Hax on the Top 25 Wealthiest board

[Zaxxon]

After giving it a lot of thought, I'm calling hax: There is simply no way to collect 4.5 million gold using only 361 moves in this game.

I have long been privately skeptical about the legitimacy of any score on the Wealthiest board with less than 100k moves, but this is getting crazy. What chain of events could possibly account for amassing such vast wealth with so little exploration?

Or am I just a hater and these four people have RT strats and luck that nobody else does?

[CommanderData]

After giving it a lot of thought, I'm calling hax: There is simply no way to collect 4.5 million gold using only 361 moves in this game.

I have long been privately skeptical about the legitimacy of any score on the Wealthiest board with less than 100k moves, but this is getting crazy. What chain of events could possibly account for amassing such vast wealth with so little exploration?

Or am I just a hater and these four people have RT strats and luck that nobody else does?

Hey Zaxxon!

I agree with the probability of hax on that board. Based on how the code and "cash" distribution works this would be impossible in a normal game.

Most likely someone is starting a game and exiting it, then using one of the various Mac/Windows applications to copy the save game to their computer and hex-edit it. Without knowledge of the save file structure there is not a whole lot they could change that wouldn't crash the whole works upon reloading into the iPhone and resuming the game... It's not plain text/XML! However, if they'd collected a small amount of gold it'd be possible to search for that value in the file and change it with a hex editor, then resume the game a promptly die to some enemy

Guess I should be honored that people are still playing and take the time to do that stuff after 6 years in the App Store! I still remember back in 2009 when people were using hex-editors on the Rogue Touch app itself to search for "Secret Character" names, which prompted me to encrypt all existing and new secret characters in one of the early updates that year.

I might be able to catch some of the hax with additional PHP code on the server. I'd only be able to review data for blatantly obvious things like this, but maybe thats enough to discourage it.

For my next-gen games I'll be dealing with GameCenter, but also have plans for more detailed stats and game info stored in a database here with web/in-app viewing. I'll need to take hacking into account for this new stats DB! And maybe start encrypting game save data too

[Zaxxon]

That's interesting about the save states. My assumption was that they were using Wireshark to intercept and modify the packets headed for the scoreboard server.

[CommanderData]

That's interesting about the save states. My assumption was that they were using Wireshark to intercept and modify the packets headed for the scoreboard server.

Heh, I suppose that they could try it that way... I doubt they would be successful though, as they would need to deal with my protections placed on the data being sent to the server.

[Warning, technical junk ahead]

Let's assume they could identify the gold value in the transmission and try to change it. I actually did assume that during the design, and planned for the possibility: if certain values are tweaked (gold is one of them) my customized hash function would see it was tampered with and discard that score-posting at the server side. It's possible I could have botched something in my implementation, but it's been pretty solid as far as I can see.

I took this precaution mostly so that someone didn't decide to set up a bot to POST hax scores into my leaderboards 24/7. If it doesn't come from a copy of Rogue Touch with the valid hash/salt then we don't accept it. Note to haxors, this is not a challenge! *runs and hides*

With that said, it is very likely the only loopholes people can exploit are in the game save-states themselves. Back in 2009 that was an impossible to manage feat without jailbreaking so I never really gave it much thought, but with the file-access programs on Mac/Windows today, encrypting these may a good idea in my next-gen releases

[Nighthawk]

Not sure why people need to cheat by save-file hacking when there's plenty of other ways to manipulate the game that, if you put the time in, will easily get you on that board.


Yes, just taking a look at the top 25, there's some cleanup that could be done.

1, 2, 4, and 5 are all hacks. 6 & 7, 14 & 15, 20 & 21, and 23 & 24 are duplicate pairs.

And I've got a run I've been working on and off for almost a year that would currently finish 4th on that board (post-cleanup). So yes, we're still playing!

[MikeL]

Been a while since I have been back on the Rogue Touch forum....I can only echo what Nighthawk concludes and would of course personally like to see the leaderboard cleaned up so that my sub 1000 floor run was again recognised for the epic journey that I feel it was....Looking to CommanderData to see if there is anything that can be done...

[Nighthawk]

Been a while since I have been back on the Rogue Touch forum....I can only echo what Nighthawk concludes and would of course personally like to see the leaderboard cleaned up so that my sub 1000 floor run was again recognised for the epic journey that I feel it was....Looking to CommanderData to see if there is anything that can be done...

Welcome back!

Just curious, by sub-1000 you mean that you went deeper than floor 1000? Happen to remember just *how* deep? (It'll give me something to shoot for )

[CommanderData]

Hi there MikeL (and Nighthawk of course I'm always glad to see you!), there are definitely some things I can do on the short time to wipe out obvious cheaters manually, and I plan to do so soon... Presently moving out of my house which will be finally sold in the next two+ weeks if all goes well! That'll end my several year journey of attempting to de-flate my lifestyle and save money so I can focus on game development finally

Automating the analysis of incoming data to look for obviously impossible scores should be possible on the server side. This will also give me ideas on how to improve the validity and security of Rogue Touch 2 data

[MikeL]

CD - Isn't it time to do the leaderboard some justice and remove the hacked scores? It's obvious which are to be removed and would recognize those who genuinely took this awesome game above and beyond. As often before I had not looked at the forum or leaderboard in a while but now that I did I had hoped the erroneous scores would have been fixed by now.

Nighthawk - what an epic run you must have had! Death penalty miscalculation or did you genuinely die? To your question that I hadn't seen I think I got to around 1100.

[CommanderData]

CD - Isn't it time to do the leaderboard some justice and remove the hacked scores? It's obvious which are to be removed and would recognize those who genuinely took this awesome game above and beyond. As often before I had not looked at the forum or leaderboard in a while but now that I did I had hoped the erroneous scores would have been fixed by now.

Nighthawk - what an epic run you must have had! Death penalty miscalculation or did you genuinely die? To your question that I hadn't seen I think I got to around 1100.

Hi MikeL,

Probably not a bad time to clean house on the cheaters finally, I expect most of the glory-hog hackers have moved on to new games! That and the fact the leaderboards have not been accessible through the revised website for some time...

On a related note, would there be interest from you guys in pulling the leaderboard info into the new site, re-themed to match this layout? Maybe as links from the Rogue Touch page?

Rogue Touch 2 and Spirit Hunter Mineko will use a hybrid of GameCenter and some customized stats tracking here in new pages, so its worth considering.

Anyone else interested in the cheater-cleanup and leaderboards migrated into this site layout? Please chime in with your thoughts