
@Play - Thank you that is very helpful. A secure server would be better of course. I'll probably take the risk and use the device clock for now unless someone figures out a way to reach a clock server.

@Sunflower - That's a good point if the item is earned and timestamped, the player couldn't safely use it without being able to be detected until that time in the future which I suppose defeats the purpose of clock cheating in the first place if you have to wait to use it anyway to reset the device clock correctly. (where's Doc Brown when you need him?) But the advantage of a player changing the clock on their device to a later point in time is that they could fast forward through game mechanics and systems that the designer wants to require the player to either wait or purchase a virtual good to get through and reap the reward that they were say harvesting or supposed to have to wait for, for some fictional reason. The most common is "energy" or in F2P racing games "Fuel" that is depleted with each race but restores over time or can alternately be bought with an in-game purchase so the player can keep playing without having to wait.

Clock exploits like this would not be something to worry about with the casual player unless there were a trading system or if the it were possible for players to sell their progress or game currency to one another. But if this is happening your game is likely a hit...You know you hit the big time when they are being exploited or pirated :) A much bigger danger for us is obscurity.

@Dom818 Sorry for derailing this thread. Curious to get your h4x0r thoughts on time exploits and such. It seems that this is a bit of an edge case concern. To make a successful game you have to sell thousands of copies and I doubt seriously that .1% of those downloads would be by cheaters.

BTW with Stencyl 3.0 since it is using a different language as the base, perhaps it will have some added security?