Well curb it at least

I’ve had a couple of problems with people cheating on the Attack of the Meeplings scoreboard. My guess was that they were using some kind of memory hacking tool such as Quick Memory Editor - Which is quite a cool program

The way it works is by searching through the memory of a game being played and locating the place where the information resides. Once the location is found, it’s pretty straightforward to alter the value and give yourself whatever you need, higher score, more lives, more money, whatever you can find you can change.

Lets say your score on an online game is 1200. In order to find the memory location you would search for that number. You will probably get a large number of possible locations, and because writing to random locations in memory can be quite disastrous you play the game a little more until your score changes to say 1400. Then you can narrow down your search to places that contained the value 1200 but now contain the value 1400. Once you’ve found the location you can alter it.

The problem with cheating in this way is that you need to be able to find the location of the data you are looking for. So my solution was to make this slightly more difficult to do.

I encoded the score as s = n + m where m was a random value and n is initalised as -m . Whenever I needed to know the score I simply returned the sum of n and m.

Because no one knows the values of m or n (not even me) searching for them in memory requires a few more tricks than a simple search.

I don’t claim that the above method is foolproof, there are probably some more advanced memory hack tools out there that might be able to detect such a scheme. But a little protection is better than no protection, and I will revise my methods should the need arise.

Update to How to Stop Highscore Cheating

Since writing my post I realised that there was still one bit of information known to the alleged cheater. They know how much their scores have differed between attempts. I don’t know if the memory hacker tool I used has this feature, but theoretically you could search the memory space for all values that have been changed by x amount.

It is therefore my opinion that we should set n = a + b

Where a = (-m/2) and b = (-m/2)

And whenever we want to update the score we randomly decide whether we want to update a or b. This makes even searching for the difference difficult as a, b, n, m are all unknown.