Cheaters Gonna Cheat - Battling Fake High Scores

•Download as PPTX, PDF•

0 likes•256 views

October 2015 Casual Connect Tel Aviv talk about how hackers cheat and change their score in mobile games, and how you as the developer can try to prevent it to some extent.

Cheaters Gonna Cheat
Battling Fake High Scores
Nataly Eliyahu
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 1/15

About Me
• Background in Security and
Reverse Engineering
• Army Service in Technology
Units
• Today - Freelance Game
Developer
• nataly@natalycreates.com
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 2/15

What we’ll talk about
• Back & forth between
developer and hacker
• Approaches and
considerations for a
developer
• Think like a hacker!
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 3/15

Step 1 – Naive Score Saving
Developer POV
• Save the score locally
• Use Player Preferences
Hacker POV
• Rooted phone
• Edit Preferences
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 4/15

Edit Preferences
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 5/15

Step 2 – Manipulate the Score
Developer POV
• Encode the score (base64 /
hex / custom encoding)
• Math manipulations
Hacker POV
• Blackboxing
• Guessing
• Find the Pattern
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 6/15

Step 3 – Encrypt the Score
Developer POV
• Encode the score (base64)
• Encrypt the score with a
secret key (a string)
• Use obfuscator on the
compiled apk
Hacker POV
• Decompile apk, rename
functions, organize code
• Find the encryption code -
see which algorithms is used
• Find the string for the
encryption key
• Decrypt and encrypt your own
scores
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 7/15

Decompile APK
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 8/15

Decompile APK
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 9/15

Decompile APK
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 10/15

Step 4 – Non-standard encryption
Developer POV
• Encode the score (base64)
• Encrypt the score with a
secret key (a string)
• Change code of encryption
function to non-standard
implementation
Hacker POV
• Previous method fails! Score
isn’t saved correctly with your
script
• Read the encryption code
• Look for the differences from
the standard implementation
• Alternative – use dynamic
debugging
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 11/15

Step 5 – Server side
Developer POV
• Encode the score (base64)
• Call a function on the server
to encrypt and decrypt the
score
• Secret key is no longer in the
apk
• Always Online issue!
Hacker POV
• Attack the server, look for
loopholes
• Alternative - Use dynamic
debugging, change the score
in memory before it’s sent to
the server
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 12/15

The Heuristics Approach
• Recognize suspicious scores
• Is the score possible in the
amount of time the player played?
• Patterns in the score 
• Send constant updates to server
about player status
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 13/15

To Sum Up
• With enough determination, the hacker
will always win
• If cheating at your game is really hard,
most people won’t bother
• Going always online helps makes it
much harder to cheat, but at a cost for
the majority of players
• Choose the most cost-effective solution
depending on your game
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 14/15

Questions? 
Feel free to contact me!
nataly@natalycreates.com
Facebook: Nataly Eliyahu
Twitter: @NatalyEliyahu
Slides: bit.ly/1ORclQV
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015Slide: 15/15

Viewers also liked

Contactos humanos con el mas alla

Juan Felipe Arango Chaur

LSC 2016 TIG programMarcos Navarro

SNAG Europe images

snagtiffanie

Boletin 224adrianaceliapineda

Livebookings Academy Full Presentation - Analyse That

livebookingsuk

Gatomiau (2)Natalia Garcia

Pedagogía e innovación

Juan Carlos Palomino

Tercera parterodolfo baksys

MICE Presentation - Congress Centre Kursaal Interlaken

MICEboard

Puccinis Turandot auf der Bregenzer Seebühne – opernreisen.com

Opernreisen für Konzert & Festival Freunde

Grammar Presentation Version 2Justin Hodges

Curso empresa 2.0 20121120Eteam_es

Curriculum_VitaeLiliya Metodieva

Folleto Amparo y Justicia (español)

AmparoyJusticia

galapagos

yaczolev

M2M Forum Europe: M-Health

rmdesilva

La Clase Emprendedora por Carlos Barrabés. Conferencia orgnizada por EOI y FE...

FENA Business School

Koblenz ExpoAllianz (informacion corporativa)

ExpoAllianz

Albert.colominas cv (english)Albert Colominas Garcia

Clase #2 Análisis de procesos 28-01-2015

Larissa Barrantes Parra

Viewers also liked (20)

Contactos humanos con el mas alla

LSC 2016 TIG program

SNAG Europe images

Boletin 224

Livebookings Academy Full Presentation - Analyse That

Gatomiau (2)

Pedagogía e innovación

Tercera parte

MICE Presentation - Congress Centre Kursaal Interlaken

Puccinis Turandot auf der Bregenzer Seebühne – opernreisen.com

Grammar Presentation Version 2

Curso empresa 2.0 20121120

Curriculum_Vitae

Folleto Amparo y Justicia (español)

galapagos

M2M Forum Europe: M-Health

La Clase Emprendedora por Carlos Barrabés. Conferencia orgnizada por EOI y FE...

