How do I prevent hackers from hacking webstorage value?

Get help using Construct 2

Post » Thu Jul 28, 2016 3:14 pm

Whiteclaws wrote:If you hardcode an encryption key in your C2 apk, they just have to look into your source with apk http://www.javadecompilers.com/apk and they can find it and decrypt anything you encrypted


That's true, but there's already a need for source digging, so it's much less "hackers". Still you can make combined salt key which will discourage another part of "hackers". But after all it's a client side... the app is in player's hands so smart guy can do whatever he wants. Again I wouldn't worry about this minority. You will spend more time/money by trying to secure your app on this level than by letting them cheat a bit.
ImageImageImage
B
31
S
19
G
82
Posts: 1,038
Reputation: 46,205

Post » Thu Jul 28, 2016 3:18 pm

@BackendFreak , If he wants a currency, with real money purchases and such, He'll have to implement the whole package, with SSL, and a webserver, otherwise, his currency won't have a value client-wise as anybody who doesn't want to pay for it just has to download "L33tHakz.apk" and can bypass any IAPs

If his game even gets remotely popular & charges money for features, there'll be hackers, but if it's clientwise level unlocking or nothing related to IRL currency, I wouldn't worry at all.
B
42
S
17
G
17
Posts: 2,247
Reputation: 17,481

Post » Thu Jul 28, 2016 7:40 pm

@newt Illuminatis doesn't exist. But is not a waste of time worrying about security.
@ondraayyy The answer is that isn't 100% secure an database, and is very less secure a storage that is in local computer of the hipotetic hacker! Store data that you don't want be hacked in computer is tongue. If you want make the hack hard, use PHP with MySQL.
If your game is multiplayer, you can't prevent local data (such as movements and obstacle objects) being tweaked, then as @gumshoe2029 said you need create a integrity engine that validates runtime with hash, like Combat Arms does.
Liked something I say?
Tip. My Bitcoin address: 1PLaeKmXQ8vEdGGJqXMq3KyB8hxeddxeSv
B
28
S
9
G
4
Posts: 359
Reputation: 4,246

Post » Thu Jul 28, 2016 7:48 pm

DaniellMesquita wrote:@newt Illuminatis doesn't exist. But is not a waste of time worrying about security.
@ondraayyy The answer is that isn't 100% secure an database, and is very less secure a storage that is in local computer of the hipotetic hacker! Store data that you don't want be hacked in computer is tongue. If you want make the hack hard, use PHP with MySQL.
If your game is multiplayer, you can't prevent local data (such as movements and obstacle objects) being tweaked, then as @gumshoe2029 said you need create a integrity engine that validates runtime with hash, like Combat Arms does.


Says the guy with adfly links in his signature.
Let's ask @Tom if those are in policy shall we?
Image ImageImage
B
172
S
50
G
183
Posts: 8,439
Reputation: 115,597

Post » Thu Jul 28, 2016 8:01 pm

@ondraayyy if you're with Chuck Norris in mind and want made a hardcore system, you can use the blockchain/sidechain technologies. IBM have a repo in GitHub with the blockchain technology in Javascript if you want implement it. I say the same for all that want do a top-level security for a game/app. Oh, Ethereum cryptocurrency have a Apps API.
@newt a pessoal question (adfly in my signature) is your argument? Why be inflamed because I've contraried you about Illuminatis? You think beautifull share a SantaClaus-like conspiration theory? You think beautifull mention Tom in a topic that don't have relation with they? You're being kid and forcing the things. I suggest you a psichanalist. If you want boicot me, contact Tom directly (wich is less inpolite than force mention), like you does in this topic: http://web.archive.org/web/201607281932 ... p?t=179787
"Says the guy with adfly links in his signature"
Here's your post that I'm replying: http://web.archive.org/web/201607282001 ... &p=1057509
Your "argument" can't invalidate what I've spell. If the inexistence of Illuminatis make you angry, we can't do anything.
Here is not a topic for pessoal discussions, but you've started it. And I want this offtopic ends here.
Liked something I say?
Tip. My Bitcoin address: 1PLaeKmXQ8vEdGGJqXMq3KyB8hxeddxeSv
B
28
S
9
G
4
Posts: 359
Reputation: 4,246

Post » Thu Jul 28, 2016 8:10 pm

@ondraayyy for mobile games or a game directed for a emergent country - if you want implement BTC like technology - download the blockchain isn't good for users. Then, you can implement a Electrum "wallet"/server like system.
Liked something I say?
Tip. My Bitcoin address: 1PLaeKmXQ8vEdGGJqXMq3KyB8hxeddxeSv
B
28
S
9
G
4
Posts: 359
Reputation: 4,246

Post » Thu Jul 28, 2016 8:17 pm

Don't worry the illuminati always show themselves.
DaniellMesquita's obviously knows what he's talking about.
Image ImageImage
B
172
S
50
G
183
Posts: 8,439
Reputation: 115,597

Post » Fri Jul 29, 2016 3:05 pm

How did this post devolve into Illuminati, lol?

The NSA is a greater threat to your data than anything else simply because they have access to the internet trunks in the U.S.
https://www.ravenheart.ca/home
I don't check the forums much anymore, but I will receive an email for PMs.

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
23
S
6
G
1
Posts: 1,419
Reputation: 4,857

Post » Fri Jul 29, 2016 5:19 pm

I don't think they can get through sha-256 yet.
So if you encrypt all the strings using Kyats CB Hash plug, you should be fine.

Of course since you mentioned them they are now reading all out thoughts, so thanks for that. :P
Image ImageImage
B
172
S
50
G
183
Posts: 8,439
Reputation: 115,597

Post » Sun Jul 31, 2016 10:24 pm

newt wrote:I don't think they can get through sha-256 yet.
So if you encrypt all the strings using Kyats CB Hash plug, you should be fine.

Of course since you mentioned them they are now reading all out thoughts, so thanks for that. :P


I am a big fan of saturation attacks. :-p
https://www.ravenheart.ca/home
I don't check the forums much anymore, but I will receive an email for PMs.

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
23
S
6
G
1
Posts: 1,419
Reputation: 4,857

PreviousNext

Return to How do I....?

Who is online

Users browsing this forum: dop2000, Kyatric and 3 guests