I want to prevent users tampering with the the data generated in my iPhone app, such as high scores. So I'm thinking of using an MD5 hash of the relevant data, and a security salt hard coded into the app. When the data is read back in, I create a new hash and compare it to the old hash. If there's a difference, I know someone has 开发者_如何学JAVAbeen fiddling with the data.
I'm guessing there's always going to be a way for people to get round it, but will this method make it;
- Very difficult.
- Tricky to work around.
- Makes no difference at all.
I'd say tricky, but not very difficult. It's still fairly straightforward to step through with a debugger and watch the salt getting loaded into memory, though it's certainly enough to keep out the vast majority of users.
Unfortunately, this is the classic DRM problem, and has no solution against a sufficiently motivated attacker. Your best bet is to create as many barriers as possible, such that it isn't worth someone's time.
Perhaps the submitted high score could also include some details on game state, which would allow you to check for inconsistencies that might give a user away. For instance, if you see that a user achieved 1,000,000 points but only reached level 2 then you know something's up!
A quick win that will at least defeat a user running strings against your binary is to make sure the salt string doesn't look obvious; don't use "saltsaltsalt"!
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论