Search Unity

Anti-Cheat Toolkit: stop cheaters easily!

Discussion in 'Assets and Asset Store' started by codestage, Aug 20, 2013.

  1. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @M0rph3v5
    It's not that easy to work with Unity-serialized Obscured type.
    But it's still possible to do this.
    You should be careful to avoid corruption of your data.
    You can take a look at the example at the PropertyDrawers, e.g.
    Assets\Plugins\CodeStage\AntiCheatToolkit\Editor\Scripts\PropertyDrawers\ObscuredStringDrawer.cs
     
  2. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    1.5.5.0 is available at the store!
    It has fixes and improvements to the existing features, most important fixes - for the possible fake detections of some obscured types cheating.
    If you're updating from 1.5.1.0 or earlier, please run the migration script using menu:
    Tools > Code Stage > Anti-Cheat Toolkit > Migrate Obscured types on prefabs...
    to fix possible corrupted prefabs.
    1.5.5.0
    - menu items migrated to the "Tools > Code Stage > Anti-Cheat Toolkit"
    - added new utility script to migrate ObscuredDouble and ObscuredFloat
    instances on prefabs when updating from 1.5.1.0 and previous to the
    1.5.2.0 +; you can run it via menu Tools > Code Stage > ACTk > Migrate...
    - improved compatibility with Unity 5.5+
    - fixed ObscuredCheatingDetector false positives (huge thx Fiete)
    - fixed vulnerability of the obscured types
    - fixed ObscuredShort inspector output in Unity 5.0+
    - fixed false cheating detections for obscured types which are able to
    show up in the inspector in some cases (thx mrm83)
     
    docsavage likes this.
  3. rattlesnake

    rattlesnake

    Joined:
    Jul 18, 2013
    Posts:
    138
    Hi Dmitriy,

    New user here :)
    I'm running unity 5.6 and would like to define the crypto Key.
    I tried this in awake :

    Code (CSharp):
    1.  
    2. void Awake()
    3. {
    4.     CodeStage.AntiCheat.ObscuredTypes.ObscuredPrefs.SetNewCryptoKey("MyKey");
    5. }
    6.  
    But I have this error :
    error CS0122: `CodeStage.AntiCheat.ObscuredTypes.ObscuredPrefs.SetNewCryptoKey(string)' is inaccessible due to its protection level

    Also about the crypto Key, it could be whatEver string with any lenght ?
    I understand that to be compliant with Apple it should be under 7 char.
    Is there a huge performance impact if i set it to like 32 or 16 chars ?

    Thank you :)
     
  4. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @rattlesnake !

    There is a CryptoKey property, use it instead:
    http://codestage.net/uas_files/actk..._prefs.html#ad6e15d0a034c16ffaf2cc75eeb2e8913

    yes

    There will be impact, but not huge.
    I'd suggest to avoid using too long keys as it's almost useless in terms of security: in Unity world more likely cheater will try to find \ obtain your key instead of brute forcing it.
     
  5. rattlesnake

    rattlesnake

    Joined:
    Jul 18, 2013
    Posts:
    138
  6. artaka

    artaka

    Joined:
    Feb 19, 2013
    Posts:
    128
    Hey Dmitriy,
    Thanks for the great tool. Easy to use and effective.
    One addition that would be great is support for Reflection. Since the Obscured* types use implicit casting, it's not possible to use Reflection to set or get its values using primitives. It could be done using a TypeConverter. But perhaps there is a better way to do it.
     
  7. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
  8. artaka

    artaka

    Joined:
    Feb 19, 2013
    Posts:
    128
    That's pretty much what I ended up doing. I was thinking there may be a cleaner way.
    Thanks
     
  9. romit99

    romit99

    Joined:
    Feb 8, 2014
    Posts:
    10
    Hello, I purchased the plugin and I have some questions -
    1.we are using "BigInteger" variable in our game does the plugin support this variable for encryption.
    2. can u provide the sample code for the time glitch
    3.we are using "cloudprefs" plugin for saving data in cloud, will this plugin support it?
    This is that plugin - https://www.assetstore.unity3d.com/en/#!/content/60633

    Could you please respond on these issues? thank you very much :)
     
  10. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @romit99 !

