![]() ![]() Var _file = file_text_open_write(filename) įile_text_write_string(_file, _save_string) įun fact - the # symbol is never called "pound" in the UK, it's always been the "hash symbol", long before Twitter. Var _hash = sha1_string_utf8(_save_string) SHA1 hash strings are exactly 40 characters long Make a hash (we're using the UTF-8 hash variant here) Var _save_string = json_encode(save_map) Here's how we save our file: //Find our savefile string This is surprisingly easy to do in GameMaker, only a few lines of code. We recompute the hash for the input string and if it's not what we're expecting then someone has tampered with the savefile! Then when we load in the string we can separate it into two parts: our original input string, and our expected hash of that input string. What we're going to do is take a string that holds all of our savedata, make a hash for it, and add that hash onto the end of the string. GM has some extra functions for hashing buffers so you'll need to use those.) (If you're really fancy you'll be using buffers - you'll still be able to protect your savefiles using a hash but your implementation will be a bit different. Regardless, we're going to be hashing a single string that represents all the data we want to save. Or, alternatively, you can come up with your own string-based format. For those who aren't using JSON, you can use a string returned by ini_open() instead. Let's say we have all of our savedata held in a string returned by json_encode(). We're going to use a hash as a way to check that a savefile has not been edited - if the savefile changes, the hash of the savefile also changes. We're not so concerned with the actual algorithm, just that it obeys the rules above. ![]() ![]() There are lots of hashing functions out there, but we're going to use SHA1. We call the output of a hashing algorithm a "hash" or a "digest". It should be hard to find two different inputs that give the same output.It's very hard to reverse the process - you shouldn't know the input given only the output.If you run the hashing function twice on two slightly different inputs, the outputs should be different.A hashing function takes a single input and gives a single output (of a fixed size).A good hashing function has many properties, but let's focus on the important ones: Hashing can refer to many things, but here we mean a particular type of cryptographic function. There are many kinds of security holes, but savefile editing is the one we'll be dealing with today. ![]() Having security holes means that people will be able to circumvent your carefully designed game rules and cheat, putting players who are playing legitimately at an overwhelming disadvantage. Making the game easier isn't an issue in itself (accessibility is a big deal for many kinds of gamer) but when it comes to achievements and online leaderboards it is essential that everyone is competing on a level playing field. If someone was to come along and change some of these numbers then it'll mean they can skip large parts of the game, give themselves fancy cosmetic items they haven't earnt, or cheat to make the game easier. You'll save stuff like highscores, number of lives left, which levels have been beaten, what bonus cosmetic items have been unlocked, and so on. Savefiles contain lots of information, most of which is critical to making sure the player doesn't lose progress between game sessions. This short article will show you a way to solve one of these problems. Savefiles can be a security weakness for games.Don't let your sink overflow because wet 18th Century ceilings are unstable and liable to collapse.I learnt a couple things from the experience: Unfortunately, that computer bit the dust when my house's ceiling collapsed directly onto it. I think I was giving myself extra lives on James Pond. I started my gamedev career at the tender age of 5 by editing savefiles on an old Acorn computer. The following blog comes from the prolific GameMaker developer Juju ( and aims to teach you all about the importance of game save files and how best to protect them from loss or unwanted manipulation of data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |