Hacking in games is so common these days that as soon as a game gains attraction, someone comes up with a hack and shares it online, thereby spreading the hack, and damaging the experience the game intended for its players.

Most of these hacks are common tricks, which work for almost all games. In this post, I’ll talk about what these are and how to detect these hacks and how to protect your game from these hacks.

Memory Injection

Memory injection is the easiest and most common trick out there to hack any kind of game.
In layman terms, memory injection means modifying the data which is stored in a device’s memory / RAM / volatile memory.

How this works
Let’s take Flappy Bird as an example. Flappy Bird is a very simple single player game with a variable “Score”. This score is stored somewhere in the device’s memory, with the value 0, when game starts.

Protection
A very simple way is to encrypt the score value and then store it in memory.
This way the hacker will not know what value to search for in the memory.

Another way is to keep a last known score added with a random number stored somewhere in the memory. When updating the actual score, check if current score is equal to (last known score - the random number). If it isn’t it’s been temper.
In short, never store important data as raw values anywhere, not even in memory.

Hacking Saved Data

This is another common way of hacking games. The trick here is to find where the game’s data is stored on the disk. Once it’s found, hacker can modify the that data.

Protection:
A simple solution is to calculate an MD5 signature from the contents of the files saved on disk which contain the game’s saved data. Store this signature somewhere as well.

When accessing the saved data, recalculate the MD5 signature from the contents of the files saved on disk. If the stored signature isn’t equal to the recalculated signature, saved data files have been tampered with.

Speed and Time Hacks

2 more common types of hacks are Speed hacking and Time hacking.

Code Injection

This is a fairly complicated hack, but still quite common. The hacker needs some programming knowledge to make code injection work.

Here, the hacker decompiles the game code, understands it, and modifies it.
For example, If your game is made with Unity engine, the game code is packed into and stored as .DLL files.
The hacker can decompile these .DLLs, and get access to all the code inside them. He can understand your game code, and change it. He can then recompile the DLL and put it back. He can also inject new .DLLs while the game is running.

Protection:
All the code must be Obfuscated. Without it you’re basically exposing your whole game code to be read and modified by anyone.
Obfuscation changes your code to make it difficult for humans to understand.

Secondly, keep a signature check on all the .DLL files.
Calculate an MD5 signature of all the .DLLs and store it somewhere. When accessing code, recalculate the MD5 and check if it equals the stored signature. If not, they’ve been hacked.

Asset Hacking

This is another one which is fairly complicated. The hacker needs to gain understanding of the game code and how the game engine on which the game is built works.
Once he is able to know how the assets in the game are used, he can modify these assets based on his will.
For games which are made with Unity, hacking Asset Bundles is quite easy.

For example, let’s say a game has an asset of a wall with colliders. Hacker can change collider size to zero.

Protection:
MD5 Signature, again.
Calculate an MD5 of all your game’s assets and store it somewhere.
When accessing the assets, recalculate the MD5 signature and check if it is equal to the one stored. If not, the assets have been tampered with.

These are the most common ways of hacking a game. There are of course a lot more ways someone can hack your game, but there are equally more ways of protecting it :)
If you’re any serious about the game you’re making, you should at least protect it against these hacks.

If you think I missed out on something, I’d be happy to know about it, please leave a comment.
I can help you protect your game from hacking. Please get in touch if you need any help.

About me:
I’m a Software Engineer, currently at MPL — Mobile Premier League.
When not at work, I can be found building fun products at Faiyah.
Know more about me here: http://faiyah.com/me/

Wanna get in touch? Just ping me :)
Email: [email protected]
Twitter: https://twitter.com/gognaashish
LinkedIn: https://www.linkedin.com/in/ashishgogna/