Search Unity

  1. Unity 6 Preview is now available. To find out what's new, have a look at our Unity 6 Preview blog post.
    Dismiss Notice
  2. Unity is excited to announce that we will be collaborating with TheXPlace for a summer game jam from June 13 - June 19. Learn more.
    Dismiss Notice
  3. Dismiss Notice

Anti-Cheat Toolkit: stop cheaters easily!

Discussion in 'Assets and Asset Store' started by codestage, Aug 20, 2013.

  1. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @hugopok ,

    You should be able to get update for free if you purchased it after approximately Apr, 18
    Otherwise you'll have 80% off from the new price. It's fixed and will not change, all existing customers can upgrade with 80% off.
     
  2. murat303

    murat303

    Joined:
    May 22, 2014
    Posts:
    39
    Hello,
    I want to update to latest Anticheat toolkit version from (1.6.x). I'm using ObscuredPrefs with cryptoKey. Is it possible to have problems?
     
  3. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @murat303

    ACTk v2 does supports obscured prefs from v1: you'll need to specify your crypto key to let ACTk migrate your prefs to the new v2 format (it will automatically migrate each pref record on read).

    Please let me know if you'll have any problems with v1 prefs readout.
     
  4. DarkCooker

    DarkCooker

    Joined:
    Jan 7, 2015
    Posts:
    119
    Dear Editor, our game has been hacked by Mod. Which detector/scripts should we use? Is it Injection Detector? Thanks very much, Thanks
     
  5. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @M40-Dev,

    I'm sorry to hear your game was hacked.

    I'll be glad to help you here though this additional information is needed in order to setup proper protection:

    - is your game client-side only (e.g. has no server side)?
    - what is your sensitive data you wish to protect and how do you store it (PlayerPrefs, runtime variables, anything else?)
    - what are your target platforms?
    - are you using code obfuscation?
    - what exactly was hacked in your game with mod, did you inspected that hack (e.g. code was patched, or some loader was made to inject changes at runtime)?

    Feel free to reply using PMs or support contact form in order to get fastest direct support (regular forum notifications usually have some delay and sometimes are missed somehow):
    http://codestage.net/contacts
     
  6. DarkCooker

    DarkCooker

    Joined:
    Jan 7, 2015
    Posts:
    119
    is your game client-side only (e.g. has no server side)?
    no it has a server, they hack it by applying a mod on UI and let the player untouchable.

    - what is your sensitive data you wish to protect and how do you store it (PlayerPrefs, runtime variables, anything else?)
    - there is Attack value and HP, I have already stored in ObsuredInt in memory
    and they make the player untouchable. Likely disable the detecting script.

    - what are your target platforms?
    Android is under attack.

    - are you using code obfuscation?
    We use ObscuredInt, ObscuredFloat, ObscuredDouble, etc.

    - what exactly was hacked in your game with mod, did you inspected that hack (e.g. code was patched, or some loader was made to inject changes at runtime)?
    They make it player becomes untouchable.
     
  7. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    @M40-Dev thanks for all the provided details, I've sent a reply to your PM.
     
  8. murat303

    murat303

    Joined:
    May 22, 2014
    Posts:
    39
    Hi, I want to use Code Hash Generator in Android Game but I couldn't find an example in the document for Android. just have sample for windows
     
  9. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @murat303

    It's a cross-platform feature which currently works both for Windows and Android.
    All existing examples are both compatible with Standalone Windows PC and Android platforms.
     
    Last edited: Dec 3, 2019
  10. zKici

    zKici

    Joined:
    Feb 12, 2014
    Posts:
    438
    That means ios / iphone supported as well?
     
  11. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Sorry I could mislead you, specific CodeHashGenerator feature currently supports only Standalone Windows PC and Android platforms with more to be covered in future updates (some ground work is already done for this).
     
