How to check for a file's authenticity?

Question

Let's say I write a game application. I want the level of the player to be stored in an external file.

How can I prevent a hacker from writing and modifying the file to put another level ? I want the file to be modified by my application only.

I can sign the file's content with a key, but then this key will be stored in the application, therefore it would be possible for a hacker to decompile the binary and find the key.

Is there any way to do this ?

Answer 1

In addition to what everyone else has said, you should also consider the fact that as long as the application is loaded in the computer's memory, there's nothing stopping someone from simply modifying the level ( or any other value for that matter ) by just scanning the memory until they find the value they need and then replace it, so you should probably consider checking for abnormal increases in any value.

Answer 2

You can use hash algorithms with a symmetric key or public/private key pairs. you can check MAC (message authentication code) to get an idea, these methods will provide integrity and with a key authentication of the file.

Answer 3

No, there just isn't a secure way to do this. Whatever your application can do, an attacker can always replicate.

If its just a desktop game, you can get away with security through obscurity. But if it must be secure, the only way out is to store that information on your servers.

Answer 4

One easy way would be to start with a checksum. Calculate the checksum when you modify the file and persist it. When you need to check authenticity, re-calculate the checksum and compare it to the value you've stored. It's not a 100% guarantee, but it's simple and might be enough for your needs.