Here is a 'poor-mans encryption' scheme I used in VisualBASIC and PHP back in the old days before I used PGP, Bluefish, DES, or my own creations. Granted it is not 100% fool-proof, but definitely slows or even stops someone who does not read this forum :) ...

Here is a rough line-by-line breakdown (must be converted to BYOND code, but it is possible) -

-store the save file contents into a variable ($file)
-generate a random number between 1 and 90 - this is your 'key' ($key)
-do a loop through each character in $file, adding the value of $key to that character...
for i=1 to length of $file {
$value = the numeric value of the ASCII character at position i in $file
// for example if the ASCII character is a ' ' (space), then its numeric value is 32)

$new_value = $value + $key // this formula can be changed to anything

$new_char = ASCII character conversion of $new_value
// for example if $new_value = 122, then the ASCII conversion is the letter 'z')

$new_file = $new_file + $new_char
}

-next insert the $key into your $new_file...
$new_file = $new_file + $key

-then store the $new_file on the server

this example adds the key to each character in the file, then adds the key to the end (so that reversing the encryption is easy) effectively scrambling the contents of the file unless you know where the $key is located, *and* what formula is used to apply the key to the string. Ideally you want to bury the key somewhere deep in the file, like the 30th or 40th position...someplace where you can extract the $key from the string to be used for decoding...one common method is to split the $file into two strings (the strings being of different lengths), add the key to the first string, then concatenate the two strings together into one string again

The $new_value = $value + $key formula could be replaced with something that XOR's the $value with the $key, or does some other mathematical transform. Even Air Mapsters dec2hex conversion would be useful (although doubling the file size). On the other side (decoding), you just reverse the transformation to get the original value again.

Difficult but not impossible to hack, a simple method of scrambling the content of the file. Couple this with player logs that are reviewed regularly, and you will easily spot anyone who has figured out the code and changed their player file. Vigilance is usually the best defense against crackers. Also if the cracker spends so much time on trying to crack the file, then they are not really interested in playing in the first place (my opinion of course).

Just my two cents...

digitalmouse wrote:

Difficult but not impossible to hack, a simple method of scrambling the content of the file.

Don't want to burst your bubble, but I'd say this is extremely easy to attack. Anyone serious about determining the scheme used would likely first determine the frequencies of all characters/bytes in the ciphertext. This would likely match up very well with the frequencies of letters used in the English language, practically giving away the key therein. Even if the key wasn't obvious, it would be ridiculously easy to determine once the method of encipherment was narrowed down - just go through all the possible values until you get a plaintext that looks right. If a popular game used something like this, I guarantee someone out there would be determined enough to do all this in far less than an afternoon.

Couple this with player logs that are reviewed regularly, and you will easily spot anyone who has figured out the code and changed their player file. Vigilance is usually the best defense against crackers.

Now that's a good point. However, vigilance will get you nowhere if your defenses are weak to begin with. There's a good reason why anyone who needs any security at all uses the standard algorithms like DES, Blowfish, RC5, etc. And even now, DES is widely considered to be too weak for many applications as computing (and therefore attacking) power marches steadily on.

Also if the cracker spends so much time on trying to crack the file, then they are not really interested in playing in the first place (my opinion of course).

I disagree. They may not be interested in playing fairly, but they are certainly interested in playing (and easily destroying opponents in the process). There is a certain class of "gamers" out there who will go to any lengths whatsoever to cheat. These people are nightmares for commercial game developers who want to ensure that their multiplayer games are fair and next to impossible to cheat at. If a game gets a reputation of having tons of cheaters, nobody will want to play except the cheaters. Why would they spend so much effort to do this? My best guess is for a cheap and easy thrill of being "better" than other players (they tell themselves that enough and they'll start to believe that cheating really does make them superior to players with honest skill).

Some people like to play with challenge, which online games tend to provide because you can't "undo" what you do so easily, once you make a mistake you're stuck with it. Cheaters are the ones who like to play, but like to have the fun without the challenge. They come in all shapes in sizes though, there's no set mold for "cheaters". Some people like to cheat because it's fun to break the code, some like to cheat because they don't like the challenge, some like to cheat so they can dominate others, some like to cheat because they think playing normally is a hassle that gets in the way of the fun part, etc...

When I cheat, the category I fall into is "cheat because I want to see anything I missed when I played through the first time".

Foomer wrote:

Naah that's what websites are for!

What's the fun in getting answers told to you? And I thought you were making a game about survival and exploration!

Air Mapster wrote:

Don't want to burst your bubble, but I'd say this is extremely easy to attack.

No bubble to burst. I know my example was easy to defeat - heck I wrote the original 'algorithm' in the 1984 on a C64, and wrote the crack program about a month later... this was just a very, very simple example that could be expanded upon as seen fit - easy to understand, easy to change. I personnally use a PHP version of Blowfish for anything I really want hidden in my PHP/MySQL coding, or bury messages inside .gifs that I send to friends...

Now that's a good point (refering to vigilance). However, vigilance will get you nowhere if your defenses are weak to begin with.

True, but I've identified dozens of problems faster when crackers were attacking my system by watching my logs in realtime (or with an email alert). Putting in the proper defenses were easier, and not too worrysome since the server was bare to begin with - nothing to steal! Of course this does not work for everyone...

They may not be interested in playing fairly, but they are certainly interested in playing (and easily destroying opponents in the process). There is a certain class of "gamers" out there who will go to any lengths whatsoever to cheat. These people are nightmares for commercial game developers who want to ensure that their multiplayer games are fair and next to impossible to cheat at. If a game gets a reputation of having tons of cheaters, nobody will want to play except the cheaters. Why would they spend so much effort to do this? My best guess is for a cheap and easy thrill of being "better" than other players (they tell themselves that enough and they'll start to believe that cheating really does make them superior to players with honest skill).

Unfortunately that is too true. I tend to shy away from a game when the other players start using cheats like drinking water - then the fun is all gone... I do sometimes do things like Spuzzum mentioned: once I have gone through a game completely - *then* I may use select cheats to see what I may have missed... but that is rare...