"Unity3d" uses MD5 value to ensure that local SQLite database content has not been tampered with

Application Scenarios for SQLite

In judging whether to use the storage format as the standard for SQLite mode, our standard is content read only. That is, unless the publisher modifies the SQLite content, the player only has read permissions.

In other words, sqlite data is the basic game configuration data, such as the game's level (excluding the achievements of the player), the Monster's blood volume, the equipment template data

For how to use SQLite, refer to one of my other articles, "Unity Local data store---sqlite and json"

Problem recurrence

OK, since we chose SQLite as one of the means of storage, we also hooves the importance of security.

As far as Android is concerned, we release an apk file, modify the suffix to RAR, unzip, open the folder, the SQLite data file is in the assets directory by default.

Others take a sqlite management tool, change the content, such as the New Ebony Sword Property template, the attack would have been a 99999~99999;ok, and then re-compress a package, modify the suffix. apk.

Hooves, cracked version just came out.

The way to solve

Ensuring data security, the first thing we think about is encrypting the data content

However, for the use of SQLite to save configuration data, but rather the comparison MD5 values appropriate.

Encrypted content has gone against the original purpose of using SQLite (universal, simple), so we have chosen all the " configuration Data " to be stored locally in plaintext, but as long as you tamper with the data, I can detect it by MD5 comparison.

Encryption algorithm, more in the preservation of the player's core data, such as the serialized JSON string encryption, write to the local file.

OK, to the next, talk about the idea:

1: Recalculate the MD5 of the db file each time a new version is released, save it in a location

Simple: Assigns the computed MD5 value to a constant

Remote: Saves the version number and the MD5 value as a key-value pair on the remote server. The user sends a version number, and the server returns a list of the corresponding versions of the MD5 string. The remote Word version number is required. Otherwise the old version of the MD5 value and the new version will never be on, it is useless.

2: When the player runs the program, calculate the MD5 of the db file, and compare with the MD5 we saved in the first step, run the game if it is consistent; otherwise, you can set up a remote DB download if the DB file has been tampered with. You can also rudely prompt the user, file format damage, and then give a download link.

Because I actually project the db file is very small (not yet equipped with the property template, is expected to hundred K bar), so the calculation of MD5 value does not cost much resources

On MD5 calculation class

Using System.IO;
Using System.Security.Cryptography;
Using System.Text;

/// <summary>
/// File MD5 Calculator
/// </summary>
Public class FileMD5Helper
{
    #region 公方法

    /// <summary>
    /// Calculate the md5 value of the file and return to uppercase format
    /// </summary>
    /// <param name="url"></param>
    /// <returns></returns>
    Public static string GenerateFileMD5Upper(string url)
    {
        If (File.Exists(url) == false)
            Return string.Empty;

        Byte[] fileByte = File.ReadAllBytes(url);

        If (fileByte == null)
            Return string.Empty;

        Byte[] hashByte = new MD5CryptoServiceProvider().ComputeHash(fileByte);

        Return byteArrayToString(hashByte);
    }

    #endregion

    #region Private method

    /// <summary>
    /// Hexadecimal string of output data
    /// </summary>
    /// <param name="arrInput"></param>
    /// <returns></returns>
    Private static string byteArrayToString(byte[] arrInput)
    {
        StringBuilder sOutput = new StringBuilder(arrInput.Length);

        For (int i = 0; i < arrInput.Length; i++)
        {
            sOutput.Append(arrInput[i].ToString("X2"));
        }
        Return sOutput.ToString();
    }

    #endregion
} 

Last words:

We have two measures around the security of local data

1: We compare MD5 to ensure that the game configuration DB data has not been tampered with.

2: We use Systeminfo.deviceuniqueidentifier to ensure that the archive between players is not universal.

To tell the truth, I don't really like spending time on security, how to make the game fun, is the point

Welcome all friends to enlighten you