"Unity3d" uses MD5 value to ensure that local SQLite database content has not been tampered with

Source: Internet
Author: User
Tags sqlite database


Application Scenarios for SQLite


In judging whether to use the storage format as the standard for SQLite mode, our standard is content read only. That is, unless the publisher modifies the SQLite content, the player only has read permissions.



In other words, sqlite data is the basic game configuration data, such as the game's level (excluding the achievements of the player), the Monster's blood volume, the equipment template data



For how to use SQLite, refer to one of my other articles, "Unity Local data store---sqlite and json"


Problem recurrence


OK, since we chose SQLite as one of the means of storage, we also hooves the importance of security.



As far as Android is concerned, we release an apk file, modify the suffix to RAR, unzip, open the folder, the SQLite data file is in the assets directory by default.



Others take a sqlite management tool, change the content, such as the New Ebony Sword Property template, the attack would have been a 99999~99999;ok, and then re-compress a package, modify the suffix. apk.



Hooves, cracked version just came out.





The way to solve


Ensuring data security, the first thing we think about is encrypting the data content



However, for the use of SQLite to save configuration data, but rather the comparison MD5 values appropriate.



Encrypted content has gone against the original purpose of using SQLite (universal, simple), so we have chosen all the " configuration Data " to be stored locally in plaintext, but as long as you tamper with the data, I can detect it by MD5 comparison.



Encryption algorithm, more in the preservation of the player's core data, such as the serialized JSON string encryption, write to the local file.






OK, to the next, talk about the idea:



1: Recalculate the MD5 of the db file each time a new version is released, save it in a location



Simple: Assigns the computed MD5 value to a constant



Remote: Saves the version number and the MD5 value as a key-value pair on the remote server. The user sends a version number, and the server returns a list of the corresponding versions of the MD5 string. The remote Word version number is required. Otherwise the old version of the MD5 value and the new version will never be on, it is useless.



2: When the player runs the program, calculate the MD5 of the db file, and compare with the MD5 we saved in the first step, run the game if it is consistent; otherwise, you can set up a remote DB download if the DB file has been tampered with. You can also rudely prompt the user, file format damage, and then give a download link.






Because I actually project the db file is very small (not yet equipped with the property template, is expected to hundred K bar), so the calculation of MD5 value does not cost much resources






On MD5 calculation class


Using System.IO;
Using System.Security.Cryptography;
Using System.Text;

/// <summary>
/// File MD5 Calculator
/// </summary>
Public class FileMD5Helper
{
    #region 公方法

    /// <summary>
    /// Calculate the md5 value of the file and return to uppercase format
    /// </summary>
    /// <param name="url"></param>
    /// <returns></returns>
    Public static string GenerateFileMD5Upper(string url)
    {
        If (File.Exists(url) == false)
            Return string.Empty;

        Byte[] fileByte = File.ReadAllBytes(url);

        If (fileByte == null)
            Return string.Empty;

        Byte[] hashByte = new MD5CryptoServiceProvider().ComputeHash(fileByte);

        Return byteArrayToString(hashByte);
    }

    #endregion

    #region Private method

    /// <summary>
    /// Hexadecimal string of output data
    /// </summary>
    /// <param name="arrInput"></param>
    /// <returns></returns>
    Private static string byteArrayToString(byte[] arrInput)
    {
        StringBuilder sOutput = new StringBuilder(arrInput.Length);

        For (int i = 0; i < arrInput.Length; i++)
        {
            sOutput.Append(arrInput[i].ToString("X2"));
        }
        Return sOutput.ToString();
    }

    #endregion
} 



Last words:



We have two measures around the security of local data



1: We compare MD5 to ensure that the game configuration DB data has not been tampered with.



2: We use Systeminfo.deviceuniqueidentifier to ensure that the archive between players is not universal.



To tell the truth, I don't really like spending time on security, how to make the game fun, is the point



Welcome all friends to enlighten you





Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.