Ideas on making a game hack-proof?

This is probably one of my biggest concerns when the time comes to make a big game that will take possibly years to make. 

I have only one idea, but the rest I leave up to the community. 

Clash Royale is very difficult to hack because its database and the game’s code is hosted on a server, which makes things such makes fake gem generators not work. The only way to hack it is to host your own game on your own private server.

How can I achieve this level of hack protection?

Would I need a server, such as one for DigitalOcean, or will GameSparks help me out with this?

Simple just become a triple-A studio and spend big, big $.

All snide remarks aside, let me be first with some advise you’re sure to get from others

1. I forget about this.
2. Years?  Don’t work for years on a game.  While a rare Indie could make this work 99.99% will fail trying this.  (I think you were actually using this as an example, but just in case.)
3. Yes, you would need your own server.  This implies you would need to code up your own back-end or get someone to do it and maintain it for you.  This is big and costly unless you are already an expert in this area.  I’d avoid any games that need a server till I know how to make games w/o.  
4. Please further define hack.  Hack is a pretty general term.   You may get much clearer and better device if you enumerate the top things you want to prevent users from doing.  However, the advise will probably be, don’t worry about it.
5. The primary benefit I can see for having a server (besides hosting the game/content) is to protect from IAP fakery and in-game currency fraud.  I’m sure there are other benefits.
6. Did I say forget about this?   I mean it.  Until your game achieves massive scale, worrying about this kind of thing is pointless and costly, as well as distracting.

Now, back to coding single-player offline games first.  Don’t get suckered into the notion of making $.  Do it for the love first, especially while you are young and don’t have to worry about anything else like paying the mortgage, …

PS - You mentioned GameSparks.  I’m used to doing this kind of thing on my own, but yes there are services out there too, but using any of them requires a certain level knowledge so you can ask about the right features, so this doesn’t let you off the hook in the learning department.  Just a warning.

I agree with Ed. You can use as much protect app as much as possible but a hacker can alway find away. I don’t think Android user who wants to get lots of in app currency has ever thought “well I guess cannot get all coins I want, I guess I will just pay with my credit card”. I say this with experience. I tried to hack angry birds epic an online based game which stores all your data in the cloud. I spend a couple days on this could not find away. I still have not spend a cent on this game to this day. Plus server based games = expensive. There is a lot checking that need to be done like is the user on another device with the same account? Constantly checking for currency changes and new user data. It is a very complex setup that requires a lot of bandwidth. Unless you are a big studio with lots of money and lots of resources it is hard to recommend a server based game. Plus like all server based games, they use go amount data and don’t work offline. Name one famous indie game that made it big with a server based game.

Thanks for the info. The “giant project” was an example.  And also, the IAP fakery and game currency fraud are the two major things I am looking at blocking. But, I am nowhere near the level of doing this, and the game would have to be massive for people to start hacking it.

I mean Clash Royale as 100 million+ downloads on Android and iOS, each.

When I mean hack, I mean adding features to the game that make you superior over honest skilled players, without any skill whatsoever.

(Such as Game Currency Fraud)

As for the server, I have a dedicated VPS that is already configured via command line. But it is tailored for websites and hosted by 1&1, so I believe that is out of the question. 

Plus, I am not implementing IAPs into my first game, so… 

the most nearly-bullet-proof way of making a game non-hackable is to not publish it – easy-peasy

How are you going to make money? Ads are great and all but even Clash Royale iAP. Ads cannot run a server. Server based currency ~= 100 million downloads.

Well played.

Well if I need to make a game that I will need a server for, it would have to be so big that I would remove ads. 

For now, the first game will not be server-based so, ads.

I think there are a couple different concepts to be considered here.

First, when you talk about Clash Royal being hard to hack because it has a server, I think “hack” isn’t the right word. It’s hard to “cheat”. They probably have to spend considerable efforts to prevent hackers from infiltrating their servers to steal account information, passwords, credit card information (though that particular game probably doesn’t deal with credit cards). I spent 10 years working on the backend code for a company that did online games. Servers are in some ways much easier to attempt to hack than mobile apps are.

What I think you mean is preventing cheating. There are a couple of different modes for doing multiplayer games. One is peer-to-peer. In this case each client is making decisions on what’s happening. I might be able to hack my client and make my character do 10X damage that I’m supposed to. In a peer-to-peer setup, there is no one to enforce the law and cheating can run rampant.

