The Daily Click ::. Forums ::. Klik Coding Help ::. Protecting INIs, and an alternate saving technique (TGF)
 

Post Reply  Post Oekaki 
 

Posted By Message

Giga-Guy



Registered
  11/12/2004
Points
  33
12th June, 2005 at 06:35:51 -

Alright, I got all this INI stuff figured out, a good while ago. But, how do I 'protect' them from people changing the data, and giving themselves 999 lives, etc? Im pretty sure you use some file encryption extention... Where do I get that, and how do I use it?

And, pretty much out of curiosity, what other saving techniques are there? Im pretty sure that there are other methods, not just INIs. So can someone tell me what and how to do it?

Thanks.

 
-coming soon-

Matt Boothman

The Nissan Micra of forum members

Registered
  20/09/2002
Points
  109

Game of the Week Winner
12th June, 2005 at 08:14:58 -

One way you could do it by applying a formula to the value in the INI to get the actual number of lives in the game - for instance, 1000-x (where x is the value in the INI). Then, if the number in the INI was 995, you'd get 5 lives in the game. This example is easy to work out for the average clicker, but there are other more devious formulas to use.

Alternatively, if you MMF you can use the Encryption Object, although I've never figured out how to do it myself.

 
http://soundcloud.com/normbo - Listen to my music.

Tigerworks

Klik Legend

Registered
  15/01/2002
Points
  3882
12th June, 2005 at 09:47:53 -

Just blowfish encrypt the file with the Blowfish object or the Binary object, or blowfish encrypt the values.

Alternatives to INIs are arrays (still easy to hack) and you can always invent your own file format but that's pointlessly complicated.

 
- Tigerworks

DeadmanDines

Best Article Writer

Registered
  27/04/2006
Points
  4758
12th June, 2005 at 10:47:55 -

There are some very basic tricks you can use.

Firstly, use abbreviations in key and group names.

Instead of:

[player data]
name = "Bob"
lives = 4
level = 3
xpos = 127
ypos = 212
health = 100
ammo = 51


Try:
(brackets show what the abbr. means)

[pDt]
pN = "Bob" (Player's Name)
pLvs = 4 (Player's LiVeS)
pLvL = 3 (Player's LeVeL)
pHp = 127 (Player's Horizontal Position)
pVp = 212 (Player's Vertical Position)
pHb = 100 (Player's Health Bar)
pAc = 51 (Player's Ammo Counter)


Then of course you can encrypt the individual values. Then encrypt the whole file.

This means even if the cracker scans your game code and realises you're using, say, Blowfish (and finds the key), they still need to do other checks to find out how you're encrypting each value, and what each value is used for.

And if you wanted to be *really* cheeky, you could use a system of reading text from bitmap files that I'm working on.

It strips the last couple of bits from each byte in the ImageData section of a 24-bit bitmap and replaces them with the bits from your text file. In short, it blends the bytes of your text with the bytes of a picture. The only noticable difference in the picture is a subtle change in colours.

The picture doesn't need to be that big either. Three characters of text require four pixels in total. So an INI file of 1024 characters would take up about 1365 pixels (an image of roughly 100x14 would do the job).

 
191 / 9999 * 7 + 191 * 7

Knudde (Shab)

Administrator
Crazy?

Registered
  31/01/2003
Points
  5125

Has Donated, Thank You!Clickzine StaffKlikCast StarVIP MemberGhostbuster!Dos Rules!I donated an open source project
12th June, 2005 at 13:50:52 -

highly over complicated formulas work great for me. It's a PITA cause it's time consuming, but it works well.

 
Craps, I'm an old man!

Assault Andy

Administrator
I make other people create vaporware

Registered
  29/07/2002
Points
  5686

Game of the Week WinnerVIP Member360 OwnerGOTM JUNE - 2009 - WINNER!GOTM FEB - 2010 - WINNER!	I donated an open source project
12th June, 2005 at 20:12:53 -

You could always just not encrypt the file, that way when people get bored with your game they can have fun by editing the ini.

