Hackproof software

General FreeBASIC programming questions.
Ophelius
Posts: 428
Joined: Feb 26, 2006 1:57

Hackproof software

Postby Ophelius » Mar 15, 2010 20:54

I've been messing around with ways to hack-proof my game by making it detect if someone changed the score with a hex editor. I thought I found a solution, but then after much testing I always find a back door somewhere. I have the program verify if the score changed in places where it wasn't supposed to, but I need a second variable to put the old score to compare for that to work. I got it working to the point where if someone changes the score or highscore at any point in the game, a Cheater screen pops up and you're forced to quit the game. But, I found that if someone changes BOTH score AND oldscore which would be the same, then they get away with it, because when the program now checks the oldscore from the previous loop to the current score, they are now the same and doesn't complain. I'm sure there's always a way in, but anybody have better ideas?
vdecampo
Posts: 2982
Joined: Aug 07, 2007 23:20
Location: Maryland, USA
Contact:

Postby vdecampo » Mar 15, 2010 21:56

Use the computers' MAC address as a cypher key to encrypt your files. This gives you a unique value for every computer and would even prevent score files from being copied from one machine to another.

-Vince
PyRoe
Posts: 61
Joined: Sep 07, 2005 16:10
Location: not quite sure, i just woke up here

Checksums

Postby PyRoe » Mar 15, 2010 21:58

What you need is a checksum or possibly a way to encrypt the score and add a checksum i could come up with several simple methods for this if you would be willing to post that section of your code.

For kicks I think it would be great to have it change a persons name to add (LOSER) on the end if they cheat. Dont forget to add your own backdoor so you can make an initialized list of high scores.
duke4e
Posts: 717
Joined: Dec 04, 2005 0:16
Location: Varazdin, Croatia, Europe
Contact:

Postby duke4e » Mar 15, 2010 22:00

Simple! Use encription on your highscore, with encription/decription method hardcoded into your program. You can combine that with non-encripted score also, and then compare both of files (decripted and non-encripted).

Other good solution is to post and retrieve your highscores to online server. That way your scores are safe (unless someone hacks your server).
agamemnus
Posts: 1842
Joined: Jun 02, 2005 4:48

Postby agamemnus » Mar 15, 2010 22:24

Dunno about you, but if it's a single player game, I often get the urge to cheat. I'll become your nemesis, Ophelius, and spend days trying to break your system. ;)
Ophelius
Posts: 428
Joined: Feb 26, 2006 1:57

Postby Ophelius » Mar 15, 2010 22:34

I already have the highscore files encrypted with AES after you enter your name for a highscore, but the tricky part is keeping it hack proof during the game. Someone can change the value of the score just before the score gets encrypted into the file and thus hacking his score.

The problem is the score/oldscore verification system I talked about in my original post leaves the values in a static memory location. All you do is open up a hex editor and find the memory location where your score is and change both variables. Then encryption is pointless. It stops most beginner hackers who would know how to change an unencrypted Dat file, but it doesn't stop everybody. I was able to find backdoors still.

Edit: Unless I can simply decrypt the score every loop just before it gets displayed/manipulated and encrypt it right after. Like this:

decrypt score
display score to screen
encrypt score

decrypt score
add to score
encrypt score

Would that slow things down dramatically? It doesn't even have to be AES during the game is playing. I can just mix up the bits with my own secret function and that would suffice. But when it gets written to the highscore file, then use AES.

Edit 2: Though, even if I un/scramble the bits before and after I edit the score internally, it's still possible to find out where in memory I'm doing this by noticing which mem address changes the same way as the score changes. So unless I use a fast strong encryption in realtime, it can still be hacked.

Edit 3: And it's probably possible to interrupt the program after the score get's decrypted and just before the score gets displayed, then change the score, and then let the program continue. So if this is possible, real-time encryption is also flawed, though much more difficult to hack.
Ophelius
Posts: 428
Joined: Feb 26, 2006 1:57

Postby Ophelius » Mar 16, 2010 0:27

I think I found a way. Check this topic for a hacking challenge:

http://www.freebasic.net/forum/viewtopic.php?t=15244

agamemnus: I believe you were up for the challenge :P
Richard
Posts: 2975
Joined: Jan 15, 2007 20:44
Location: Australia

Postby Richard » Mar 16, 2010 1:54

If you count in encrypted space then it cannot be easily changed.

First set up a 64 bit Pseudo Random Binary Sequence generator. (prbs). Possibly initialise the prbs with the game's or CPU's serial number. Clock the register 64 times to hide any initial seed key pattern at zero score.

Each point scored clocks the prbs once, it also adds one to the score for display. The score is saved by recording only the contents of the prbs register. The displayed score could be openly saved and then read back at start up as a decoy.

When starting the game the initial prbs is clocked forwards to the saved prbs score. The number of clocks needed to reach the value is the recovered best score. These both happen in the display code.

An attempt to randomly overwrite the prbs register will result typically in a count of 2^63 being needed to get from the initial to the corrupted score value. That will effectively hang a game with a corrupted score on start up. Especially if it does a GOTO and hangs in a tight loop after counting to a maximum ATL score of just 1 million.

To crack the system they need to extract the prbs clock code and the initial seed from your game code. Your prbs clock code could be distributed throughout the flow of your code that displays the score.
Ophelius
Posts: 428
Joined: Feb 26, 2006 1:57

Postby Ophelius » Mar 16, 2010 2:17

Isn't the prbs simply another variable that you can watch which increments the same way as the score variable? Sure they have a different value, but they change the same way which can be easily noticed. When I find the memory location where the current prbs value is located, i simply add the amount I wish to it. Unless I'm misunderstanding you?

Edit: I also noticed that variables DIMmed SHARED I can change the value externally with a hex editor, but a DIMmed variable I can't. I can find the value, but I can't change it. Why is that?
Richard
Posts: 2975
Joined: Jan 15, 2007 20:44
Location: Australia

Postby Richard » Mar 16, 2010 3:03

Adding any number to the prbs will flip it into some distant random space. 2^64 / 2^20 gives a one in 2^44 chance of guessing a fake saved code that will give a false score between 0 and 1 million.

Because there is no 1:1 mapping between the integer score counter and the pseudo random state of the prbs it is necessary to clock the prbs to increase it which means cheats must somehow fake scoring events, or practice more.

You might use a seeded random number generator in FB to do the prbs.

Return to “General”

Who is online

Users browsing this forum: No registered users and 2 guests