Hax on the Top 25 Wealthiest board

Discussion about Rogue Touch for the iPhone and iPod Touch
User avatar
Zaxxon
Posts: 14
Joined: Sun Jun 30, 2013 9:15 pm

Hax on the Top 25 Wealthiest board

Post by Zaxxon »

After giving it a lot of thought, I'm calling hax: There is simply no way to collect 4.5 million gold using only 361 moves in this game.

I have long been privately skeptical about the legitimacy of any score on the Wealthiest board with less than 100k moves, but this is getting crazy. What chain of events could possibly account for amassing such vast wealth with so little exploration?

Or am I just a hater and these four people have RT strats and luck that nobody else does?
F mazes, get gold.
User avatar
CommanderData
Site Admin
Posts: 609
Joined: Sun Jan 25, 2009 3:17 pm
Twitter: http://twitter.com/ChronoSoft
Contact:

Re: Hax on the Top 25 Wealthiest board

Post by CommanderData »

Zaxxon wrote:After giving it a lot of thought, I'm calling hax: There is simply no way to collect 4.5 million gold using only 361 moves in this game.

I have long been privately skeptical about the legitimacy of any score on the Wealthiest board with less than 100k moves, but this is getting crazy. What chain of events could possibly account for amassing such vast wealth with so little exploration?

Or am I just a hater and these four people have RT strats and luck that nobody else does?
Hey Zaxxon!

I agree with the probability of hax on that board. Based on how the code and "cash" distribution works this would be impossible in a normal game.

Most likely someone is starting a game and exiting it, then using one of the various Mac/Windows applications to copy the save game to their computer and hex-edit it. Without knowledge of the save file structure there is not a whole lot they could change that wouldn't crash the whole works upon reloading into the iPhone and resuming the game... It's not plain text/XML! However, if they'd collected a small amount of gold it'd be possible to search for that value in the file and change it with a hex editor, then resume the game a promptly die to some enemy :ugeek:

Guess I should be honored that people are still playing and take the time to do that stuff after 6 years in the App Store! I still remember back in 2009 when people were using hex-editors on the Rogue Touch app itself to search for "Secret Character" names, which prompted me to encrypt all existing and new secret characters in one of the early updates that year.

I might be able to catch some of the hax with additional PHP code on the server. I'd only be able to review data for blatantly obvious things like this, but maybe thats enough to discourage it.

For my next-gen games I'll be dealing with GameCenter, but also have plans for more detailed stats and game info stored in a database here with web/in-app viewing. I'll need to take hacking into account for this new stats DB! And maybe start encrypting game save data too :lol:
User avatar
Zaxxon
Posts: 14
Joined: Sun Jun 30, 2013 9:15 pm

Re: Hax on the Top 25 Wealthiest board

Post by Zaxxon »

That's interesting about the save states. My assumption was that they were using Wireshark to intercept and modify the packets headed for the scoreboard server.
F mazes, get gold.
User avatar
CommanderData
Site Admin
Posts: 609
Joined: Sun Jan 25, 2009 3:17 pm
Twitter: http://twitter.com/ChronoSoft
Contact:

Re: Hax on the Top 25 Wealthiest board

Post by CommanderData »

Zaxxon wrote:That's interesting about the save states. My assumption was that they were using Wireshark to intercept and modify the packets headed for the scoreboard server.
Heh, I suppose that they could try it that way... I doubt they would be successful though, as they would need to deal with my protections placed on the data being sent to the server.

[Warning, technical junk ahead]

Let's assume they could identify the gold value in the transmission and try to change it. I actually did assume that during the design, and planned for the possibility: if certain values are tweaked (gold is one of them) my customized hash function would see it was tampered with and discard that score-posting at the server side. It's possible I could have botched something in my implementation, but it's been pretty solid as far as I can see.

I took this precaution mostly so that someone didn't decide to set up a bot to POST hax scores into my leaderboards 24/7. If it doesn't come from a copy of Rogue Touch with the valid hash/salt then we don't accept it. Note to haxors, this is not a challenge! *runs and hides*

With that said, it is very likely the only loopholes people can exploit are in the game save-states themselves. Back in 2009 that was an impossible to manage feat without jailbreaking so I never really gave it much thought, but with the file-access programs on Mac/Windows today, encrypting these may a good idea in my next-gen releases :geek:
User avatar
Nighthawk
Posts: 172
Joined: Fri Mar 27, 2009 12:48 am
Location: Philadelphia, PA

Re: Hax on the Top 25 Wealthiest board

Post by Nighthawk »

Not sure why people need to cheat by save-file hacking when there's plenty of other ways to manipulate the game that, if you put the time in, will easily get you on that board. :ugeek:


Yes, just taking a look at the top 25, there's some cleanup that could be done.