 
Creator of Faerie Solitaire:
http://www.create-games.com/download.asp?id=7792
Also creator of ZDay20 and Dungeon Dash.
http://www.Jigxor.com
http://twitter.com/JigxorAndy

Tigerworks

Klik Legend

Registered
  15/01/2002
Points
  3882
12th June, 2005 at 21:10:26 -

Obscurity is not security, imagine if bank transactions were only protected by renaming "credit card number" with "ccn".

 
- Tigerworks

Foldalake



Registered
  25/01/2005
Points
  6
12th June, 2005 at 22:44:22 -

I got the idea to include a checksum in the ini-file which would be really easy and effective if it weren't for TGF being so limited. I tried it right away, but it didn't turn out as good as I had hoped. For example you can't do [Set string to str$(score(player1))] since TGF can only use a specified number in its "convert number to string" function.

Instead you could just make an easier version of a checksum. In the ini-file, just add:
ChkSum = x
where x = ( Score+18 )*lives-ammo+7*level-2*whatever-3*something*HP+31

Then when you load you check if the separate values match the value of the checksum when put in the "reverse" function. If you do this - make sure to be careful when using brackets, and make sure you don't divide in the checksum equation (since TGF is discrete (counts only with integers)). Dividing in the reverse equation isn't a problem though! It could turn out to be quite a long equation, but it works pretty fine.


...I just realised there is a way to convert variable numbers to strings in TGF. Just save the number in an ini-file, then read the item as if it was a string:
set item to "score", set value to "score(player1)", then in a text object or something like that:
Set altertable string to string of$( "Ini" ). That way, if the score is just 100 you could add a few zeros, 00000100, and then do some math (like adding 870034+3*lives or something) and then do the same for each variable. Then you'll have a checksum consisting of a bunch of 8-number values which can be checked piece by piece and you can also check the length of the checksum.

I hope this wasn't all to confusing! I'm about to fall asleep... If you didn't understand, just tell me and I'll make it a bit clearer!

EDIT: Heh, haven't figured this smiley-thing out just yet...

Image Edited by the Author.

 
"Oh man, this is long. Could you read it to me?"
-Homer, S13 episode 16

Rox Flame

Creative Talentician

Registered
  06/10/2004
Points
  383
12th June, 2005 at 23:33:09 -

Hey Dines, how is the bitmap encoding method going, sounds like an awesome idea, would you mind sharing it when your finished? Id love encoding my files with something like that.

 
Current project:
Dynabrick (%70)

Giga-Guy



Registered
  11/12/2004
Points
  33
13th June, 2005 at 02:45:52 -

Noodle, your method sounds good, and simple enough to use. Im probably going to use that method.

TigerWorks, this blowfish object and this binary object your talking about... are they even TGF compatible. Cause Im using TGF here, and yeah.

Assault Andy, you have a point, but Id prefer to have a relatively save saving system.

Foldalake; sounds good, I guess. 'I guess', buecause I dont completly get what you mean -_-;;

..Before I decide on a method, I heard something about a save file object or something... sounds good, but how do I use it? And is it TGF compatible?


 
-coming soon-

clwe



Registered
  17/12/2002
Points
  702
13th June, 2005 at 03:29:44 -

Fear not, for there is actually an easy-to-use file encryption object for TGF (really, it's a doddle) - http://click.spatang.com/ext/view.php?ext=199



 
n/a

Foldalake



Registered
  25/01/2005
Points
  6
13th June, 2005 at 10:23:50 -

Phizzy: Really? How do you do it then? I tried it but it didn't work. I must have missed something... I did it this way:
I have a text object and I want to set the string to the current score.

[Upon some condition] - Change altertable string to...
...retrive data from an object... ...special object: convert number to string.

When I do this I just get a slider and have to chose a fixed integer. str$( 33 ) If i change 33 to score( "Player 1" ) WHAT??? I'm trying along with writing and now it suddenly worked! It didn't work five minutes ago! This is strange... I must have done something really weird! Earlier when i did the same thing I got "Syntax error" or "Please enter an alpha-numeric". I must have deleted a bracket or something! Well, thank you Phizzy!

