Jump to content


Photo

Anti-hacking using maths


  • This topic is locked This topic is locked
49 replies to this topic

#1 Blue2010

Blue2010

    GMC Member

  • New Member
  • 8 posts

Posted 11 December 2011 - 04:17 AM

Recently I saw something like this to protect the valuable variables in a game, replace x with them;

Begin step;
x = (((22*x)-7)/4)+.123 (packing)

End step;
x = (((x-.123)*4)+7)/22 (unpacking)
if x is now a decimal, then we've been hacking. See below

Alright, if x is a decimal then that means that between the begin step and end step events, the variable has been modified - unless the hacker chooses an extremely random decimal and gamemaker's rounding to 2 decimal places lands a very lucky shot, the game should catch the hacker.

However (I know very little about programs that modify these variables eg Cheatengine) the hacker can change the variable during the begin step, end step or draw events and mess up this method, yes? Does this mean that if the hacker continues to try to modify variables eventually it will work? Does it also mean that the unpacking and checking should occur in the draw event, as that reduces the amount of time a hacking program can modify the variables?
Also, this method will probably slow down the game a bit (does gamemakers rounding decimals reduce the work it has to do?), so how much math would be required to still have a high probability of catching the hacker out, but retain the performance of the game itself?
I'd actually be pretty interested in the probability (with working) of the math I gave above for a variable being changed by 1 or some whole integer.
  • 0

#2 ash47

ash47

    O_o

  • GMC Member
  • 1347 posts

Posted 11 December 2011 - 06:28 AM

Idk about doing all that, personally using the XOR function is really good in terms of protecting variables, if you XOR a number by something like 5, it will go up, then back down, depending on the variable, and makes it really hard to track in stuff like cheat engine, as far as this method goes, seems pretty interesting =P
  • 0
Posted Image

Rate this topic: 0 | 1 | 2 | 3 | 4 | 5

PRESS IT
\/


#3 NakedPaulToast

NakedPaulToast

    GM Studio/Mac/Win

  • GMC Member
  • 8438 posts
  • Version:GM:Studio

Posted 11 December 2011 - 04:31 PM

Recently I saw something like this to protect the valuable variables in a game, replace x with them;

Begin step;
x = (((22*x)-7)/4)+.123 (packing)

End step;
x = (((x-.123)*4)+7)/22 (unpacking)
if x is now a decimal, then we've been hacking. See below

Alright, if x is a decimal then that means that between the begin step and end step events, the variable has been modified - unless the hacker chooses an extremely random decimal and gamemaker's rounding to 2 decimal places lands a very lucky shot, the game should catch the hacker.

However (I know very little about programs that modify these variables eg Cheatengine) the hacker can change the variable during the begin step, end step or draw events and mess up this method, yes? Does this mean that if the hacker continues to try to modify variables eventually it will work? Does it also mean that the unpacking and checking should occur in the draw event, as that reduces the amount of time a hacking program can modify the variables?
Also, this method will probably slow down the game a bit (does gamemakers rounding decimals reduce the work it has to do?), so how much math would be required to still have a high probability of catching the hacker out, but retain the performance of the game itself?
I'd actually be pretty interested in the probability (with working) of the math I gave above for a variable being changed by 1 or some whole integer.


GameMaker naturally modifies the x variable between the begin step and end step. This won't work.

GameMaker doesn't round variables to two variables, though the string function will for display purposes only.

Edited by NakedPaulToast, 11 December 2011 - 04:31 PM.

  • 0

keep_crap_150_zpsd7af69c5.png


#4 DZiW

DZiW

    GMC Member

  • GMC Member
  • 729 posts

Posted 11 December 2011 - 08:31 PM

IMO,
1) if the same number gives the same encoded result then it's rather poor approach;
2) if the sensible variables use the same mem offset then it's but useless;
3) if 'protection' makes the software rather complex or oven unstable then;
4) very few games are even worth cheating, let alone made in GM...

Anyway, just add built-in cheat and let those who really want to use it.
  • 0
YOU CREATE

#5 YellowAfterlife

YellowAfterlife

    GMC Member

  • Global Moderators
  • 4099 posts
  • Version:GM:Studio

Posted 11 December 2011 - 08:45 PM

Cheating is critical only for games where online highscores or achievements are available.

For those you may want to have 'verification' variables along with all important ones.
So you would create a script(s) like:
// score_set(value, skip) - changes score
// value - new score value
// skip - skip verification
if (!argument1) if ((score ^ 77) != score_) global.is_cheating = true;
score = argument0;
score_ = score ^ 77;
Replace '^ 77' by calculation of choice - be that division, lengthdir, or checksum.

This method leaves variable(s) well exposed, however you will know if player changed something, and take care - be that shutting the game down, resetting their score, or kicking them out just before the end of game (warning: may cause hate).
  • 0
_.gifnDCITkv.png

#6 Blue2010

Blue2010

    GMC Member

  • New Member
  • 8 posts

Posted 11 December 2011 - 10:52 PM

Ash, I don't know what you're talking about, are you saying something about 'exclusive or'?

NPT:

GameMaker naturally modifies the x variable between the begin step and end step. This won't work.

GameMaker doesn't round variables to two variables, though the string function will for display purposes only.


Why does GM modify the x variable? I really hope you're not meaning all the variables and mistook my meaning of x being co-ordinate variables...

