Jump to content

Try to hack my iPhone app leaderboard...


  • Please log in to reply
No replies to this topic

#1
Scottapotamas

Scottapotamas

    InsanelyMac Sage

  • Members
  • PipPipPipPipPip
  • 355 posts
  • Gender:Male
UPDATE: Rewritten after fininding out my ints and chars were unsigned and saves to SQL instead. Thanks

Hello,

I have recently written a leaderboard for one of my apps thats based in PHP. The client side (the app) is all done, but I need to iron out my PHP stuff...

At current, the php recieves the POST and writes it to a text file. Eventually this should be a more formal database... Security (anti-cheating) is also a small issue... One of my friends managed to add in a score in a few minutes...

I have thought about ways of stopping this:

1. MD5 hash the score, to dissuade some people and add some kind of integrity without adding "cryptography" as apple would call it...

2. Add a secret string that is known only to the client and serverside script. Then if the secret is missing in the POST, reject the POST.

3. Consider the userbase, and forget about it... deal with it when it becomes a problem?


Here's where your fun can begin. I'm not going to make it easy for you, so I will only give the URL of the resultant leaderboard and the submit script. See where you can go from there...

http://26oclock.com/hackit
http://26oclock.com/hackit/submit.php

If people find it too hard, i could hint to the two strings that are posted... If you can post something, the php should echo meh and the result visible on the /hackit url. Then please allude to me on how you did so, and possible improvements

Thanks







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy