Fake Save Code Prevention

[Kakerate]

Hi, I'm doing something with improving a save/load rpg, and had a couple of questions. Afaik, anyone with enough knowledge can put a cheatpack in a map, and then look in the maps object editor data for every item's raw code. With that they can basically do whatever they want. Is there anything I can do to make unprotecting the map more difficult? Dota uses common variable names found in cheatpacks, but even that can be countered. :/ I feel like there is little I can do to prevent hacked saves on this map.

 

[Wietlol]

I feel like there is little I can do to prevent hacked saves on this map.

There is little you can do because Warcraft 3 must be able to read it... and so can a hacker read it.

I once designed an encrypted database that cannot be reversed by hackers.
However that is pretty much root stuff. Such stuff cannot be implemented in a normal WC3. You need to create a hacked version of WC3.

 

[Kakerate]

The benefits I would yield from requiring a modded war3 to play the map would probably not outweigh the detriments. I don't think i would download a modded war3 client just to be able to use a map, as with most other players.

 

[Dr Super Good]

Why you care so much? Cheaters will always cheat and there is nothing you can do to stop them. God knows why DotA Allstars even bothered seeing how it has not save/load...

 

[Kakerate]

I know there is no fool proof way to keep a cheater from getting what they want, but perhaps I can find methods of making their life more difficult.
@Dr Super Good; I suppose I care because I don't want the value of character saves to diminish from floods of forged characters, if that makes sense. Idk.

 

[Tal'Rarity]

Could try fake commands, duplicate scripts if they still work, fake items, cancel out commands, link crash functions to anti-single player.

 

[Dr Super Good]

I know there is no fool proof way to keep a cheater from getting what they want, but perhaps I can find methods of making their life more difficult.
@Dr Super Good; I suppose I care because I don't want the value of character saves to diminish from floods of forged characters, if that makes sense. Idk.

Normal security measures should be enough as people will generally not cheat in that case unless they really want to (in which case there is nothing you can do to stop them).

To detect cheated codes you could add triggers that listen for common cheat commands (which you do not declare them as a single string but as a series of sub-strings concatenated to avoid detection). This will give you one measure someone is cheating. Another is that you track the state of the game to some degree, if strange stuff happens (units enter map when they should not, or units gain levels when they should not etc) you will have another measure that someone is cheating. If 2 such measures are violated (typical noob hacker) you flag the generated code as being "cheated".

When he loads the code some times it will load fine, however other times it will do strange stuff (to his detriment). For example it could sometimes fail to load completely saying that it is "invalid". Other times it might cause him to suddenly die when taking too much damage etc. The idea is to make it so subtle that most hackers will think it works first time and they will not look in to correcting the "cheat" bits in the code.

 

[Kakerate]

@Dr Super Good; Lmao XD ..those are awesome ideas. I really like the idea of being subtle as to avoid detection, I was thinking that approach would be pretty effective. I never thought of flagging codes, that's another sneaky way of doing things.

@Dat-C3; Maybe elaborate on your ideas a little bit, I don't really understand.

 

[Tal'Rarity]

I don't wanna... =(

You know how to contact me in private on Bnet and here so ask me there.

DSG has some pretty awesome idea's however people would eventually figure it out, or well the one out of a million would I mean. Nobody would consider anyone flagging your fake/hacked code.

 

[Dr Super Good]

DSG has some pretty awesome idea's however people would eventually figure it out, or well the one out of a million would I mean. Nobody would consider anyone flagging your fake/hacked code.

Well it is well known commercially by now. Even Blizzard employs a similar method against hackers where it will only ban them some variable time after the offense so hack developers have no immediate feedback (they cannot be sure if a hack was undetectable or not). This greatly slows down the iterative development process for hacks and does so to such an extent that you may find the hackers write it off as being done before it is truly hacked (all the secrets of your security are discovered).

Obviously people can still hack it, however your aim is to stop 99.9% of hackers not the 0.1% of highly determined hackers who do it for themselves.