Anti-Cheat Toolkit: stop cheaters easily!

@SuperMiro

BTW are you using .NET 4.x Build or .NET 3.x Build of Bolt in your project?
Make sure to use .NET 4.x Build if you are not yet.

 

Not sure were inside the settings I can change that but I downloaded and installed latest net framework developer pack and I use Rider 2018 instead of Visual Studio
With Unity 2018.3.10f1

Anyway since the issue is coming from bolt conflicting with Anticheat I guess I will remove Bolt from my project for now but I really wish I could use it beside Anticheat since it makes things more easier and fun.

 

You can install different Bolt Build version:

https://ludiq.io/bolt/download/1.4.1

 

I'm using ObscuredInt on these variables and I have ObscuredCheatingDetector on, how can he do it?

 

I guess I found the problem, the Obscured types I use is being initialized before calling for ObscuredCheatingDetector.StartDetection(BlockPlayer), the field fakeValueActive of the values is never set to true and the cheating is not detected.

 

Hey @Rafael-cmk,

Yeah, just make sure you're starting ObscuredCheatingDetector before initializing your variables.
In case of exposed to inspector variables, there was bug in older ACTk versions where serialized obscured types were not properly initialized to prepare them for ObscuredCheatingDetector from the start of the application, it should be fixed now (value should be re-serialized to apply new fix).

Also please make sure to change the default crypto keys for the obscured types using Obscured*.SetNewCryptoKey + ApplyNewCryptoKey() or RandomizeCryptoKey().

 

Hi,
It should be great if you can add to the ObscuredString class the following methods :
-public char this[int index] { get; }
-String Substring(int startIndex, int length);
Actually, I need to cast to string before the String standard methods and it's not great for protection

If you also can append the implicit cast for the numeric type, it should be a good thing (ObscuredByte to ObsuredInt... )
I need to cast numeric value for calculation. Normally VS uses implicitly cast.

Thanks

 

Hey @LordBelasco,

Thanks for your suggestions!

But, actually, you're free to use usual types for all calculations and short-term operations.
Just keep your long-term declarations obscured and freely pass them to methods with usual types arguments for calculation or other actions. It's safe for your long-term variable and will not reveal it in memory for cheaters.

Here is an exaggerated example:

Code (CSharp):

1. public class Player : MonoBehaviour
2. {
3.     public Text moneyText;
4.     public ObscuredInt money;
5.     ...
6.  
7.     public void Purchase(int cost)
8.     {
9.         money -= cost;
10.         UpdateMoneyUI(money);
11.     }
12.  
13.     public void UpdateMoneyUI(int newValue)
14.     {
15.         moneyText.text = newValue.ToString();
16.     }
17. }

 

ok, thanks

 

Heya!

Just a tiny sneak peek into the new feature currently in development for the ACTk 2.0: CodeHashGenerator.

It optionally calculates hash for your code in editor after build process:


You can save resulting hash to your server or integrate into the resources to validate it at runtime (hash changes when you change code but not resources).

CodeHashGenerator calculates hash of your code at runtime, in the separate thread, without noticeable spikes:


Resulting hash can be sent to your server for the code validation or compared with built-in hash if you did integrate it into the build earlier.

Initial release will support Windows and Android, both Mono and IL2CPP, (including Android App Bundle).
Further updates may bring automated optional resulting hash integration into the build, this will be investigated in the future after initial release.

Work is in progress, there are more new features and improvements are going to be released with 2.0, stay tuned!

P.S. I'm going to make a closed beta-test of the ACTk 2.0 before releasing it to the public.
Few best beta testers will get the vouchers for the new 2.0 version as it will be released!
It will be announced here and in other social media about start of the closed beta test.

Cheers!

 

One more feature finds its way to ACTk 2.0: ReliableTime class (naming is not final)!

Left Cube rotation uses vanilla Time.deltaTime
Right Cube rotation uses new ReliableTime.deltaTime



With ReliableTime you'll be able to ignore speed hack in your animations or internal time calculations.
It does proxies calls to the vanilla Time.* APIs until speed hack gets detected to avoid extra resources usage.

Fixed time APIs are not going to be implemented at the initial version of this class (time, deltaTime, unscaledDeltaTime, etc are going to be released first).