And yeah, wow, GM doesn't actually round the decimals except when displaying them, which is a bit weird. Again, why was this done...? >_>

DZiW... please don't assume the importance of this protection to be null. Even if it was, that is not the question.

YAL: I don't really see how that helps at all?
  • 0

#7 YellowAfterlife

YellowAfterlife

    GMC Member

  • Global Moderators
  • 4099 posts
  • Version:GM:Studio

Posted 11 December 2011 - 11:08 PM

See this example. Hack score, then click a fruit.
  • 0
_.gifnDCITkv.png

#8 yourtexthere

yourtexthere

    GMC Member

  • New Member
  • 66 posts

Posted 12 December 2011 - 02:10 AM

Why do you care so much if people cheat in your game?
That's their problem if they get pleasure out of freaking CHEATING on someone's game maker game, I mean seriously...
  • -3

#9 Blue2010

Blue2010

    GMC Member

  • New Member
  • 8 posts

Posted 12 December 2011 - 02:41 AM

YAL: After re-reading that, I understand and it's a pretty good method other than a hacker aware of this could observe the trend between both variables. I like this method though. What about speed? Would the extra memory and math calculations matter much?

Why do you care so much if people cheat in your game?
That's their problem if they get pleasure out of freaking CHEATING on someone's game maker game, I mean seriously...


These comments are beginning to irritate me. Evidently you cannot conceive a possible scenario where cheating would be detrimental to other players; ie online communication. If you are not going to post something useful, please do not post at all.
  • 0

#10 YellowAfterlife

YellowAfterlife

    GMC Member

  • Global Moderators
  • 4099 posts
  • Version:GM:Studio

Posted 12 December 2011 - 05:37 AM

YAL: After re-reading that, I understand and it's a pretty good method other than a hacker aware of this could observe the trend between both variables. I like this method though. What about speed? Would the extra memory and math calculations matter much?

GameMaker changes a lot of its own variables every step. If hacker has patience to do step-by-step debugging of your game to track down second variable, figure out it's formulae, and change those at once, anti-hacking protections wouldn't protect your game anyway.
About performance - depends on operations that you perform, but in most cases not significiant (other in-game calculations are likely to take more time than it anyway). I have succesfully used Le Maire's random number generation algorithm (value_ = ((value * const1) + const2) mod const3) for this purpose in few games and it still wasn't noticable behind other calculations. Obviously, a more complex algorithm also makes it harder to track down 'protecting' variable.
  • 0
_.gifnDCITkv.png

#11 DZiW

DZiW

    GMC Member

  • GMC Member
  • 729 posts

Posted 12 December 2011 - 01:26 PM

IMO it's too much fuss about nothing: all online apps with sensible protection are server-side only. Do you copy?
Furthermore, all GM EXE are so easily ripped back as GMx/K that I don't think it's a real problem--so now you have also to check CRC/MD5 or something too, right? Go ahead and on ;)

The 'real' protection which I find really cute makes a few indirect checks, but doesn't cry out 'WOLF! WOLF!' or something, it just modifies memory a heap/data so that the app successfully crashes--every cheat is a crash.

But there's no need of it all: if one really wants he can just modify the routine or send his modified data to your server of hi-scores even without running your game. So, the only relevant criterion of hi-score is... game time?
  • 0
YOU CREATE

#12 NakedPaulToast

NakedPaulToast

    GM Studio/Mac/Win

  • GMC Member
  • 8438 posts
  • Version:GM:Studio

Posted 12 December 2011 - 02:52 PM

Why does GM modify the x variable? I really hope you're not meaning all the variables and mistook my meaning of x being co-ordinate variables...



Yes I interpreted your use of the x variable as the co-ordinate. That's what the x variable represents.

And yeah, wow, GM doesn't actually round the decimals except when displaying them, which is a bit weird. Again, why was this done...?

For convenience. Take the default of two decimal points or use string_format if you want to control the number of decimal points.
  • 0

keep_crap_150_zpsd7af69c5.png


#13 Erik Leppen

Erik Leppen

    GMC Member

  • GMC Member
  • 2651 posts
  • Version:GM:Studio

Posted 12 December 2011 - 07:56 PM

Begin step;
x = (((22*x)-7)/4)+.123 (packing)

End step;
x = (((x-.123)*4)+7)/22 (unpacking)
if x is now a decimal, then we've been hacking.


I need to place a word of warning here, because GM cannot exactly represent the number 0.123. The reason is that computers work in binary and the decimal fraction 0.12310 is in fact the binary fraction
0.00011111011111001110110110010001011010000111001010110000001000001100010010011011101001011110001101010012
in binary (the undelined part is the period, should be overlined instead of underlined).
So GM will round this number, it will not be exactly decimal 0.123 anymore. It may only differ for 2-53 (I believe), but a difference that small will make x into a decimal (because 256.000000000000001 is a decimal).

For this reason I'm always cautious with floating point arithmetic and I prefer integer arithmetic for those kinds of things.
  • 0

promo_briquidmini_500x150.png


#14 Blue2010

Blue2010

    GMC Member

  • New Member
  • 8 posts

Posted 13 December 2011 - 01:41 AM

Why does GM modify the x variable? I really hope you're not meaning all the variables and mistook my meaning of x being co-ordinate variables...



Yes I interpreted your use of the x variable as the co-ordinate. That's what the x variable represents.


