Tell me more ×
Game Development Stack Exchange is a question and answer site for professional and independent game developers. It's 100% free, no registration required.
up vote 5 down vote favorite

I'm developing an iOS game and was considering putting level info and monster info in a Lua script for ease of use. However, since I'm using Game Center for multiplayer I'm concerned users will attempt to change these scripts to cheat. What measures can I take to protect my Lua scripts?

share|improve this question
2  
It's Lua, not LUA. It's a proper name, not an acronym. – Nicol Bolas Nov 9 '12 at 19:17

3 Answers

up vote 3 down vote accepted

One approach you can do is use the program luac to compile your scripts to bytecode. This provides an extra layer of obscurity. These compiled lua scripts can be loaded just like a normal text based script. Make sure you keep a text copy of the scripts that you compile however.

I believe luac is built when you build Lua from source. Also note that luac compiles scripts differently based on the platform it was built on, so don't, for example, use luac on windows to compile your scripts.

Read more about luac here http://www.lua.org/manual/4.0/luac.html

That provides one layer of security. You could add extra layers by say, archiving your lua scripts into another file format which would be opened and read by your program. I'm not very experienced with this however.

share|improve this answer
It may be possible (trivial) to decompile these. I seem to recall that being the case when I looked in to this. – stephelton Nov 9 '12 at 19:09
That's what I figured. But all data protection can be broken, it's just a matter of how much time it takes. If most iOS users are not willing to put in the time to decompile bytecode, then this solution may be sufficient. It certainly would derail users who just want to edit a bunch of text files. – wardd Nov 9 '12 at 19:26
Obviously, if they have a jailbroken phone and a hex editor, they could go to town with my app or any app. I just want it to be at least that difficult, and you've given me some good ideas. I've also thought about during match making having the two users basically compare some of their info in their script to be sure its the same, but I suppose there could be a way even around that. – AwDogsGo2Heaven Nov 10 '12 at 5:34
Yep just remember there's a way around everything, it's just a matter of the time you want to put in vs the time cheaters want to put in. – wardd Nov 10 '12 at 18:28
Compute checksum and check that in your program - bypassing it requires modyfying executable. – cubuspl42 May 10 at 17:49
up vote 1 down vote

The same steps you would take to protect any data. Lua isn't special just because it's text. If you need the user to be unable to easily modify the data, employ some encryption. The more complex the encryption, the more difficult it will be for them to deprocess it.

However, as I understand iOS (which is admittedly not much), you probably don't have much to worry about from casual cheating. Users can't easily inspect an application's private data. So I wouldn't be concerned.

share|improve this answer
up vote 0 down vote

Your lua scripts are not autonomous, they are likely loaded by a bootstrapping mechanism and hardcoded along with your binary. You can run a simple md5 hash on the scripts and verify the hash matches before loading.

Having said that, to change the scripts an end user has to jailbreak the device to break the signing of your app, which means they are in theory also able to hijack the md5 checking code... as another answer said, it's a matter of how much effort you want to force your end users to go through to hack it and how much it forces your development to go through hoops.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.