Saving options

In the pause menu, the player can change things like volume, graphics quality, post processing, etc. I want to save these options. For saving buildings, inventory, positions, I used a file with the values serialized into binary format and it works. However I don't think I should serialize the settings. My idea is to have a file called something like "options.mygamename" and it should look something like this:

Code (CSharp):

1. volume: 70.0
2. gamma: 0.0
3. bloom: off
4. depth_of_field: off
5. fov: 70
6. sky_quality: 4 (levels from 0 to 4)
7. etc.
8.  

How to make something like this?

 

I hope you're not using the BinaryFormatter!

Don't use the binary formatter/serializer: it is insecure, it cannot be made secure, and it makes debugging very difficult, plus it actually will NOT prevent people from modifying your save data on their computers.

https://docs.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide

For everything just throw it in a public class with public methods, then JSON-serialize it to a string, write it to disk. Done and done. Not only that, when you have a bug you can open the JSON in a notepad and possibly gain valuable debugging insights.

 

What @Kurt-Dekker said.
JSON is a pretty common way of storing application settings. It's human-readable and can be useful as a fallback way for the user to change settings if, for example, something with the current settings causes the game to crash on some PCs immediately upon launching.

 

what about security with JSON-serialization? compared to binary formatter. (For Mobile devices)

 

Security from what?

 

haha. Sorry. I was just watching all the security related videos.

I guess, *deep sigh* i dont know.

security from hackers changing the values. I know the "saving on devices is not secure at all."

I just read about hashing, Xor, aes(encryptions) and obfuscation..

I just want to know the work flow... what should one guy making a simple game, e.g crossy road do?? Its confusing the shiz out of me man. In my game i have these things i need to protect (levels, i.e which level the player is on, Store boosets (count of each booster), Lives count, Highscore) I am confused as to add in app purchases or not. I guess they will work with google play games.

I am planning on adding google play games services to save game progress.


so far what I have gathered..

Take these variables that needs protection, encrypt them using aes or Xor or Hashing. then save them using Json-serialization to a file

use the concepts of redundancy and cloud save (in my case Google play games services saved games) to avoid any unwanted runtime hiccups.

in the end just obfuscate the code cuz you are soo anxious about security of your game.

phew

then...

loading at appropriate times, check google play games for saved file or search locally and decrypt it and use the values.

this will fend off most hobbyist hackers but a dedicated sucker will hack it no matter what and we dont care about that sad prick right?

Now Confusion time:

1) how to save in app purchases data for a player? if the players says he lost the data or some reason? how to return to him the items that he purchased? what if the player does not allow google play games ?

2) choice of encryption? XOR, hashing or aes? best performant? most secure? best option?
3) will obfuscation slow down the game?

my game is simple, 2d game. ie like angry birds. Static screen. Very few stuff going on.( in gameplay) ( refer to crossy road in terms of monetization strategy and overall feel. no Facebook, just google play games leaderboard and achievement, rewarded videos etc.)
Kindly help me, so confused rn.

 

Do what you like. I'm interested in making games, not preventing people from changing data on their own phone.

 

Why would you do all this for an angry birds type game? What are you getting out of protecting the saved data? Someone hacking the game to avoid a $0.50 microtransaction is not doing it to save money, and they weren't going to pay you anything anyway. They are doing it for the fun of it. Hacking is just another game to them, and increasing the difficulty is more likely to encourage them further. And for what?

Now if you're talking about an online multiplayer game, where defending against hacking from one player protects the game experience of another, well that's different. But why here?

 

bro atleast put me in the right direction. That is exactly what i am confused about. Do what? Xor, hash or aes? or should I just chill and not obsess about security that much? just use simple hashing to encrypt?

 

So I shouldnt be puting that much effort for a simple game? and chill? I thought everybody obsessed over security.

 

I don't pay any attention to impossible tasks, sorry. I know I cannot compel complete strangers on the other side of the planet to do things to the data on their phone, and I'm really just okay with that. Maybe someone else here knows how to compel these hypothetical future strangers and can help you.

 

Reason(s) not to use BinaryFormatter
https://docs.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide

Alternative(s)

XML Serialization & Data Contract Serializer
https://docs.microsoft.com/en-us/dotnet/api/system.xml.serialization.xmlserializer
https://docs.microsoft.com/en-us/dotnet/api/system.runtime.serialization.datacontractserializer

Binary Reader & Writer for XML & JSON
https://docs.microsoft.com/en-us/dotnet/api/system.io.binaryreader
https://docs.microsoft.com/en-us/dotnet/api/system.io.binarywriter

System.Text.JSON API
https://docs.microsoft.com/en-us/dotnet/api/system.text.json

 

Put effort into things that actually matter.