Recently I saw something like this to protect the valuable variables in a game, replace x with them;


Erik, that's actually really interesting, so you're saying that I should use something 'nice' for binary? I'ma test that out...

Anyway thanks a lot YellowAfterlife, your points are most helpful.
  • 0

#15 DZiW

DZiW

    GMC Member

  • GMC Member
  • 729 posts

Posted 18 December 2011 - 07:21 PM

IMO the only modern way to obfuscate something against cheating is custom encoding and dynamic constantly changing address, but some advanced cheat engines (e.g. ArtMoney) have plenty of methods (like search for formula, coded value, unknown, memory damp, structure, pointer, filesearch, with full process session data and control /pause-resume, save-load/ etc) which make even almost any 'protection' futile.

For onstance, in my demo I used hack-revealing method of 'score/time' aspect where time value was encoded with fingeprints (e.g. '24-Hh' and '60-Mm'), so I could check the pseudo-CRC and assess allegedly time spent. The point is when one sees the formula then it's more than trivial to use math-reversal: a friend of mine once showed me how hacked hi-score sending routine without real hacking - just via ol' TCP_VIEW!

Yet I would like to make a compliment to you: if at least someone really wanted to hack your GM game then it must be something really worthy ;)
  • 0
YOU CREATE

#16 TamoNekiTipo

TamoNekiTipo

    Centurion

  • Banned Users
  • 51 posts
  • Version:GM8

Posted 11 January 2012 - 09:28 PM

I just divide the variable by 2, and then multiply it by 2.
It's simple and it sure covers the variable in Cheat Engine.

Press that button and you'll get a cookie! ⇊
No seriously, I need some thumbs ups⇊


#17 loverock125

loverock125

    GMC Member

  • GMC Member
  • 1830 posts
  • Version:GM8.1

Posted 12 January 2012 - 01:07 AM

As 'YellowAfterLife' said:

Cheating is critical only for games where online highscores or achievements are available.


So if you are going to have online highscores, you might as well use a server and have the important variables stored by the server.
Otherwise the safest way in my opinion is encryption but I don't really see the point of having so much protection for simple single-player games.

Also keep in mind that everything can be hacked.


Edit: If Game Maker stores data in RAM at the exact moment when you assign a value to a variable (I'm 99% sure that this is what it does), then I believe that to determine what time Cheat Engine can capture variables you would need to know in what order the CPU executes the commands (GameMaker's first or Cheat Engine's). If Cheat Engine captures data directly from RAM, and Game Maker stores data immediately in RAM then you would need to find out which program's commands are executed first.

Edited by loverock125, 12 January 2012 - 01:16 AM.

  • 0

#18 jonathanz

jonathanz

    GMC Member

  • GMC Member
  • 86 posts
  • Version:Unknown

Posted 27 February 2012 - 08:46 PM

Cheat engine has been made to edit variables in games that DO have randomizers
Thus the anti randomizer function which would help for code injections.

What you wanna do is:

-When the game is paused varibles add a random number which is stored and minus off when unpaused (I say this because if the change is constant during the pause it will be very easy, for obvious reasons)

-Have two varible to represent one. Eg, money have coins and cents.. Once cents equals 100, it is sent to 0 and we then have a coin.
If the player doesnt know this is happening since the score will be reprensented visually as something different, we have our solution.

Edited by jonathanz, 27 February 2012 - 08:52 PM.

  • 0
Gm since '04 Gmc since '06
Nz

#19 jonathanz

jonathanz

    GMC Member

  • GMC Member
  • 86 posts
  • Version:Unknown

Posted 20 March 2012 - 10:40 PM

Packing every step is not needed and wastes cpu. Every 5 steps is fine.. 5 times faster!
  • 0
Gm since '04 Gmc since '06
Nz

#20 Primoz128

Primoz128

    GMC Member

  • GMC Member
  • 312 posts
  • Version:GM:Studio

Posted 29 April 2012 - 10:29 AM

How about you xor it then use the first post's method, then when unpacking use the anti method and then xor it.

Was this a good suggestion or no ?

Edited by Primoz128, 29 April 2012 - 10:36 AM.

  • 0

#21 creators124

creators124

    awesomeliciousmember

  • GMC Member
  • 866 posts
  • Version:GM8

Posted 29 April 2012 - 03:56 PM

Cheating is critical only for games where online highscores or achievements are available.

For those you may want to have 'verification' variables along with all important ones.
So you would create a script(s) like:

// score_set(value, skip) - changes score
// value - new score value
// skip - skip verification
if (!argument1) if ((score ^ 77) != score_) global.is_cheating = true;
score = argument0;
score_ = score ^ 77;
Replace '^ 77' by calculation of choice - be that division, lengthdir, or checksum.

This method leaves variable(s) well exposed, however you will know if player changed something, and take care - be that shutting the game down, resetting their score, or kicking them out just before the end of game (warning: may cause hate).

As I go through this thread I see that YAL's way seems promising!
But after trying out his example I used Cheat Engine to use code injection on it and deleted the little pieces of code the made the checking and I changed it a will. :P
after that I think making an anti-hackable game is impossible!(except server-sided games)!
  • 0
Posted ImageRate this topic:0 | 1 | 2 | 3 | 4 | 5

#22 Fledermann

Fledermann

    GMC Member

  • New Member
  • 9 posts
  • Version:GM8

Posted 21 May 2012 - 03:44 PM

after that I think making an anti-hackable game is impossible!(except server-sided games)!