    Oh, somehow I missed your post, my humble apologies!

    First of all, thanks for your purchase!

    No, there is no Obscured counterpart of the BigInteger. However you're free to use simple obscured types to store the actual data if possible.
    I'm adding BigInteger obscuration to the TODO list since you're the first customer on my memory who asked about this type, thanks!

    Are you asking about SpeedHackDetector example?
    You may find it at the ExampleScene in the package.
    Actually all yo need to do - add detector to the scene and assign a detection callback at the inspector.
    You also may rn it fully from code, just use the SpeedHackDetector.StartDetection() API.
    Please let me know if I understood you incorrectly.

    No, I didn't hear this plugin is supporting ACTk integration.
    Could you please let me know why do you wish to encrypt cloud-based prefs?
     
  11. romit99

    romit99

    Joined:
    Feb 8, 2014
    Posts:
    10
    Thanks for your prompt response! looking forward to the update!
     
  12. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey all, I'm glad to let you know new version 1.5.6.0 is available!
    Most interesting things in this update:
    • New TimeCheatingDetector!
      • Checks local time for cheating using NTP time servers
      • Has configurable sensitivity threshold to avoid false positives
      • Can skip checks when Internet connection is absent
    • New kind of Speed Hack cheating is detected now with SpeedHackDetector
    More to come with future updates, stay tuned!

    1.5.6.0
    - brand new TimeCheatingDetector (needs Internet connection)
    - another kind of SpeedHack detection added (thx lol)
    - third-party integration packages paths are match ACTk path now
    - added switches for all important conditional compilation symbols
    to the Settings window
    - improved Unity 2017 compatibility
     
    docsavage likes this.
  13. vistriter

    vistriter

    Joined:
    Jan 22, 2017
    Posts:
    91
    How to use time cheat detector ?
     
  14. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @vistriter

    Let me shamelessly copy-paste my reply to you from email:
     
  15. kathode

    kathode

    Joined:
    Jan 15, 2013
    Posts:
    63
    Hello, apologies if this has been asked before, but does anyone know if this is compatible with tvOS? Thank you!
     
  16. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @kathode

    I had no reports of it not working under tvOS.
    Generally, most features should work on all platforms, except InjectionDetector.

    Please let me know if you have any issues with tvOS and I'll try to help as much as I can.
     
  17. ScottSummers

    ScottSummers

    Joined:
    Jul 12, 2015
    Posts:
    27
    Thanks for ACTk!

    Two questions:

    1. Will it cause problems to create new encrypted variables by code, instead of using the Prefs Editor?

    2. Can ACTk be set to create a save file (and later load it) at a certain file path?
     
  18. RealAspireGames

    RealAspireGames

    Joined:
    Dec 24, 2013
    Posts:
    263
    Hello
    Just a quick question. Is there any way to serialize obscured floats and bools through Photon Cloud? I keep getting a serialization error. Just wondering if there is some way to get this amazing asset working with photon cloud.
    Thank you.
     
  19. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @ScottSummers

    It's totally fine, Prefs Editor is more for debugging purposes.

    Not really, ACTk's ObscuredPrefs currently works only using PlayerPrefs base, in uture it will be able to save to the separate file, it's on my TODO.
    Though, you may use ACTk's Obscured types to encrypt and decrypt any raw data you have.
    For example, you may use ObscuredString.EncryptDecrypt() API to encrypt some data, save it to file with any preferred method, later load it and decrypt it back with same API.
     
  20. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @RealAspireGames

    You may get encrypted data to safely transfer it over network using GetEncrypted() API of any obscured type and decrypt it back with SetEncrypted() API.

    I'm not sure current Photon versions allow to customize or control (de)serialization though.

    Proper Photon integration is on my TODO list, reaching there step-by-step with every update.
     
