Anti-Cheat Toolkit: stop cheaters easily!

This is strange.
I have pretty quick detect at 50 too.
Even at 2 I got detected after few secs.

SpeedHackDetector has false alarm protection which treats few first detections as false alarms, it can be configured via Max False Positives field.

So if you have let say 10 false positives allowed it will skip first 10 detections before reporting a cheating.

And time spent on skipping will vary depending on the interval set and the speed hack multiplier used.
The less speed hack multiplier is used the more time it will be needed to detect the hack since detector has a fixed threshold which needs to be out before it will detect cheat (it is done to avoid false detections due tiny changes in time - when OS syncs time with server or when you have some HW or SW glitch, etc).

But that threshold is pretty small and shouldn't lead to the issue you're describing.
And no one reported anything similar before.
It would be nice to have more info about your environment after all to try reproduce it on my side.

Also, I could send you some oldie ACTk package to let you try check it on your system with different settings of the detector (interval, max false positives, etc.) to try figure out the cause of the issue.

 

Yeah strange.

I know about the false positive but i have tested on your demo.

Anyway, thank you for the information and test, i will check on my computer and on an another computer too.

I will come back to you if i have any news.

Thank you.

 

Hi
I'm making my own inventory system, using ACTK's obscuredprefs and Playmaker Action.
Is there an action that load all ObscuredPrefs Key to array or list?
Like a Prefs Editor, I wish there was such an action.

Thanks

 

Hey, @doyoking

No, there is no such option for the runtime.
Prefs Editor reads prefs directly from registry on Windows and plist files on Mac OS using editor scripting.

It's not added to the runtime yet since it's not that easy to make it cross platform since prefs are stored differently at different platforms.

For now, if you're developing for Windows or Mac OS, feel free to take a look at how it's done in editor scripting to make it similarly at your runtime code.

 

Дмитрий, скажите, есть ли резон использовать для защиты андроид-приложения (внутриигровые покупки) в дополнение к ACTk еще и обфускатор? Если да, то что посоветуете? Можно в личку.

 

Hey, @AlexToUstas!

Please check your PM inbox =)
(ответил в личке)

 

Hi there,

I have a question about security... I was coding and i'm actually declaring a variable as "ObscuredFloat", but that variable is constant and never changes..

So here is my question, witch one is safer and better, a "const float", wich is a read-only variable (what happens if user try to change that variable? crash? nothing? the change occurs?) or a "ObscuredFloat"?

ps: my question is not only about float type, but it is about "const" variable vs "obscured" and "encrypted" ones.


Thank you,
Felipe.

 

Hey, Felipe

If you have some sensitive value which never changes and you declare it as a const - it still can be cheated by memory scanning tools if the value is unique enough to be found in first search pass.

So in such cases I'd still suggest to store it as an Obscured variable (as it's impossible to make an Obscured const due to the constants nature).

 

I noticed something called URLOpener under your WebGL folder. I realize it's probably for opening a URL, just wondering if it's meant for us to utilize and if so what is it to help protect from happening?

 

@FatCatz
It's only for the opening of URLs from the WebGL example coming with plugin.
I'll move it into the Examples folder in next update to avoid any extra confusion about its purpose.

Thanks for pointing me out to this!

 

i use 1.5.6.1 with unity 2017.2.0f2. when i try to build for windows platform i get several errors like following one. is this unity bug or AntiCheat issue?

Assets/Plugins/CodeStage/AntiCheatToolkit/Scripts/Detectors/ActDetectorBase.cs(3,19): error CS0234: The type or namespace name `Events' does not exist in the namespace `UnityEngine'. Are you missing an assembly reference?

 

Hey, @atmuc

Could you please share a full console log for the build?
I've just tried to build regular standalone build and Universal Windows Platform build, both went fine, without any issues.
As far as I can see, UnityEngine.Events should be in place for all platforms and it sounds weird your compiler doesn't "see" it.

 

hi @Dmitriy-Yukhanov,

i try windows standalone. i could build with 2017.2.0f1. it can be a unity bug or unity change.

 

Hi, @atmuc

This is weird.
Could you please try reproduce it in the new project?
And send me that project for inspection if it reproduces?

Thanks

 

Hi there,

We're trying to build our app for UWP but we're having a store error: "API OpenURL in __internal.dll is not supported for this application type. Assembly-CSharp-firstpass.dll calls this API." and when we searched which script is calling it, we've found it inside "ActTesterGui.cs" (there is another?).

So, my question is if is there any problem deleting or commenting the script (or part of it) or if is there any other solution and/or tips.




Thank you.
Felipe.

