Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (498)
Games in Android Showcase (114)
games submitted by our members
Games in WIP (563)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Storing player data  (Read 2747 times)
0 Members and 1 Guest are viewing this topic.
Offline idFade

Junior Newbie





« Posted 2011-07-20 18:22:33 »

Im working on a rpg game and i have a problem, storing player data.
I was thinking about storing save games in plain text files within the jar or in directories placed near the jar file, but that would be really easy for the player to modify, which will make the game less challenging and less fun. I have been thinking about serelization as well, but i don't know anything about serelization and it seems awfully complicated. Is there any other alternatives?
Offline Mike

JGO Wizard


Medals: 76
Projects: 1
Exp: 6 years


Java guru wanabee


« Reply #1 - Posted 2011-07-20 18:36:39 »

Storing it online (which also gives shared saves over several computers) or doing something like gzip on the saved file (still possible to modify but it's not as easy).

Is it so bad that people can change it though? If they want to cheat in a single player game, let them Smiley

Mike

My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Offline Z-Man
« Reply #2 - Posted 2011-07-20 18:48:54 »

You could use a really simple encryption on the text file.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Mike

JGO Wizard


Medals: 76
Projects: 1
Exp: 6 years


Java guru wanabee


« Reply #3 - Posted 2011-07-20 21:27:59 »

Just remember that the code you put on the client to decrypt the file is super easy to break so just do something that's simple enough for you to create while stopping the really basic attempts to alter the file. Don't expect to build a flawless system and just accept that if someone really wants to, they can cheat.

Mike

My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Offline Z-Man
« Reply #4 - Posted 2011-07-20 21:34:13 »

Ya that's definitely true, you could just have an encryption algorithm that deters casual players, but people who know what there doing would probably be able to cheat. I also had the idea for creating one that changes for every user, or for every save of the user. So like if your user names their character then you could use that name to build a key. Not sure how well that would work though. Maybe if you used a Random object, and the name of the saved character (converted to an integer) as a seed then you could create a random key based off the name that could be reproduced by your program. Even with that though someone could probably decrypt it and cheat. Just a thought though.
Offline h3ckboy

JGO Coder


Medals: 5



« Reply #5 - Posted 2011-07-20 21:38:18 »

yeah, its a great idea, but the problem is, that anything the program can do, the player can decompile it and do. So any encryption key you have will be compromised Tongue.

However, most ppl will be easily put-off to the idea of cheating, and if they see something even a little encrypted they'll just give up and play Smiley.
Offline Z-Man
« Reply #6 - Posted 2011-07-20 21:41:47 »

yeah, its a great idea, but the problem is, that anything the program can do, the player can decompile it and do. So any encryption key you have will be compromised Tongue.
That's why I was trying to come up with a way to NOT hard code the encryption key into the game. Although with the idea I posted above, if someone knew the name of their character and the process used to create the key (and thanks to being able to decompile bytecode this wouldn't be hard to figure out) they could probably decrypt the file. It really sucks that Java bytecode can be decompiled so easily >_<.
Offline h3ckboy

JGO Coder


Medals: 5



« Reply #7 - Posted 2011-07-20 21:48:18 »

hahah yeah, so true, thats one of the downsides to proramming in java :/.

I have heard about jar2exe converters so those might do soemthing.

on another note, here is a thread that has discussed this idea:

http://www.java-gaming.org/index.php?topic=24404.0
Offline Z-Man
« Reply #8 - Posted 2011-07-20 22:02:34 »

I've seen a few jar2exe converters around the web I have never actually used one though. Part of the problem most of them are paid. I've also looked at obfuscation but most are paid, and I really don't need either of them right now. It really isn't that big of a deal for me because I really don't know enough about game programming to make a game that I would release for free or as a product. People releasing games would probably want to look into it though (If the game is written in Java that is, AFAIK other languages don't have this problem since they're compiled into machine code).
Offline zoto

Senior Member


Medals: 4



« Reply #9 - Posted 2011-07-20 22:35:42 »

You can decompile any program but someone cheating in a single player game is much more likely to use a memory editor like cheat engine.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline static_flashlight

Senior Newbie




Software Engineer


« Reply #10 - Posted 2011-07-20 22:58:54 »

Just remember that the code you put on the client to decrypt the file is super easy to break so just do something that's simple enough for you to create while stopping the really basic attempts to alter the file. Don't expect to build a flawless system and just accept that if someone really wants to, they can cheat.

