How do I prevent hackers from hacking webstorage value?

1 favourites
From the Asset Store
Antisuspend Plugin for Construct 3 prevents the runtime from getting suspended.
  • Simple question. As stated in the title, how do I that? Do I have to learn about PHP and MySQL?

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • good question!

    i guess it depends what you're trying to secure?

    currently i don't know any way to protect a webstorage value from modification,

    but as aleays in client/server architecture, never trust the client

    you could hash the value with md5 or similar but it all depends on what you are trying to achieve

  • kaiko basically I made a game to be distributed to the App Store, where there's two currencies in the game. "Coins" and "Bones".

    I saw a video on youtube where an app can hack games like Temple Run, etc. Basically all the user have to do is download its app and user can change the value of the game currency by simply typing the amount of value that the user wants and tap "Enter". Yes as easy as A-B-C even my grandma could use the app.

    So my goal is, I want to find a solution to this. Because I know the webstorage plugin only stores the "local key value" in the game. So is there any solution to make it harder to hack?

    P/S: I don't know any programming language. So please translate your "coding" language in "english"

  • Basically: turn the number(s) into letters, by use of algorithms that take a "key" phrase (e.g. "abc123") and mix with said numbers to create a more unique phrase that can only be decoded if they know said original phrase.

  • Worrying about hackers is like worrying about the Illuminati stealing your thoughts.

    That would suggest you have thoughts worth stealing, no excess tinfoil, and time to waste worrying.

  • newt hahaha, you sir got some sense of humour, haha.

    DatapawWolf Does that mean I have to learn about coding so I can turn the local value or global variable into letters?

  • I have chewed on the same question, and presently I am planning on using an active integrity engine.

    My basic idea so far is this:

    1) Have a bit of JavaScript in Construct that uses the Document.InnerHtml to get all of the end user source and or at least the c2runtime.js code and wrap it up into a hash and ship it back to my server to be compared with what the c2runtime source Hash should be.

    2) If the client either fails to respond to the integrity engine in the appropriate time frame or responds with a bad (e.g. modified) c2runtime hash, then the server will nullify their session and instruct the client to kick them off of the game with an error message and a customer support email to contact.

    It definitely requires an active server to constantly process the hashes, which we already have up and running, but some people may not.

    As far as actual data protection, anything on the server is safe.

  • gumshoe2029 thats a good idea, but my question is, is there a way I can do that in construct 2?

  • good question

    how to prevent hacking webstrorage or local storage ?

    and how to encrypt data (sounds and images) ?

  • If your game is mostly single player and not super popular, I would not worry too much about a small percentage of potential "hackers".

    [quote:2jmj9z9r]As far as actual data protection, anything on the server is safe.

    No data on a PC connected to the internet is safe per se.

  • If your game is mostly single player and not super popular, I would not worry too much about a small percentage of potential "hackers".

    o data on a PC connected to the internet is safe per se.

    mindfaQ I believe there's gonna be quite alot of people playing it when I get it up on the App Store. Just being optimist here if you don't mind.

    Anyway I read the tutorial provided by Kyatric, and downloaded the MD5 Plugin that was made by him

    Basically this is what I did. The "TotalBones" "Goldcoins" and "ShieldSinglePlayer" are some of the currencies in the game, am I doing it right?

    P/S: I don't know any programming language and I'm still new to construct 2, been only using it for about a month and a half now. Pardon me for begging your help

  • gumshoe2029 thats a good idea, but my question is, is there a way I can do that in construct 2?

    No, sadly. Nothing on the browser is ever safe. Anyone using Chrome Developer Tools or Firebug-like tools will be able to tweak any of your JavaScript source/variables at will. You have to store data on a server to be truly secure.

    [quote:1uzwip9o]As far as actual data protection, anything on the server is safe.

    No data on a PC connected to the internet is safe per se.

    Well, yes, but for most people, they are adequately low priority targets to call the server "safe". You can use proxying, firewalls, and intrusion detection systems to deter attackers also. All of our game servers are not connected to the internet directly; they go through a firewalled/IPS gateway server first who proxies all requests back.

  • Basically this is what I did. The "TotalBones" "Goldcoins" and "ShieldSinglePlayer" are some of the currencies in the game, am I doing it right?

    P/S: I don't know any programming language and I'm still new to construct 2, been only using it for about a month and a half now. Pardon me for begging your help

    You do know that hashes are one-way, right? You cannot retrieve the original data from those hashes without using a GPU-enabled computer to crack the hashes.

    But regardless, the user can simply pull the variable out before you hash it.

    There is no way to protect things on the browser.

  • gumshoe2029 Erm my game will not be on the browser, it will be on the App Store. Will it be safe if its for the iOS Devices?

  • gumshoe2029 Erm my game will not be on the browser, it will be on the App Store. Will it be safe if its for the iOS Devices?

    No, even there it is not safe. Apple has "Web Inspector Tools" for their Safari browser, which will give you all of the same powers as any other browser developer tools.

    https://developer.apple.com/safari/tools/

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)