Anti-Cheating Techniques

When integrating with Skillz it becomes extremely important to take precautions against potential cheating in a game. To give themselves an unfair advantage, players can use 3rd party tools to modify scores or important gameplay values like health and ammo. To maintain a fair and competitive gameplay experience, we recommend that developers take anti-cheating measures before going live with Skillz.

Cheating through memory modification

One technique for cheating involves modifying values in run time memory. Using this technique, it would be possible for a user to modify their score before submitting to Skillz or to rig gameplay variables, like health or time, to give themselves an unfair advantage.

This technique works by searching memory for known values. For instance, say the player knew the score was 19, he would search the memory space of the application for a value of 19 and this would most likely give him a lot of memory addresses, one of which is the score value. At this point there are probably too many possibilities to accurately modify the score but if he then does something in game to increase your score, say to 20, he can now search for 20 in the memory space and reduce the number of memory addresses that are possible.

This process is repeated until the probable addresses for scores are reduced to one. The cheater can now modify that memory address directly and change the score.

This YouTube video is a good demonstration of the process.

Protecting from memory modifications

Duplicate and verify data

Copy key data into separate variables and then compare the copy to the original, if the two don't match at any point in your game, it's likely that someone is cheating.

This ensures there are at least two places in memory that both have to be modified to cheat.

Duplicate and Verify Data Examples

iOS / Objective C:

// Make sure score and scoreCheck start at the same number
- (id)init {
self = [super init];
if (self) {
score = 0;
scoreCheck = 0;
}
}

// Any code that alters the score should also alter the scoreCheck
- (void) addScore: (int) increase {
score += increase;
scoreCheck += increase;
}

// Accessors just need to return the real score
- (int) getScore {
return score;
}

// Assume this is your in-game function triggered upon
// finishing the game (eg: time runs out, no more moves)
- (void)gameOver {
if([self confirmScoreValidity]) {
// The score matches the copy, so report it
[[Skillz skillzInstance] displayTournamentResultsWithScore:score
withCompletion:^{
// Code in this block is called when exiting to Skillz
// and reporting the score.
NSLog(@"Successfully reported score to Skillz!");
}];
} else {
// Abort the match because suspicious behavior was detected
[[Skillz skillzInstance] notifyPlayerAbortWithCompletion:^{
// Code in this block is called when exiting to Skillz
// as a player abort.
NSLog(@"Player aborted");
}];
}
}

// Confirms that the score is valid.
- (Boolean) confirmScoreValidity {
return score == scoreCheck;
}

Unity / C#:

private int score = 0;
private int scoreCheck = 0;

// Make sure score and scoreCheck start at the same number
void Awake() {
scoreCheck = score;
}

// Any code that alters the score should also alter the scoreCheck
private void addScore(int increase) {
score += increase;
scoreCheck += increase;
}

// Accessors just need to return the real score
private int getScore () {
return score;
}

// Assume this is your in-game function triggered upon
// finishing the game (eg: time runs out, no more moves)
private void gameOver() {
if(confirmScoreValidity()) {
// The score matches the copy, so report it
SkillzCrossPlatform.ReportFinalScore(score);
} else {
// Abort the match because suspicious behavior was detected
SkillzCrossPlatform.AbortMatch();
}
}

// Confirms that the score is valid.
private bool confirmScoreValidity() {
return score == scoreCheck;
}

Android / Java:

private int score = 0;
private int scoreCheck = 0;

// Make sure score and scoreCheck start at the same number
@Override
private void onCreate(Bundle savedInstanceState) {
scoreCheck = score;
}

// Any code that alters the score should also alter the scoreCheck
private void addScore(int increase) {
score += increase;
scoreCheck += increase;
}

// Accessors just need to return the real score
private int getScore () {
return score;
}

// Assume this is your in-game function triggered upon
// finishing the game (eg: time runs out, no more moves)
private void gameOver() {
if(confirmScoreValidity()) {
// The score matches the copy, so report it
Skillz.reportScore(this, BigInteger.valueOf(score), Skillz.getMatchInfo(this).getId());
finish();
} else {
// Abort the match because suspicious behavior was detected
Skillz.abortMatch(this, Skillz.getMatchInfo(this).getId());
finish();
}
}