Mike

That's some pretty good advise.

It probably couldn't hurt to try some simple methods of encoding, then see how effective they are by trying to get friends or community members to see what they are able to do with it.  You can't know how secure something is until you have tried to break it.
Offline idFade

Junior Newbie





« Reply #11 - Posted 2011-07-20 23:02:46 »

Encrypting the save data sounds like a pretty good solution, thanks ^^

Thanks for the idea of generating unique encryption seeds as well, it makes it harder to crack for the casual gamer ^^
Offline ra4king

JGO Kernel


Medals: 345
Projects: 3
Exp: 5 years


I'm the King!


« Reply #12 - Posted 2011-07-21 01:16:27 »

Also you mentioned Serialization being hard, what's so hard about it? Make the classes you want to save implement Serializable then just create an ObjectOutputStream that wraps around a FileOutputStream. To read it back in, wrap a ObjectInputStream around a FileInputStream.

Offline Z-Man
« Reply #13 - Posted 2011-07-21 01:21:10 »

Oh also I forgot to mention, I wouldn't use the .txt extension on the game save files. It seems to me like someone cheating would go for the easy stuff first, and it doesn't get much easier than opening a .txt file in a text editing program.
Offline Gudradain
« Reply #14 - Posted 2011-07-21 02:11:19 »

Options :

1. Store key for encryption online that way the cheater can't decode the key unless he connect to your server.

2. Add MD5 checksum over all the text file so someone can't change something without changing the checksum too (well he could always generate a new checksum and replace the old one) (Is it long to generate MD5 checksum?)

3. Add +1 to the ASCII code of every character (that make it unreadable) (character = dibsbdufs)
Offline Dx4

Junior Member


Medals: 5



« Reply #15 - Posted 2011-07-21 09:55:54 »

Im working on a rpg game and i have a problem, storing player data.
I was thinking about storing save games in plain text files within the jar or in directories placed near the jar file, but that would be really easy for the player to modify, which will make the game less challenging and less fun. I have been thinking about serelization as well, but i don't know anything about serelization and it seems awfully complicated. Is there any other alternatives?

Sign the jar, and save the game state as a class using ObjectWeb ASM (or some other class modifying library). Replace the game state class file within the JAR, and generate a new checksum for the file. Save the checksum into MANIFEST.MF. When they try to modify the saved game state (which I doubt many could), save it and then try to run it again, the JVM will crash as the checksum for the class doesn't match. For extra security, check manifest.mf when the game starts and do a file integrity check on each file in the JAR file against the entries in the manifest. This will also ensure that people can't just remove the signing on the jar.

Example class:

1  
2  
3  
4  
public class State {
 private static int numLives = 100;
 private static int health = 100; .. etc
}


then use a class modifier to rewrite the values in the state class.

Alternatively, just use XML or OOS to save the state, and use JCE (DES, AES256, etc) to encrypt the data using a key generated with some special data, eg last modified time of the executing jar, OS type, etc

for example:

1  
byte[] key = md5(System.getProperty("user.name") + System.getProperty("os.arch"));
Offline Mike

JGO Wizard


Medals: 76
Projects: 1
Exp: 6 years


Java guru wanabee


« Reply #16 - Posted 2011-07-21 12:02:06 »

Nice post Dx4 but it'll still be possible to backwards engineer and change the save file.

The question you need to ask yourself is:
Who do I want to protect the save file from (regular joe/advanced joe/junior programmers/senior programmers)?

As long as you are fine with just protecting it from most people, spend an hour on making something like outputting a gzip of the data to the file or write a serialized object. If you want to protect it against everyone just accept that it won't be possible and spend as much time on it as you can spare. In my opinion that would be no time at all as it's more imporatnt to have a fun game than a good save system If it is a problem that people are changing your save files then see it positively, someone is playing your game!) Smiley

Mike

My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Offline Dx4

Junior Member


Medals: 5



« Reply #17 - Posted 2011-07-21 12:52:40 »

Nice post Dx4 but it'll still be possible to backwards engineer and change the save file.


obviously, people who want to hack your game and are dedicated enough WILL be able to, it's impossible to protect it from everyone, but with what I wrote above when mixed with some fancy obfuscation will prove to be a very burdensome task to reverse engineer and change.