This is like if you open a lemonade stand, and instead of focusing on making the best lemonade, you focus on security to protect your money. So instead of putting money into a coffee can like a normal lemonade stand, you bring out a 600 KG safe, bolt it to the sidewalk, then hire a team of military veterans to patrol the streets. You get them knocking on doors, doing searches of passing cars. You have drones overhead recording the entire neighborhood 24/7.

Congratulations! All your lemonade stand money is perfectly safe! Too bad your lemonade tastes terrible, hardly anyone buys it, cause you spent all your time on meaningless security instead of making your product better for the customer. You would have made far more money tweaking your sugar, sourcing better lemons, which would generate more sales, even if a kid swipes a dollar out of your coffee can when you're not looking.

YMMV good luck. Just saying you've got a limited amount of dev time, a limited amount of effort you can put into making games. Don't waste it on things which are really not that important for a simple single player game. You could use that time to improve the game, improve the marketing, or have already moved on to the next game, instead of getting stuck preventing people from changing data for their own giggles.

 

XD XD XD.
Got it, got it. Cleared my concepts.

Just one little help please.

1) how to save in app purchases data for a player? if the players says he lost the data or some reason? how to return to him the items that he purchased? what if the player does not allow google play games ? and we are not using any servers.

 

This is for just general game settings though, like audio volume, screen resolution, stuff like that.

Why do you want to obfuscate this data from the user? Like I mentioned before, readable config files are useful to fallback on if the user needs to change settings and the application has some issue doing that normally.

 

For general settings I always used player prefs.

I was talking about highscore, current level, booster count etc. But I have realised, Forget it. Shift focus on other things. Just use normal hashing to encrypt data on file and use it. hardly takes 2 min to encrypt it.

 

I use serilization for this which is not human-readable, I use JSON only for options which are editable in game anyway. My game is on steam and I didn't want to add in game purchases, so I don't need too much protection, in my opinion "hacking" a game like mine(survival) ruins all the entertaiment ant it is not my problem if someone decides to get tons of op items unfair. If your game is something like angry birds a lot of users are going to want boosters and coins free, and they will try to use lucky patcher to get the in-game purchases. You should add in game purchases as a feature, but don't expect to much revenue from this, and you shouldn't deal with security measures. The main earnings are from adds.

 

One thing I will do is to save things on steam's cloud servers, not for security, but If a player wants to play the game from another computer he should keep his save

 

These words bring me flashbacks from my childhood. Almost every game I play, every website I used, I tried to hack them all. Even things I didn't want to hack I tried to. At the informatics class I had as homework some multiple choice exercises for C++. Even if I liked that class because I was the one who signed up for the course, I created a JS extension that tries all the choices until it finds the correct answer to solve my homework in 2 seconds. I think I just wanted to be rebel.

 

Oh computers and school.... When I was in high school one thing you could guarantee was the school knew less than the kids did as far as computers.

Spoiler

Just to respond with my own story. I had this multimedia something or other class. It was a room full of computers running Dos + Windows for Workgroups 3.11. The work in that class was pretty trivial for me, cause half the class had to learn the basics, and the class has to go at the pace of the slowest kids. So I spent most of my time figuring out how all the network functionality worked.

So when the computer boots up, it is supposed to bring you to a login and Windows desktop. But I changed the startup so if you held a certain key down it would instead load all the networking and drop you to a Dos prompt. I added this to all my friend's computers there too. So we'd spend the second half of the class each day playing Terminal Velocity or Doom against each other (early - mid 90's). Multiplayer at home was either lan only, or direct dialing a friend's modem. So this was way better gaming than I was used to at home.

If the teacher walks towards you, just reboot. Good times

 

Ha! Good times. In high school we had Apple ][+ machines (dating myself there) and some of us hacked our favorite games to have what we later learned was called a "Boss Key." If you flicked a certain key the graphics would hide and the text would come back with a faux BASIC program listing displayed. I specifically remember doing this to the BOLO game... BRUN BOLO

 

In my country(Part of European Union) you don't have a class of informatics(that's how they call it) in school so I had to go to lessons outside the school and I learned C++, but I don't know why I hate this language, the code looks super messy in c++ with all operators and symbols &,*, and I don't understand why should I write char const * instead of string, or printf insted of cout and pointers and things like std::vector<char> and printf("%s\n", &ErrorMessage[0]); and I think it is all useless. How nice and clean java and c# code is and(in my projects at least) I didn't encounter any limitations that c++ doesn't have(maybe just operator overloading for java, anyway a lot of people hate operator overloading). Anyway I will stop there because this is not an unity forum.