  12. murat303

    murat303

    Joined:
    May 22, 2014
    Posts:
    39
    Code (CSharp):
    1. CodeHashGenerator.HashGenerated += OnGotHash;
    2. CodeHashGenerator.Generate();
    3.  
    4. void OnGotHash(HashGeneratorResult result)
    5.     {
    6.         if (!result.Success)
    7.         {
    8.             Debug.LogError("Error: " + result.ErrorMessage);
    9.             return;
    10.         }
    11.  
    12.         StartCoroutine(HashControl(result.CodeHash));
    13.     }
    I'm using this code in android and i got error on logcat;

    ACTk: File lib/armeabi-v7a/libmain.so
    ACTk: Hash: 6BEB307E2C95726E904537345036E58376C7B473
    ACTk: File lib/armeabi-v7a/libmain.so
    ACTk: Hash: 20A844B07D5CAACD9DCA225A27C9123F20DF159B
    ACTk: File lib/armeabi-v7a/libunity.so
    ACTk: Hash: 855460F17CBC89261HG2F557664A1D58EC185DEB
    ACTk: Code hash 2D9FF6CD1A3A0DEAA1F0CA9C6RTYC6B297AF7E0A

    Error Unity: Error:
    Error Unity: UnityEngine.Logger:Log(LogType, Object)
    Error Unity: CodeStage.AntiCheat.Genuine.CodeHash.HashGeneratorResultHandler:Invoke(HashGeneratorResult)
    Error Unity: CodeStage.AntiCheat.Genuine.CodeHash.<CalculationAwaiter>d__20:MoveNext()
    Error Unity: UnityEngine.SetupCoroutine:InvokeMoveNext(IEnumerator, IntPtr)
    Error Unity: (Filename: ./Runtime/Export/Debug/Debug.bindings.h Line: 35)
     
  13. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    I believe these are just debug logs which should be eliminated at the latest version. Please let me know if you still seeing this in latest 2.0.4 version.
     
  14. murat303

    murat303

    Joined:
    May 22, 2014
    Posts:
    39
    ok, i'm using 2.0.3 version and i'll try with 2.0.4, but result.Success return false too
     
    codestage likes this.
  15. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    ah, this is weird, could you please let me know your Android version, Unity version, scripting runtime backend kind and .NET version you're using?
     
  16. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    @murat303 scratch that, I just found a cause of such behaviour. It will be fixed with next update.
    For now, as a workaround, please just compare result.CodeHash value for null directly.
     
  17. murat303

    murat303

    Joined:
    May 22, 2014
    Posts:
    39
    ok thank you, also my unity version 2019.2.11 - il2cpp - .net 4.0
     
    codestage likes this.
  18. Davood_Kharmanzar

    Davood_Kharmanzar

    Joined:
    Sep 20, 2017
    Posts:
    411
    @codestage
    hello,

    is it possible to adding InjectionDetector and ObscuredCheatingDetector to OnBeforeSceneLoadRuntimeMethod() ??

    thanks.
     
  19. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @Davood_Kharmanzar

    Did you mean from methods marked with
    [RuntimeInitializeOnLoadMethod(RuntimeInitializeLoadType.BeforeSceneLoad)]
    attribute?

    In such case you're free to start them from code from there (and make sure they are not added to the scene), should work fine.
    Please let me know if you'll have any problems with that.
     
  20. Davood_Kharmanzar

    Davood_Kharmanzar

    Joined:
    Sep 20, 2017
    Posts:
    411
    yes ... i tried to make new GameObject and adding these detectors as component to it ...
    but these detectors are disabled !!
     
  21. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    To automatically add detectors to the scene and start detection, just call static StartDetection() methods with callbacks. e.g.:

    Code (CSharp):
    1. [RuntimeInitializeOnLoadMethod(RuntimeInitializeLoadType.BeforeSceneLoad)]
    2. private static void Test()
    3. {
    4.     ObscuredCheatingDetector.StartDetection(OnObscuredCheaterFound);
    5.     InjectionDetector.StartDetection(OnInjectionCheaterFound);
    6. }
    7.  
     
