Gamasutra is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Gamasutra: The Art & Business of Making Gamesspacer
arrowPress Releases







If you enjoy reading this site, you might also want to check out these UBM Tech sites:


 

Game Development: Protect your Game from getting Hacked

by Ashish Gogna on 11/18/19 10:30:00 am

The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.

 

Hacking in games is so common these days that as soon as a game gains attraction, someone comes up with a hack and shares it online, thereby spreading the hack, and damaging the experience the game intended for its players.

Most of these hacks are common tricks, which work for almost all games. In this post, I’ll talk about what these are and how to detect these hacks and how to protect your game from these hacks.

Memory Injection

Memory injection is the easiest and most common trick out there to hack any kind of game.
In layman terms, memory injection means modifying the data which is stored in a device’s memory / RAM / volatile memory.

How this works
Let’s take Flappy Bird as an example. Flappy Bird is a very simple single player game with a variable “Score”. This score is stored somewhere in the device’s memory, with the value 0, when game starts.

  1. Hacker pauses the game, when score is 0. Searches for all the addresses in device’s memory where the content of an address is 0, and makes a set of all such addresses.
  2. Hacker unpauses the game, increases his score to 2 by playing the game and again pauses the game.
  3. Now, in the set of addresses which the hacker earlier found, he searches for all the addresses where the content of an address is 2. He keeps these new addresses in the set and removes all others; thereby reducing the size of the set.
  4. Hacker does this until the size of addresses get below 5. One of the addresses in this final set is the one which stores the score of the game.
  5. Once the hacker has a final set, he changes the content of all the addresses in the set to a very large number, thereby increasing hacking score.
  6. Hacker Unpauses the game and the huge number gets reflected as his score.

Protection
A very simple way is to encrypt the score value and then store it in memory.
This way the hacker will not know what value to search for in the memory.

Another way is to keep a last known score added with a random number stored somewhere in the memory. When updating the actual score, check if current score is equal to (last known score - the random number). If it isn’t it’s been temper.
In short, never store important data as raw values anywhere, not even in memory.

 

Hacking Saved Data

This is another common way of hacking games. The trick here is to find where the game’s data is stored on the disk. Once it’s found, hacker can modify the that data.

Protection:
A simple solution is to calculate an MD5 signature from the contents of the files saved on disk which contain the game’s saved data. Store this signature somewhere as well.

When accessing the saved data, recalculate the MD5 signature from the contents of the files saved on disk. If the stored signature isn’t equal to the recalculated signature, saved data files have been tampered with.

 

Speed and Time Hacks

2 more common types of hacks are Speed hacking and Time hacking.

  1. Speed hack
    This is a type of hack in which the hacker modifies speed of the game and takes advantage of it.
    For example, if the game is fast paced, hacker can slow it down thereby getting more time to perform an action.
    Protection:
    Keep 2 variables: systemTime and timer.
    On every frame update, set
    systemTime = System data in seconds.
    timer = systemTime + (time delta between this frame and last time).
    If (timer - systemTime) > maximum time difference allowed: the speed of the game has been hacked.
  2. Time Hack
    This is a type of hack in which the hacker modifies timers in the game.
    For example: If an action in the game requires you to wait for 30 minutes, the hacker can change the system time to go ahead in time and cover these 30 minutes instantly.
    Protection:
    A very simple way to protect timers in the game is to never depend on device’s system time.
    But if you really need system time for something, use system’s uptime. Event if a hacker changes system time, this uptime won’t be affected unless he restarts the device.

 

Code Injection

This is a fairly complicated hack, but still quite common. The hacker needs some programming knowledge to make code injection work.

Here, the hacker decompiles the game code, understands it, and modifies it.
For example, If your game is made with Unity engine, the game code is packed into and stored as .DLL files.
The hacker can decompile these .DLLs, and get access to all the code inside them. He can understand your game code, and change it. He can then recompile the DLL and put it back. He can also inject new .DLLs while the game is running.

Protection:
All the code must be Obfuscated. Without it you’re basically exposing your whole game code to be read and modified by anyone.
Obfuscation changes your code to make it difficult for humans to understand.

Secondly, keep a signature check on all the .DLL files.
Calculate an MD5 signature of all the .DLLs and store it somewhere. When accessing code, recalculate the MD5 and check if it equals the stored signature. If not, they’ve been hacked.

 

Asset Hacking

This is another one which is fairly complicated. The hacker needs to gain understanding of the game code and how the game engine on which the game is built works.
Once he is able to know how the assets in the game are used, he can modify these assets based on his will.
For games which are made with Unity, hacking Asset Bundles is quite easy.

For example, let’s say a game has an asset of a wall with colliders. Hacker can change collider size to zero.

Protection:
MD5 Signature, again.
Calculate an MD5 of all your game’s assets and store it somewhere.
When accessing the assets, recalculate the MD5 signature and check if it is equal to the one stored. If not, the assets have been tampered with.

 

These are the most common ways of hacking a game. There are of course a lot more ways someone can hack your game, but there are equally more ways of protecting it :)
If you’re any serious about the game you’re making, you should at least protect it against these hacks.

If you think I missed out on something, I’d be happy to know about it, please leave a comment.
I can help you protect your game from hacking. Please get in touch if you need any help.

About me:
I’m a Software Engineer, currently at MPL — Mobile Premier League.
When not at work, I can be found building fun products at Faiyah.
Know more about me here: http://faiyah.com/me/

Wanna get in touch? Just ping me :)
Email: [email protected]
Twitter: https://twitter.com/gognaashish
LinkedIn: https://www.linkedin.com/in/ashishgogna/


Related Jobs

Futureplay
Futureplay — Helsinki, Finland
[12.05.19]

Senior Game Programmer
Sucker Punch Productions
Sucker Punch Productions — Bellevue, Washington, United States
[12.04.19]

Camera Designer
Schell Games
Schell Games — Pittsburgh, Pennsylvania, United States
[12.04.19]

Experienced Graphics Engineer
LOKO AI
LOKO AI — Los Angeles, California, United States
[12.04.19]

Senior Unreal Engine Developer





Loading Comments

loader image