 

Hey, Felipe! (@KeiseEntertainment )

You're free to remove that script at all.

Thanks for reporting this, didn't knew that "hack" with __Internal extern could lead to such issue on the UWP publish stage.
Removed that part entirely for the next update to avoid any further problems with it like yours.

 

Hey Dmitriy,
Just a question to be sure

I'm using also the obfuscator plugin in my project in order to obfuscate my code.

Wich option is better ? or is it just the same ? (I don't won"t my key to be hacked off course )

Code (CSharp):

1. [ObfuscateLiterals]
2. void Awake()
3. {
4.     //First option
5.     ObscuredPrefs.CryptoKey = "test123blabla";
6.    
7.     //Second Option
8.     public ObscuredString key = "test123blabla";
9.     ObscuredPrefs.CryptoKey = ObscuredString;
10. }

Also in this case, is it good to obfuscate the strings with [ObfuscateLiterals] or is it useless ?

Thanks a lot !!!

 

Hey, @rattlesnake !

The first option is fine, there is no need to protect crypto key from memory search since cheater will need to know it to find.

The vulnerable place is code - cheater can decompile it and look for all your literals and constants.
There are 2 hints here:
- obfuscate your key or store it or part of it in serialized field (set manually from scene)
- use IL2CPP

So, of course, ObfuscateLiterals attribute sounds good if it works and string literals/constants are get really obfuscated in assemblies.

If you're on IL2CPP-compatible platform, I'd suggest to use IL2CPP to improve code resistance to the reverse-engineering a bit by disabling 1-click decompilation at any IL decompiler.

All of these still can be bypassed by a skilled person though.

 

Hi,
I created a clean project and import the ATK.
The version of Unity is 2017.2.0f3.
I build a windows standalone with the example scene and the player said the Injection is detected.
This is the debug information:

WindowsPlayer(MacWindows) [ACTk] Injected Assembly found:
UnityEngine.SpatialTracking, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null

The check is passed after I add the UnityEngine.SpatialTracking to whitelist.

 

Hey, @ShizumaruRiya

Thanks for reporting this.
This is a known issue, upcoming update will have new default assemblies (appeared at Unity 2017.2) whitelisted, just late to the party a bit. Hope to see it online in 1-2 weeks (depending on review time).

Looks like you've already found a proper way of whitelisting them "by hands", it's a way to go until update.

 

Very interesting ! So when you set the key within the inspector menu it's kind of hidden when decompiling ?
But is it still better to use Obfucation in the code instead ?

Seb

 

When stored within inspector, value in build is actually stored in data, outside the source code, which prevents its easy lookup in decompilers, though it still can be revealed from data by skilled reverser, it just makes task a bit harder.

I'd suggest to keep obfuscation only if you have good enough obfuscator which can't be auto-deobfuscated with automatic tools like de4dot.

 

Thanks a lot for your answer you are a boss

 

Hi Dmitriy,
This line in the ActTesterGui example make il2cpp android fail, you may want to check it:

 

Hey, @00christian00

Thanks for reporting this, yeah, that line keeps sucking =D
I'm sorry for any inconvenience, it causes too much trouble for tiny benefit thus it just was removed in the upcoming update which is going to be sent to review in few days.

 

Hmm, Unity is detecting it fine (5.6.3), but Visual Studio (even after a system reboot) refuses to find CodeStage namespace.


EDIT: @Dmitriy-Yukhanov Actually, I realized there's someone above that has the EXACT same issue as me --

 

Hey, @dylanh7244

Did you tried to remove all VS-related files and folders at the project folder and re-open scripts in VS (hidden .vs folder all .csproj, .sln, .userprefs?
Also full reimport may probably help here.
It looks like some glitch with project generation or UnityVS + VS chain.

The issue you're referring to is not related to this case.

 

You are full of infinite wisdom, my friend.



I deleted the VS files in the project root, went to Unity >> assets >> open C# project >> resolved!

 

And update to 1.5.7.0 is live!

Here are major highlights:
- ACTk now needs Unity 5.1 and newer
- Int vectors support
- byte[] encryption
- Unity 2017.3 compatibility
- many other improvements and fixes!

Stay tuned for more! Closest updates will bring more anti-cheat features.
See the full changelog below.