    Davood_Kharmanzar likes this.
  22. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    @codestage Hi, I'm trying to implement Time Cheating Detection but I have a couple of issues.

    1st how I set it up.
    I created a GameObject for the TimeCheating Detector with Auto Start.

    upload_2019-12-26_19-50-59.png

    Then in another Game object I set the callback in the following way:

    Code (CSharp):
    1.     private void SetUpTimeCheatingDetector()
    2.     {
    3.         TimeCheatingDetector.Instance.CheatChecked += OnTimeCheatingEventCallback;
    4.     }
    So far so good, I tested and my callback is called every 5 minutes. The thing is that we have this Daily Rewards button that has a 24hs wait period... So I thought I can force check when the Game regain focus.

    So I do the following:

    Code (CSharp):
    1.     private void OnApplicationFocus(bool hasFocus)
    2.     {
    3.         if (hasFocus)
    4.         {
    5.             TimeCheatForceCheck();
    6.         }
    7.     }
    8.  
    9.     private void OnApplicationPause(bool isPaused)
    10.     {
    11.         if (!isPaused)
    12.         {
    13.             TimeCheatForceCheck();
    14.         }
    15.     }
    16.  
    17.     private static void TimeCheatForceCheck()
    18.     {
    19.         if (TimeCheatingDetector.Instance == null)
    20.         {
    21.             Debug.LogWarning("TimeCheatingDetector instance is Null");
    22.             return;
    23.         }
    24.  
    25.         TimeCheatingDetector.Instance.ForceCheck();
    26.     }
    Problem is now, the first time I hit Home in the Android app and open settings to change the date and come back to the game, It's forced check and it works as I expect BUT I get a strange warning when calling force check:

    2019/12/26 19:47:44.908 5858 5895 Warn Unity [ACTk] Time Cheating Detector: Detector should be started to use ForceCheck().

    But the Callback function is called whatsoever.

    But then if I try to do that again, push home button, go to home screen and back, I get that the instance is Null

    2019/12/26 19:48:04.283 5858 5895 Warn Unity TimeCheatingDetector instance is Null

    ^^^ That's my checking on it because if I don't check for null on the above code I get an exception.

    So as you see there are a couple of issues. Or am I implementing this all wrong?

    Thanks.
     
  23. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @esteban16108,

    Thank you for reporting this!

    Regarding "instance is Null": you have auto-dispose enabled, so when it detects actual cheat, it fires detection event once and auto-disposes after that.
    Please try disabling this option to prevent such behaviour.

    Regarding "Detector should be started" warning - this seems to be correct behaviour since detector does pauses internally at the OnApplicationPause event. So, it's possible you're trying to work with it when it's still paused and did not received own OnApplicationPause event yet.

    Please try to make sure you're calling ForceCheck after detector gets own OnApplicationPause(false) message and resumes (using script execution order settings or adding a tiny delay before your call).

    Please let me know if it will not work for you.
    I'll try to minimize such collisions in future updates, will see what's possible to do here.
     
  24. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    Thanks for your answer,

    but one thing I found on the code is that even if the Auto Dispose is off, after detecting the first time it stops detecting using:

    Code (CSharp):
    1. internal virtual void OnCheatingDetected()
    2.         {
    3.             IsCheatDetected = true;
    4.  
    5.             if (CheatDetected != null)
    6.                 CheatDetected.Invoke();
    7.  
    8.             if (detectionEventHasListener)
    9.                 detectionEvent.Invoke();
    10.  
    11.             if (autoDispose)
    12.             {
    13.                 DisposeInternal();
    14.             }
    15.             else
    16.             {
    17.                 StopDetectionInternal();
    18.             }
    19.         }
    and in StopDetectionInternal:

    Code (CSharp):
    1.         protected virtual void StopDetectionInternal()
    2.         {
    3.             CheatDetected = null;
    4.             started = false;
    5.             isRunning = false;
    6.         }
    So that will also affect the next detection attempt.