    RealAspireGames likes this.
  21. RealAspireGames

    RealAspireGames

    Joined:
    Dec 24, 2013
    Posts:
    263
    Awesome, thank you so much. I will look into that now. :D
     
  22. ScottSummers

    ScottSummers

    Joined:
    Jul 12, 2015
    Posts:
    27
    Great!
    1. Can you say what are the lines of code a script should use to create a new encrypted variable?

    2. Once the game is built for PC, can you say what path and file the data gets written into?
     
  23. Deleted User

    Deleted User

    Guest

    Will this ever get 100% PlayMaker support? I can barely code something (but can copy paste code and slightly adjust), so should I stay away from this asset or could I get this running with the help from the support or forum?
     
  24. ecequalsm2

    ecequalsm2

    Joined:
    Jan 14, 2016
    Posts:
    7
    Is there a Playmaker tutorial somewhere? I was hoping to see how I would set up the unbiased timer to keep track of time before refilling lives using this in Playmaker. but I'm not exactly sure how. Any suggestions or resources I could turn to?
     
  25. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @ScottSummers
    1. If you need to save something encrypted:
    Code (CSharp):
    1.  
    2. // save
    3. ObscuredPrefs.SetInt("Health", 100);
    4.  
    5. // load
    6. int health = ObscuredPrefs.GetInt("Health");
    7.  
    It will save variable to the PlayerPrefs but in encrypted state.

    If you need to create runtime encrypted variable to resist memory hacking:
    Code (CSharp):
    1.  
    2. // just declare it as a field of your class for example
    3. public ObscuredInt health;
    4.  
    2. Same as for PlayerPrefs:
    "On Windows, PlayerPrefs are stored in the registry under HKCU\Software\[company name]\[product name] key, where company and product names are the names set up in Project Settings."
     
  26. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @FlyHigh

    PlayMaker didn't allow to make custom types effectively without huge waste of resources (and garbage for GC), that's why ACTk has no 100% support yet.

    There is unofficial method of adding support to PM, with extra overloads, so you could try it:
    example and explanation by kreischweide

    Though I should re-iterate on this to take a look at the latest PM versions. There is a hope it allows custom types now or at least has some proper API to make this without extra overload.

    It's on my TODO and in future updates I'll re-visit PM support to check how things changed since last time I dived deep into it.

    Regarding staying with asset or not - it's totally up to you, depending on what anti-cheat features you would like to have.
     
  27. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
  28. jesusluvsyooh

    jesusluvsyooh

    Joined:
    Jan 10, 2012
    Posts:
    347
    Hi, would it be possible to get a simulate speed hack button in a future update? :)
    Or a point in the direction where a *2 in the code can be added to simulate it XD
     
    Last edited: May 17, 2017
  29. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @jesusluvsyooh

    What exactly you expect from the simulation?
    Actually it's not that easy to make an actual speed hack from the managed side.
    Also I wonder why you ever need this?
     
  30. jesusluvsyooh

    jesusluvsyooh

    Joined:
    Jan 10, 2012
    Posts:
    347
    I could not get cheat engine to work with editor .apps or webgl's on chrome or safari, its a new $Mac, and i am still in that stage of placing it down gently and whispering good night to it before bed, and trying not to download lots of dodgy .dll's from internet to get cheat engine to work (just yet). :D

    Just wanted to trigger the detections without using cheat engine ;)
    Maybe not a simulation.. but rather a button to make the various cheat detections fire without use of cheat engine, for developing purposes.
    I'm a Java/UnityScript guy, but after a bit of exploring i managed to do it. :rolleyes:
     
  31. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Ah, understood now, @jesusluvsyooh
    Just call your cheat callbacks manually, from a button click, it's not hard to make an UI button with proper Event on it targeting your cheating callback functions without any programming at all.
     
  32. hungrybelome

    hungrybelome

    Joined:
    Dec 31, 2014
    Posts:
    279
    Hi, any recent progress with this? I'm interested in buying ACTk soon.
     
