When integrating with Skillz it becomes extremely important to take precautions against potential cheating in a game. To give themselves an unfair advantage, players can use 3rd party tools to modify scores or important gameplay values like health and ammo. To maintain a fair and competitive gameplay experience, we recommend that developers take anti-cheating measures before going live with Skillz.
Cheating through memory modification
One technique for cheating involves modifying values in run time memory. Using this technique, it would be possible for a user to modify their score before submitting to Skillz or to rig gameplay variables, like health or time, to give themselves an unfair advantage.
This technique works by searching memory for known values. For instance, say the player knew the score was 19, he would search the memory space of the application for a value of 19 and this would most likely give him a lot of memory addresses, one of which is the score value. At this point there are probably too many possibilities to accurately modify the score but if he then does something in game to increase your score, say to 20, he can now search for 20 in the memory space and reduce the number of memory addresses that are possible.
This process is repeated until the probable addresses for scores are reduced to one. The cheater can now modify that memory address directly and change the score.
This YouTube video is a good demonstration of the process.
Protecting from memory modifications
Duplicate and verify data
Copy key data into separate variables and then compare the copy to the original, if the two don't match at any point in your game, it's likely that someone is cheating.
This ensures there are at least two places in memory that both have to be modified to cheat.
Obfuscating or encrypting key data is possible through various means. Before writing to memory, the either obfuscate the variable or encrypt it. There are various techniques for achieving this, ranging from a simple XOR to more complex encryption methods. If you are combining this with a duplication technique you could even hash the duplicate and incorporate the hash check into the verify logic.
Obfuscate your data will ensure that it is harder for a cheater to find key variables in memory.
We recommend that game developers use one or more of the techniques listed above to make themselves a harder target for cheaters. Keep in mind protecting against cheating is never going to be absolute, like most security measures it is about making things more difficult for cheaters. If you suspect players are cheating in your game, please reach out directly to Skillz and we will work with you to get cheaters out of your game.