I have an iPhone game that dispenses in-game currency over time, and someone discovered that you can change the date on your device to get rewards early.
I found out there was a similar issue in Smurf Village, and they detect the tampering somehow. Does anyone k开发者_运维问答now how they do it? The only thing I can think of is getting the time from an outside server, which would require devices to be online, but it's better than nothing I guess... does anyone know where I can find a server that just tells you the time?
You can use an NTP server that tells you the time.
Right until someone uses a proxy server to figure out what NTP server you are trying to connect to, and then spoofs the NTP response... as others have mentioned, the response is easy to parse, and thus easy to forge.
A better solution would be to use something like Google App Engine (free), to send your app some kind of encrypted response that would boil down to the server time. If the client time deviated from that by too much, the app would simply use the server time for calculations. Then even if they intercept the request they will not easily be able to send back the correct response.
But basically in any networked game, you must always assume the client is lying. The only real way to prevent issues is to have everything go through a server, so a client cannot decide it's suddenly rich and have any other client agree it is so...
You can simply use one of the time servers, available over internet. That's quite simple protocol, you will parse replies without any problem.
You could use any NTP server (see http://www.ntp.org/).
Also, you could implement some simple validation by storing the latest date the app has run, and check that the date never goes back.
One way that will provide at least a layer of protection if you absolutely cannot check a remote ntp server
Check times and time zone if you ever notice a change in time thats not attributed to a time zone change thats greater than DST changes, pause your dispensing of money
If online, you should check an NTP server, or preferably your own time stamp server using an encrypted protocol.
When offline, you can either not add currency, or time-stamp the currency addition and check for cheating (the time stamps vary non-monotonically by too much to allow for travel and clock drift) every time the app is made active. Then you could de-value any ill-gotten gains somehow: virtual barn catches fire, everything in the game suddenly costs more, bank transfer fees become larger than the amount transferred, etc.
iPhone: Open your game let it load use all energy then go to: *Settings *General *Date & time Turn off auto Set 1 hr forward (or more depending on wait time I.E. Energy full in 3 hours set forward 3 hours) Reopen game, does not work for every game
If you look closely in the headers of your HTTP requests and responses you'll find that the time information you need to determine the clock offset from the Server to the Client is almost always already available.
For tracking absolute time in disconnected operation, you can use the systems MONOTONIC clock, on iOS it's part of the kernel interface. You'll also need to save the boot UUID and boot time from sysctl so you can catch system reboots.
精彩评论