Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent cheating with Gamecih?

Background

I've had problems for quite a while now with players cheating in my android game. For a strict single-player game this wouldn't be a big issue, but since my game contains multiplayer battles and global highscore lists, it's causing legit players to stop playing because of the cheaters.

How they cheat

Cheaters use an app for root users called Gamecih. Gamecih lets users pause an app, change variable values, and then resume the app. So in my case they just pause the game, change "health" to 74 trillions and then kick the crap out of everyone on multiplayer. Here's a video showing how Gamecih is used to cheat in Fruit Ninja(not my game).

Considered methods

  1. Code obfuscation. This won't work because obfuscation doesn't change variable values, just variable names. This means that cheaters can still find the variable that has the same value as their current health and then change that variable.
  2. Code obfuscation + getter & setter value changing. This way, health will not actually represent the real health value. In the getter method I would do something like return health*10; and in the setter I would do health=input/10; This could of course be more complicated.

What I want

It could be argued that considered method nr 2 is what I should use, but then again, it doesn't prevent hacking, it just makes it harder. Ideally, I would like to detect when people cheat using Gamecih, display a pop-up saying "Darn you, you nasty hacker", and then close the application. I do not want a server-dependent solution as I would like my players to be able to play while offline as well. If possible, I would also like to avoid code obfuscation.

like image 813
Emir Kuljanin Avatar asked Oct 01 '12 09:10

Emir Kuljanin


3 Answers

You can store life in X number of variables and the real value will be the sum of them (always calculated dynamically). You randomly choose which one to update. On top of that You can add some consistency check and it becomes extremely hard for cheater to realise what and how to change it.

The consistency check could be a simple rule that 1st, 2nd and 3rd variables are in growing order for example and the 4th is the smallest. It will take someone good while to figure this out with this tool.

Yoy can also get more creative and mix in some encryption etc (the way you mentioned) on top of that. Then it becomes second to impossible unless someone has your code.

EDIT: Add 100 random variables that change all the time with random names (or positions in the array, to make it easier) and then good luck for cheaters looking for the right ones. And make it all dynamic so every time they have to crack it again.

like image 124
bjedrzejewski Avatar answered Nov 02 '22 16:11

bjedrzejewski


You can check periodically if your value has changed when it was not supposed to.

For example, you can store in a separate hidden flag the fact that the health value has changed. If your check method does detect a change in the value, and the flag is not set, then you can tell that the change was illegal.

For example :

void incrementHealth(int amount) {
    health = health + amout;
    hiddenCheck.hasChanged = true;
    }

and in a separate method which must be invoked periodically :

void checkHealth() {
    if (hiddenCheck.hasChanged) {
        // change is valid
        hiddenCheck.hasChanged = false;
        hiddenCheck.lastKnownValue = health;
        } else {
            if (hiddenCheck.lastKnownValue != health) {
                // An illegal change has occured ! Punish the hacker !
                }
            }
        }
   }
like image 42
Orabîg Avatar answered Nov 02 '22 18:11

Orabîg


try{
    ApplicationInfo info = getPackageManager().
            getApplicationInfo("com.cih.gamecih", 0 );
    return true;
} catch( PackageManager.NameNotFoundException e ){
    return false;
}

If this function returns true, don't even let the hacker enter Multiplayer mode, and prompt him to uninstall it.

like image 6
Charlie-Blake Avatar answered Nov 02 '22 17:11

Charlie-Blake