Search Unity

Anti-Cheat Toolkit: stop cheaters easily!

Discussion in 'Assets and Asset Store' started by codestage, Aug 20, 2013.

  1. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    This is strange.
    I have pretty quick detect at 50 too.
    Even at 2 I got detected after few secs.

    SpeedHackDetector has false alarm protection which treats few first detections as false alarms, it can be configured via Max False Positives field.

    So if you have let say 10 false positives allowed it will skip first 10 detections before reporting a cheating.

    And time spent on skipping will vary depending on the interval set and the speed hack multiplier used.
    The less speed hack multiplier is used the more time it will be needed to detect the hack since detector has a fixed threshold which needs to be out before it will detect cheat (it is done to avoid false detections due tiny changes in time - when OS syncs time with server or when you have some HW or SW glitch, etc).

    But that threshold is pretty small and shouldn't lead to the issue you're describing.
    And no one reported anything similar before.
    It would be nice to have more info about your environment after all to try reproduce it on my side.

    Also, I could send you some oldie ACTk package to let you try check it on your system with different settings of the detector (interval, max false positives, etc.) to try figure out the cause of the issue.
     
  2. roka

    roka

    Joined:
    Sep 12, 2010
    Posts:
    595
    Yeah strange.

    I know about the false positive but i have tested on your demo.

    Anyway, thank you for the information and test, i will check on my computer and on an another computer too.

    I will come back to you if i have any news.

    Thank you.
     
    codestage likes this.
  3. doyoking

    doyoking

    Joined:
    Apr 2, 2016
    Posts:
    1
    Hi
    I'm making my own inventory system, using ACTK's obscuredprefs and Playmaker Action.
    Is there an action that load all ObscuredPrefs Key to array or list?
    Like a Prefs Editor, I wish there was such an action.

    Thanks
     
    Last edited: Sep 13, 2017
  4. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @doyoking

    No, there is no such option for the runtime.
    Prefs Editor reads prefs directly from registry on Windows and plist files on Mac OS using editor scripting.

    It's not added to the runtime yet since it's not that easy to make it cross platform since prefs are stored differently at different platforms.

    For now, if you're developing for Windows or Mac OS, feel free to take a look at how it's done in editor scripting to make it similarly at your runtime code.
     
  5. AlexToUstas

    AlexToUstas

    Joined:
    Sep 29, 2016
    Posts:
    1
    Дмитрий, скажите, есть ли резон использовать для защиты андроид-приложения (внутриигровые покупки) в дополнение к ACTk еще и обфускатор? Если да, то что посоветуете? Можно в личку.
     
  6. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @AlexToUstas!

    Please check your PM inbox =)
    (ответил в личке)
     
  7. KeiseEntertainment

    KeiseEntertainment

    Joined:
    May 5, 2015
    Posts:
    23
    Hi there,

    I have a question about security... I was coding and i'm actually declaring a variable as "ObscuredFloat", but that variable is constant and never changes..

    So here is my question, witch one is safer and better, a "const float", wich is a read-only variable (what happens if user try to change that variable? crash? nothing? the change occurs?) or a "ObscuredFloat"?

    ps: my question is not only about float type, but it is about "const" variable vs "obscured" and "encrypted" ones.


    Thank you,
    Felipe.
     
    Last edited: Sep 26, 2017
  8. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, Felipe

    If you have some sensitive value which never changes and you declare it as a const - it still can be cheated by memory scanning tools if the value is unique enough to be found in first search pass.

    So in such cases I'd still suggest to store it as an Obscured variable (as it's impossible to make an Obscured const due to the constants nature).
     
    KeiseEntertainment likes this.
  9. FatCatz

    FatCatz

    Joined:
    Sep 2, 2015
    Posts:
    1
    I noticed something called URLOpener under your WebGL folder. I realize it's probably for opening a URL, just wondering if it's meant for us to utilize and if so what is it to help protect from happening?
     
    codestage likes this.
  10. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    @FatCatz
    It's only for the opening of URLs from the WebGL example coming with plugin.
    I'll move it into the Examples folder in next update to avoid any extra confusion about its purpose.

    Thanks for pointing me out to this!
     
    FatCatz likes this.
  11. atmuc

    atmuc

    Joined:
    Feb 28, 2011
    Posts:
    1,155
    i use 1.5.6.1 with unity 2017.2.0f2. when i try to build for windows platform i get several errors like following one. is this unity bug or AntiCheat issue?