 
"Oh man, this is long. Could you read it to me?"
-Homer, S13 episode 16

Foldalake



Registered
  25/01/2005
Points
  6
13th June, 2005 at 11:09:45 -

Giga-Guy: I'll try to be a bit clearer this time. A checksum is, in this case, a number which is a cobination of the values (integers) you want to save in the ini-file, like the score, lives, HP, ammo, active weapon, number of kills and so on. When you save the game you add these values together and you get a, probably quite big, number which you save in the ini-file the same way you save the other values. Your ini-file will then look something like this:
[Slot 1]
Lives = 7
Score = 1000
Ammo = 150
Checksum = 1157

Now when you load the game you compare the checksum to the values. This can be done either by adding the values (except the checksum) together and check if you get the same value as the checksum. If you do all is good. If you don't the guy has cheated. The other way is to do a backwards check by doing the equation backwards and se if you get 0. In this example 1157-150-1000-7=0. These two are basically the same although the first one is probably a lot easier since you don't have to do a "backward equation", but instead use the same equation as when you created the checksum. Here's what I mean in a little bit more complex example:

Set item to Checksum; set value to: 12 + Score*3 - (ammo*2 + 13)*lives

In the first way of comparing, you can read the lives, score and ammo into counters in TGF and then compare them to the checksum by adding them together the same way as above:
Compare two values: [12 + Score*3 - (ammo*2 + 13)*lives] = Checksum -> load the game
Compare two values: [12 + Score*3 - (ammo*2 + 13)*lives] <> Checksum -> Cheater!

The other way would be to count backwards:
Checksum = Checksum - 12;
Checksum = Checksum - Score*3;
Checksum = Checksum / lives;
Checksum = Checksum - 13;
Checksum = Checksum - ammo*2;
This is a lot more complicated (far apparently no reason...).

Then if you want to do it even harder for the player to cheat you could search through the checksum and replace all 7 to R or something like that with the StringParser object.

I hope this was a bit clearer! If not I could mail you an example.


 
"Oh man, this is long. Could you read it to me?"
-Homer, S13 episode 16

DeadmanDines

Best Article Writer

Registered
  27/04/2006
Points
  4758
13th June, 2005 at 11:58:57 -

Tigsy: "Obscurity is not security, imagine if bank transactions were only protected by renaming "credit card number" with "ccn""

It's meant to be used along with encryption, just so that when someone does decrypt it, the meaning of everything isn't glaringly obvious. If it's on its own, then yeah, it's a waste of time



I kinda wish more people would try and make trainers and cheat apps. It makes it so much more interesting for the developer, because it gives them a challenge.

 
191 / 9999 * 7 + 191 * 7

The Chris Street

Administrator
Unspeakably Lazy Admin

Registered
  14/05/2002
Points
  48488

Game of the Week WinnerClickzine StaffAcoders MemberKlikCast StarVIP MemberPicture Me This Round 35 Winner!Second GOTW AwardYou've Been Circy'd!Picture Me This Round 38 Winner!GOTM December Third Place!!
I am an April FoolKliktober Special Award Tag
13th June, 2005 at 12:27:17 -

I don't see the point in trying to bother with encryption. Lets face it, the only people who modify them are those who are truly crap at the game and cheat themselves. But, unfortunately, a lot of people don't think like me

 
n/a

clwe



Registered
  17/12/2002
Points
  702
13th June, 2005 at 14:11:00 -

Or those who get bored of the game =P but I wouldn't want anyone cheating through the games I make by editing the save file. It's just a principle. Well, not only that - there is some reasoning behind it. If a player 'skips' to later levels because they keep dying, said person probably wont get anywhere...and if the player is getting bored of the game, then it's not like they're going to continue playing for much longer after jumping to the later levels, anyway =P.

 
n/a

DeadmanDines

Best Article Writer

Registered
  27/04/2006
Points
  4758
13th June, 2005 at 15:40:14 -

Oh I'd love it if people tried cracking the saves to my games!

I'd genuinely like to see them try. It's soul destroying to spend ages making an iron-clad saving engine and *not* have anyone try and hack it.

I would have loved at some point to try and start up a game-save-cracking clan. Strictly legit of course (no cracking shareware games, for example). With TGF in particular, the .gam format was so deliciously uncompressed that you could find out almost anything if you knew where to look. Even the encryption keys they used.

I miss TGF. It got so boring once MMF came along and complicated it all.

 
191 / 9999 * 7 + 191 * 7
   

Post Reply



 



Advertisement

Worth A Click