1, 2, 4, and 5 are all hacks. 6 & 7, 14 & 15, 20 & 21, and 23 & 24 are duplicate pairs.

And I've got a run I've been working on and off for almost a year that would currently finish 4th on that board (post-cleanup). So yes, we're still playing!
MikeL
Posts: 10
Joined: Fri May 08, 2009 7:37 am

Re: Hax on the Top 25 Wealthiest board

Post by MikeL »

Been a while since I have been back on the Rogue Touch forum....I can only echo what Nighthawk concludes and would of course personally like to see the leaderboard cleaned up so that my sub 1000 floor run was again recognised for the epic journey that I feel it was....Looking to CommanderData to see if there is anything that can be done...
User avatar
Nighthawk
Posts: 172
Joined: Fri Mar 27, 2009 12:48 am
Location: Philadelphia, PA

Re: Hax on the Top 25 Wealthiest board

Post by Nighthawk »

MikeL wrote:Been a while since I have been back on the Rogue Touch forum....I can only echo what Nighthawk concludes and would of course personally like to see the leaderboard cleaned up so that my sub 1000 floor run was again recognised for the epic journey that I feel it was....Looking to CommanderData to see if there is anything that can be done...
Welcome back!

Just curious, by sub-1000 you mean that you went deeper than floor 1000? Happen to remember just *how* deep? (It'll give me something to shoot for ;-) )
User avatar
CommanderData
Site Admin
Posts: 609
Joined: Sun Jan 25, 2009 3:17 pm
Twitter: http://twitter.com/ChronoSoft
Contact:

Re: Hax on the Top 25 Wealthiest board

Post by CommanderData »

Hi there MikeL (and Nighthawk of course I'm always glad to see you!), there are definitely some things I can do on the short time to wipe out obvious cheaters manually, and I plan to do so soon... Presently moving out of my house which will be finally sold in the next two+ weeks if all goes well! That'll end my several year journey of attempting to de-flate my lifestyle and save money so I can focus on game development finally :)

Automating the analysis of incoming data to look for obviously impossible scores should be possible on the server side. This will also give me ideas on how to improve the validity and security of Rogue Touch 2 data :D
MikeL
Posts: 10
Joined: Fri May 08, 2009 7:37 am

Re: Hax on the Top 25 Wealthiest board

Post by MikeL »

CD - Isn't it time to do the leaderboard some justice and remove the hacked scores? It's obvious which are to be removed and would recognize those who genuinely took this awesome game above and beyond. As often before I had not looked at the forum or leaderboard in a while but now that I did I had hoped the erroneous scores would have been fixed by now.

Nighthawk - what an epic run you must have had! Death penalty miscalculation or did you genuinely die? To your question that I hadn't seen I think I got to around 1100.
User avatar
CommanderData
Site Admin
Posts: 609
Joined: Sun Jan 25, 2009 3:17 pm
Twitter: http://twitter.com/ChronoSoft
Contact:

Re: Hax on the Top 25 Wealthiest board

Post by CommanderData »

MikeL wrote:CD - Isn't it time to do the leaderboard some justice and remove the hacked scores? It's obvious which are to be removed and would recognize those who genuinely took this awesome game above and beyond. As often before I had not looked at the forum or leaderboard in a while but now that I did I had hoped the erroneous scores would have been fixed by now.

Nighthawk - what an epic run you must have had! Death penalty miscalculation or did you genuinely die? To your question that I hadn't seen I think I got to around 1100.

Hi MikeL,

Probably not a bad time to clean house on the cheaters finally, I expect most of the glory-hog hackers have moved on to new games! That and the fact the leaderboards have not been accessible through the revised website for some time...

On a related note, would there be interest from you guys in pulling the leaderboard info into the new site, re-themed to match this layout? Maybe as links from the Rogue Touch page?

Rogue Touch 2 and Spirit Hunter Mineko will use a hybrid of GameCenter and some customized stats tracking here in new pages, so its worth considering.

Anyone else interested in the cheater-cleanup and leaderboards migrated into this site layout? Please chime in with your thoughts :D
Post Reply