    I will try to change the script execution order for the OnAppFocus and OnAppPause...
    But what do you recommend about the above? Seems that it's a one time trigger?

    Thanks.
     
  25. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    This was made to avoid resources wasting since in most cases detector is not needed anymore after actual cheat detection.

    If you still wish to continue cheating detection, please call StartDetection() after cheat detection in order to start detector again and force detector to resume its work.
     
  26. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    This is not working, I added a delay of 0.5 calling the forcecheck on a co routine and still says it's not started yet... would be nice for future versions to have a couple of things like:

    1. Comprehensive tutorial
    2. Callback that let us know that's started
    3. Callback that let us know that's unpaused
    4. A way to know if it's running and started already...

    I see this checked internally but I don't see it on the public API.

    What's my use case? I have this game with a button with daily rewards that the user can claim and a clock for 24hs wait... Lets say the player just claimed the rewards, goes to home changes the date and comes back to the game... if it takes a long time to detect the cheat it will claim again the reward that's why I force the cheating detection after focus is regained... thing is it's failing due to be called before the un pause? I changed the Script (TimeCheatingDetector) execution order to -150 or something like that and still the same problem.

    Thanks.
     
  27. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    @codestage

    Hi, I found another issue, I think.

    You are checking the difference between current difference and 'last' difference... so if last time the player cheated and the diff gave N and now the player continues with the same cheat the same difference will give N so the difference between the two is 0 or near zero and then the detector says wrongTimeDetected.

    Code (CSharp):
    1. var lastOfflineOnlineDifference = PlayerPrefs.GetInt(onlineOfflineDifferencePrefsKey, 0);
    2.             if (lastOfflineOnlineDifference != 0)
    3.             {
    4.                 lastOfflineOnlineDifference ^= int.MaxValue;
    5.                 var differenceOfDifferences = Math.Abs(offlineOnlineDifference - lastOfflineOnlineDifference);
    6.  
    7.                 Debug.Log("lastOfflineOnlineDiff " + lastOfflineOnlineDifference);
    8.                 Debug.Log("differenceOfDifferences " + differenceOfDifferences);
    9.  
    10.                 if (realCheatThreshold < 10)
    11.                 {
    12.                     Debug.LogWarning(FinalLogPrefix + "Please consider increasing realCheatThreshold to reduce false positives chance!");
    13.                 }
    14.  
    15.                 if (differenceOfDifferences > realCheatThreshold * 60)
    16.                 {
    17.  
    18. #if ACTK_DETECTION_BACKLOGS
    19.                     Debug.LogWarning(FinalLogPrefix + "Detection backlog:\n" +
    20.                                      "wrongTimeThreshold: " + wrongTimeThreshold + "\n" +
    21.                                      "realCheatThreshold: " + realCheatThreshold + "\n" +
    22.                                      "offlineSecondsUtc: " + offlineSecondsUtc + "\n" +
    23.                                      "lastOnlineSecondsUtc: " + lastOnlineSecondsUtc + "\n" +
    24.                                      "offlineOnlineDifference: " + offlineOnlineDifference + "\n" +
    25.                                      "lastOfflineOnlineDifference: " + lastOfflineOnlineDifference + "\n" +
    26.                                      "differenceOfDifferences: " + differenceOfDifferences);
    27. #endif
    28.  
    29.                     LastResult = CheckResult.CheatDetected;
    30.                 }
    31.  
    32.                 //Debug.Log("LastResult " + LastResult);
    33.             }
    34.  
    35.             PlayerPrefs.SetInt(onlineOfflineDifferencePrefsKey, offlineOnlineDifference ^ int.MaxValue);
    36.             IsCheckingForCheat = false;
    37.             ReportCheckResult();
    My test was, change date 2 days ahead... kill app, start app again...
    Then my other test was change date 2 days ahead, start app... it doesn't recognize here, wrong date detected.

