Security
There are three major categories of security requirements
- Tampering with game executables
- Tampering with memory during game execution
- Tampering with user data
Tampering with game executable
In this case, the attacker can change the attack power of a certain weapon from 10 to 9999 by cheating. In Android, this kind of attack is possible by disassembling the apk file, tampering with the game data, and creating a repackaged apk file.
GS2 does not support this attack. This problem needs to be addressed by implementing a solution to detect if the game binaries have been tampered with.
Memory tampering during game execution
Rewriting memory information at runtime, for example, to illegally reduce enemy health or This is an attack that rewrites the value of the flag used to determine if a quest has been cleared, and puts the quest into a sequence in which it is cleared even though it should have failed.
GS2 does not support this attack. It is necessary to address such problems by implementing a solution that detects if memory values have been tampered with during game execution.
Tampering with user data
This attack involves tampering with the quantity of items in the user’s possession.
GS2 manages user data (saved data) such as the number of items possessed on the server side, and increases/decreases the number of items can be done via the API. In particular, GS2 is designed so that user data operations that are beneficial to the player, such as increasing the number of items, can only be manipulated through the side effects of the microservices provided by GS2.
For example
- GS2-Showcase increases the number of items in a player’s possession when he/she purchases an item
- GS2-Quest increases the quantity of an item when a quest is completed
The number of items in your possession can be increased only through processes such as the following.
Purchasing an item in GS2-Showcase requires some kind of payment, such as spending in-game currency. Starting a quest in GS2-Quest requires paying some price, such as spending stamina.
This design makes it impossible to perform the act of increasing items without limit.