Koblenz ExpoAllianz (informacion corporativa)

Albert.colominas cv (english)

Clase #2 Análisis de procesos 28-01-2015

Similar to Cheaters Gonna Cheat - Battling Fake High Scores

What CS Class Didn't Teach About Testing

Camille Bell

SeattleFall1Victor Angelbeat

PlayFab and unity gdc2019

Crystin Cox

Destroying Router Security - NNC5ed

Jose Antonio Rodriguez Garcia

Destroying Router Security

Iván Sanz de Castro

DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...

DevSecCon

The hardcore stuff i hack, experiences from past VAPT assignments

n|u - The Open Security Community

Using the Cloud for Mobile, Social, and Games - RightScale Compute 2013

RightScale

Freelancing platforms - diffVidmantas Kabošis

"How To Race Squirrels" at Develop Conference in Brighton, 21st July 2011Playniac

ContinuousDelivery-101

Kishore Bhatia

Making Your Product Manager Productive by Clinton Wolfe

DevOpsDays Baltimore

DevOpsDays Baltimore 2017. Product owners are under pressure from Marketing and Leadership to focus on features, while operability (availability, performance, monitoring, etc) are an afterthought to be bolted on later. Deployments fail, customers complain, and work isn't fun. How can DevOps reach out to Product? People from a "Product background" often have zero technical experience, but find themselves needing to dictate the deliverables. Product owners are under great pressure from Marketing and Leadership to focus on "features" from a customer perspective; the so-called "non-functional requirements" often fall by the wayside. Operability - monitorabilty, recoverability, availability, performance, among other aspects - is difficult to bake into an application that was developed without such consideration. This talk will present practical approaches to bridge-building between Ops and Product. Focusing especially on cross-functional Agile teams with leadership with little or no Ops background, we will explore whether "planning the work will result in the planned work being the work that is done." When working with a mixed team, doing development, deployment, incident response, and everything in support of that, such plans go off the rails. Methods of championing Ops needs while avoiding "the sky is falling" perceptions will be presented. What kinds of unplanned work exist? Are there steps we can take to convert unplanned work into planned work? How does work flow through the team? How does unplanned work disrupt the flow?

Making Your Product Manager Productive by Clinton Wolfe

DevOpsDays Baltimore

Product owners are under pressure from Marketing and Leadership to focus on features, while operability (availability, performance, monitoring, etc) are an afterthought to be bolted on later. Deployments fail, customers complain, and work isn't fun. How can DevOps reach out to Product? People from a "Product background" often have zero technical experience, but find themselves needing to dictate the deliverables. Product owners are under great pressure from Marketing and Leadership to focus on "features" from a customer perspective; the so-called "non-functional requirements" often fall by the wayside. Operability - monitorabilty, recoverability, availability, performance, among other aspects - is difficult to bake into an application that was developed without such consideration. This talk will present practical approaches to bridge-building between Ops and Product. Focusing especially on cross-functional Agile teams with leadership with little or no Ops background, we will explore whether "planning the work will result in the planned work being the work that is done." When working with a mixed team, doing development, deployment, incident response, and everything in support of that, such plans go off the rails. Methods of championing Ops needs while avoiding "the sky is falling" perceptions will be presented. What kinds of unplanned work exist? Are there steps we can take to convert unplanned work into planned work? How does work flow through the team? How does unplanned work disrupt the flow?

DevOps Practices: Continuous Delivery

Doug Seven

The DevOps movement, like its Agile predecessor, is focused on improving the communication and collaboration between the development and operations teams responsible for different aspects of an app throughout its lifecycle. While successful DevOps initiatives start and end with organizational and cultural change, there are also common practices that are enablers and/or tools used in support of DevOps. In this session you will learn about the DevOps practice of Continuous Delivery—releasing and deploying application changes as they are available, and not waiting for big, cumbersome roll-ups of new code. This session will focus on the practice of Continuous Delivery, while demonstrating a few tools that can make implementing Continuous Delivery easier, including tools for automated provisioning and release orchestration. If you are interested in implementing a DevOps initiative in your organization, then this session is a must-see.

Igniting the Spark: Building Online Services for Borderlands 2

Jimmy Sieben

Gearbox built an online services platform named Spark for Borderlands 2. As this was an entirely new effort for Gearbox, we learned that building a service is quite different from building a game. Along the way, we shipped two beta releases in the original Borderlands to help us succeed. The genesis of Spark, key milestones and challenges in its creation, and post-mortem from launch are discussed. This talk will help others understand why we created Spark and also what it takes to launch an online service.

P2P Multiplayer Gaming

John Wilker

This will be a session to introduce the Manic Gaming Network. We have designed a multiplayer gaming platform which gives developers an easy way to incorporate Peer 2 Peer gaming into their app. Will cover the following: * today’s problems with developing a multiplayer solution, and solutions available “out of the box” * walkthrough of Manic’s services available to the community of gamers and developers * quick introduction to an API we’re releasing for our service * game demo will be shown * review of some sample code to help developers get started

Oscon presentation

garrettmoon

Give Me Three Things: Anti-Virus Bypass Made Easy

Security Weekly

Building a crm data strategy goals that boost business performance finalex_scr

Scribe Software Corp.

