Making a hack proof game in Javascript [closed]

Answer 1

You can put everything the code ever calls inside of a closure:

(function() {
  var cantSeeMe = function() {
    // do some game stuff!
  };

})();

Outside of the closure, it will be very difficult to get at the code for "injection hacks" (overriding a function on the console for instance). This wont stop someone from rewriting your code, but passing things through a packer, or even closure compiler can make your code pretty hard to read/modify... (take a look at jQuery min

All in all, ANY game running client side is hackable.

Answer 2

Disclaimer: This is a terrible method and probably too much effort than it is worth.

Suppose that you had a method of processing the javascript code before you sent it.

First of all, every method has a ident variable which is attached to the result of every function (i.e. every function would return {ident:"special code",result:"actual useful function result"}). You also have a testIdent() function which would accept the function name to call as well as "test data" to give it (if any is needed). The purpose of testIdent() would be to send the ident returned from said function to the server for verification (the idea being that the server can request a test whenever you deem it appropriate). The ident for every function should be randomized and recorded specially for the specified user before sent.

Second, before the code is sent to the client, the function order is randomized and function names are obfuscated in some random fassion. This way there is no way for a hacker to look for some variable ident in function x() as it will be named randomly. Also, it would be another plus if every variable name is obfuscated randomly as well, just to add yet another step to the complication and headaches of... well... everyone (I told you this is a terrible method).

Now, assuming proper steps are taken to make sure the code will always function correctly, hackers are very cleaver people, and there are still ways for hackers to track this code if they are determined enough. At least one way will be to search for key code structures, such as a switch statement with a certain number of elements, or a for loop with x number of statements, etc. While each of these can be countered, say by adding dummy case statements in the switches or a couple of if(true) bits randomly throughout the code, countering hackers will always be a constant (and possibly a loosing) battle.

Hopefully this can give you some ideas. I don't know how someone would implement this exactly, but it is at least an idea.

Good luck!

Answer 3

This is why most JavaScript games rely heavily on a server state, to prevent cheats.

Answer 4

Is there any fundamental way to protect people from doing this sort of thing by designing your game code in a certain way?

The only sane method is to keep critical pieces of the code on servers you control and never give it to the users' computers at all. The hard part is making this square with keeping the game fast enough to be playable.

Answer 5

What is stopping someone from copying the game onto their computer, and injecting functions and modules to cheat?

Nothing.

Is there any fundamental way to protect people from doing this sort of thing by designing your game code in a certain way?

Nope.

Answer 6

In theory you are playing a game against hackers. You can't win this game but you make it challenging.

My suggestion would be to use as much server side logic as you can possibly use and use Javascript Obfuscation.

Javascript obfuscation will make it extremely hard to understand the code, but even better it will make it possible for you to release several thousand versions of your code while maintaining the same code base.

I have used JScrambler to do this on one occasion. Instead of having to hack the code of 1 game, hackers will have to hack several thousand versions of the code! :)