Game Center hack now :( - Anyway to stop it?

Objective Zero · January 2011

I am creating a game for the app store and I am planning to add Game Center support but I need to find a way to stop outside code from going into my app because of this dudes hack: iClarified - Apple News - Apple\'s Game Center Has Been Hacked (Comments)

Any idea how he did it, if so how can I stop it? I recently heard there was Jailbreak API from Apple but I think they discontinued it. I already have anti-piracy code in my app so this is the last step before I am clean from any hackers out there.

Please let me know!

dany_dev · January 2011

probably intercept the call (probably http) with the score, and change it.

i don't think that you can do much. apple need to implement some encryption method, so that user can't modify highscore on the fly changing just a string.

iSDK · January 2011

This is in fact the best way. If you go onto iCodeBlog, they have a leaderboard tutorial which allows you to provide a secret string which will stop the user editing it's highscore:

dany88;287560 said:
probably intercept the call (probably http) with the score, and change it.

i don't think that you can do much. apple need to implement some encryption method, so that user can't modify highscore on the fly changing just a string.

Objective Zero · January 2011

iSDK;287579 said:
This is in fact the best way. If you go onto iCodeBlog, they have a leaderboard tutorial which allows you to provide a secret string which will stop the user editing it's highscore:

Thanks, is this what you are talking about? iPhone Coding Tutorial ? Creating an Online Leaderboard For Your Games | iCodeBlog

iSDK · January 2011

Correct, I didn't read through the tutorial, I just implemented it by myself, double check that you have changed the string "some_secret" in page 2 and 4 to whatever you want the 'secret passcode' to be.

edit--------------

if you know some html you might wanna change the get_scores.php html code to make it look nicer...

Objective Zero;287592 said:
Thanks, is this what you are talking about? iPhone Coding Tutorial ? Creating an Online Leaderboard For Your Games | iCodeBlog

Mizonnz · January 2011

While that tutorial is a start I still think that's pretty shoddy security, anyone watching the connection stream (eg. by placing a logging computer between their wireless access point and internet connection) would get the "secret" as it's just plain text placed in the url.

A better idea would be to use some sort of hash combining the secret with the username and score and sending that, and the receiving webserver can create the same hash to see if they match. Better yet would be to encrypt the whole message with PGP or similar, but that may be going a bit overboard for a game leader board.

dany_dev · January 2011

as i said, what you should implement is just encrypt (With a secret key that is not shared) the score, so that it can be changed only if you know how to encrypt it.

Objective Zero · January 2011

dany88;287731 said:
as i said, what you should implement is just encrypt (With a secret key that is not shared) the score, so that it can be changed only if you know how to encrypt it.

Alright so I should convert my int into an NSString, then encrypt it, then how would I decrypt it so the code knows what the int is so I can upload it but still in a secure way?

dany_dev · January 2011

basically you need to convert int to string and encrypt it (with a secret key, using 1 enctrypt method), send to your server to a script (php?) that decript it (because it know the secret key)

Objective Zero · January 2011

dany88;288277 said:
basically you need to convert int to string and encrypt it (with a secret key, using 1 enctrypt method), send to your server to a script (php?) that decript it (because it know the secret key)

Oh theres no way of doing it without php? I want to stick with the device only

Magic Hands · January 2011

If you sending data to a server you will need php.

Objective Zero · January 2011

Magic Hands;288310 said:
If you sending data to a server you will need php.

No what I am saying is, can I do this without any server or outside data needed?

xqtr · January 2011

Objective Zero;288314 said:
No what I am saying is, can I do this without any server or outside data needed?

You need to have the data somewhere if you want other users to share data with each other (like on a leaderboard). That's why you need a server with eg. PHP and MySQL installed.

Objective Zero · January 2011

xqtr;288320 said:
You need to have the data somewhere if you want other users to share data with each other (like on a leaderboard). That's why you need a server with eg. PHP and MySQL installed.

No i think you got confused. I want to have an encrypted int so the game center leaderboards cannot be hacked like I said in the 1st post. So I want to do this on the device only without using php or any other outside servers.

xqtr · January 2011

Objective Zero;288328 said:
No i think you got confused. I want to have an encrypted int so the game center leaderboards cannot be hacked like I said in the 1st post. So I want to do this on the device only without using php or any other outside servers.

Oh, ok. Maybe this could help:

http://www.saobart.com/md5-has-in-objective-c/

dany_dev · January 2011

if apple game center doesn't provide encryption, you can't do nothing w\o a your custom script.

Howdy, Stranger!

Forums

Game Center hack now :( - Anyway to stop it?

Replies