 

Hey guys,

I have good news for those who think about ACTk purchase:
It's a great time to make a purchase, while ACTk is 50% off.
As a bonus, you'll get paid 2.0 upgrade for free (upgrade will have grace days period including this sale)!

Also, I'm glad to let you know ACTk 2.0 development process is going well and as a tiny teaser, among lots of other new features and improvements, 2.0 will bring fully automatic crypto keys management for Obscured types and ObscuredPrefs!

No more headache about how to store and setup keys, wee!

 

When is it going to roll out ?? and will there be any discounts for old users ??

 

It's under heavy development now and approximated ETA is somewhere in June or July.

The closed Beta test is going to start as soon as all new functionality will be ready for external testing and will be announced here and both in Twitter and Facebook accounts (approx ETA - begin of the June).

All existing customers will get it only for 20% of the new price (with 80% off).
All customers who purchase ACTk starting from May, 1 will get it for free (grace period starts on May, 1).

 

Thanks a lot for your asset and for your amazing support.

By the way, it worked perfectly with net framework 4. Sorry for not replying back at that time.

 

Where can I find a list of what is supported with playmaker actions? Will 2.0 support playmaker as well?

 

Hey @NGS99,

You can find this information here, in first post - all detectors and ObscuredPrefs are supported via actions. Obscured types are not supported out of the box but still can be used via proxy actions (manual wrapping of obscured types).

This will be same for 2.0.

 

I'm using ObscuredInt in my project, it works fine in the editor but when I run it on my iPhoneX device the values are always 0. Are there any known problems with using Obscured types on iOS devices? Using Unity 2018.3.13f1

 

Hey @realtimekat
There are no currently known issues which could lead to this behavior.
Could you please email or PM me with more details about your case?

I wonder how you declare and use obscured types and what you see in the logs when you run your app through xcode.
Also, did you tried to update Unity to 2018.4 LTS, does problem still persists there?

 

Hey everyone, Anti-Cheat Toolkit 2.0 has entered closed beta development stage.

Feel free to PM or email me if you are interested in upcoming release and wish to participate in the closed beta test.

 

Hi,

I noticed that many of my games have hacked apk MOD:s made available so I purchased your Anti-Cheat Toolkit. I also purchased Obfuscator. Now I try to protect my games better.

In my latest game some players however have made too much game money. I have used the ObscuredPrefs and ObscuredFloat so far.

In my game the money is added like this:

Code (CSharp):

1. public static Bank instance;
2. public ObscuredFloat Money;
3.  
4. Awake()
5. {
6.      if (instance == null)
7.      {
8.           instance = this;
9.      }
10. }
11.  
12. public void AddMoney(float amt)
13.    {
14.        Money+= amt;
15.        ObscuredPrefs.SetFloat("Money", Money);
16.    }

Then anywhere in the game I can use:

Bank.instance.AddMoney(100);

My question is that is this bad way of handing the money? Can cheaters somehow just access the AddMoney function and add money that way?

 

Hey @Nadan,

First of all, please consider building your game with IL2CPP if possible to make it harder to RE and patch your code.

Another suggestion - is to store your constants you add to the money in a safer way - either obfuscate those constants if obfuscator supports numeric constants obfuscation, or obfuscate them manually, for example, obscure and get raw encrypted values to store them as constants and then use Obscured*.FromEncrypted() to get them back at runtime.

Another option - store them in inspector, so actual value will be stored in application resources instead of code.
Though I'd recommend to stick with first options if you'll use IL2CPP since it will be more safe to store constants in the code in such case.

 

@codestage
hello,

i have an ObscuredString variable [i mean ObscuredPrefs.GetString(myKey, value)] ... can i write this value to an xml file as Obscured and load it from xml file to assign it to mykey as ObscuredPrefs.SetString(myKey, this value that loaded from xml as unObscured)??

thanks.

 

Hey, @unity_zOvEB4IgVxRirA

Yes, here is how you could do this, if I understood you correctly:

Code (CSharp):

1. var myCryptoKey = "123";
2. var myValue =  ObscuredPrefs.GetString(myKey);
3. var myObscuredValue = ObscuredString.EncryptDecrypt(myValue, myCryptoKey);
4.  
5. // write myObscuredValue and myCryptoKey  to the xml
6. // ...
7. // read myObscuredValue and myCryptoKey from the xml when you need it
8. // ...
9.  
10. var myCleanValue = ObscuredString.EncryptDecrypt(myObscuredValue, myCryptoKey);
11. ObscuredPrefs.SetString(myKey, myCleanValue);

 

yes thats it :]

 

@codestage,
does exists an function to get hardware device id on PC or Xbox?

