0

Related to "How to know whether a textfile has been edited or tampered with?", I wonder if it's possible to detect file tampering on the local system?

Typical threat model: the old "Hack" computer game. I want to write out saved game state and later, when the user continues their saved game, I want to confirm they haven't edited the saved game file.

We can assume that the user has access to both the saved game file and the game executable.

Can this be done entirely on the local system, without resorting to storing hashes or signatures on a secure remote system?

I fear that the answer is "it's not possible", since any hash seed or signature key I apply to the saved game can be extracted from the executable.

Edward Falk
  • 103
  • 3
  • By the way, for the record, the way the original "hack" game did it was to include the file's own inode number within the file, hash everything, then add the hash to the file. This had the beauty that the user couldn't even back up a saved game, since the restored game file would have a different inode. Ultimately, however, the security depended on the user not knowing the format of the saved game file, or the hash function. – Edward Falk Dec 26 '19 at 20:43
  • 2
    You're concentrating on the save file, but it's pretty common in gaming circles to straight up mod the game executable itself, sometimes for non-nefarious reasons (there's a number of mods that just fix bugs the developers haven't gotten around to yet). That being the case, a secure remote system doesn't help, because the local client executable can just dike out the call for verification. That, or just send your remote signing API an already-modified file to "legitimize". – Clockwork-Muse Dec 26 '19 at 21:17

1 Answers1

3

I fear that the answer is "it's not possible"

You are right.

The user have the save file, and the executable. He can change the save file as much as he wants, and he have an infinite number of trials to change it, as he have access to the validator: the game executable. He can even run the executable under a debugger, set breakpoints on key functions, and infer how the save file works, and create a save editor.

Can this be done entirely on the local system, without resorting to storing hashes or signatures on a secure remote system?

If asking the user "please don't alter the save file" does not work, it cannot be done.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142