How do I prevent hackers from hacking webstorage value?

Get help using Construct 2

Post » Wed May 06, 2015 7:54 am

Simple question. As stated in the title, how do I that? Do I have to learn about PHP and MySQL?
https://itunes.apple.com/us/app/id1004254105

We bet anyone a hundred dollars if they can reach the bone on the other side of the screen! (Only on the Impossible Mode)
B
10
S
2
Posts: 122
Reputation: 1,004

Post » Wed May 06, 2015 8:10 am

good question!

i guess it depends what you're trying to secure?

currently i don't know any way to protect a webstorage value from modification,
but as aleays in client/server architecture, never trust the client
you could hash the value with md5 or similar but it all depends on what you are trying to achieve
B
9
S
2
Posts: 76
Reputation: 709

Post » Wed May 06, 2015 8:19 am

@kaiko basically I made a game to be distributed to the App Store, where there's two currencies in the game. "Coins" and "Bones".

I saw a video on youtube where an app can hack games like Temple Run, etc. Basically all the user have to do is download its app and user can change the value of the game currency by simply typing the amount of value that the user wants and tap "Enter". Yes as easy as A-B-C even my grandma could use the app.

So my goal is, I want to find a solution to this. Because I know the webstorage plugin only stores the "local key value" in the game. So is there any solution to make it harder to hack?

P/S: I don't know any programming language. So please translate your "coding" language in "english" :D
https://itunes.apple.com/us/app/id1004254105

We bet anyone a hundred dollars if they can reach the bone on the other side of the screen! (Only on the Impossible Mode)
B
10
S
2
Posts: 122
Reputation: 1,004

Post » Wed May 06, 2015 3:56 pm

Basically: turn the number(s) into letters, by use of algorithms that take a "key" phrase (e.g. "abc123") and mix with said numbers to create a more unique phrase that can only be decoded if they know said original phrase.
ImageImageImageImage
B
62
S
19
G
51
Posts: 633
Reputation: 30,826

Post » Wed May 06, 2015 4:58 pm

Worrying about hackers is like worrying about the Illuminati stealing your thoughts.
That would suggest you have thoughts worth stealing, no excess tinfoil, and time to waste worrying.
Image ImageImage
B
169
S
50
G
174
Posts: 8,327
Reputation: 110,798

Post » Wed May 06, 2015 6:03 pm

@newt hahaha, you sir got some sense of humour, haha.
@DataPawWolf Does that mean I have to learn about coding so I can turn the local value or global variable into letters?
https://itunes.apple.com/us/app/id1004254105

We bet anyone a hundred dollars if they can reach the bone on the other side of the screen! (Only on the Impossible Mode)
B
10
S
2
Posts: 122
Reputation: 1,004

Post » Wed May 06, 2015 6:18 pm

I have chewed on the same question, and presently I am planning on using an active integrity engine.

My basic idea so far is this:

1) Have a bit of JavaScript in Construct that uses the Document.InnerHtml to get all of the end user source and or at least the c2runtime.js code and wrap it up into a hash and ship it back to my server to be compared with what the c2runtime source Hash should be.
2) If the client either fails to respond to the integrity engine in the appropriate time frame or responds with a bad (e.g. modified) c2runtime hash, then the server will nullify their session and instruct the client to kick them off of the game with an error message and a customer support email to contact.

It definitely requires an active server to constantly process the hashes, which we already have up and running, but some people may not.

As far as actual data protection, anything on the server is safe.
https://www.ravenheart.ca/home
I don't check the forums much anymore, but I will receive an email for PMs.

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
22
S
6
G
1
Posts: 1,418
Reputation: 4,830

Post » Wed May 06, 2015 6:54 pm

@gumshoe2029 thats a good idea, but my question is, is there a way I can do that in construct 2?
https://itunes.apple.com/us/app/id1004254105

We bet anyone a hundred dollars if they can reach the bone on the other side of the screen! (Only on the Impossible Mode)
B
10
S
2
Posts: 122
Reputation: 1,004

Post » Wed May 06, 2015 8:49 pm

good question
how to prevent hacking webstrorage or local storage ?
and how to encrypt data (sounds and images) ?
B
46
S
16
G
8
Posts: 794
Reputation: 8,335

Post » Wed May 06, 2015 9:17 pm

If your game is mostly single player and not super popular, I would not worry too much about a small percentage of potential "hackers".

As far as actual data protection, anything on the server is safe.

No data on a PC connected to the internet is safe per se.
Visual Novel 'Engine' in 100 Events
if you ever have to choose between buying Construct 2 on scirra.com or on Steam, read this: Review
B
22
S
9
G
1
Posts: 788
Reputation: 3,788

Next

Return to How do I....?

Who is online

Users browsing this forum: Artcadev, dop2000 and 36 guests