  33. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @arlevi09

    Not there yet, hope to reach this part late summer/early autumn, but can't guarantee.
     
    hungrybelome likes this.
  34. NightmarexGR

    NightmarexGR

    Joined:
    Jun 7, 2012
    Posts:
    204
    Hello, i bought the plugin a while ago and all seem to work ok except injection protection.
    I am able to inject code and edit stuff easily and no trigger ever happens :O
    PM or email me for details, dark.xxx.bfk@gmail.com my email.

    P.S. I am total begginer in injecting just saw a 10 min youtube video
     
  35. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @NightmarexGR

    InjectionDetector should detect managed assembly injections, it's not intended to detect any unmanaged injections.
    If it's not detecting managed injections - I'd be happy to know more for sure, please check your PM inbox.
     
  36. NightmarexGR

    NightmarexGR

    Joined:
    Jun 7, 2012
    Posts:
    204
    i dont know what is the difference between managed and unmanaged, i pm you :/
     
  37. MrSaoish

    MrSaoish

    Joined:
    Oct 1, 2016
    Posts:
    22
    I'm very new to this topic, does this falls into managed or unmanaged assembly injection? Or neither?
     
  38. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @MrSaoish

    Managed injections - it's a managed-code (mono-compatible assembly) injection into your Application Domain.
    Unmanaged injection - it's an unmanaged-code (native library) injections into the Unity Player process.

    As to your link, it's not an injection, but a code patching.
    ACTk will have a code integrity check in future updates to make it possible to detect such code patching.

    For now, I'd suggest to use any third-party tools for code protection.
    Most popular are code obfuscators.
    Look for any C# / IL obfuscators compatible with Mono and if possible, Unity.
    Obfuscators will rename most of the classes, methods, variables, etc. making it harder to reverse-engineer your code.

    For example, this Obfuscator from the Asset Store is a good starting point in your searches since it's easy to use, it integrates into the build pipeline nicely and "knows" about special Unity callbacks and events, keeping you safe from breaking your code.

    There are also free and even opensource C# obfuscators (e.g. Confuser, ConfuserEx, etc.) but most of them are not aware of Unity \ Mono specific and may break your code, so it would require more granular control over the obfuscation process and settings.

    Also, as an addition measure of the code protection, I'd suggest to use IL2CPP instead of Mono when possible.
    Mono builds have IL-compatible assemblies (dlls) which can be very easily decompiled with any IL/C# decompiler to the readable code, pretty similar to the initial source code, making patching process very easy too.

    ILC2PP builds are built to the native binaries which can't be decompiled to the source using those IL/C# decompilers, making it pretty hard for the beginner hackers to inspect and patch your code: they'll need to use native-friendly tools like IDA which are not as straightforward as IL/C# decompilers.

    It's worth noting IL2CPP still not makes your code safe from hackers - it still can be reverse-engineered and patched, but it raises a needed skill level of the hacker.

    There are also other ways to protect your code, like modified Mono runtime and assemblies bytecode (making useless any existing decompilers), encrypted assemblies, etc.
    But they are either too expensive or too easy to bypass anyway.
     
    MrSaoish, nxrighthere and mcmorry like this.
  39. MrSaoish

    MrSaoish

    Joined:
    Oct 1, 2016
    Posts:
    22
    Hey, @Dmitriy-Yukhanov
    Thank you very much for your explanation, and I am really looking forward to:
    I am sure this brings so much potentials for those indie online multiplayer projects. I don't really care about piracy, but I do want to at least know a modified client has connected to my server. Please keep up the good work and thank you for sharing ACTk.
     
    codestage likes this.
  40. Aurigan

    Aurigan

    Joined:
    Jun 30, 2013
    Posts:
    215
    Couple of things ... Could you please rename Constants to something else (ACTConstants ?) ... I'm lazy ;)

    And, any thoughts about adding an ObscuredBigInteger? (I'm not sure this would actually be needed ... no idea how memory hacks would 'see' a big int)
     
  41. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @Aurigan

    Sure, I'll rename Constants to something more individual in next update.
    Though it's a good practice to put your classes into namespaces to avoid names interference.