Hacking Robots for Fun and Profit

Chad Udell

This is a fun one! Learn how to hack up robots you can buy at a local toy store. You’ll see the methods used to take the video stream out of the robot and turn it into a format Flash likes. You’ll get the lowdown on how to send API commands to control the bot. We’ll show you how to connect it to alternative controllers and use ActionScript for some simple color detection on the video stream.

Similar to Cheaters Gonna Cheat - Battling Fake High Scores (20)

What CS Class Didn't Teach About Testing

SeattleFall1

PlayFab and unity gdc2019

Destroying Router Security - NNC5ed

Destroying Router Security

DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...

The hardcore stuff i hack, experiences from past VAPT assignments

Using the Cloud for Mobile, Social, and Games - RightScale Compute 2013

Freelancing platforms - diff

"How To Race Squirrels" at Develop Conference in Brighton, 21st July 2011

ContinuousDelivery-101

Making Your Product Manager Productive by Clinton Wolfe

DevOps Practices: Continuous Delivery

Igniting the Spark: Building Online Services for Borderlands 2

P2P Multiplayer Gaming

Oscon presentation

Give Me Three Things: Anti-Virus Bypass Made Easy

Building a crm data strategy goals that boost business performance finalex_scr

Hacking Robots for Fun and Profit

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

The Future of Platform Engineering

Jemma Hussein Allen

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

When stars align: studies in data quality, knowledge graphs, and machine lear...

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

FIDO Alliance Osaka Seminar: Overview.pdf

Epistemic Interaction - tuning interfaces to provide information for AI support

Connector Corner: Automate dynamic content and events by pushing a button

Assuring Contact Center Experiences for Your Customers With ThousandEyes

The Future of Platform Engineering

PCI PIN Basics Webinar from the Controlcase Team

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Leading Change strategies and insights for effective change management pdf 1.pdf

Essentials of Automations: Optimizing FME Workflows with Parameters

Elevating Tactical DDD Patterns Through Object Calisthenics

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Cheaters Gonna Cheat - Battling Fake High Scores

1. Cheaters Gonna Cheat Battling Fake High Scores Nataly Eliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 1/15

2. About Me • Background in Security and Reverse Engineering • Army Service in Technology Units • Today - Freelance Game Developer • nataly@natalycreates.com CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 2/15

3. What we’ll talk about • Back & forth between developer and hacker • Approaches and considerations for a developer • Think like a hacker! CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 3/15

4. Step 1 – Naive Score Saving Developer POV • Save the score locally • Use Player Preferences Hacker POV • Rooted phone • Edit Preferences CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 4/15

5. Edit Preferences CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 5/15

6. Step 2 – Manipulate the Score Developer POV • Encode the score (base64 / hex / custom encoding) • Math manipulations Hacker POV • Blackboxing • Guessing • Find the Pattern CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 6/15

7. Step 3 – Encrypt the Score Developer POV • Encode the score (base64) • Encrypt the score with a secret key (a string) • Use obfuscator on the compiled apk Hacker POV • Decompile apk, rename functions, organize code • Find the encryption code - see which algorithms is used • Find the string for the encryption key • Decrypt and encrypt your own scores CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 7/15

8. Decompile APK CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 8/15

9. Decompile APK CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 9/15

10. Decompile APK CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 10/15

11. Step 4 – Non-standard encryption Developer POV • Encode the score (base64) • Encrypt the score with a secret key (a string) • Change code of encryption function to non-standard implementation Hacker POV • Previous method fails! Score isn’t saved correctly with your script • Read the encryption code • Look for the differences from the standard implementation • Alternative – use dynamic debugging CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 11/15

12. Step 5 – Server side Developer POV • Encode the score (base64) • Call a function on the server to encrypt and decrypt the score • Secret key is no longer in the apk • Always Online issue! Hacker POV • Attack the server, look for loopholes • Alternative - Use dynamic debugging, change the score in memory before it’s sent to the server CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 12/15

13. The Heuristics Approach • Recognize suspicious scores • Is the score possible in the amount of time the player played? • Patterns in the score  • Send constant updates to server about player status CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 13/15

14. To Sum Up • With enough determination, the hacker will always win • If cheating at your game is really hard, most people won’t bother • Going always online helps makes it much harder to cheat, but at a cost for the majority of players • Choose the most cost-effective solution depending on your game CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 14/15

15. Questions?  Feel free to contact me! nataly@natalycreates.com Facebook: Nataly Eliyahu Twitter: @NatalyEliyahu Slides: bit.ly/1ORclQV CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015Slide: 15/15

Cheaters Gonna Cheat - Battling Fake High Scores

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to Cheaters Gonna Cheat - Battling Fake High Scores

Similar to Cheaters Gonna Cheat - Battling Fake High Scores (20)

Recently uploaded

Recently uploaded (20)

Cheaters Gonna Cheat - Battling Fake High Scores