 

@Davood_Kharmanzar
yes, take a look at the Unity's SystemInfo.deviceUniqueIdentifier (ACTk uses this API under the hood to lock PlayerPrefs to the device)

 

Hi!

I have a question about combining obscured types with properties. Currently, my setup is like this:

Code (CSharp):

1. private ObscuredULong money = 0;
2. public ulong CurrentMoney { get { return money; } set { money = value; OnMoneyChanged?.Invoke(value); } }

The actual variable is an obscured type but my property is just the normal type and I use the property pretty much everywhere. Is this wrong? Should I use the obscured type for both? The main reason behind my decision was the performance because I thought if it's just used for accessing and setting, maybe it doesn't need to double encrypt/decrypt.

 

Hey @RealMTG ,

It's totally fine to use it like this.

 

ok so i looked at every page here lol

watching the video about the "mouse trap"

is there any where with that code is shows in use? and where to put it?

do we need to only do it once? like at beginning of game?

 SceneManager.LoadScene("Banned");

sorry but the video tutorials are great but you have to go to full screen to watch and actually see what is coded and makes it rough to type what is needed. maybe i am missing the page with written up tutorial but cant find it

 

Hey @falconcoininc,

Not sure what exact feature you're talking about, perhaps Obscured Cheating Detector which does creates fake values in memory to catch those who tries to cheat obscured types?

In such case, just start it once at the scene startup and you're good to go!

 

where can i find the "written" version of this ? you know something i can copy and paste

i saw a IMage for

DetectersUsageExamples.cs

but cant find the file

 

OMG ims silly i found it

But mine does not look anything like thsi image you posted here

https://forum.unity.com/threads/anti-cheat-toolkit-stop-cheaters-easily.196578/page-9#post-2259647

 

@falconcoininc ah, sure, you can find ObscuredCheatingDetector usage example at the
Examples\API Examples\Scripts\Runtime\UsageExamples\DetectorsExamples.cs

 

thats the one i was looking at but its not located there tho.

Nor does it look like that in the inspector or the code as shown in that image file located here
https://forum.unity.com/threads/anti-cheat-toolkit-stop-cheaters-easily.196578/page-9#post-2259647

 

Ah, I'm sorry I looked at the not-yet-released v2.0 (it's on review in the store so far).

You correctly found DetectorsExample.cs and it has example of the ObscuredCheatingDetector startup (see the ObscuredCheatingDetectorExample() method).

Anyways, it's that simple as just calling it once anywhere in your startup scene:

Code (CSharp):

1. using CodeStage.AntiCheat.Detectors;
2.  
3. // ...
4.  
5. private void Start()
6. {
7.    ObscuredCheatingDetector.StartDetection(OnObscuredTypeCheatingDetected);
8. }
9.  
10. private void OnObscuredTypeCheatingDetected()
11. {
12.    Debug.Log("Obscured Vars Cheating Detected!");
13. }

 

heck yea thanks! and yes that does look awesome that is why i was like like hmm my does not look that cool lol

will the new version still make us go through all the old code and find where to change all the

PlayerPrefs.SetInt to ObscuredPrefs.SetInt etc?

or will it be a more bit automated?

 

PlayerPrefs replacement can be done relatively easily with find & replace at any IDE so replacement automation is low priority task and it's not implemented yet, thus this is to be done in future updates.

 

thats what i did

 

I noticed the new version is up, just one quick question:

Is the upgrade available for a small period of time? (I am an old user)

 

Hey @Amvient,

Yes, it's finally approved and live in the store (official announcement will follow shortly).
Upgrades are free if v.1 was purchased after approx.: Apr 18, 2019, for all other existing customers upgrade is available with 80% off.

