Last time I was writing about how cheating with leaderboards is possible in mobile games. There are applications that allow cheater to search memory for the interesting value and change it during the game runtime. This is obvious that those values can’t be stored in memory as themselves. How to encrypt them and in the same time make the whole mechanism easy to use?

One of the easiest and the fastest way to encrypt the value is to xor it by a random key. Because we’re planning to use many types and floating points types can’t be xored they have to be casted and stored in the biggest available chunks of data. The uint64_t will be just fine.

Let’s create a new class which will be our safe type.

As you can see there are three values.
The idea is very straightforward:

  • When creating and modyfying the value the new key is generated.
  • The value is encrypted by this key.
  • Both of them – the encrypted value and the key are saved in the memory.
  • The unencrypted value is used to create a check copy, which is created by xoring it with a static, random number.

The whole constructor should look like this:

The tricky bit-level casting is a casting to another type without conversion. That means all bits from, for example, float will be moved to the int untouched.

The check copy will be used as the final defence line for cheaters, who somehow find the encrypted value.

When the safe_type is called it has to decrypt saved value, check it and return as the normal type.

The most of Sunday cheaters won’t find the proper value to change. If the cheater will find it somehow he will have to know how to change all three used values to not cause an assertion (and they can’t blame programmer for an application crash in this situation).

This is, of course, only a suggestion how to do this kind of obfuscation. The trickier the encryption will be, the better.

The only thing that has left is to overload operators, so the whole class will be easy to use.

In the solution here there is a complete code with all necessary operators and the simple application that shows how to use safe_type class.