Protecting games from memory scanners (like Cheat Engine)

Question

I'm making a C++11 game where scores are sent to the server. I'm storing the score as a simple float, so people using software like Cheat Engine could easily change the value of the score before it is sent to server.

How can I protect my game against this kind of attacks?

Answer 1

There are many options you can do but the best is to not accept any important values from the client. Have the server do all the calculation and than send the values to the client.

Answer 2

There is really no way that you can ENSURE that the value isn't tampered with. What you could do is send sufficient information to the server that it can determine "is this possible" - for example, if your game is a "Pac-Man" style game, you could also provide all of the "Blobs" that Pac-Man ate, or the number per level and the time it took to complete each level, etc. It's not IMPOSSIBLE that a cheater can reproduce all the extra data needed, but it makes it much harder to do so if you are sending more data across.

But any data that is available at any time in your software is subject to being modified by a "debugger" type application. There's nothing you can do about that.

Answer 3

Encrypt any data you care about (or all data if possible) if you have to do anything on the client side in the first place.

Chances are it'll be better to have the server calculate anything important. For example, in Call of Duty, you want the server to decide who gets shot so that individual players' computers/latency/etc. doesn't get involved.

If you're doing a local-PC only game and just want to upload scores at the end, server calculations aren't an option. In that case you really have to just stick with encryption and obfuscating the important values in the first place. There's only so much you can do; it's probably never going to be bullet-proof if it's 100% client side calculated.

Answer 4

There will always be a way to bypass your protection. No matter how good it is. However, you can make it harder . There is an example: https://github.com/jgk2Th/anti-wpm .

Basically, the point is to create two variables with the same value and to move one of them through different positions in the RAM (simply said) to make finding it much harder. Then, compare values for differences.

This is a simplified code for the idea.

int VariableToProtect = 0;
int pVar[ 1000 ] = { 0 };
int Pos = 0; // 'pseudo-position' of the element (with same value as VariableToProtect) in pVar

while( !GetAsyncKeyState( VK_SPACE ) )
{
    if( pVar[ Pos ] != VariableToProtect )
        printf( "detected!" );

    ++VariableToProtect;

    Pos = rand( ) % 1000;
    pVar[ Pos ] = VariableToProtect;

    Sleep( 10 );
}

Answer 5

If it's massively multiplayer, then in theory, you can have some algorithm where the server requests answers to specific questions from a random group of users. A cheater will get different answers without some major collusion.

If in a game like Call of Duty, you could have 30 players and need a super majority to agree if a kill happened. That way, no single team could cheat by collusion methods. You'd still have to watch out for alternate accounts being used to climb a leader board.

Answer 6

Do not use bare variable.

int hitpoints; // hackable

Use encrypted wrappers.

struct SaltedHitpoints
{
     char encrypted[256];
     int getHitpoint()
     {
         return decode(encrypted);
     }
};

Do not assign it to any variable. Just pass it to another function so compiler keeps it in register.

No-one reads your registers .

// pass by value, dx register
// or xmm0 register
consume(enc.getHitpoints());

You are not sure if its a register? Then use assembly and keep it in register explicitly. No matter how hard hackers try, a memory scan can not scan anything that is out of memory.