Spoiler: 1.5.7.0 changelog

1.5.7.0
- added obscured versions of Vector2Int and Vector3Int from Unity 2017.2+
- base Unity version increased to 5.1.0f3
- InjectionDetector whitelist updated up to Unity 2017.3b6
- added ObscuredDecimalDrawer (thx mcmorry)
- added IsRunning read-only property to all detectors
- added ObscuredByte.EncryptDecrypt(byte[] value) API variants
- added proper help urls for all detectors
- added error callback to the TimeCheatingDetector
- reduced GC allocations count at WallHackDetector for Unity 5.3+
- removed urls-related code from the examples for better compatibility
- fixed non-blocking error while switching the condition compilation symbols
- minor refactorings
- minor improvements

 

Здравствуйте, Dmitriy-Yukhanov

Пытался связаться с Вами через почту, но ответа так и не получил.
Скажите пожалуйста, планируется ли добавление защиты от спидхака на основе онлайн серверов времени? То, что спидхак нельзя обнаружить на андроид устройствах с рутом я уже прочитал и это печально.

Сейчас как временное решение, сделал на основе Time Cheating Detection определение спидхака, по сути то же самое, что и Time Cheating Detection, но проверка идет не такая долгая.

Разница во времени между локальным временем и серверным получается очень большая, в редакторе 0.03 минуты, а на реальном устройстве 58+ минут, хотя время выставлено одинаково и используется один и тот же сервер.

P.S.
Такая разница во времени из-за неправильных настроек времени на стороне клиента.

 

Здравствуйте, @vARDAmir88!

Ответил Вам в тот же день (21 окт.), возможно мой ответ попал в спам?
Цитирую ответ из почты:

На счёт частоты обновления - в будущих версиях можно будет выставлять более короткий интервал для обновления.

По поводу разницы во времени - интересно, не могли бы вы подробней описать какие именно значения имеете ввиду?

Предлагаю дальнейшее обсуждение вести на английском языке, чтобы не смущать остальных посетителей форума, или давайте продолжим беседу на русском в ЛС.

 

Моя вина, письмо с ответом попало в спам, а outlook его не подгружает.
Давайте тогда в ЛС, мой английский может напугать форумчан еще больше

 

hi,

I would like to use the function

ObscuredString x = ObscuredString.EncryptDecrypt (data), keyword);

to encrypt a string that needs to be included in a record in a sqllite database

when I use the following code

var q2 = ds2.con.Execute("insert or replace into XXXX (yyyy) values ('" + x + "')");

give me error

if x not is crypted work fine

I think it's because of some characters like \ and give problems

how can I fix it?

thank you

 

Hey, @cabanel

What kind of error does it gives?

If your issue is related to the special symbols, you always can escape them or wrap with Base64.

 

Hello,

In regards to US export compliance, I need to comply that my ios apps are valid by Feb 1 2018.

The key question that I need to answer is what kind of encryption I use in my apps. Examples Apple give are:

• Using standard encryption algorithms
• Using crypto functionality from other sources such as iOS or macOS
• Using proprietary or non-standard encryption algorithms

The way I understand is, that we cannot apply any custom encryption as Apple (nor US gov) would be able to know what is going on under the hood.

I use the version 1.5.5.0 of your plugin and only use ObscuredString. I was wondering what I should answer for these questions. See something about key length in the forum but it is from 2014, maybe there is something else ?

Thanks you !

 

Hey, @ThibaultGouala

If you didn't changed default key or changed it to the key not exceeding length of the default one, then you don't need to claim you have any encryption (at least from the ACTk) if nothing has changed at the Apple politics about the encryption key length, nothing has changed at the Commerce Control List since 2014 at that part.

 

Hello, Nice plugin!

I got this error in the Visual Studio Community when I build.
However I can run my game on Unity Without problem.

Code (CSharp):

1. /xxxxxxx/Assets/Plugins/CodeStage/AntiCheatToolkit/Editor/Scripts/Windows/ActPrefsEditor.cs(27,27): Error CS0122: 'ObscuredPrefs.DataType' is inaccessible due to its protection level (CS0122) (ProjectName-Unity.Editor.Plugins)

 

Hey, @badben

This is pretty weird.
ActPrefsEditor class is editor-only class and shouldn't be touched during build as it placed to the Editor folder and wrapped with #if UNITY_EDITOR conditional.

If you meant not the Unity Player build, but the source code build, it still should be fine since ObscuredPrefs.DataType should be visible to the editor assemblies because of the [assembly: System.Runtime.CompilerServices.InternalsVisibleTo()] attribute usage at the class which is placed at the non-editor assembly.

Could you please clarify your environment a bit?
- What is your Unity version?
- Are you using .asmdef definition files (new feature since Unity 2017.3)?
- What is your Operation System?
- What version of VS you're using?

 

Hi Dmitriy,

we're currently implementing your plugin and for time cheating detection you recommend to add a detector threshold for manual shifts (daylight saving time, I guess?). If we would do this once, the player would be able to open/close the game and always gain about 1h of progress.

