How to prevent cheating with Gamecih?

Question

Background

I've had problems for quite a while now with players cheating in my android game. For a strict single-player game this wouldn't be a big issue, but since my game contains multiplayer battles and global highscore lists, it's causing legit players to stop playing because of the cheaters.

How they cheat

Cheaters use an app for root users called Gamecih. Gamecih lets users pause an app, change variable values, and then resume the app. So in my case they just pause the game, change "health" to 74 trillions and then kick the crap out of everyone on multiplayer. Here's a video showing how Gamecih is used to cheat in Fruit Ninja(not my game).

Considered methods

1. Code obfuscation. This won't work because obfuscation doesn't change variable values, just variable names. This means that cheaters can still find the variable that has the same value as their current health and then change that variable.
2. Code obfuscation + getter & setter value changing. This way, health will not actually represent the real health value. In the getter method I would do something like return health*10; and in the setter I would do health=input/10; This could of course be more complicated.

What I want

It could be argued that considered method nr 2 is what I should use, but then again, it doesn't prevent hacking, it just makes it harder. Ideally, I would like to detect when people cheat using Gamecih, display a pop-up saying "Darn you, you nasty hacker", and then close the application. I do not want a server-dependent solution as I would like my players to be able to play while offline as well. If possible, I would also like to avoid code obfuscation.

Answer 1

You can store life in X number of variables and the real value will be the sum of them (always calculated dynamically). You randomly choose which one to update. On top of that You can add some consistency check and it becomes extremely hard for cheater to realise what and how to change it.

The consistency check could be a simple rule that 1st, 2nd and 3rd variables are in growing order for example and the 4th is the smallest. It will take someone good while to figure this out with this tool.

Yoy can also get more creative and mix in some encryption etc (the way you mentioned) on top of that. Then it becomes second to impossible unless someone has your code.

EDIT: Add 100 random variables that change all the time with random names (or positions in the array, to make it easier) and then good luck for cheaters looking for the right ones. And make it all dynamic so every time they have to crack it again.

Answer 2

You can check periodically if your value has changed when it was not supposed to.

For example, you can store in a separate hidden flag the fact that the health value has changed. If your check method does detect a change in the value, and the flag is not set, then you can tell that the change was illegal.

For example :

void incrementHealth(int amount) {
    health = health + amout;
    hiddenCheck.hasChanged = true;
    }

and in a separate method which must be invoked periodically :

void checkHealth() {
    if (hiddenCheck.hasChanged) {
        // change is valid
        hiddenCheck.hasChanged = false;
        hiddenCheck.lastKnownValue = health;
        } else {
            if (hiddenCheck.lastKnownValue != health) {
                // An illegal change has occured ! Punish the hacker !
                }
            }
        }
   }

Answer 3

try{
    ApplicationInfo info = getPackageManager().
            getApplicationInfo("com.cih.gamecih", 0 );
    return true;
} catch( PackageManager.NameNotFoundException e ){
    return false;
}

If this function returns true, don't even let the hacker enter Multiplayer mode, and prompt him to uninstall it.