Thinking a bit toward the future, as usual..
We want to add support for Apple Game Center in our iOS game. Possibly in a version after 1.0, depending on progress.
(Side note: I was able to create the Game Center view yesterday by creating a UIViewController in Objective-C and adding it as a Subview to the orxView instance)
Now, one important thing for Game Center support is it must account for playing offline or playing on a poor quality network. So the GC objects must be stored if the network is unavailable and then sent later when the network is available again.
I was considering using the Orx config encryption system to store the Game Center Objects when it is necessary. Encryption is required to prevent the user from modifying the data before it is sent, e.g. cheating by altering his high score or completion time.
I think the encryption should be strong enough that it's a reasonable way to store these data that must be protected from the player. Agreed?
Btw, if you feel like sharing how to embed Game Center or even write a wiki tut for it, don't hesitate. I'm sure a lot of people would be interested.
As for the encryption orx gives, it's pretty basic and only as strong as the private key you use (the longer/diverse, the better).
If someone has access to your game binary they could still try to locate the key either by disassembling the code (but it's pretty easy to hide it in that case) or by stepping through the code, in which case there's nothing you can do about it.
But as long as you have a private key stored with the binary, no matter which encryption scheme you're using, the problem will be the same.
What I'd do would be to use orx encryption + some CRC control on the decoded string to make sure it's valid. It's still not unbreakable but is likely to prevent 99.99% of your players from cheating.
Hehe, yeah, sorry about that, the joy of wanting to add social features to your game on iOS. Good luck with that.
That sounds good to me! You can also create more than one CRC and store them in config properties and a CRC on the CRC block itself, just to make it more annoying for people that really want to temper with your data.
As for the encryption key, copy a paragraph from a book and instead of storing it directly in code you can first deface it a bit like xoring it with a const of a string that's in clear in your game (like the title) or even by transforming it to a list of floats (by normalizing their ASCII value, for example) that will make it almost impossible to spot in the disasm code/data and will require actual code stepping to get.
But really, it depends how hard you think your players are going to try to temper with the scores.
I'm pretty sure Game Center APIs should have some built-in features for saving scores locally and preventing users from cheating.. otherwise what's the purpose of Game Center API after all?
I still think my advice wouldn't be too bad in other non-Game Center-related attempts of storing local info though.
The GameKit documentation does recommend using the NSCoding class to encode the GC object, but there isn't a mention of encryption, or I missed it. Maybe Apple doesn't think anyone actually jailbreaks their iOS.
However, it looks like the iPhone SDK does include encryption libraries that can be used for this purpose, and a good discussion of that is here: http://www.cocos2d-iphone.org/forum/topic/6982
With that method, though, the "key" would still be contained in the source code, so iarwain's suggestion of CRC would still add some security. This is interesting anyway for implementing a social component independent of a service like Game Center...
This is all theoretical at the moment, though. I would like to have the problem that thousands of players are competing so hard in my game they are willing to go to such great lengths to cheat