If some costable item stored in playerprefs can be hacked or not?
I think it can because it stored in local computer’s registry?
Then, where must costable item info stored?
Its pretty easy to change it.
its in no form secure or alike
How about static var? user can also hack it?
anything thats in RAM or on the system can technically be hacked.
But a variable that only exists in ram is definitely more work than just changing an entry in a file and alike
so best is server side storing, I think?
definitely
though question is what you want to store there, what your game is about.
Most all script kiddies have a copy of ArtMoney or other similar app. In fact, I’d probably go so far as to say that’s more likely to occur than looking in the registry if they want to change a score or powerup value.
Either way, the best option is to bit twiddle the values and never store them naked. I’d use MD5 for playerprefs and XOR for in-game values. Like dreamora said, it can still be hacked but it would require knowledge of OllyDBG.
That of course is if you’re using a web build. Standalones require even more trickery as the source code is easily retrievable. ie, don’t store your hash/key in a string definition using a function named ‘encrypt/decrypt’
sorry but I can’t understand this. so how do that in unity?
For in memory “critical” values do something like this:
void setMoney( int value)
{
money = (value + 71) xor 67;
}
int getMoney()
{
return (67 xor money) -71;
}
This will stop 99% of memory scanner users. (Cheat engine)
For playerPrefs save an hash of some sort(togheter with the values). When loading values from playerPrefs check if the hash is still valid.
Everything is “hackable” until it is done by the client.
2 Likes
You’d probably want this available if you’re doing anything online/php anyway.
http://www.unifycommunity.com/wiki/index.php?title=MD5