    Assets/Plugins/CodeStage/AntiCheatToolkit/Scripts/Detectors/ActDetectorBase.cs(3,19): error CS0234: The type or namespace name `Events' does not exist in the namespace `UnityEngine'. Are you missing an assembly reference?
     
  12. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @atmuc

    Could you please share a full console log for the build?
    I've just tried to build regular standalone build and Universal Windows Platform build, both went fine, without any issues.
    As far as I can see, UnityEngine.Events should be in place for all platforms and it sounds weird your compiler doesn't "see" it.
     
  13. atmuc

    atmuc

    Joined:
    Feb 28, 2011
    Posts:
    1,155
    hi @Dmitriy-Yukhanov,

    i try windows standalone. i could build with 2017.2.0f1. it can be a unity bug or unity change.
     
  14. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hi, @atmuc

    This is weird.
    Could you please try reproduce it in the new project?
    And send me that project for inspection if it reproduces?

    Thanks
     
  15. KeiseEntertainment

    KeiseEntertainment

    Joined:
    May 5, 2015
    Posts:
    23
    Hi there,

    We're trying to build our app for UWP but we're having a store error: "API OpenURL in __internal.dll is not supported for this application type. Assembly-CSharp-firstpass.dll calls this API." and when we searched which script is calling it, we've found it inside "ActTesterGui.cs" (there is another?).

    So, my question is if is there any problem deleting or commenting the script (or part of it) or if is there any other solution and/or tips.




    Thank you.
    Felipe.
     
  16. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, Felipe! (@KeiseEntertainment )

    You're free to remove that script at all.

    Thanks for reporting this, didn't knew that "hack" with __Internal extern could lead to such issue on the UWP publish stage.
    Removed that part entirely for the next update to avoid any further problems with it like yours.
     
    KeiseEntertainment likes this.
  17. rattlesnake

    rattlesnake

    Joined:
    Jul 18, 2013
    Posts:
    138
    Hey Dmitriy,
    Just a question to be sure :)

    I'm using also the obfuscator plugin in my project in order to obfuscate my code.

    Wich option is better ? or is it just the same ? (I don't won"t my key to be hacked off course :) )
    Code (CSharp):
    1. [ObfuscateLiterals]
    2. void Awake()
    3. {
    4.     //First option
    5.     ObscuredPrefs.CryptoKey = "test123blabla";
    6.    
    7.     //Second Option
    8.     public ObscuredString key = "test123blabla";
    9.     ObscuredPrefs.CryptoKey = ObscuredString;
    10. }
    Also in this case, is it good to obfuscate the strings with [ObfuscateLiterals] or is it useless ?

    Thanks a lot !!!
     
  18. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @rattlesnake !

    The first option is fine, there is no need to protect crypto key from memory search since cheater will need to know it to find.

    The vulnerable place is code - cheater can decompile it and look for all your literals and constants.
    There are 2 hints here:
    - obfuscate your key or store it or part of it in serialized field (set manually from scene)
    - use IL2CPP

    So, of course, ObfuscateLiterals attribute sounds good if it works and string literals/constants are get really obfuscated in assemblies.

    If you're on IL2CPP-compatible platform, I'd suggest to use IL2CPP to improve code resistance to the reverse-engineering a bit by disabling 1-click decompilation at any IL decompiler.

    All of these still can be bypassed by a skilled person though.
     
    Last edited: Jan 16, 2018
    rattlesnake likes this.
  19. ShizumaruRiya

    ShizumaruRiya

    Joined:
    Jan 5, 2014
    Posts:
    17
    Hi,
    I created a clean project and import the ATK.
    The version of Unity is 2017.2.0f3.
    I build a windows standalone with the example scene and the player said the Injection is detected.
    This is the debug information:

    WindowsPlayer(MacWindows) [ACTk] Injected Assembly found:
    UnityEngine.SpatialTracking, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null

    The check is passed after I add the UnityEngine.SpatialTracking to whitelist.
     
  20. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @ShizumaruRiya

    Thanks for reporting this.
    This is a known issue, upcoming update will have new default assemblies (appeared at Unity 2017.2) whitelisted, just late to the party a bit. Hope to see it online in 1-2 weeks (depending on review time).

    Looks like you've already found a proper way of whitelisting them "by hands", it's a way to go until update.
     
  21. rattlesnake

    rattlesnake

    Joined:
    Jul 18, 2013
    Posts:
    138
    Very interesting ! So when you set the key within the inspector menu it's kind of hidden when decompiling ?
    But is it still better to use Obfucation in the code instead ?