    Regarding ObscuredBigInteger - it looks like some pretty rare case when you really need to make a big integer variable to store some in-game sensitive data cheater will try to cheat.
    Though I'll implement it if customers will request such feature, for now there were no such requests.
    Anyways obscuring big integers is not a trivial thing to do especially if you wish to keep performance at a good level (BigIntegers are often used in performance-sensitive scenarios) and there are lots of other great and often-requested features around to implement first, so currently I have no plans implementing it, but it will be a case if customers will request it.
     
  42. Aurigan

    Aurigan

    Joined:
    Jun 30, 2013
    Posts:
    215
    Thanks for the reply ... there's a whole genre of games (Incremental aka Idle) where getting really big numbers is pretty much the game. At the moment these are all using doubles as that's the largest commonly available but with BigInteger becoming available I foresee that changing (I'm using it for the current game I'm working on!)
     
  43. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Alright, adding BigInteger obscuration to the TODO list =)
    Will get there faster with every other request (currently trying to make most requested stuff in first place).

    EDIT:
    OOPS it's already on the TODO list! =D
    Silly me, looks like there was a feature request for it already before which I forgot.
    Anyways, moving it upper now.
     
    Last edited: Jul 10, 2017
  44. guzzo

    guzzo

    Joined:
    Feb 20, 2014
    Posts:
    79
    Wouldn't it be better if you use different variables for holding thousands, millions, etc? For example, you have 3 int variables: units (u = 0), thousands (k = 0) and millions (M = 0). Then if you would add 1200 to "u", you would convert the addition so you will end up with u = 200, k = 1, M = 0. This way, you don't have to deal with super big numbers and can extend it to the infinity (in infinite time).
     
  45. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, new update is live at the Asset Store!

    Mostly improvements and fixes of existing features.
    Some new features are on the way with next update.

    P.S. Going to a vacation from 1 Aug for few weeks (to mid-late Aug), so please expect increased support replies time during that period.

    1.5.6.1
    - TimeCheatingDetector now uses async methods to reduce main thread locks
    - disabled TimeCheatingDetector for Windows Universal Platform
    - fixed initialization of Obscured types with SetEncrypted call (thx Keith)
    - added version output at the Settings window
    - added tooltips to the compilation symbols at the Settings window
    - updated InjectionDetector whitelist to match Unity 2017.2.0b4
    - minor improvements
    - minor fixes
     
    nxrighthere and mcmorry like this.
  46. roka

    roka

    Joined:
    Sep 12, 2010
    Posts:
    460
    Hello,

    The speed hack detection is not working in WebGL (tested on your webgl demo), It's normal?
    I can detect it with on of my script but it seem that your script do not work.

    Thank you.
     
  47. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @roka

    This is not normal, it should work fine.
    Could you please share a bit more info to let me reproduce the issue?

    I'd like to know:
    - Unity version you're working with
    - Browser name and version you're using
    - Cheat software name and version you're using to make a speed hack
    - ACTk version (can be seen at changelog.txt or at the ACTk Setting dialog since 1.5.6.1).

    This and any additional details will help resolve this issue.

    Thanks!
     
  48. roka

    roka

    Joined:
    Sep 12, 2010
    Posts:
    460
    Hum, really strange.

    If i do not record a video, the speed hack is not detected and when i record, i got detected everytime ...it's weird.

    Tell me if you can test yourself with this web browser https://www.palemoon.org/ on your demo http://codestage.net/uas_files/actk/demo/ because when i try to make a video, i got detected.

    Thank you
     
  49. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,316
    Hey, @roka

    I've checked it several times and Speed Hack was detected just fine every time:

    upload_2017-9-11_18-34-35.png
     
  50. roka

    roka

    Joined:
    Sep 12, 2010
    Posts:
    460
    Do you have used 500 for the speed everytime? because at 500 i got detected directly but at 50 , it take around 1 minutes before i got detected.

    Thank you.
     
unityunity