Jump to content

Try to hack my iPhone app leaderboard...

1 post in this topic

Recommended Posts

UPDATE: Rewritten after fininding out my ints and chars were unsigned and saves to SQL instead. Thanks




I have recently written a leaderboard for one of my apps thats based in PHP. The client side (the app) is all done, but I need to iron out my PHP stuff...


At current, the php recieves the POST and writes it to a text file. Eventually this should be a more formal database... Security (anti-cheating) is also a small issue... One of my friends managed to add in a score in a few minutes...


I have thought about ways of stopping this:


1. MD5 hash the score, to dissuade some people and add some kind of integrity without adding "cryptography" as apple would call it...


2. Add a secret string that is known only to the client and serverside script. Then if the secret is missing in the POST, reject the POST.


3. Consider the userbase, and forget about it... deal with it when it becomes a problem?



Here's where your fun can begin. I'm not going to make it easy for you, so I will only give the URL of the resultant leaderboard and the submit script. See where you can go from there...





If people find it too hard, i could hint to the two strings that are posted... If you can post something, the php should echo meh and the result visible on the /hackit url. Then please allude to me on how you did so, and possible improvements



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.