Monthly Archives: October 2013

Storing encrypted strings in memory

Whenever you want to store values as string in memory, whilst at the same time prevent external tools from either finding the value and changing it. e.g. changing high score values. You can use the built in System.Security namespace to do so, the following code shows an example of this.

using System.Security;
using System.Runtime.InteropServices;

SecureString secureStr = new SecureString();

int Score
{
    get {
        var bStr = Marshal.SecureStringToBSTR(secureStr);
        var scoreStr = Marshal.PtrToStringBSTR(bStr);
        Marshal.FreeBSTR(bStr);
        var score = int.Parse(scoreStr);
        return score;
    }
    set {
        secureStr.Clear();
        var chars = value.ToString().ToCharArray();

        foreach (var c in chars)
        {
            secureStr.AppendChar(c);
        }
    }
}

The caveat to this is that its only supported currently in desktop, so if you’re planning on using this code inside unity it wont work for mobile and web as they dont have Marshalling available within their JIT compilers.

If desktop is not an option, alternatively you can hide the value using simple crytography. In its simplest form this can be achieved by means of XOR’ing the value. To allow it to work, a random secret private key is chosen and this is then used to encrpyt and decrypt the value. The following code snippet shows how

private int key = 9999;

int score;

int Score
{
    get { return score ^ key; }
    set { score = value ^ key; }
}

An even better way is to randomise the key when you store the value, as shown below

int Score
{
    get { return score ^ key; }
    set { 
        key = GetRandom(1, 9999999);
        score = value ^ key; 
    }
}

int GetRandom(int min, int max)
{
    Random rnd = new Random(); 
    return rnd.Next(min, max);
}

This way even if they do stumble across the value, the next time they look for the same value it will have changed. Its fast and its also available on most if not all platforms.