In this section I'll cover the previous bug and hack and offer solutions.
The Rank Glitch
I discovered this glitch when a friend was over at my place and wanted to give Shadow Era a go. I was busy in a game on my phone so I let him log in to my account on the PC and play against the computer. When I finished my game on the phone I got the data error and my rank didn't go up or down. Since he was still playing away on the PC I just continued to play challenges for fun and it never moved.
Soultion:
Add a server side session limit. If a player tries to log in from a client when they are already logged in from another one, show them a warning message alerting them of this and give them the option to disconnect the other session if they'd like. If they are in a game on the other session and they decide to kick it out, it results in a loss.
From the programming side, a player is always consider to be logged in from a session until they hit option and log off. That means if they logged in on their phone and the phone died or they haven't opened the app in a few days, they are still consider logged in by the server. So when they try to log in on the PC, they are shown the currently logged in message and must choose to disconnect their phone. The second part of this is any time something is done in the client whether its clicking challenge, trying a CPU game, clicking modify deck, merchant, or world a message must be sent from the client to the server saying it is attempting to do something. That way the server verifies the client is indeed the one that is currently logged in can send an okay message to the client to proceed. If this check isn't implemented it will allow for several other exploits.
The "Defeat Bug" Hack
I've been doing these sorts of cheats for games since the SNES days when I was 12 years old. Any child with 15 minutes of free time on their hands could have come up with this and thats a problem. Any hacker with any experience whatsoever would have an easy time with this game and thats why we see so many I'd suspect.
Solution:
Variable obfuscation. The HP of players should not be stored in plain text. There needs to be a very simple algorithm that converts the HP to another number (say: HP * (-)varX) so it isn't so easy to search for the HP variable in memory. This function must exist inside the main game loop and run frequently (much more often than real HP changes occur), the variable used in the algorithm must be generated randomly and always store one previous copy of the random variable. Any functions that need to do calculations on a players HP must called on the decrypt function to return the answer, but in those situations the variables should be created and destroyed every time the functions are ran so the result doesn't always occupy the same memory space. And this can be done exceptionally simply like the following:
Code:
encrypt{
random(x)
if (done>0)
decrypt(y)
y(hp)*x = HP
z=x
done++
}
decrypt returns HP/Z
There are much much better ways of obfuscating data in your program though and it would be better for the developers to research and implement them but at the very least something like this should be done in the mean time and would help curb cheating a lot.
Bookmarks