    I have to screen record all these tests tho.
     
  28. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    @codestage

    Here is the video, it's ~4m long, please be patient.

     
  29. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @esteban16108,

    Thank you for all your feedback!

    I see, but did you start detector again using StartDetection() after cheat was detected?
    Or you have this warning even on first ForceCheck call?

    This is scheduled, and will be released in Jan'20

    You may check if detector is running using *.Instance.IsRunning API (works for all detectors).
    TimeCheatingDetector also has IsCheckingForCheat API allowing to know if it's currently busy with cheat check.

    Thank you for letting me know this not helped, I'm looked into this problem and couldn't reproduce that warning at the first glance, it would be really helpful to know if it does reproduces for you in Editor or on the target device only.

    Also, just to make sure I'm trying to reproduce it correctly,could you please confirm this is correct: you have detector added to scene, has AutoStart enabled, AutoDispose disabled, has no UnityEvent assigned, you subscribe to
    CheatChecked event from Start() or later, you always have warning "Detector should be started to use ForceCheck" when you switch back to the application on target device, is this all correct?

    Thank you for reporting this, but this is not an issue actually.
    It's allowed to have constant time difference from the real clock in order to avoid false positives for cases when user have set manual time shift (due to the time zone correction or daylight saving time shift).
    If you wish to react to such cases, you're free to treat wrong clock settings as a time cheating.
     
  30. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    Yes this is the setting I have... did you check the video? I think it's self explanatory.
     
  31. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Thank you a lot for the video!

    I did identified one actual misbehavior from the video: you may have wrong check result in case you force checking while it's already busy with a check. This is fixed now in current dev version (looks like your PM is closed so please let me know how can I send you new version).
    You also may workaround it with checking if TimeCheatingDetector.Instance.IsCheckingForCheat is false before calling force check.

    Other parts of the video looks fine, it does detects cheat when actual time change was detected between game sessions (or during gameplay) but does not treats incorrect clocks as an actual cheat, like intended (as I described earlier - to prevent possible false positives from manual shifted clock settings). You're free to treat wrong time as an actual cheat if you wish to not care about such corner case.

    "Detector should be started" warning was shown because detector auto-stops when it detects actual cheat, and you need to start it again with StartDetection() call before calling force detection again, this is intended behaviour though I agree this is not intuitive and should be revisited.

    Could you please let me know if you did expected some other behavior from this detector?
     
  32. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    @codestage

    Hi, thanks for the support.

    Sent you a 'conversation' ?

    About the "Detector should be started", I forgot to tell you that, when a cheat is detected I close the application when the player clicks the button close, with Application.Quit(), so the user has to restart the game. You can see that in the video that every time the cheat was detected I stopped the Game and Started again, that's when the cheat wasn't detected.
     
  33. zhuchun

    zhuchun

    Joined:
    Aug 11, 2012
    Posts:
    433
    Greetings @codestage I'm interested in this asset a long time ago and thanks for your other great assets, they helped me a lot ;)

    I'm making multiplayer games, the idea is that would it be feasible/meaningful to protect player's input by using ACTK? Say if a hacker figures it out where is the enemy somehow, then he would be able to send an input like "Direction=(1,2,3), Shoot=True" and do a headshot. But what if I hide input variables so he has no idea where to assign that Direction unless he can simulate the direct input, does it sounds good?
     
    Last edited: Dec 28, 2019
  34. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Thank you, I've sent a reply to the conversation ^^

    I see this warning at 0:44 and it happens there because after detection detector stopped but you switched to the clock settings and back to the Unity while being in Play Mode so you have called force detection with stopped detector which led to this warning and this is fine, just start detector again after cheat detection or do not force check again after cheat detection to avoid this warning.
     