 

Hey everyone,

Anti-Cheat Toolkit 2.0.0 is finally live in the store, yay!

v2 brings a lot of new features and improvements to the table, here are few to highlight:

CodeHashGenerator BETA



This is advanced feature and it requires a bit of coding to perform hash comparison and validation.
Allows to validate your code at runtime: make a hash of your genuine code and compare it against hash you have at runtime on end devices (on the server side for example).
Genuine hash can be generated both in runtime and right from the Editor (after each build or manually selecting existing build)



Runtime hash generation happens in separate threads to avoid performance degradation while hashing is in process.
Read more in the Readme and see examples in the API Examples to figure out how to use it.
Video tutorial will be added later.

For now, CodeHashGenerator works with Windows PC and Android builds with more platforms planned in future updates.
IL2CPP builds are supported too.

New SpeedHackProofTime class

This class mimics standard Time.* API (except fixed ones so far) and allows to use reliable timers unaffected by the SpeedHack on some platforms as soon as SpeedHack is detected (falling back to the regular timers until then) where possible.


Green cube here is driven by SpeedHackProofTime.

Fully automatic crypto keys management

No more manual crypto keys generation or assignment for Obscured types and ObscuredPrefs - keys are randomized and generated automatically under the hood.

Settings update



All ACTk settings are stored in the project now and available at the built-in Project Settings window.
Settings UI was improved and few new sections were added, making it easier to configure ACTk in your project and share settings with your team.

Injection Detector update

No more predefined whitelist which had tendency to become outdated with major Unity updates.
Now it automatically generates full whitelist of trusted assemblies with granular accuracy of used assemblies detection which, as side effect, dramatically increase Injection check performance for Unity 2018.3 and newer.

There are lots more in there, so feel free to check out changelog for all new features, improvements and fixes overview.

Please note: this update had a lots of changes in the obscured types and obscured prefs so migration from v1 is required. Data migrates automatically but some code APIs become deprecated and should be manually updated (publishers are waiting for Unity's API Updater to become available for external use).
Just refer API documentation in order to know more about new an changed APIs.

Also please always backup your projects before updating ACTk from v1 to v2 and please make sure your project works fine and all your data is in place and successfully migrated. Otherwise please report any problems you have here: https://codestage.net/contacts or via PMs on this forum.

This is a first paid Upgrade for the ACTk I decided to introduce after 6 years of free updates and support history since its first release in far 2013. Time flies when you do things you love to do! And this wouldn't be possible without your support =)

ACTk v2 Upgrade is free for all customers who purchased v1 after approx.: Apr 18, 2019.
For all other existing customers upgrade is available with 80% off from the new price.
Read more about reasons behind the upgrade here:
https://forum.unity.com/threads/anti-cheat-toolkit-stop-cheaters-easily.196578/page-19#post-3814939

Cheers!

Spoiler: full 2.0.0 changelog

2.0.0
- add new feature: CodeHashGenerator (Unity 2018.1 and newer)

* generate hash for your code in Editor to save in resources or on your server
* generate hash for your code in Runtime for further validation
* hash generation performs on separate thread
* hash Mono, IL2CPP, Android App Bundle builds
* support for Standalone Windows and Android, more to come​

- add new feature: SpeedHackProofTime class

* use speed-hack resistant timers to let you ignore speedhack
* proxy to Time.* until speed hack is detected to avoid extra resources waste
* mimic non-fixed Time.* APIs (e.g. time, deltaTime, unscaledTime, etc.)​

- Obscured types update:

* make obscured types handle crypto keys fully automatically
* automatically randomize crypto key for each new instance
* close few key-related vulnerabilities
* refactor and update API and docs for consistency
* add GenerateKey() API
* improve ObscuredString performance
* reduce ObscuredString GC allocations by 24%
* fix overridden obscured types indication in Unity 2018.3+​

- Obscured Prefs update:

* make ObscuredPrefs handle crypto keys fully automatically
* change encryption bits with automatic migration from ACTk v1
* make SetRawValue and GetRawValue to take encrypted key into account
* remove support for pre-1.4.0 prefs migration, use ACTk v1 to migrate
* remove unobscured mode, please use PrefsEditor to view obscured prefs
* refactor and cleanup​

- Injection Detector update:

* add dynamic whitelist generation (no more default whitelist)
* dramatically improve injection check performance (Unity 2018.3 and newer)
* include only used assemblies in whitelist (Unity 2018.3 and newer)
* enable Injection Detector feature from the detector's inspector
* fix lots false positives with old default whitelist
* fix detector didn't disable for IL2CPP builds in some cases
* add detection event delegate for addition argument clarity​