Yes, that is a true fact. When the client, i.e. the game, is under the player's control, he or she is free to manipulate anything. They don't even need the game, since they only have to send some data which will be accepted by the server.

There is a reason that the billion dollar video game industry couldn't come up with any reliable client-based cheat protection. It's not possible.

Fledermann
  • 0

#23 cotycrg

cotycrg

    GMC Member

  • GMC Member
  • 873 posts
  • Version:GM:Studio

Posted 27 May 2012 - 02:05 PM

What about making two seperate variables..

x1=40;
x2=30;

And when you need to call them..

x3=x1+x2;

Imagine a player trying to figure out that one.

Or even go further, with like x1, x2, x3, x4, etc. But either way.. if the game is online (which is really the only place where you need to be worried about cheating), then just make all sensitive variables and sensitive calculations server-side. ;)
  • 0

#24 creators124

creators124

    awesomeliciousmember

  • GMC Member
  • 866 posts
  • Version:GM8

Posted 27 May 2012 - 05:30 PM


after that I think making an anti-hackable game is impossible!(except server-sided games)!


Yes, that is a true fact. When the client, i.e. the game, is under the player's control, he or she is free to manipulate anything. They don't even need the game, since they only have to send some data which will be accepted by the server.

There is a reason that the billion dollar video game industry couldn't come up with any reliable client-based cheat protection. It's not possible.

Fledermann

ok thanks for the info yeah no wonder there are an extensively amount of people wanting to hack those the billion dollar video games! :o

What about making two seperate variables..

x1=40;
x2=30;

And when you need to call them..

x3=x1+x2;

Imagine a player trying to figure out that one.

Or even go further, with like x1, x2, x3, x4, etc. But either way.. if the game is online (which is really the only place where you need to be worried about cheating), then just make all sensitive variables and sensitive calculations server-side. ;)

now about that:
  • If I had CE(cheat enigne) right now I could get both those values!
  • I could easily debug the value from the last value.
  • after debugging I could debug even more and then find all the values.
  • then after confirmation, I'll hack the speed and literally code inject all of them to give me around 999999 value!Posted Image
but sorry to say your way seems destroy-able, unless you could provide a .gmk or .exe were I could see if your way isn't destroy-able! Posted Image
sorry I used CE before but now CE is off my computer! Posted Image
  • 0
Posted ImageRate this topic:0 | 1 | 2 | 3 | 4 | 5

#25 TheouAegis

TheouAegis

    GMC Member

  • GMC Member
  • 11001 posts
  • Version:GM8

Posted 27 May 2012 - 06:39 PM

There are also some program out there that would let you just read the assembly code anyway, telling you what steps were taken to encrypt and then decrypt. If you really wanna make it difficult to crack, do it Castlevania 3's method. The decryption process is literally 3x longer than the encryption process. Arithmetic hashing to the extreme.

But yeah, if your decryption code is just the encryption code in reverse, that's easy-peasy to crack.
  • 0
"Do not think about where you want to be and how to get there; think about what you want to do and how to do it." -Theou Aegis

#26 halfmaster1

halfmaster1

    GMC Member

  • GMC Member
  • 166 posts
  • Version:Unknown

Posted 21 June 2012 - 08:56 PM

I don't know much about hacking, but, where a needs to be protected,

End step:

b=a;c=b,d=c,e=d

Begin step:

if!(a==b&&b==c&&c==d&&d==e)
{HACKER!}

The they need to change 5 variables at the same time.
  • 0

#27 loverock125

loverock125

    GMC Member

  • GMC Member
  • 1830 posts
  • Version:GM8.1

Posted 21 June 2012 - 10:34 PM

The they need to change 5 variables at the same time.


Which is what they usually do.
  • 1

#28 creators124

creators124

    awesomeliciousmember

  • GMC Member
  • 866 posts
  • Version:GM8

Posted 21 June 2012 - 11:16 PM

I don't know much about hacking, but, where a needs to be protected,

End step:

b=a;c=b,d=c,e=d

Begin step:

if!(a==b&&b==c&&c==d&&d==e)
{HACKER!}

The they need to change 5 variables at the same time.

I could find all those variables numbers and change all of them at the same time! (hold CTRL+mouse click to select more than one Posted Image)
sorry but that is way to easy. Posted Image
plus if I happen to change "b" it'll never make the statement false. Posted Image
  • 0
Posted ImageRate this topic:0 | 1 | 2 | 3 | 4 | 5

#29 ramses12

ramses12

    6

  • GMC Member
  • 5769 posts
  • Version:GM8.1

Posted 22 June 2012 - 04:26 PM

There is a reason that the billion dollar video game industry couldn't come up with any reliable client-based cheat protection. It's not possible.

I wonder why would it be useless to prevent hacking using an over-complicated big fat bunch of data. I'm talking about 500 checksums changing in memory every second, each with a different algorithm and each processing a combination of actual data with pseudo-random generation, and not some cheap algorithm which can be human-read by a little reverse engineering, but some 1k Assembly instruction block.
Obviously, the processing power I described might be too much for a game's purpose, but when you have a big budget, you can make such thing, at a decent resource consumption and still big and bad enough to prevent a human from being able to crack it.
  • 0

#30 famous

famous

    GMC Member

  • GMC Member
  • 170 posts
  • Version:Unknown

Posted 22 June 2012 - 06:28 PM

No Debels is posting here? Posted Image
  • 0
An oversized signature with elements unreadable in light theme:

#31 loverock125

loverock125

    GMC Member

  • GMC Member
  • 1830 posts
  • Version:GM8.1

Posted 23 June 2012 - 12:11 AM

There is a reason that the billion dollar video game industry couldn't come up with any reliable client-based cheat protection. It's not possible.

