My game's high score list just got hacked. One player has 1 billion points on my leaderboard. It is possible as the video shows. This retard says not to releae it, but somebody already did. http://www.youtube.com/watch?v=CBvfa4JX3Tw Anybody had the same problem? What can I do? Whom do I contact by Apple to ban those hackers and reset my leaderboard?
I'm pretty sure Apple came up with a way for you to set a range for your leaderboards. You can specify and minimum and maximum value, and any submissions that fall outside of that range become null and won't be displayed. From what I remember reading, it's specified through iTC.
Yes I remember that happened to doodlejump. People on top had scores of 5 million and up. It happens alot , so dont think your the only one.
game center leaderboard hacks are as common as drinking water.. apple should get their act together and allow the developer to delete specific entries on a leaderboard.. other social platforms alow for this and so you can at least clean up the boards once in a while.. its kinda annoying that pretty much any highscore hunting game is broken that way if it uses the all might ed up GC.. the range doesn't help either.. especially not if you are an open ended score game where you could reach millions of points.. what would be worse than a valid player make the best game of his life breaking the ultimate score and then only to be punched in the face because there is a score limit enabled.. well.. in this case the "ball" is with apple.. and they should do something about it.. if they don't want devs to get direct access to single entries then let them at least report those entries.. so apple can check the apple id behind it and if it has also wonky scores in other games so they can just delete the hole apple id and show the cheater the middle finger..
I totally, 100% agree. They really need to get their act together and give the developer control over their own games. I say we march down to Cupertino and give 'em a piece of our mind
How are cheaters submitting fake scores? Are they sending URLs (or whatever) straight to the Game Center servers or are they hacking offline scores that have been saved to the iPhone for later submitting? It should be easy to stop the second option by encrypting how offline scores are stored. If they are doing the first option then I don't know.
Some games save scores in the form of data files in the iPhone's document directories. It isn't that hard to navigate there on a jailbroken phone and edit it. That's what I think anyway.
I'd imagine the first option. From looks of things with "HackCenter", the hack intercepts the point when the [GKScore reportScoreWithCompletionHandler] is called, changing the value parameter before continuing with the call. It's impossible to get around this, no matter how much encryption you put in. This is the weakest point to attack any game. The best solution is by verifying the score by re-simulation (either on a server, or on other user's iOS devices), something that as I understand is not possible in GameCenter (and possibly any other Server). This means, in a game such as Fruit Ninja. When someone submits their score. Not only do they submit the score, but they submit the Random seed value that the game started with, along with the time-coordinates of every touch the user makes. Once compressed, this is probably about 1KB of additional data. Then you have two choices: 1. The server, equipped with a copy of the game, can play out the session, with an exact simulation, and see what the real score would be after performing all the touches. This could be done in a fraction of the time (perhaps 1000 times faster), since it wouldn't need to worry about graphical rendering, and just focus on the simple physics. But this requires some sort of specialist plan for the server side (perhaps GameCenter would have a way of running a sandboxed tester app. which users upload.) 2. The other users, functioning like a Seti@Home project. Would receive random score-submissions, and perform the simulation in the background, either when their game is running, when the game is running but idle, or all the time while the iOS device is active. I'm somewhat doubtful as to whether Apple will bother with such methods, as it's a fair bit of extra work. They may just leave it down to the developer. Provided the developer has the authority to edit the score table. Then the developer can set up a separate server, which receives the submission data, performs the simulation, then if the score is different, edit the score table putting in the correct score value. It could do this just on the top 10 unverified scores every day (and flag those as verified), who cares about the bottom cheaters? With Facebook social games games like those made my Playfish and Zinga. The logical simulation is run on their servers, the client just issues commands, and just gives a visual representation of what's happening, so it's impossible to cheat. With PC multiplayer games like FPS (Doom), and RTS games (Starcraft), you have a shared session. With a Checksum performed periodically on the main game elements (player positions, lives, weapons etc.), the moment one session's checksum differs from the others, the game is either voided, or the one that has the different checksum is kicked out. So you can only hack those games if everyone playing is cheating together, which usually defeats the objective (hence why the only cheats for multiplayer RTS games are map-hacks, i.e. passive hacking).