I'm developing my first game for mobile for android and I'm trying to figure out the best way to encrypt my JSON local save data,I know that encryption doesn't make 100% secure to metadata, so what do other games do to make a strong encryption to protect their local data? Maybe they make more than one encryption algorithm in their metadata? If so, I know AES encryption algorithm, what other algorithm can I combine it with?
CodePudding user response:
Encrypting save data only protects it from direct file manipulation. Savvy cheaters can use hex editors and code injection to modify game values at runtime.
That being said, anything that converts your save data into something non-plaintext will prevent the majority of cheating. The layers of "secure local save data" are typically:
Easiest to cheat - Plaintext JSON. A user can directly manipulate these values. Most players can modify these values easily.
Slightly more complex - Base64 encoded. A user can decode this data and modify it without needing to decompile code or hunt down the encryption key. Most players will not know how to do this.
Even more complex - AES encryption using System.Security.Cryptography. A user needs the encryption key in order to make any changes to the save file. Very few users will have technical knowledge to do this.
Server-based encryption and verification - Since the encryption key is on the server, it is impossible for a user to directly modify the file locally.
Keep in mind, none of the above solutions prevent a user from directly modifying game values during runtime using a hex editor or code injection. If you want to prevent any runtime data modification at all, you'll need to run your game on an authoritative server, and the app you build would only serve as the client.
In my experience, trying to prevent cheating is an arms race that is very difficult to win. You're better off spending your development time making the game fun to play than maintaining competitive integrity for locally hosted games.