  35. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @zhuchun ,

    Glad to hear my assets helped you, thanks!

    Thank you for your question. ACTk can hide variables in memory from memory searchers but I'm not sure input data is searched like this..
    It could be searched at the decompiled code with cheat code injecting to call your methods with needed arguments.

    I'd suggest to care about client reverse-engineering protection in first place.
    For example, use names obfuscation before build, use IL2CPP to build obfuscated code (so IL2CPP metadata becomes a mess), use additional platform-dependent ways to increase reverse-engineering complexity, like native protector with debugging prevention for Windows PC platform.

    Depending on your game type, some ACTk features could be handy as well (like WallHackDetector for FPS games and more generic SpeedHackDetector, CodeHashGenerator features).
     
    zhuchun likes this.
  36. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    @codestage Hi, tried the version you sent me and it's working much better it has a deterministic behavior now BUT, this is the only drawback, not a killer but it's there.

    1. In my case, game is running, I change the date, Cheat Detected... Have to close the game (exit). All good.
    2. Open the game again, cheat detected again. Have to close the game (exit). All good. This can be repeated and it's a deterministic behavior.

    3. I put back the date time into automatic and the device date/time is the official date. Run the game. Cheat detected. Not Good. Have to close the game (exit)
    4. Open again the game with official date/time and now it's working as expected.

    Seems that the delta between the last online/offline still off when the date/time is good the 1st time after reverting to good Date/Time. I saw in your code (previous one) that you keep a record of the last or something... it could be nice that if the network gave you a good date that delta should not be checked? I could be wrong on this part I don't remember the code at this point and I'm in a hurry to deliver this.

    Thanks for the support.
     
  37. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @esteban16108 ,

    Thank you for checking updated version!

    On second open it should detect WrongTime, not cheat itself, since it does uses time deltas and shouldn't treat wrong time as a cheat be default (only if you treat wrong time as a cheating).

    This is an expected behaviour: you did changed time between game sessions and it's treated as reverse clockwise time cheating, even if it was set to correct time.

    Example: user constantly has manual time zone \ daylight saving settings (with some positive hours shift delta) and wants to reset some long time-dependent process in the game, so he changes time putting it back to in sync with server clocks.

    I can introduce some options for more flexibility here though, like: ignore reverse-clockwise time cheating, or ignore time cheating when time was changed to be in sync with server.

    Please let me know what you think about this.
     
  38. esteban16108

    esteban16108

    Joined:
    Jan 23, 2014
    Posts:
    159
    @codestage

    You were right second time I started the game with the wrong date I got wrong date detected and since I trigger my cheat detection also with that it's ok.

    I see that the asset was made for a more complex cases than my one ... I don't see many users having the clock different than their actual tz but that could be some small percentage? I don't know.

    But my use case was based that the Player respect the proper TZ clock always no deviation from it only with the deltas configured in the ACTk... TimeCheatingEngine, that's why I thought or expected that if the time was right, 'again', it should not give some kind of error... if this is a different use case and you can introduce some flexibility for it, would be great.

    Thanks for the support, I already delivered this feature.

    Watching closely to see new updates.

    Kudos.
     
    codestage likes this.
  39. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Will do, added this to the internal tasks system, thank you for detailed feedback!
     
    esteban16108 likes this.
  40. pistoleta

    pistoleta

    Joined:
    Sep 14, 2017
    Posts:
    539
    Hello guys, we have this asset for long and it has come the time to use it:
    We made a city tycoon and we are worried about the save files, we dont want the users to manipulate them.
    We were saving on JSON but at the time to save the save files on firebase its too much traffic so now we are creating our own files with our particular structure, (with minimum characters as possible).
    What would be the best approach using this asset to avoid file manipulation? we need to create this files at some point to send them to firebase storage compressing them before, or maybe use the iCloudvalueKey storage.
    Thanks a lot for your support.
    pistoleta
     
    Last edited: Jan 10, 2020
  41. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @pistoleta,

    I'd suggest to go with plain bytes encryption here, i.e. use ObscuredByte.Encrypt(byte[], byte key) before saving and use ObscuredByte.Decrypt(byte[], byte) after loading.

