Download

What is the proper way to encrypt variables in client?

Hi all,
I’m working on a singleplayer mobile game.
Currently some of important variables(such as items in possession, money) are stored on the server, but variables related to actual gameplay are handled only on the client. And sadly handling all variables on the server is not an option.
So I guess I should encrypt those variables but I’m not sure how I should do that.
If I encrypt variables which should be able to be read and changed, then that means I also have to store a key(or keys) on the client as well.
However, as a cheater can get his hands on the key, he would just decrypt the variables with the key, change the raw value, and encrypt them. Making the whole encryption redundant.

Hence the question. If I were to use encryption to protect variables on the client, how should I do it? What would be the best practice?

Thanks in advance.

I have a “anti-cheat” plugin in my signature for that.
The process scanner is Windows only, but encryption is cross-platform.

It supports multiple keys per property and every time property value is set or read the memory will be set to null and value address in memory will change (to workaround memory scanners in Windows and Android).

If you are very paranoid you can change the value with a new key every time after reading the value then a hacker would have to decrypt the new key every time he finds the new address as well…
I was “hacking” properties while I was developing that plugin, and was starting to hate myself for that, specially because of memory address being set to NULL once I finally found the value.
Simply creating a “permanent” cheat script won’t work unless the cheat app manages to freeze the game and predict which key is next and where the next location in memory the property value will be.