    Seb
     
  22. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    When stored within inspector, value in build is actually stored in data, outside the source code, which prevents its easy lookup in decompilers, though it still can be revealed from data by skilled reverser, it just makes task a bit harder.

    I'd suggest to keep obfuscation only if you have good enough obfuscator which can't be auto-deobfuscated with automatic tools like de4dot.
     
  23. rattlesnake

    rattlesnake

    Joined:
    Jul 18, 2013
    Posts:
    138
    Thanks a lot for your answer you are a boss :)
     
  24. 00christian00

    00christian00

    Joined:
    Jul 22, 2012
    Posts:
    1,035
    Hi Dmitriy,
    This line in the ActTesterGui example make il2cpp android fail, you may want to check it:
     
  25. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @00christian00

    Thanks for reporting this, yeah, that line keeps sucking =D
    I'm sorry for any inconvenience, it causes too much trouble for tiny benefit thus it just was removed in the upcoming update which is going to be sent to review in few days.
     
    00christian00 likes this.
  26. MrLucid72

    MrLucid72

    Joined:
    Jan 12, 2016
    Posts:
    983
    Hmm, Unity is detecting it fine (5.6.3), but Visual Studio (even after a system reboot) refuses to find CodeStage namespace.


    EDIT: @Dmitriy-Yukhanov Actually, I realized there's someone above that has the EXACT same issue as me --

     
  27. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @dylanh7244

    Did you tried to remove all VS-related files and folders at the project folder and re-open scripts in VS (hidden .vs folder all .csproj, .sln, .userprefs?
    Also full reimport may probably help here.
    It looks like some glitch with project generation or UnityVS + VS chain.

    The issue you're referring to is not related to this case.
     
  28. MrLucid72

    MrLucid72

    Joined:
    Jan 12, 2016
    Posts:
    983
    You are full of infinite wisdom, my friend.



    I deleted the VS files in the project root, went to Unity >> assets >> open C# project >> resolved!
     
    codestage likes this.
  29. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    And update to 1.5.7.0 is live!

    Here are major highlights:
    - ACTk now needs Unity 5.1 and newer
    - Int vectors support
    - byte[] encryption
    - Unity 2017.3 compatibility
    - many other improvements and fixes!

    Stay tuned for more! Closest updates will bring more anti-cheat features.
    See the full changelog below.

    1.5.7.0
    - added obscured versions of Vector2Int and Vector3Int from Unity 2017.2+
    - base Unity version increased to 5.1.0f3
    - InjectionDetector whitelist updated up to Unity 2017.3b6
    - added ObscuredDecimalDrawer (thx mcmorry)
    - added IsRunning read-only property to all detectors
    - added ObscuredByte.EncryptDecrypt(byte[] value) API variants
    - added proper help urls for all detectors
    - added error callback to the TimeCheatingDetector
    - reduced GC allocations count at WallHackDetector for Unity 5.3+
    - removed urls-related code from the examples for better compatibility
    - fixed non-blocking error while switching the condition compilation symbols
    - minor refactorings
    - minor improvements
     
  30. vARDAmir88

    vARDAmir88

    Joined:
    Sep 9, 2015
    Posts:
    36
    Здравствуйте, Dmitriy-Yukhanov

    Пытался связаться с Вами через почту, но ответа так и не получил.
    Скажите пожалуйста, планируется ли добавление защиты от спидхака на основе онлайн серверов времени? То, что спидхак нельзя обнаружить на андроид устройствах с рутом я уже прочитал и это печально.

    Сейчас как временное решение, сделал на основе Time Cheating Detection определение спидхака, по сути то же самое, что и Time Cheating Detection, но проверка идет не такая долгая.

    Разница во времени между локальным временем и серверным получается очень большая, в редакторе 0.03 минуты, а на реальном устройстве 58+ минут, хотя время выставлено одинаково и используется один и тот же сервер.

    P.S.
    Такая разница во времени из-за неправильных настроек времени на стороне клиента.
     
    Last edited: Oct 29, 2017
  31. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Здравствуйте, @vARDAmir88!

    Ответил Вам в тот же день (21 окт.), возможно мой ответ попал в спам?
    Цитирую ответ из почты:

    На счёт частоты обновления - в будущих версиях можно будет выставлять более короткий интервал для обновления.

    По поводу разницы во времени - интересно, не могли бы вы подробней описать какие именно значения имеете ввиду?

    Предлагаю дальнейшее обсуждение вести на английском языке, чтобы не смущать остальных посетителей форума, или давайте продолжим беседу на русском в ЛС.
     