    Same for plain strings, you may use similar ObscuredString.Encrypt()\Decrypt() methods.

    This will avoid easy file readout by third-parties, but will not prevent manipulation, manipulations will break saves more likely in this case.

    In case you need to validate if your save file is genuine or you wish to avoid full save file encryption (loosing its readability for debugging) - I'd suggest to sign saved bytes and check signature after saves load.

    For the signature calculation, feel free to use any public hashing libraries, like xxHash for C#:
    https://github.com/noricube/xxHashSharp
     
    Last edited: Jan 10, 2020
  42. pistoleta

    pistoleta

    Joined:
    Sep 14, 2017
    Posts:
    539
    Since we want to try the iCloud Key-Value storage ad we want to save as much possible space I guess we will go with the Obscured string.

    Code (CSharp):
    1. This will avoid easy file readout by third-parties, but will not prevent manipulation, manipulations will break saves more likely in this case.
    Im fine with having their files broken if they tamper with them lol.

    Code (CSharp):
    1. In case you need to validate if your save file is genuine or you wish to avoid full save file encryption (loosing its readability for debugging) - I'd suggest to sign saved bytes and check signature after saves load.
    When you say is genuine you mean is generated by our game right? well of course we want that but dont we already have it if we use the first method?

    Code (CSharp):
    1. I'd suggest to sign saved bytes and check signature after saves load.
    2.  
    3. For the signature calculation, feel free to use any public hashing libraries, like xxHash for C#:
    4. https://github.com/noricube/xxHashSharp
    If we were to do that... how to store the key in a safe way?

    Thanks A LOT for your support
     
  43. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @pistoleta ,

    Yes, if you will use ObscuredString, you don't need to worry about hashing, since saves will be not readable to easily tamper them.

    There are lots of ways to hide something in our build, for example, divide your key into 2 parts and store one part in serialized field in scene \ scriptable object and another part in source code.

    This way you'll force cheater to deal with two different locations (assets and code).

    You also may shuffle chars or xor numbers in your keys to prevent easy static recovery without additionalcode reverse-engineering (which is complicated when you do use IL2CPP combined with code obfuscation before IL2CPP is built).
     
  44. Grinchi

    Grinchi

    Joined:
    Apr 19, 2014
    Posts:
    130
    Hey Guys i had old version and got new one. thanks a lot developer for this amazing tool.
    In old v1 there was ObscuredPrefs.SaveSomeVar() something like that.
    how can i do the same thing ?
     
  45. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey @MasterOfStorm ,

    Thank you for purchasing new version!
    I'm not sure what exact API you mean under SaveSomeVar though.. Could you please let me know what exact API you're asking about?

    Thanks!
     
  46. Grinchi

    Grinchi

    Joined:
    Apr 19, 2014
    Posts:
    130
    ObscuredPrefs.SetString("Save", "TestString");
    ObscuredPrefs.Save();

    this one :)
     
  47. Grinchi

    Grinchi

    Joined:
    Apr 19, 2014
    Posts:
    130
    sorry my bad its now under CodeStage.AntiCheat.Storage :) thanks a lot :) again :)
     
    codestage likes this.
  48. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Yeah, sorry, forgot to mention namespace changed. Glad to hear you already figured it out!
     
  49. toyancsayan

    toyancsayan

    Joined:
    May 4, 2017
    Posts:
    5

    Can you tell us how to specify our crypto key to new updated ACTk? In old version it can be seen at "Prefs Editor" but we couldn't find it now.
     
  50. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,932
    Hey, crypto key is managed automatically now, you don't need to specify it manually anymore.