I wonder why would it be useless to prevent hacking using an over-complicated big fat bunch of data. I'm talking about 500 checksums changing in memory every second, each with a different algorithm and each processing a combination of actual data with pseudo-random generation, and not some cheap algorithm which can be human-read by a little reverse engineering, but some 1k Assembly instruction block.
Obviously, the processing power I described might be too much for a game's purpose, but when you have a big budget, you can make such thing, at a decent resource consumption and still big and bad enough to prevent a human from being able to crack it.


I wonder why would a billion dollar video game industry need to do this to prevent humans from cracking their client.
  • 0

#32 creators124

creators124

    awesomeliciousmember

  • GMC Member
  • 866 posts
  • Version:GM8

Posted 23 June 2012 - 01:44 AM


There is a reason that the billion dollar video game industry couldn't come up with any reliable client-based cheat protection. It's not possible.

I wonder why would it be useless to prevent hacking using an over-complicated big fat bunch of data. I'm talking about 500 checksums changing in memory every second, each with a different algorithm and each processing a combination of actual data with pseudo-random generation, and not some cheap algorithm which can be human-read by a little reverse engineering, but some 1k Assembly instruction block.
Obviously, the processing power I described might be too much for a game's purpose, but when you have a big budget, you can make such thing, at a decent resource consumption and still big and bad enough to prevent a human from being able to crack it.


I wonder why would a billion dollar video game industry need to do this to prevent humans from cracking their client.

I agree with him!
ALL THEY NEED TO DO IS HAVE AN EXTREMELY SECURE CONNECTION!
not secure the client, the hackers can screw the client till it is not usable, and what do they care. xD
they only need to protect the files from being transfer able but it is too hard! :P

any ways I'll just use Debels anti-hack extension. (gm: studio extension for windows too)
instead of using a long piece of math that has to be used constantly and possibly slow the game down excessively!

ok proven wrong by Y.A.L. and his brilliance!
should stop posting late at night. Posted Image

Edited by creators124, 23 June 2012 - 04:49 AM.

  • 0
Posted ImageRate this topic:0 | 1 | 2 | 3 | 4 | 5

#33 YellowAfterlife

YellowAfterlife

    GMC Member

  • Global Moderators
  • 4099 posts
  • Version:GM:Studio

Posted 23 June 2012 - 02:59 AM

I generally try to keep away from this topic, since it's initially and ultimately silly (discussion should have worn off ages ago), but this is starting to be unbearable.

any ways I'll just use Debels anti-hack extension. (gm: studio extension for windows too)
instead of using a long piece of math that has to be used constantly and possibly slow the game down excessively!

instead of using a long piece of math that has to be used constantly and possibly slow the game down excessively!

What are you saying?
Did you even bother to check your facts before posting that?
Do you think that your liked extension works on magic and fairies?
Nope, still a piece of GML. Maybe 3 pieces of GML. It's even stated in topic.
For curiosity reasons, below is source of current version of extension, edited to this state in as much as 14 minutes.

Using functions as actual scripts, user events, or inline code reduces execution overhead.
Editing values makes system harder to find in memory.


Understanding the principle allows to make your own functions, to provide more or less levels of protection, depending on how precious a variable is.
For HTML5 games, it is also possible to utilize nature of JavaScript to create extension functions in realtime, making job of tracking down anti-hack check equivalent to finding a needle (~10..20B) in haystack (300+KB).

So, where this is going - please proof-read your posts and facts that you are presenting as truth, to avoid telling nonsense.

Edited by Nocturne, 14 July 2012 - 06:14 AM.

  • 0
_.gifnDCITkv.png

#34 Schyler

Schyler

    Noskcirderf Derf

  • GMC Member
  • 2679 posts
  • Version:GM:Studio

Posted 24 June 2012 - 10:45 AM

- Hook Read/WriteProcessMemory
- Check for IsDebuggerPresent calls, hook it, and check its integrity beforehand (check for the header int3 instruction)
- Intercept LoadLibrary calls to external .dll modules so nothing can get inside your process to undo your work (google; dll injection)

That should be enough to stop anyone from hacking anything. I guess for added security you could CRC your whole module or use a HWBP on the header of GM's interpreter to check the CRC of the page which stores all the variables before each step.

Edited by Schyler, 24 June 2012 - 10:47 AM.

  • 0

#35 smash ball

smash ball

    Volcanic Light

  • GMC Member
  • 2389 posts
  • Version:GM:Studio

Posted 26 June 2012 - 02:17 AM

For saving and loading, I always figured you could store a few variables for a few lines. After a few lines you could then store a fake variable, like if you multiply a previous variable or a 'to be stored' variable by a number or something. By having quite a few of these fake variables in a save file, it makes the hacker work a lot harder to figure out what everything is. (upon loading, you would check the variables to see if it was hacked. Doesn't fool-proof it of course, but it makes it a great deal harder)

Of course, that's just what I would do to prevent save file hacking. Seems logical to me.
  • 0

#36 DZiW

DZiW

    GMC Member

  • GMC Member
  • 729 posts

Posted 26 June 2012 - 08:58 PM

As far as cheat engines rely on standard and inverted value types in memory I see two way to combine: locked file logging AND nonstandard types. However, as far as GM is but a univar IDE, I think it's more than trivial to uncork it, unfortunately.

