3 Replies
      Latest reply on Jan 17, 2020 2:35 PM by PBK
      pistoleta Level 1 Level 1 (0 points)

        Hello all, we are working on a game for iOs using Unity.

        We have been able to save our game data using the iCloud KVS, but when i used a tool to explore the iPhone content (iExplorer) i found the dictionary with all our values.

        We dont want users to tamper with the savefiles so I would like to know if there's any way of avoiding this data to be found, or if its available some kind of encryption, or simply we shuld encrypt it ourselves before saving.

         

        Thanks a lot!

        pistoleta

        • Re: iCloud Key-value Storage: avoid user to see contents
          PBK Level 7 Level 7 (3,435 points)

          There are two different things in security - encryption and signing.  You encrypt if you don't want someone to see the data.  You sign if you don't want someone to change the data.  You wrote:

           

          "We dont want users to tamper with the savefiles"

           

          If that is correct all you need to do is sign the data.  You do not need to encrypt.

           

          To sign data:

           

          -(NSString *)signatureForArray:(NSArray *)theArray{
              NSError *error;
              NSMutableArray *fullArray=[NSMutableArray arrayWithArray:theArray];
              [fullArray addObject:@"replace this with a secret salt string"];  
              NSData *data =[NSPropertyListSerialization dataWithPropertyList:fullArray format:NSPropertyListXMLFormat_v1_0 options:0 error:&error ];
              unsigned char result[CC_SHA1_DIGEST_LENGTH];
              CC_SHA1([data bytes], (unsigned int)[data length], result);
              NSString *fileHash = [NSString  stringWithFormat:
                      @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
                          result[0], result[1], result[2], result[3], result[4],
                          result[5], result[6], result[7],
                          result[8], result[9], result[10], result[11], result[12],
                          result[13], result[14], result[15],
                          result[16], result[17], result[18], result[19]
                          ];
              return fileHash;
          }
          

          Then save the signature string along with the array.  Anytime you wish to use the array first check to be sure the returned signature is still the correct signature.  If it is, the user did not change the array.

            • Re: iCloud Key-value Storage: avoid user to see contents
              pistoleta Level 1 Level 1 (0 points)

              Thanks a lot for your response, I was a little bit familiar with encrypting and signing , and of course we will use it for KVS but my question is about users being able to see and manipulate values on KVS, even if they are encripted and signed, ( i understand no matter which encryption method you use a good hacker will be able to crack it, at least thats what I've read)

              So my question is more about the kvs features themselves, are they protected agains manipulation natively? Do users need to jailbreak their phones to modify these files? I really spent time looking for this information and found nothing.

              Thanks a lot,

              pistoleta