  32. vARDAmir88

    vARDAmir88

    Joined:
    Sep 9, 2015
    Posts:
    36
    Моя вина, письмо с ответом попало в спам, а outlook его не подгружает.
    Давайте тогда в ЛС, мой английский может напугать форумчан еще больше :)
     
  33. cabanel

    cabanel

    Joined:
    Sep 22, 2014
    Posts:
    68
    hi,

    I would like to use the function

    ObscuredString x = ObscuredString.EncryptDecrypt (data), keyword);

    to encrypt a string that needs to be included in a record in a sqllite database

    when I use the following code

    var q2 = ds2.con.Execute("insert or replace into XXXX (yyyy) values ('" + x + "')");

    give me error

    if x not is crypted work fine

    I think it's because of some characters like \ and give problems

    how can I fix it?

    thank you
     
  34. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @cabanel

    What kind of error does it gives?

    If your issue is related to the special symbols, you always can escape them or wrap with Base64.
     
  35. ThibaultGouala

    ThibaultGouala

    Joined:
    May 30, 2016
    Posts:
    12
    Hello,

    In regards to US export compliance, I need to comply that my ios apps are valid by Feb 1 2018.

    The key question that I need to answer is what kind of encryption I use in my apps. Examples Apple give are:
    • Using standard encryption algorithms
    • Using crypto functionality from other sources such as iOS or macOS
    • Using proprietary or non-standard encryption algorithms
    The way I understand is, that we cannot apply any custom encryption as Apple (nor US gov) would be able to know what is going on under the hood.

    I use the version 1.5.5.0 of your plugin and only use ObscuredString. I was wondering what I should answer for these questions. See something about key length in the forum but it is from 2014, maybe there is something else ?

    Thanks you !
     
  36. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @ThibaultGouala

    If you didn't changed default key or changed it to the key not exceeding length of the default one, then you don't need to claim you have any encryption (at least from the ACTk) if nothing has changed at the Apple politics about the encryption key length, nothing has changed at the Commerce Control List since 2014 at that part.
     
  37. BenoitFreslon

    BenoitFreslon

    Joined:
    Jan 16, 2013
    Posts:
    163
    Hello, Nice plugin!

    I got this error in the Visual Studio Community when I build.
    However I can run my game on Unity Without problem.

    Code (CSharp):
    1. /xxxxxxx/Assets/Plugins/CodeStage/AntiCheatToolkit/Editor/Scripts/Windows/ActPrefsEditor.cs(27,27): Error CS0122: 'ObscuredPrefs.DataType' is inaccessible due to its protection level (CS0122) (ProjectName-Unity.Editor.Plugins)
     
  38. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @badben

    This is pretty weird.
    ActPrefsEditor class is editor-only class and shouldn't be touched during build as it placed to the Editor folder and wrapped with #if UNITY_EDITOR conditional.

    If you meant not the Unity Player build, but the source code build, it still should be fine since ObscuredPrefs.DataType should be visible to the editor assemblies because of the [assembly: System.Runtime.CompilerServices.InternalsVisibleTo()] attribute usage at the class which is placed at the non-editor assembly.

    Could you please clarify your environment a bit?
    - What is your Unity version?
    - Are you using .asmdef definition files (new feature since Unity 2017.3)?
    - What is your Operation System?
    - What version of VS you're using?
     
  39. KruegerT

    KruegerT

    Joined:
    Nov 26, 2009
    Posts:
    12
    Hi Dmitriy,

    we're currently implementing your plugin and for time cheating detection you recommend to add a detector threshold for manual shifts (daylight saving time, I guess?). If we would do this once, the player would be able to open/close the game and always gain about 1h of progress.

    So it would make sense to a) check on startup and b) frequently every hour, how far away from the users timezone a timeshift is and if it will occure anytime soon, increase the threshold - otherwise have it below 10 minutes for example.
    Is this possible to change the threshold at runtime, or would I call StopDetection and run it again with StartDetection and the specific values?

    Thanks in advance!
     
  40. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @KruegerT

    Yes, this was in mind when I implemented that threshold.

    Yes, just change the threshold field of the TimeCheatingDetector instance.

    It could have a sense, not sure it will work in all cases and scenarios though.
    Anyways, feel free to try implement this logic and modify threshold from your scripts in order to keep it at desired values range.

    Please, let me know if you have any further questions!
     
  41. shuskry

    shuskry

    Joined:
    Oct 10, 2015
    Posts:
    462
    Hi ! I'm very interesting about youre asset to protect my code for android game

    But I found easily on YouTube how to bypass your asset ..
    This is real ? Can you do somethings about that ?