// Confirms that the score is valid.
private boolean confirmScoreValidity() {
return score == scoreCheck;
}

Obfuscate data

Obfuscating or encrypting key data is possible through various means. Before writing to memory, the either obfuscate the variable or encrypt it. There are various techniques for achieving this, ranging from a simple XOR to more complex encryption methods. If you are combining this with a duplication technique you could even hash the duplicate and incorporate the hash check into the verify logic.

Obfuscating your data will ensure that it is harder for a cheater to find key variables in memory.

Obfuscation Examples

iOS / Objective C:

// Make sure to xor the initial score
- (id)init {
self = [super init];
if (self) {
xorCode_ = 12345; // USE A DIFFERENT XOR VALUE THAN THIS!
score_ = score_ ^ xorCode_;
}
}

// Functions and mutators should xor the value before using it, and xor
// the value again before the function exits

- (void) addScore: (int) increase {
score_ = score_ ^ xorCode_;
score_ += increase;
score_ = score_ ^ xorCode_;
}

// Accessors just need to return the xor'd value
- (int) getScore {
return score_ ^ xorCode_;
}

Unity / C#:

private int xorCode = 12345; // USE A DIFFERENT XOR VALUE THAN THIS!
private int score = 0;

// Make sure to xor the initial score
void Awake() {
score = score ^ xorCode;
}

// Functions and mutators should xor the value before using it, and xor
// the value again before the function exits

private void addScore(int increase) {
score ^= xorCode;
score += increase;
score ^= xorCode;
}

// Accessors just need to return the xor'd value
private int getScore () {
return score ^ xorCode;
}

Android / Java:

private int xorCode = 12345; // USE A DIFFERENT XOR VALUE THAN THIS!
private int score = 0;

// Make sure to xor the initial score
@Override
private void onCreate(Bundle savedInstanceState) {
score = score ^ xorCode;
}

// Functions and mutators should xor the value before using it, and xor
// the value again before the function exits

private void addScore(int increase) {
score ^= xorCode;
score += increase;
score ^= xorCode;
}

// Accessors just need to return the xor'd value
private int getScore () {
return score ^ xorCode;
}

Advanced

You can combine the data-duplication and obfuscation techniques for added security. Ideally you should use a different XOR hash for the score and scoreCheck values. That will make it harder for a cheater to notice, otherwise the memory addresses will contain matching values and make it easier to find your checksum.

Android / Java Example:

private int xorCode = 12345; // USE A DIFFERENT XOR VALUE THAN THIS!
private int scoreCheckXorCode = 54321; // USE A DIFFERENT XOR VALUE THAN THIS!
private int score = 0;
private int scoreCheck = 0;

// Make sure to xor the initial values
@Override
private void onCreate(Bundle savedInstanceState) {
score = score ^ xorCode;
scoreCheck = scoreCheck ^ scoreCheckXorCode;
}

// Functions and mutators should xor the value before using it, and xor the value again before the function exits
private void addScore(int increase) {
score ^= xorCode;
score += increase;
score ^= xorCode;
scoreCheck ^= scoreCheckXorCode;
scoreCheck += increase;
scoreCheck ^= scoreCheckXorCode;
}

// Confirms that the score is valid.
private boolean confirmScoreValidity() {
return (score ^ xorCode) == (scoreCheck ^ scoreCheckXorCode);
}

Conclusion

We recommend that game developers use the techniques listed above to make themselves a harder target for cheaters. Keep in mind protecting against cheating is never going to be absolute, like most security measures it is about making things more difficult for cheaters. This article is not a comprehensive overview of all forms anti-cheat protection, and you may decide to use other anti-cheat techniques in your app as appropriate. If you suspect players are cheating in your game, please reach out directly to Skillz and we will work with you to get cheaters out of your game.