Reputation:
How to prevent the player from editing a stat file in Java
I am creating a game where I use a file to record player stats (speed, level, etc) so you can keep using your character after exiting the game. My problem is in my test version I am using the basic Java Filewriter to save/read the stat file but someone could just open it up with notepad and change the stats (which I don't want).
Is there a safer and more secure way to do this and if there is could someone link a tutorial to it?
I had heard the using XML might help but I am clueless as to where to start on this.
Upvotes: 1
Views: 348
Answers (1)
Reputation: 180934
First, some general advice: If all of your stuff is on the client side, you can do nothing to protect it. You can only increase the time it takes someone to decrypt it. So if you are really worried about a player manipulating their save games, you have to turn your game into an always-online cloud-storage solution (which comes with its own problems, not just technical).
Second, why would you want to prevent players from editing their savegames if your game is not online? A lot of gamers (me included) like some good storytelling but not necessarily all games, and more than once I reached the point where I didn't like to play the game anymore but wanted to know how the story and characters go, or I just wanted to experiment. Without a savegame editor, I would've completely disengaged from the game, but thanks to cheating I had a great time seeing how the rest unfolded (and some guilty pleasure one-shotting certain tough enemies). If a player wants to cheat in a single-player game, why not? It's their experience, and it can keep them engaged.
The two reasons to prevent cheating are support and competetive scenarios. If one-shotting a boss character prevents an event that's supposed to run at 50% health to run and if I then complain that my game is in an unwinnable state, you have extra work figuring out that the savegame was manipulated and that it's not a bug on your side. On the competitive side, if you have achievements or leaderboards, cheaters are a problem.
But then again, you can't have competitive elements in a game that's 100% on the client since you can't do anything to prevent tampering.
Here are a few tips how to make tampering harder:
- Using a checksum on the savegame
- Encrypting it with a key stored in your code, or (brittle!) using the SHA1 of some file in your game as the encryption key
- Keeping a list of "valid" states and detecting impossible situations, e.g. a Level 3 character with 9000 HP or a Level 20 character that hasn't progressed past Chapter 2 in the story, or a character wielding the Tainted Blade of Armageddon outside of the Cloud Castle dungeon
- Detect that the savegame was manipulated but letting the player go ahead, just letting them know that technical support wouldn't be granted for issues with that savegame.
Upvotes: 1
Related Questions
- How to prevent a user from opening/changing/editing a file inside a jar
- Limit writing in a file with java?
- Can I save a text file without giving users ability to modify it?
- How to open a file as read-only with java?
- Java: Possibilities to protect files against manipulation
- Prevent file to get write from user or any application
- Change permission of a created file so only the current user can read it
- how to edit a file in java that becomes read-only at run-time
- Put a lock on file
- Creating an uneditable data file in Java