    Here the link :


    Have a good day
     
  42. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @shuskry

    Unity Mono builds have all your code compiled into the IL-compatible assemblies (dlls).
    And it's not a secret IL bytecode can be decompiled and inspected \ patched.

    To prevent it, you need to protect you code in first place, it's almost always a good idea to protect your code.
    To protect your code:
    - build with IL2CPP (actually it's totally enough to stop most kids playing with IL decompilers)
    - obfuscate your code to make it even harder to analyse and reverse native binary and metadata which IL2CPP produces
    - protect your APK with android-specific obfuscators \ cryptors
    - check your code integrity from the server-side if you have a server

    Code protection and obfuscation is a huge separate topic which is out of ACTk scope.
    But there are right tools and hints around which can easily prevent those things you see in that video.
     
    Last edited: Dec 18, 2017
  43. shuskry

    shuskry

    Joined:
    Oct 10, 2015
    Posts:
    462
    Thanks for youre answer !

    I'm feel better now ^^ ! I'll will learn a little more about that and buy youre asset ! Thanks again !
     
    codestage likes this.
  44. Gamrek

    Gamrek

    Joined:
    Sep 28, 2010
    Posts:
    164
    hello,

    I have a class that have some Obscured types. And I want to convert it into Json using "JsonUtility", but the result has contained more than just the key and the value. How can i resolve that?
     
  45. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, @Gamrek

    I'm not sure JsonUtility supports it, but a most proper way to go - manually serialize obscured types using GetEncrypted \ SetEncrypted or using casts depending on your goal.

    You may implement ISerializable for example or write a converter. These are examples for the newtonsoft json.net though.
     
  46. vkrivenko

    vkrivenko

    Joined:
    Sep 8, 2017
    Posts:
    4
    Hi, Dmitry!

    Thanks for the great Anti-Hack tool which is working perfectly! However could you please guide how to setup it properly so that ObscuredTypes will not be visible through .Net Reflector together with namespaces such as
    CodeStage.AntiCheat? I've tried to add
    Assembly-CSharp-firstpass.dll
    to temporaryDlls in Config.cs but it still does not obfuscate the
    Assembly-CSharp-firstpass.dll public types and namespaces. Could you please help?

    Thanks,
    Vitaly
     
  47. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey, Vitaly (@vkrivenko )

    It's a matter of code protection from decompilation which is not covered by ACTk.
    Use code obfuscation, IL2CPP and native protectors if possible to make it harder for cheaters to decompile, view and edit your code.
     
  48. friuns3

    friuns3

    Joined:
    Oct 30, 2009
    Posts:
    307
    Hi what are native protectors? any suggestions? IL2CPP seems very easy to decompile and inject code too, there a lot iIl2Cpp dumpers out there..
     
  49. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    It depends on the platform.
    There are few pretty strong (yet breakable of course) for PC, like VMProtect, there are also native protectors and encryptors for Android, etc.

    Yes and not.
    It's not the same as decompile IL assemblies and patch them in-place with few clicks.
    Of course, metadata still allows to get important data from native IL2CPP binaries, but it's not a decompilation.
    All you get - a huge listing of something not that pretty and nice as clean C# decompilation and now imagine all names there are obfuscated. You'll have to make some heavy work to reverse-engineer it and what is more important, patch something in that native .so. Not as trivial as patching IL assemblies with DnSpy and such.

    Also, you may add one extra layer with loader which decrypts metadata before it's fed to the IL2CPP runtime, at least on Windows (Unity 2018), not sure it's possible on droid, but may be so too.

    All after all, it's a massive, deep topic, and there are lots of tricks and tools both for protecting and hacking, some are expensive but not always adding much and vice versa.

    While someone is very motivated, it may go very far depending on his skills, knowledge and obstacles from the other side.
     
    Last edited: Jan 16, 2018
  50. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey all, new 1.5.8.0 version is available on the store!

    It has fixes and improvements of the TimeCheatingDetector and InjectionDetector whitelist update for Unity 2018.

    1.5.8.0
    - TimeCheatingDetector got some love:
    * added new ForceCheck method for manual execution
    * added new IsCheckingForCheat property
    * first check on Start now removed
    * fixed callbacks could run not on the main thread
    * improved overall stability of the TimeCheatingDetector (thx Nilo)
    * reduced min range for the TimeCheatingDetector interval to 0.1 min
    - updated default whitelist of InjectionDetector up to Unity 2018 beta
     
    Last edited: Jan 17, 2018