Stop the Apple Game Center Cheaters!

Cheaters, who hack Apple’s Game Center to enter phony high scores, are threatening to ruin the Leaderboards. What’s Apple doing about it? Apparently nothing.

If you don’t play games on your Mac or iOS device, or if you don’t care how your scores rank relative to other people, or if you just never visit Game Center for whatever reason, this news may seem of little consequence. “Play the games you want and enjoy them,” you might advise, “Forget about the Leaderboards.” To which one might reply, “Tell that to Tiger Woods.”

The fact is, for many people, striving to get a great score on a game is a significant part of the motivation for playing. I assume Apple agrees with this. Why else would the company bother to create Game Center in the first place? Other than potentially helping to sell games, just about all Game Center does is track users’ high scores and achievements. That’s why it is frustrating to see these fake high scores proliferate while Apple continues to turn a blind eye.

Readers may be aware that I have long been a fan of Angry Birds, especially Angry Birds Seasons. If so, you won’t be surprised to learn that this is where I first encountered score hacking. Take a look at the top of the Leaderboards for Angry Birds Seasons HD and Angry Birds Seasons:

Angry Birds Leaderboards

The top of the Angry Birds Seasons HD (left) and Angry Birds Seasons (right) Leaderboards

For Angry Birds Seasons HD, except for two scores at the very top, no one has been able to get above 38,000,000. Those two top scores exceed 38,000,000. By a lot. A whole lot. Orders of magnitude. The scores are 9,223,372,036,854,775,807 to be precise. Further, in what certainly cannot be a coincidence, these two players at the top are tied with the exact same phony score. The situation is similar for the top of the iPhone version of Angry Birds Seasons, where the score appears three times.

When I first saw this, I assumed that the Angry Birds game itself had been hacked. I assumed some users had found a secret back door that allowed them to easily rack up huge scores when playing the game. If so, the onus for stopping this cheating would fall to Rovio, the developer of Angry Birds. They needed to shut the back door. But it soon became clear that Rovio was not at fault.

First off, 9,223,372,036,854,775,807 is not just any ol’ number. It is in fact the “maximum value for BIGINT in SQL Server,” where BIGINT is a SQL storage location for integer values. Any “attempt to put an integer value of a larger storage size into a location of a smaller size fails if the value cannot be stored in the smaller-size location.” In other words, as pointed out in an Apple Support Communities thread, this particular score is the likely maximum score that Game Center can allow, for any Leaderboard for any game.

To me, this suggested that some people were directly hacking their Leaderboard data — going into a file on their iOS device (or in the backup data on their Mac or PC) and entering a maximum score without necessarily even playing the game. Further supporting this hypothesis, I quickly discovered that hacked scores were not limited to Angry Birds. Check out the top scores for two other popular iOS games, Cut the Rope and Fruit Ninja:

Game LeaderboardsThe top of the Cut The Rope (left) and Fruit Ninja (right) Leaderboards

Note that the same 9,223,372,036,854,775,807 score appears twice at the top of the Cut The Rope board (one of the players is the same DarkGamingLord whose name appears in Angry Birds). The same score shows up 10 times(!) on the Fruit Ninja Leaderboard (where DarkGamingLord is in the mix yet again).

Why and how do the hackers do it?

Why do these people cheat? Where’s the fun in fraudalent success? Who knows? I won’t waste time speculating on the warped motivations behind “achieving” a high score by hacking. Suffice it to say that there will always be jerks eager to wreak havoc wherever possible. It’s just a sad fact of life.

Of more relevance is, how do they do it? Hacking Game Center appears to date back to early 2011, when a flurry of reports appeared describing Game Center hacking apps and techniques.

In a few games, one could access and modify data files via a Mac app such as PhoneView. Doing this didn’t even require that you jailbreak the iOS device. In most cases, however, this simple approach was not sufficient. Instead, one needed to acquire an app specifically designed to edit Leaderboard scores (unless, of course, you were skilled enough to write your own program). HackCenter was one such app. It was intended to be made available via Cydia, the app store for acquiring apps on a  jailbroken iOS device. However, the developer changed his mind: “Due to the overwhelmingly negative response of HackCenter, I will not be releasing it…”

Overall, there doesn’t seem to be much Game Center hacking software that is readily available. When I checked Cydia, I found Overachiever, an app that supposedly allows you to enable (unlock) all a game’s Achievements (but not the high scores). I didn’t notice anything else. Similarly, when I did a Google search, I didn’t come up with much. I did find several YouTube videos that offered “tutorials” on Game Center hacking. But most were not particularly easy to follow and I wasn’t sure they still worked.

So, the bit of good news here is that figuring out how to hack the Leaderboards will take a significant effort — which is why I assume we don’t see more of these phony scores than we do. Still, some people have obviously figured out how to do the hacking or we would not see any phony scores at all.

Can it be stopped?

The most important questions are: What can be done about this hacking? Is there a way to stop these cheats?

One simple solution would be for Apple (perhaps in conjunction with game developers) to delete phony scores as they are detected. Unfortunately, as these false high scores have remained untouched for months, I assume Apple has no immediate plans to do this.

Deleting obviously false scores is not a complete answer in any case. The hackers could counter such an effort by re-entering the same phony scores the next day — under a new account if their old account name was blocked. Worse, they could become more subtle. They could enter a score that is just a bit higher than is possible to achieve legitimately — rather than posting ridiculously high scores. This would put their hacked scores back at the top of the Leaderboard but without a flashing sign that says “Look at me, I’m a fake.” By creating uncertainty as to whether a score is a cheat or not, the scores might avoid detection and get left alone.

Actually, I believe such scores have already been posted. For one example, first look at the Angry Birds Seasons Leaderboard. Notice oliver.letterer at the #1 spot with a fake score of 9,223,372,036,854,775,807. Similarly, for Fruit Ninja, oliver.letterer is listed at #3 with the same fake score. Now go to Cut The Rope’s Leaderboard. The oliver.letterer name is there again — once more at #3. This time, however, his score is a much more modest 2,298,946,210. This lesser number is fairly close to legitimate high scores, although it still outdistances those scores by a significant gap. Given that Mr. Letterer is an obvious cheat in other games, I strongly suspect his Cut The Rope score is an instance of a more “subtle” cheat.

The best solution to Leaderboard cheating would be for Apple to modify the way Game Center data are encrypted and checked for authenticity. I believe this could be done in a manner that would make it next to impossible to hack scores. It may never be 100% effective, but it would be a huge improvement.

Things may soon get worse

When OS X 10.8 Mountain Lion gets released this summer, the new OS will include Game Center for the Mac. This will likely make hacking Leaderboards even easier. Why? Because, unlike iOS devices, you can access root data on a Mac without any need to jailbreak.

Apple, if you’re reading this, I implore you to find a better way to prevent Game Center cheating and implement it before Mountain Lion is released. What’s the point of having a Game Center, if its Leaderboards can be filled with phony scores and you don’t know what scores you can trust?