- Speed Hack Detector update:

* add Threshold property to allow tiny clocks speed difference on different HW
* slightly improve and refactor internals
* fix possible data corruption while incrementing ObscuredShort​

- Wall Hack Detector update:

* improve warnings and errors UI in inspector
* fix false positive for volumetric fog (volumetric atmospheric scattering in HDRP)
* fix rare false positive for Linear color space in 2017.4.1 and newer
* fix rare false positive for Post-processing stack
* fix rare false positives due to Unity rendering glitches​

- Settings update:

* move Settings window to the Unity Editor Preferences section
* add new buttons-icons for quick access to the important related resources
* add IL2CPP section with "Switch to IL2CPP" button for supported platforms
* add "add support to build" toggle in Injection Detector section
* add validation for Injection Detector to have support toggle enabled
* add validation for Wallhack Detector wireframe shader to be always included
* add custom whitelist entries count to the button which opens whitelist editor
* make all ACTk settings to be per-project
* update and refactor UI a bit
* prevent compilation conditional changes while editor is compiling anything
* fix ACTK_IS_HERE state check missed​

- add StringToBytes() and BytesToString() helper methods to ObscuredString
- add IsCheatDetected property to all detectors
- add Assembly Definitions
- make all detectors return their instances from StartDetection methods
- make PrefsEditor aware of TimeCheatingDetector service pref
- make PrefsEditor aware of more standard Unity prefs to hide them
- fix and improve lots of other stuff across codebase
- fix various compilation warnings in newest Unity versions
- remove deprecated components from example scenes preventing warnings in 2019.3
- fix compilation errors regression in PlayMaker integration package
- update project to Unity 2017.4.1
- refactor all detectors code to have nicer inheritance
- refactor menu-related code a bit for better readability and clarity
- refactor other minor parts of code base
- remove legacy code

 

https://github.com/Perfare/Il2CppDumper

IL2CPP is already being decompiled -- any plans for an update to help guard against this @codestage ?

 

Hey @MrLucid72
Actually this is not something new and it's not decompilation of IL2CPP, it's just a tool to perform metadata dumping into more friendly form. Metadata contains names of your classes and variables with references to the native binary. It does not contains your actual code.

Just make sure to obfuscate your C# before it's compiled with IL2CPP to make a mess from this metadata and make it harder to analyze.

Here are previous mentions of this tool in this thread:
https://forum.unity.com/threads/anti-cheat-toolkit-stop-cheaters-easily.196578/page-17#post-3357208
https://forum.unity.com/threads/anti-cheat-toolkit-stop-cheaters-easily.196578/page-17#post-3357723

 

Hello,

Is there a way to use Anti Cheat Toolkit to prevent macro tools like AutoHotKey software?

 

Hey @GloriaVictis ,

Not at this moment.
Actually it's pretty hard to protect against such tools since they can be configured to simulate relatively human-alike behaviour thus making it indistinguishable from real humans without some good ML involved in order to try analyse behavior and detect anomalies.

 

Hello,
I'm seeing some strange error after updated to latest Anticheat toolkit version (2.0.2) which not happen in the version we are using (1.6.x).
Dictionary.ContainsKey alway return false if the key is an ObsecuredString.
Ex:

Code (CSharp):

1. Dictionary<ObscuredString, ObscuredInt> dic = new Dictionary<ObscuredString, ObscuredInt>();
2.  
3. dic["welcome"] = 1;
4. // this will return false
5. Debug.Log(dic.ContainsKey("welcome"));

Sample test script attached

 

I think I found the issue.
In ObscuredString.cs file

Code (CSharp):

1. public override int GetHashCode()
2. {
3.   return InternalDecrypt().GetHashCode();
4. }

should change to

Code (CSharp):

1. public override int GetHashCode()
2. {
3.   return InternalDecryptToString().GetHashCode();
4. }

 

Hey @quanbp

Thank you for reporting this problem, and providing a fix for it!
It will be released with next update (it was just sent to review).

 

Hi, i bought this plugin 5 months ago, and now it's have a paid update, perfect , what i want to know is, the 80% off will be avaiable forever for the peoples who bought the first version ?