Return to Answer

Grammar and formatting. Some wording clarifications.

Source Link

edited Jul 5, 2014 at 13:10

Anko

For our game Moblox, we use at first ourThe internal system we used for Moblox (now it islater replaced with OpenFeint) worked like this:

we sendSend a JSON message onover plain HTTP (not HTTPS). In this message, we madeInclude a md5 onMD5-hash of all fields plus a magic string and add it in the message;.
onOn the server, we check the integrity of the message with the same operation;operation.

To crack the system, you mustyou'd have to find this key (the magic string). It is possible with reverse engineering. But, it'sbut painful.

OpenFeint, ScoreLoop and CocosLive usesall use the same trick, but with HTTPS. Very easy to implement.

Source Link

answered Sep 30, 2010 at 15:50

Ellis

For our game Moblox, we use at first our internal system (now it is OpenFeint):

we send a JSON message on HTTP (not HTTPS). In this message, we made a md5 on all fields plus a magic string and add it in the message;
on server, we check the integrity of the message with the same operation;

To crack the system, you must find this key (the magic string). It is possible with reverse engineering. But, it's painful.

OpenFeint, ScoreLoop and CocosLive uses the same trick with HTTPS. Very easy to implement.