I've just played a little with Artmoney Pro and found out that random pointers are rather difficult to track down and Flash is so heavily encoded against cracking, but it's not the case with GM, although its authorities naively stated they soon would improve GM anti-decompiling protection (nice try!) and if I remember correctly there were a few vague statements regarding better anti-hacking protection (just another lie!).

As for me, I think that it's always possible to hack a game, but I found a few games where hacking almost didn't change anything or even made gameplay worser, but it's usually about cardgames or where one's stats and money is correlated with monsters'. For example, what is the use to have infinite Fire cards when CPU keeps spamming you with Earth ones? Or what is the use to change one's level to, say, 99 if all monsters will re-adapt? Nay!
  • 0
YOU CREATE

#37 Stabbast

Stabbast

    GMC Member

  • New Member
  • 99 posts

Posted 02 July 2012 - 08:40 PM

it is always possible to crack disassemble and decompile anything... common misconception is that its not possible to crack literally anything ,but there are always ways to make it a little more time consuming and difficult. Byte code, Machine code, Assembly language, |EAX|EBX|ECX|EDX|ESI|EDI|EBP|ESP|EIP|, Lowest common bit, Highest common bit, Statistical array algorithms etc... etc... You could look into Steganography and Cryptography hiding information in and out of other external files can make things rather annoying for people trying to use resources and such even get rid of some of the unnecessary file slack...
-Got to know your algorithms!-
1) Injection (suspicious because of the content-unrelated file size increment)...
2) Generation (suspicious because of the traceability of the generated carriers)...
3) Ancillary data and metadata substitution...
4) LSB or adaptive substitution...
5) Frequency space manipulation...
6) Randomly generated GIC(s)...
Really big thing is don't make general hash(s) or to short of keys...
If you want to know more take a computer forensics class...
I know that YellowAfterLife is actually right about using the functions as actual scripts. It is kind of a ridiculous comment though... The biggest game companies in the world play hell trying to keep people from reverse engineering and still fail horribly... The good news is that generally your average Neophyte or Script Kiddie does not understand how to do really any of that ,and everyone else doesn't really care
// 99.999999% of the time...

Edited by Stabbast, 03 July 2012 - 03:11 AM.

  • 0

#38 Boreal

Boreal

    C++ Wackjob

  • GMC Member
  • 417 posts
  • Version:None

Posted 03 July 2012 - 09:23 PM

What I don't understand is why you guys care about client-side hacking, because it's only relevant in single player (unless you use a naive server - bad idea). A more interesting and practical topic is detecting and rejecting aimbots.

In fact, I'd like to give my players the freedom to mess with their personal game data. Games can be made more fun if you can have a minigun with infinite explosive ammunition.

Edited by Boreal, 03 July 2012 - 09:25 PM.

  • 2

#39 Stabbast

Stabbast

    GMC Member

  • New Member
  • 99 posts

Posted 05 July 2012 - 11:58 PM

yeah... I'd be more worried about people trying to hack online game play then anything ,and in that case I'd make encryption a priority!
  • 0

#40 Debels

Debels

    GMC Member

  • GMC Member
  • 2792 posts
  • Version:GM:Studio

Posted 14 July 2012 - 03:53 AM

I generally try to keep away from this topic, since it's initially and ultimately silly (discussion should have worn off ages ago), but this is starting to be unbearable.


any ways I'll just use Debels anti-hack extension. (gm: studio extension for windows too)
instead of using a long piece of math that has to be used constantly and possibly slow the game down excessively!

instead of using a long piece of math that has to be used constantly and possibly slow the game down excessively!

What are you saying?
Did you even bother to check your facts before posting that?
Do you think that your liked extension works on magic and fairies?
Nope, still a piece of GML. Maybe 3 pieces of GML. It's even stated in topic.
For curiosity reasons, below is source of current version of extension, edited to this state in as much as 14 minutes.

Using functions as actual scripts, user events, or inline code reduces execution overhead.
Editing values makes system harder to find in memory.
Understanding the principle allows to make your own functions, to provide more or less levels of protection, depending on how precious a variable is.
For HTML5 games, it is also possible to utilize nature of JavaScript to create extension functions in realtime, making job of tracking down anti-hack check equivalent to finding a needle (~10..20B) in haystack (300+KB).

So, where this is going - please proof-read your posts and facts that you are presenting as truth, to avoid telling nonsense.

Now that's really wrong, releasing the source code of my extension un-obusfated is really .... (not going to say the word), Would you like if i crack your games or applications and release the source code for every one?, I think not.

So please stop doing this kind of things >.>
  • 0

Stop Email spamming and start + button spamming  :thumbsup:

Note: I'm a direct person, some of my posts might sound as insults or similar, but I can assure they aren't :)

Note 2: Don't ask me to spoon feed you answers -_-


#41 Yourself

Yourself

    The Ultimate Pronoun

  • GMC Elder
  • 7352 posts
  • Version:Unknown

Posted 14 July 2012 - 02:00 PM

Would you like if i crack your games or applications and release the source code for every one?, I think not.