In our games, the software that ran on computers outside of our control were nothing more than input and drawing apps. Our servers made all the decisions. In other words the client would say “I want to attack the orc with my longsword”. Our server would check to make sure you had a long sword, the orc was within range and determine the amount of damage done. Then the server would tell the client what happened. This is strong prevention against cheating because the users are never in control of the rules.

Rob

Sorry, cheating was the word I was looking for.  :wacko:

We always ran on a motto of “Never trust data from the player and assume they are cheating” when we wrote our server side of the games.

Rob

Hi SKDtester15

At GameSparks we encrypt our websocket, meaning all traffic is encrypted. Less prone to attack.

We also allow you to run any logic prior to processing of score or game logic through our Cloud Code to catch cheaters through your own means, like comparing to an average, or flagging anything out of the ordinary

We also give you powerful monitoring tools. Monitoring tools will help you look at every request, response and message made.

While we don’t offer cheating protection out of the box, if you know what you’re looking to prevent, GameSparks can help you achieve it. If you want to know more, please contact support and they can address the concerns you may have for a project - https://support.gamesparks.net/support/home

Clare

Thanks again!

Simple just become a triple-A studio and spend big, big $.

All snide remarks aside, let me be first with some advise you’re sure to get from others

1. I forget about this.
2. Years?  Don’t work for years on a game.  While a rare Indie could make this work 99.99% will fail trying this.  (I think you were actually using this as an example, but just in case.)
3. Yes, you would need your own server.  This implies you would need to code up your own back-end or get someone to do it and maintain it for you.  This is big and costly unless you are already an expert in this area.  I’d avoid any games that need a server till I know how to make games w/o.  
4. Please further define hack.  Hack is a pretty general term.   You may get much clearer and better device if you enumerate the top things you want to prevent users from doing.  However, the advise will probably be, don’t worry about it.
5. The primary benefit I can see for having a server (besides hosting the game/content) is to protect from IAP fakery and in-game currency fraud.  I’m sure there are other benefits.
6. Did I say forget about this?   I mean it.  Until your game achieves massive scale, worrying about this kind of thing is pointless and costly, as well as distracting.

Now, back to coding single-player offline games first.  Don’t get suckered into the notion of making $.  Do it for the love first, especially while you are young and don’t have to worry about anything else like paying the mortgage, …

PS - You mentioned GameSparks.  I’m used to doing this kind of thing on my own, but yes there are services out there too, but using any of them requires a certain level knowledge so you can ask about the right features, so this doesn’t let you off the hook in the learning department.  Just a warning.

I agree with Ed. You can use as much protect app as much as possible but a hacker can alway find away. I don’t think Android user who wants to get lots of in app currency has ever thought “well I guess cannot get all coins I want, I guess I will just pay with my credit card”. I say this with experience. I tried to hack angry birds epic an online based game which stores all your data in the cloud. I spend a couple days on this could not find away. I still have not spend a cent on this game to this day. Plus server based games = expensive. There is a lot checking that need to be done like is the user on another device with the same account? Constantly checking for currency changes and new user data. It is a very complex setup that requires a lot of bandwidth. Unless you are a big studio with lots of money and lots of resources it is hard to recommend a server based game. Plus like all server based games, they use go amount data and don’t work offline. Name one famous indie game that made it big with a server based game.

Thanks for the info. The “giant project” was an example.  And also, the IAP fakery and game currency fraud are the two major things I am looking at blocking. But, I am nowhere near the level of doing this, and the game would have to be massive for people to start hacking it.

I mean Clash Royale as 100 million+ downloads on Android and iOS, each.

When I mean hack, I mean adding features to the game that make you superior over honest skilled players, without any skill whatsoever.

(Such as Game Currency Fraud)

As for the server, I have a dedicated VPS that is already configured via command line. But it is tailored for websites and hosted by 1&1, so I believe that is out of the question. 

Plus, I am not implementing IAPs into my first game, so… 

the most nearly-bullet-proof way of making a game non-hackable is to not publish it – easy-peasy

How are you going to make money? Ads are great and all but even Clash Royale iAP. Ads cannot run a server. Server based currency ~= 100 million downloads.