Saving Games Part 3 - Encryption

In Part 2, we ended up with something resembling

Item1 = 46
Item2 = 87
Item3 = 55
Item4 = 67
Item5 = Bill
Item6 = 614
Item7 = 2301
Item8 = Name
Item9 = 323
Item10 = 789
Item11 = 23
Item12 = 7

as our INI file. However, it's not hard to go into the INI and see the score (2301) and change it to 99999. To prevent this, we need to encrypt some stuff.

Encryption Object and String Parser

There are two objects that can encrypt strings by using byte shifts. Encryption can be found in Tim's Extension Archive and String Parser can be found on the 3EE website.

Byte shifting works by adding a number to the ASCII numbers of the characters, to get new characters. For example, 'bogey' can be byte shifted by 1 into 'cphfz' - all the ASCII numbers of the characters have had 1 added to them. A really long sentence like 'This is a really long sentence' with a byte shift of 387 ends up with ×ëìö£ìö£ä£õèäïïü£ïòñê£öèñ÷èñæè. If the hackers don't know the correct amount to shift by they can't decrypt it!

Our friend Bill the Item5, with encryption of 216, ends up like ADD. It's also a good idea to add some dummy ones like ï£èè.

Encrypting numbers

But what about the score? Encrypt that with 165 and you'll get ×ØÕÖ. To decrypt it again, you need to use Val() because String Parser works in strings and returns 2301, and the value of 2301 is, believe it or not, 2301.

If it's a smallish number, like 7, you could make the encrypted number 2 * whatever + 3, making 17 in total. To get the real number find (17 - 3) / 2. If you have MMF, make good use of it's Modulo feature (mod) which finds the remainder of a division sum. If (Item12 - 3) mod 2 isn't 0, it's obviously been hacked with, so don't start the application.

What to encrypt?

You should encrypt all the strings in your file with different byte shifts, and storing the correct byte shifts in your conversion table. You should also encrypt all the important values in your game, such as the score, number of lives, place value, X and Y positions, and stuff like that.

Finishing off

Our INI file at the start of Part 2:

[Details]
XPos = 323
YPos = 67
PlayerName = Bill
Score = 2301

[Items]
MagicGobletFound = 0
ExplodingCowFound = 1
CrystalsHeld = 7

[Story]
TalkedToSusan = 1
AcceptedFrog = 0

Using a mixture of encryption, dummy values, and randomness, it's changed into:

Item1 = 46
Item2 = 87
Item3 = 55
Item4 = OP
Item5 = ADD
Item6 = 614
Item7 = ×ØÕÖ
Item8 = ï£èè
Item9 = rqr
Item10 = 789
Item11 = 23
Item12 = 17

And our all-important conversion table looks a bit like:

Item1 = AcceptedFrog (46 is no, 6 is yes)
Item3 = TalkedToSusan (2 is no, 55 is yes)
Item4 = YPos (Encryption value 25)
Item5 = PlayerName (Encryption value 216)
Item6 = ExplodingCowFound (37 is no, 614 is yes)
Item7 = Score (Encryption value 165)
Item9 = XPos (Encryption value 63)
Item10 = MagicGobletFound (789 is no, 82 is yes)
Item12 = CrystalsHeld (2 * whatever + 3)

If you follow what I've covered here, you should be able to make a safe, secure INI file like the one above. It's taken me about 5 hours to write out these 3 articles, so I hope you use them well.

Shen