I don't think I'd actually care. Seriously, what difference would it make? Now people can modify it, so what? Are you worried that someone might modify it and make it better? If so why didn't you make it better in the first place?
  • 0

#42 Debels

Debels

    GMC Member

  • GMC Member
  • 2792 posts
  • Version:GM:Studio

Posted 14 July 2012 - 02:05 PM

Would you like if i crack your games or applications and release the source code for every one?, I think not.


I don't think I'd actually care. Seriously, what difference would it make? Now people can modify it, so what? Are you worried that someone might modify it and make it better? If so why didn't you make it better in the first place?


No, I'm not worried about anything of that :P, Just that i don't like people doing this, if they want the code to improve it or such, they can ask for it, not steal it >.<

Note: That's the first version of the Anti-Hack System based on pure GML, the next version (which I'm currently working on), will be C++ based with more Anti-Hacking things :)

Edited by Debels, 14 July 2012 - 02:07 PM.

  • 0

Stop Email spamming and start + button spamming  :thumbsup:

Note: I'm a direct person, some of my posts might sound as insults or similar, but I can assure they aren't :)

Note 2: Don't ask me to spoon feed you answers -_-


#43 exilus95

exilus95

    GMC Member

  • New Member
  • 7 posts

Posted 19 August 2012 - 10:30 AM

How about you xor it then use the first post's method, then when unpacking use the anti method and then xor it.

Was this a good suggestion or no ?


if the game is online, server data for example : HP = 100 in server saved, if the client HP is not same the server HP detect hack and kick the player out of the server, using the server to check the client variables, that server always having match the variable (i mean important for people hacking) with client so can detect the hackers. Is that work?
  • 0

#44 Debels

Debels

    GMC Member

  • GMC Member
  • 2792 posts
  • Version:GM:Studio

Posted 19 August 2012 - 07:54 PM


How about you xor it then use the first post's method, then when unpacking use the anti method and then xor it.

Was this a good suggestion or no ?


if the game is online, server data for example : HP = 100 in server saved, if the client HP is not same the server HP detect hack and kick the player out of the server, using the server to check the client variables, that server always having match the variable (i mean important for people hacking) with client so can detect the hackers. Is that work?


Well, Your technique is good, just that some times the server and client don't have the same data when you didn't hack it, for example data lost.

So i would recommend keeping a count that when reaches a number for example 3 he gets kicked and banned or just kick him the first time, but a lot of people could be banned accidentally in the suggestion you putted :P

Edited by Debels, 19 August 2012 - 07:55 PM.

  • 0

Stop Email spamming and start + button spamming  :thumbsup:

Note: I'm a direct person, some of my posts might sound as insults or similar, but I can assure they aren't :)

Note 2: Don't ask me to spoon feed you answers -_-


#45 exilus95

exilus95

    GMC Member

  • New Member
  • 7 posts

Posted 20 August 2012 - 12:52 AM



How about you xor it then use the first post's method, then when unpacking use the anti method and then xor it.

Was this a good suggestion or no ?


if the game is online, server data for example : HP = 100 in server saved, if the client HP is not same the server HP detect hack and kick the player out of the server, using the server to check the client variables, that server always having match the variable (i mean important for people hacking) with client so can detect the hackers. Is that work?


Well, Your technique is good, just that some times the server and client don't have the same data when you didn't hack it, for example data lost.

So i would recommend keeping a count that when reaches a number for example 3 he gets kicked and banned or just kick him the first time, but a lot of people could be banned accidentally in the suggestion you putted :P


let see, server still doing his job, and client also ,client should be using the second variable to collect the main variable(player will hacking),for example: 1st variable (for gaming),2rd variable(collect the 1st) and the 2rd variable should be using other way to protect it like make all the alphables turn them into number like (a-z it mean 1-26number)example<<<. and when the server is lost data,waiting reconnect so after reconnect tell the server variable i have saved (2rd variable),when server get the 2rd variable, in server turn the variable into the words and get the variable match with server, if not match(kick his butt).

second way is server control everything like, client send msg to server say, exilus4 go (3,4) inside the server the player name exilus4 will go to (3,4), client:player get 100$ at position of (5,6),so inside the server name exilus4 will do the action(get 100$ at position of (5,6).)<<< i dun know that works or not,becouse if the game more than 10k+ will server become lag? i dun know that i never try it before(becouse i never had 10k player inside my game =.=0).
  • 0

#46 Debels

Debels

    GMC Member

  • GMC Member
  • 2792 posts
  • Version:GM:Studio

Posted 20 August 2012 - 12:59 AM

let see, server still doing his job, and client also ,client should be using the second variable to collect the main variable(player will hacking),for example: 1st variable (for gaming),2rd variable(collect the 1st) and the 2rd variable should be using other way to protect it like make all the alphables turn them into number like (a-z it mean 1-26number)example<<<. and when the server is lost data,waiting reconnect so after reconnect tell the server variable i have saved (2rd variable),when server get the 2rd variable, in server turn the variable into the words and get the variable match with server, if not match(kick his butt).

second way is server control everything like, client send msg to server say, exilus4 go (3,4) inside the server the player name exilus4 will go to (3,4), client:player get 100$ at position of (5,6),so inside the server name exilus4 will do the action(get 100$ at position of (5,6).)<<< i dun know that works or not,becouse if the game more than 10k+ will server become lag? i dun know that i never try it before(becouse i never had 10k player inside my game =.=0).


Well thats what i do in my games and so far no lag at all (Had 100 users online at once testing, i know its not much yet its good for testing).