- David
Offline counterp

Senior Member


Medals: 11



« Reply #18 - Posted 2011-07-21 13:21:39 »

even if you store data using a byte buffer, it will make it hard for an average player to edit the file (you would have to encrypt strings though, since they will stay the same when you open the file)
Offline Cero
« Reply #19 - Posted 2011-07-21 13:36:55 »

Also you mentioned Serialization being hard, what's so hard about it? Make the classes you want to save implement Serializable then just create an ObjectOutputStream that wraps around a FileOutputStream. To read it back in, wrap a ObjectInputStream around a FileInputStream.

This.

You don't even have to use Serializable, I just use ObjectOutputStream / Input.  (Of course you do, mixed something up, sry =P)

Offline Eli Delventhal

JGO Kernel


Medals: 42
Projects: 11
Exp: 10 years


Game Engineer


« Reply #20 - Posted 2011-07-21 17:39:10 »

You can store it on a server.

Or just not worry about it. I actually prefer games where I can easy modify stuff - I generally play through normally first and then go crazy with cheating a second time. It's fun to do. Let players make their choice and just give the file a different extension so that text editors won't automatically open it. Most players won't bother looking into the save files.

See my work:
OTC Software
Offline Miruko

Innocent Bystander





« Reply #21 - Posted 2011-07-29 08:25:37 »

Hi, i have the same question, what is the best method to store something offline on a local machine? i mean the classic savegame, or just a character data sheet, without using online methods and obviously without storing it on a .txt file. Should i create a file with custom extension? or the is a way to have a local DB?
Offline Mike

JGO Wizard


Medals: 76
Projects: 1
Exp: 6 years


Java guru wanabee


« Reply #22 - Posted 2011-07-29 10:00:16 »

Didn't we just discuss this very question? Read through the thread, decide as to how far you want to go to stop people from changing your save files and then go from there Smiley

Mike

My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Offline Cero
« Reply #23 - Posted 2011-07-29 13:06:19 »

I don't think DB was mentioned. Obviously you can use JDBC and then use Oracle with PL/SQL or Mysql DB for a game aswell.

Offline Mike

JGO Wizard


Medals: 76
Projects: 1
Exp: 6 years


Java guru wanabee


« Reply #24 - Posted 2011-07-29 19:55:24 »

Sure, but that's even less secure/stable than the text file option Smiley

Mike

My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Offline woogley
« Reply #25 - Posted 2011-07-30 01:01:58 »

I almost always just use SQLite. It's simple, it's structured, and if someone wants to cheat .. who cares? As long as they have fun.

This only really matters with competitive data (highscores sync'd with a server and whatnot), but "securing" that is a very different topic.
Offline Mads

JGO Ninja


Medals: 26
Projects: 3
Exp: 6 years


One for all!


« Reply #26 - Posted 2011-07-30 21:44:29 »

It depends on how far you want to go. If it's a single-player game, and not online, why should players not be able to altar their save files? Does it harm the game, for you?
If you just save the information in a file, but use a binary format instead, humans wont be able to read it. However, no matter how much you encrypt and zip the files, you'll at some point need to de-serialize it, and there's nothing stopping people from decompiling your source code and looking how you're doing it. If you can do it locally, so can they.

Consider if it's worth it.  Smiley

Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

BurntPizza (18 views)
2014-09-21 02:42:18

BurntPizza (13 views)
2014-09-21 01:30:30

moogie (14 views)
2014-09-21 00:26:15

UprightPath (25 views)
2014-09-20 20:14:06

BurntPizza (27 views)
2014-09-19 03:14:18

Dwinin (40 views)
2014-09-12 09:08:26

Norakomi (73 views)
2014-09-10 13:57:51

TehJavaDev (96 views)
2014-09-10 06:39:09

Tekkerue (49 views)
2014-09-09 02:24:56

mitcheeb (70 views)
2014-09-08 06:06:29
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!