How do I prevent hackers from hacking webstorage value?

1 favourites
From the Asset Store
Antisuspend Plugin for Construct 3 prevents the runtime from getting suspended.
  • If you want to setup a server, you can use Amazon Web Services. They have a server set that you can get for free for one year (even the non-free version for a t2.micro server is only 9.72 USD / month).

    http://docs.aws.amazon.com/AWSEC2/lates ... n-ec2.html

    http://docs.aws.amazon.com/AWSEC2/lates ... -LAMP.html

    http://aws.amazon.com/ec2/pricing/#

    You could setup a LAMP stack (Linux Apache MySQL and PHP) or you can use PostgreSQL, Oracle, or Cassandra instead of MySQL, and you can use Java servlets (running on Apache Tomcat) or Python in place of PHP.

    Then you can use AJAX calls to retrieve data from the server.

    We use AWS for our server sets, and we have been extremely happy with them thus far. Their billing people are a little overzealous, but you can work around that.

  • HI,

    If you want to prevent hackers from hacking any of your personal data or webstorage value then you have make your computer completely secure. Without security, your data and your computer is not safe in any way. So to make your PC secure from hackers, go through the below mentioned link which can help you to secure your computer and your web browsers.

    removepcthreats.wix.com/securewebbrowser

  • I'd agree in a way with newt and You shouldn't worry too much about hackers. I'm not saying you shouldn't secure your app at all, but just don't freak out. If you want to secure it completely, this will be a neverending fight as they will find a new way for your new securities all the time. If you both (hacker and you) get stubborn enough this will be a ping-pong game between you both.

    So I suggest to secure it from the noobies-hackers and kids with some cracking soft and that's it. They are the majority of problems. Real hackers which dive into your code and search the way to bypass your security are really minority. And well if they struggled to do it... take it as a complement, it means your game was worth a hassle.

    From my experience, the noobies-hackers are less than 0.5% of your game users. In my case it was 0.2%. The real hackers are far less part of your game community.

    Now keep in mind that most of the noobies-hackers have no idea about anything related to development. Someone showed them a tool and they simply use it. So if you want to get rid of kids who make direct changes in your storage, simply encrypt the data - this step should already discourage most of kids.

    For data encryption you have to use some two way hashing algorythm like Base64. So you could encrypt and decrypt data. Also don't bother to encrypt/decrypt all the values separately. You can use one LocalStorage key "gameData" and save there encrypted Dictionary JSON which you can then load and decrypt on game start. In that way "hacker" will see only one local storage entry containing some mystery hash and you will have your data loaded in RAM memory.

    You can go a bit further and give some salt to the encryption process in case there is one smarter kid who heared of Base64.

    Much more secure would be to have all data on your server in some database and sync this data each time user spend resources. But this is pretty complex to do for someone who is not experienced in PHP/MySQL or any other backend technology as you have to secure your data transfer as well. If you have time, then go learn it, backend technology is very useful and fun, if not then encrypting storage should do the job for kid-ackers.

  • If you hardcode an encryption key in your C2 apk, they just have to look into your source with apk http://www.javadecompilers.com/apk and they can find it and decrypt anything you encrypted

  • About MD5 encryption, you should just read a little bit about rainbow tables, basically, they have a table with millions of different hashes and they just take your hash and compare it to them via fast hardware and BOOM, they can decode anything you have, also they can insert hashes into those addresses using anything like Cheat Engine, and do absolutely what they want with your currency if the game is only offline, but if your game is online with a webserver, they can't play with these values so you are generally safe, they'd have to find a way to access that server, but that's ANOTHER story. (That would be like getting hacked by the Illuminati, but they don't do mobile games)

  • If you hardcode an encryption key in your C2 apk, they just have to look into your source with apk http://www.javadecompilers.com/apk and they can find it and decrypt anything you encrypted

    That's true, but there's already a need for source digging, so it's much less "hackers". Still you can make combined salt key which will discourage another part of "hackers". But after all it's a client side... the app is in player's hands so smart guy can do whatever he wants. Again I wouldn't worry about this minority. You will spend more time/money by trying to secure your app on this level than by letting them cheat a bit.

  • , If he wants a currency, with real money purchases and such, He'll have to implement the whole package, with SSL, and a webserver, otherwise, his currency won't have a value client-wise as anybody who doesn't want to pay for it just has to download "L33tHakz.apk" and can bypass any IAPs

    If his game even gets remotely popular & charges money for features, there'll be hackers, but if it's clientwise level unlocking or nothing related to IRL currency, I wouldn't worry at all.

  • newt Illuminatis doesn't exist. But is not a waste of time worrying about security.

    ondraayyy The answer is that isn't 100% secure an database, and is very less secure a storage that is in local computer of the hipotetic hacker! Store data that you don't want be hacked in computer is tongue. If you want make the hack hard, use PHP with MySQL.

    If your game is multiplayer, you can't prevent local data (such as movements and obstacle objects) being tweaked, then as gumshoe2029 said you need create a integrity engine that validates runtime with hash, like Combat Arms does.

  • newt Illuminatis doesn't exist. But is not a waste of time worrying about security.

    ondraayyy The answer is that isn't 100% secure an database, and is very less secure a storage that is in local computer of the hipotetic hacker! Store data that you don't want be hacked in computer is tongue. If you want make the hack hard, use PHP with MySQL.

    If your game is multiplayer, you can't prevent local data (such as movements and obstacle objects) being tweaked, then as gumshoe2029 said you need create a integrity engine that validates runtime with hash, like Combat Arms does.

    Says the guy with adfly links in his signature.

    Let's ask Tom if those are in policy shall we?

  • ondraayyy if you're with Chuck Norris in mind and want made a hardcore system, you can use the blockchain/sidechain technologies. IBM have a repo in GitHub with the blockchain technology in Javascript if you want implement it. I say the same for all that want do a top-level security for a game/app. Oh, Ethereum cryptocurrency have a Apps API.

    newt a pessoal question (adfly in my signature) is your argument? Why be inflamed because I've contraried you about Illuminatis? You think beautifull share a SantaClaus-like conspiration theory? You think beautifull mention Tom in a topic that don't have relation with they? You're being kid and forcing the things. I suggest you a psichanalist. If you want boicot me, contact Tom directly (wich is less inpolite than force mention), like you does in this topic: http://web.archive.org/web/201607281932 ... p?t=179787

    "Says the guy with adfly links in his signature"

    Here's your post that I'm replying: http://web.archive.org/web/201607282001 ... &p=1057509

    Your "argument" can't invalidate what I've spell. If the inexistence of Illuminatis make you angry, we can't do anything.

    Here is not a topic for pessoal discussions, but you've started it. And I want this offtopic ends here.

  • ondraayyy for mobile games or a game directed for a emergent country - if you want implement BTC like technology - download the blockchain isn't good for users. Then, you can implement a Electrum "wallet"/server like system.

  • Don't worry the illuminati always show themselves.

    DaniellMesquita's obviously knows what he's talking about.

  • How did this post devolve into Illuminati, lol?

    The NSA is a greater threat to your data than anything else simply because they have access to the internet trunks in the U.S.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • I don't think they can get through sha-256 yet.

    So if you encrypt all the strings using Kyats CB Hash plug, you should be fine.

    Of course since you mentioned them they are now reading all out thoughts, so thanks for that.

  • I don't think they can get through sha-256 yet.

    So if you encrypt all the strings using Kyats CB Hash plug, you should be fine.

    Of course since you mentioned them they are now reading all out thoughts, so thanks for that.

    I am a big fan of saturation attacks. :-p

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)