And i just made a system that keeps track of the users that are black listed for example: exilus4 randomly got $1 million, then I keep track of his HWID (Hardware Identification) and his IP also to patch the bug easily.

I will soon make a Server and Client example with full security. (Of course like all example at the first time it might have some bugs or glitches that i will fix).
  • 0

Stop Email spamming and start + button spamming  :thumbsup:

Note: I'm a direct person, some of my posts might sound as insults or similar, but I can assure they aren't :)

Note 2: Don't ask me to spoon feed you answers -_-


#47 exilus95

exilus95

    GMC Member

  • New Member
  • 7 posts

Posted 20 August 2012 - 01:53 AM

oh that nice i pretty sure your project will finish soon and become a famouse game :)
  • 0

#48 Debels

Debels

    GMC Member

  • GMC Member
  • 2792 posts
  • Version:GM:Studio

Posted 20 August 2012 - 04:11 AM

oh that nice i pretty sure your project will finish soon and become a famouse game :)


Thanks :), The thing is that i dedicated like 2 months learning Anti-Hacking, So i can find the solution of a hacking problem quite fast, because till the moment all the hacks that i know off i can patch them :D

If someone is interested in learning some Game Anti-Hacking, Please Post your message here or Send me a Private Message and i will answer ASAP.

Note i will release a Game Protection Website within my Gaming Central, explaining how to patch hacks people talk request (like asking how to stop some hack) :)
  • 0

Stop Email spamming and start + button spamming  :thumbsup:

Note: I'm a direct person, some of my posts might sound as insults or similar, but I can assure they aren't :)

Note 2: Don't ask me to spoon feed you answers -_-


#49 exilus95

exilus95

    GMC Member

  • New Member
  • 7 posts

Posted 21 August 2012 - 03:17 PM


oh that nice i pretty sure your project will finish soon and become a famouse game :)


Thanks :), The thing is that i dedicated like 2 months learning Anti-Hacking, So i can find the solution of a hacking problem quite fast, because till the moment all the hacks that i know off i can patch them :D

If someone is interested in learning some Game Anti-Hacking, Please Post your message here or Send me a Private Message and i will answer ASAP.

Note i will release a Game Protection Website within my Gaming Central, explaining how to patch hacks people talk request (like asking how to stop some hack) :)

That sounds great so i would like to 'visit ' your website, and one more question, if you using the 39dll, so i wanted to ask something. so 39.dll is the dll for online that means server/client,the another i think to protect the data hacking,so client set byte 1 = get money 100 from position(1,1) same as server so when the client click the money at position(1,1) then send byte 1 to server , server has recive, then send a byte 2 to answer[byte 2 = add money 100 to the player] ,client recive the byte 2 same also inside the client byte 2 set is get 100money. it that easy an fast to protecting and decrease the delay of sending command to client?if you cant clearly understand what im talking about please look down.


Setting the Byte command
byte 1 = get money 100 at (1,1)
byte 2 = get money 100

Server
recive byte 1 from the player Exilus4
send back the byte 2 to Exilus4

Client
send byte 1 to server
recive byte 2 from server, and do the action

Is that great for Online function? i mean this way is easy to command something between the client and server

About Protecting Data(Anti hack)
The most important to protect is the byte, becouse everything is under the byte command and the command, and also the command in server or client.
  • 0

#50 Debels

Debels

    GMC Member

  • GMC Member
  • 2792 posts
  • Version:GM:Studio

Posted 21 August 2012 - 03:41 PM

That sounds great so i would like to 'visit ' your website, and one more question, if you using the 39dll, so i wanted to ask something. so 39.dll is the dll for online that means server/client,the another i think to protect the data hacking,so client set byte 1 = get money 100 from position(1,1) same as server so when the client click the money at position(1,1) then send byte 1 to server , server has recive, then send a byte 2 to answer[byte 2 = add money 100 to the player] ,client recive the byte 2 same also inside the client byte 2 set is get 100money. it that easy an fast to protecting and decrease the delay of sending command to client?if you cant clearly understand what im talking about please look down.


Setting the Byte command
byte 1 = get money 100 at (1,1)
byte 2 = get money 100

Server
recive byte 1 from the player Exilus4
send back the byte 2 to Exilus4

Client
send byte 1 to server
recive byte 2 from server, and do the action

Is that great for Online function? i mean this way is easy to command something between the client and server

About Protecting Data(Anti hack)
The most important to protect is the byte, becouse everything is under the byte command and the command, and also the command in server or client.

Well basically, Anything is hackeable, but the difference is how complex it is to crack it, so in the example you mentioned above to make it secure the server has to find the source of that 100 money he got, for example: Where did he get it?, So its better that the client sends a command to the server that Exilus4 wants to grab money thats next to him, then the server checks if theres such money next to him and if there is then it will add the money server side and send the amount to the client so the client adds it.

Another recommendation is having 2 base encryption passwords for example:
The password for Client to Server is "CDG21370HJNHN!$@#*(JHMFJT"
The password for Server to Client is "GHJG^&*^&BGHBMe4546GJHG"

Be sure to constantly change the password, lets say each update in both client and server.
  • 0

Stop Email spamming and start + button spamming  :thumbsup:

Note: I'm a direct person, some of my posts might sound as insults or similar, but I can assure they aren't :)

Note 2: Don't ask me to spoon feed you answers -_-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users