KIND OF VERY IMPORTANT FOR DEVS

7 posts

Flag Post

If you’ve got a game that’s going to be a Kong Challenge, here’s something I recommend doing–Block RAM edits.

Programs like (-removed-) can search for values stored in your computer’s RAM, and edit them. So basically, if I know my score is 50, I could change it to 50,000.

First, here’s how RAM edits work.

Your RAM has millions of values stored at all times, so manually flipping through them is not exactly an option. Instead you search for the values stored. You can’t look for a variable’s name, either. So instead of searching for “score,” the hacker would search for “50.”

Even then, there would usually be lots of variables stored in any program that happen to have the same value as what you’re looking for. The hacker searches for values that are 50, and then after increasing the score to, say, 55, searches again, and sees what value has both of those matching. Bingo, the hacker can change that value to whatever they want.

So, how do you stop that?

Obfuscation! (Good word!)

It means, more or less, encryption. The goal is to store a copy of your important variables, but to store this copy as an obfuscated version of the “real” variable.

For instance, you could have a function like this:

obfuscate=function(v) {
return(v*10-5);
}

And you would use it like this:

if (touchdown==true) {
score+=7;
obScore=obfuscate(score);
}

And then every frame (or every few frames), check:

if (obfuscate(score)!=obScore) {
//OMG TEH HAX0R
}

And there you go. It works because the hacker doesn’t know what to look for to find the obfuscated value, so he can’t change both of them.

 
Flag Post

Maybe we shouldnt tell people the specific name of the program ;)

 
Flag Post

Yeah good idea… I’m not sure how many devs would be happy about having to add that code into their games.

 
Flag Post

Like indie said… its really about the developer.
And really, when you were talking about obfuscation, you are in fact talking about anti-source extraction. It won’t help you against ram edits or hex viewers.

Any individual who’s determined enough and has the right tools is theoretically able to crack any program within an infinite space of time. (Meaning, you can slow him down, but you can’t stop him).

That said though… I’m not really sure how flash works, since it is not an executable. Flash files are Bytecode (ie like Java), and which requires a player to run. So really, you would need to crack how the player works, and where it stores it memory, not the game.

 
Flag Post

Dazzer, I don’t think you quite get what I’m saying.

Yes, you can get an swf obfuscator to protect your swf from decompilers. I’m talking about manually obfuscating your variables to block RAM edits. I know how to hack a running swf like this, and I already have-how do you think I beat the current challenge? Haha. (Staff members, if you want to take away my points/card, go ahead; it was for testing, blah blah.) The method I gave blocks the current usage of RAM editing programs.

 
Flag Post

ah okay I think I get what you mean now.

(thinks) I think I need to get an avatar

 
Flag Post

Awesome thanks for the tip. Do you know any other methods of cheating that we can protect against?