• Hey Guest! Ever feel like entering a Game Jam, but the time limit is always too much pressure? We get it... You lead a hectic life and dedicating 3 whole days to make a game just doesn't work for you! So, why not enter the GMC SLOW JAM? Take your time! Kick back and make your game over 4 months! Interested? Then just click here!

protecting ini

RizbIT

RizbIT

Member
I know on ios and android it is harder for average user to access the ini files for user paramaters like number of coins, heallth etc...

But on windows they can easily open ini file and change the value of coins to say 999

so whats best way to protect this data from user hacks?

could you base64 encode the whole ini file then decode just before reading values, then reencode?

but could the user not intercept the intermediate decoded ini
 
chamaeleon

chamaeleon

Member
RizbIT said:
I know on ios and android it is harder for average user to access the ini files for user paramaters like number of coins, heallth etc...

But on windows they can easily open ini file and change the value of coins to say 999

so whats best way to protect this data from user hacks?

could you base64 encode the whole ini file then decode just before reading values, then reencode?

but could the user not intercept the intermediate decoded ini
Click to expand...
Don't store it in files, store it on a server you control (implies network connectivity upon saving). Won't prevent a program from being modified to send spoofed data, of course. If everything resides on the user's computer, it's just a matter how interested a sufficient number of people are in figuring out what you do, and some of them publicly releasing ways of changing it. There's no fool-proof method, so you'll have to determine what your criteria for good enough are, starting with do you really care if some given individual cheats or not? Does that cheating impact you in any form whatsoever? If the answer is yes (the user can buy said coins for real money, etc.), don't rely solely on data on the computer.

Sure, base64 encode the file, but that is more than likely the first thing people look at. If you don't use that, rest assured there are plenty of people who are not afraid of simply picking apart your program to figure out any algorithm and reverse engineer it to do whatever they want.

The temporary decoded ini problem in itself is worked around by not using intermediate files, but decoding in memory and using ini_open_from_string() instead (and encoding the result from ini_close() and storing that content to a file).
 
curato

curato

Member
any kind of basic attempt to hide the information is going to take the average user out of trying to mess with it. The hacker is always going to be able to hack it no matter what you do. It isn't worth too much trouble to get elaborate with security unless you think your game is going to be huge.

personally, I put my data to be saved in a ds_map then use ds_map_secure_save. It is pretty secure and very little effort on my part.
 
RizbIT

RizbIT

Member
my problem is that is didnt start with security in mind, so now its a case of finding all references to the ini and then adding security measures.

ini from string looks promising though
 
Yal

Yal

šŸ§ *penguin noises*
GMC Elder
Security should be set up on the design stage, an unsafe design is really hard to salvage no matter how much encryption you jam into it.

But you only really need to care about savefile hacking if any of the following are true:
  • In-game purchases is a part of your business model, and hacking savefiles would let players avoid paying
  • Resource scarcity is an important part of your game balance, and hacking savefiles removes this consideration (giving hackers an unfair advantage)

If the players only ruin their own fun and not others', and you won't lose money from them hacking the savefiles, you probably don't need to waste time adding security measures.
 
You must log in or register to reply here.
Top