So it would make sense to a) check on startup and b) frequently every hour, how far away from the users timezone a timeshift is and if it will occure anytime soon, increase the threshold - otherwise have it below 10 minutes for example.
Is this possible to change the threshold at runtime, or would I call StopDetection and run it again with StartDetection and the specific values?

Thanks in advance!

 

Hey, @KruegerT

Yes, this was in mind when I implemented that threshold.

Yes, just change the threshold field of the TimeCheatingDetector instance.

It could have a sense, not sure it will work in all cases and scenarios though.
Anyways, feel free to try implement this logic and modify threshold from your scripts in order to keep it at desired values range.

Please, let me know if you have any further questions!

 

Hi ! I'm very interesting about youre asset to protect my code for android game

But I found easily on YouTube how to bypass your asset ..
This is real ? Can you do somethings about that ?

Here the link :

Have a good day

 

Hey, @shuskry

Unity Mono builds have all your code compiled into the IL-compatible assemblies (dlls).
And it's not a secret IL bytecode can be decompiled and inspected \ patched.

To prevent it, you need to protect you code in first place, it's almost always a good idea to protect your code.
To protect your code:
- build with IL2CPP (actually it's totally enough to stop most kids playing with IL decompilers)
- obfuscate your code to make it even harder to analyse and reverse native binary and metadata which IL2CPP produces
- protect your APK with android-specific obfuscators \ cryptors
- check your code integrity from the server-side if you have a server

Code protection and obfuscation is a huge separate topic which is out of ACTk scope.
But there are right tools and hints around which can easily prevent those things you see in that video.

 

Thanks for youre answer !

I'm feel better now ^^ ! I'll will learn a little more about that and buy youre asset ! Thanks again !

 

hello,

I have a class that have some Obscured types. And I want to convert it into Json using "JsonUtility", but the result has contained more than just the key and the value. How can i resolve that?

 

Hey, @Gamrek

I'm not sure JsonUtility supports it, but a most proper way to go - manually serialize obscured types using GetEncrypted \ SetEncrypted or using casts depending on your goal.

You may implement ISerializable for example or write a converter. These are examples for the newtonsoft json.net though.

 

Hi, Dmitry!

Thanks for the great Anti-Hack tool which is working perfectly! However could you please guide how to setup it properly so that ObscuredTypes will not be visible through .Net Reflector together with namespaces such as
CodeStage.AntiCheat? I've tried to add
Assembly-CSharp-firstpass.dll
to temporaryDlls in Config.cs but it still does not obfuscate the
Assembly-CSharp-firstpass.dll public types and namespaces. Could you please help?

Thanks,
Vitaly

 

Hey, Vitaly (@vkrivenko )

It's a matter of code protection from decompilation which is not covered by ACTk.
Use code obfuscation, IL2CPP and native protectors if possible to make it harder for cheaters to decompile, view and edit your code.

 

Hi what are native protectors? any suggestions? IL2CPP seems very easy to decompile and inject code too, there a lot iIl2Cpp dumpers out there..

 

It depends on the platform.
There are few pretty strong (yet breakable of course) for PC, like VMProtect, there are also native protectors and encryptors for Android, etc.

Yes and not.
It's not the same as decompile IL assemblies and patch them in-place with few clicks.
Of course, metadata still allows to get important data from native IL2CPP binaries, but it's not a decompilation.
All you get - a huge listing of something not that pretty and nice as clean C# decompilation and now imagine all names there are obfuscated. You'll have to make some heavy work to reverse-engineer it and what is more important, patch something in that native .so. Not as trivial as patching IL assemblies with DnSpy and such.

Also, you may add one extra layer with loader which decrypts metadata before it's fed to the IL2CPP runtime, at least on Windows (Unity 2018), not sure it's possible on droid, but may be so too.

All after all, it's a massive, deep topic, and there are lots of tricks and tools both for protecting and hacking, some are expensive but not always adding much and vice versa.

While someone is very motivated, it may go very far depending on his skills, knowledge and obstacles from the other side.

 

Hey all, new 1.5.8.0 version is available on the store!

It has fixes and improvements of the TimeCheatingDetector and InjectionDetector whitelist update for Unity 2018.

Spoiler: full changelog for this update

1.5.8.0
- TimeCheatingDetector got some love:
* added new ForceCheck method for manual execution
* added new IsCheckingForCheat property
* first check on Start now removed
* fixed callbacks could run not on the main thread
* improved overall stability of the TimeCheatingDetector (thx Nilo)
* reduced min range for the TimeCheatingDetector interval to 0.1 min
- updated default whitelist of InjectionDetector up to Unity 2018 beta