Search Unity

  1. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  2. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Anti-Cheat Toolkit: stop cheaters easily!

Discussion in 'Assets and Asset Store' started by codestage, Aug 20, 2013.

  1. SolFy

    SolFy

    Joined:
    Jul 3, 2018
    Posts:
    3
    Thank you so much for the quick reply.

    Good luck always. :)
     
    codestage likes this.
  2. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Anti-Cheat Toolkit 2021.2.0 just landed!

    This update adds BigInteger support to both Obscured types and Obscured (File) Prefs.
    Also, you'll find all Detectors now have a new TriggerDetection() API and corresponding component context menu item to let you easier test your detection listeners:

    upload_2022-6-29_21-51-39.png

    [2021.2.0] - 2022-06-29

    Added
    • Add ObscuredBigInteger type
    • Add BigInteger type support to the ObscuredPrefs / ObscuredFilePrefs
    • Add TriggerDetection() utility method to all detectors
    • Add 'Trigger detection' context menu item to all detectors components
     
  3. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Anti-Cheat Toolkit 2021.3.0 is live!

    Some of you guys did report Speed Hack Detector won't catch speed hacks in WebGL and VM apps for Android (like x8sandbox).
    After some research, I believe I found a way to detect speed hacks in such environments, and it doesn't require internet connection.

    Here is an example of catching previously undetectable WebGL speed hack (also
    SpeedHackProofTime
    does work there now too):


    There is still a plan to add server time fallback, but going to postpone it a bit until I'll get more feedback about new version, so feel free to share how it's working for you as that would help to shape a Speed Hack Detector future.

    [2021.3.0] - 2022-07-10

    Changed
    • Improve Speed Hack Detector sensitivity in sandboxed environments
    • Improve detectors' keepAlive logic when using additive scenes
    • Improve WebGL file system compatibility at Obscured File and Obscured File Prefs
    Fixed
    • Fix possible undesired detector self-destroy on additive scene load
     
  4. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    One more update is out of the oven: 2021.4.0 is hit the store, bringing some QoL improvements.
    Let me highlight only few of them.

    Automatic ProGuard configuration

    Now you'll be prompted to auto-include ACTk to the
    proguard-user.txt
    when you're building for Android while having Minify enabled and do not have your ProGuard file added or properly configured to exclude some ACTk Android plugin methods from the renaming.

    upload_2022-7-16_4-8-14.png

    There is also an option to apply the ProGuard config on demand from the menu:
    upload_2022-7-16_4-8-3.png

    Previously you had to do this manually, and it wasn't obvious it's needed causing some frustration and runtime exceptions.

    TimeCheatingDetector QoL updates

    Now it won't break when SSL certificate validation fails, but time still can be retrieved.
    Also, the new LastOnlineTimeResult instance property added to let you figure out last cheating check time request results and inspect it for error details if needed.

    More changes in a full changelog for this update posted below.

    [2021.4.0] - 2022-07-16

    Added
    • Add LastOnlineTimeResult instance property to the TimeCheatingDetector
    • Add automatic ProGuard configuration to prevent errors due to minification
    • Add new menu item to configure proguard-user.txt on demand

    Changed
    • Make ProGuard configuration more granular to obfuscate more of the native code
    • Expose internal TimeCheatingDetector.IsReadyForForceCheck() API

    Fixed
    • Fix possible TimeCheatingDetector error due to certificate validation (thx murat303)
    • Fix disabled Audio System compatibility (thx Mika)
     
  5. ch1ky3n

    ch1ky3n

    Joined:
    Oct 26, 2017
    Posts:
    57
    "No script asset for ObscuredFloat. Check that the definition is in a file of the same name."
    These warning logs spam like thousands on my console. Although there is nothing wrong with the method itself. meaning, the method works normally

    it is under my method script :

    public void Damage(ObscuredFloat damage)
    {
    HpCurrent -= damage ;
    if(HpCurrent<=0)
    {
    HpCurrent = 0.0f;
    TriggerEvent.Trigger(GetComponent<Character>().GUID,"OnDeath");
    }
    UpdateInspector();
    }

    if I change the Obscured Float to standard float, the warning disappears.

    any idea what causes this?
     
  6. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey @ch1ky3n

    That's something weird oO
    I'd be glad to know if it does reproduces for you in the brand new project or could be isolated into .unitypackage so I could reproduce it on my side.

    As a workaround, feel free to use regular types for any short living variables such as method arguments or local variables which are not captured into long living scopes like deferred lambdas, post-awaits or coroutines. Generally everything living for 1 frame or even 100 frames are safe from memory search and replace vulnerability.
     
  7. ch1ky3n

    ch1ky3n

    Joined:
    Oct 26, 2017
    Posts:
    57
    alrighty, that makes lots of sense, thank you
     
  8. mrm83

    mrm83

    Joined:
    Nov 29, 2014
    Posts:
    345
    what is this? suddenly getting lots of these on android:
    [CodeHashGenerator ERROR] Something went wrong while trying to hash current APK: java.util.zip.ZipException: Local File Header signature not found; was 00000000

    legit issue? or false issue?

    also getting lots of speedhackdetection on ios suddenly.. used to be 0, now 50+ daily..
     
  9. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Greetings @mrm83

    Thank you for reporting those issues.

    Did you update ACTk or Unity before you notice these changes?

    For the ZipException, that's something new.
    Could you please let me know Android OS version and device model where you're seeing such error?
    Does it reproduce for you in controlled environment (on your test devices)?

    For the SpeedHackDetector, new ACTk version address one possible false positive but that could be another case. Can you reproduce the issue in latest ACTk version with ACTK_DETECTION_BACKLOGS conditional enable and let me know what do you have in the logs after "Detection backlog:"?
     
  10. mrm83

    mrm83

    Joined:
    Nov 29, 2014
    Posts:
    345
    Updated Unity from 2019 to 2021, but I believe I may have updated ACTk (i cant remember exactly).
    I am not able to reproduce any of these, these were observed from production users.

    ZipException devices:
    Android OS 9 / API-28 (PKQ1.190616.001/V11.0.8.0.PCOCNXM) Xiaomi Redmi Note 8
    Android OS 6.0.1 / API-23 (MMB29M/eng.compiler.20220303.175245) vivo vivo Y53
    Android OS 12 / API-31 (SKQ1.211202.001/V13.0.2.0.SJQCNXM) Xiaomi M2010J19SC
    Android OS 7.1.1 / API-25 (NMF26F/eng.root.20200728.225125) OPPO OPPO A77t
     
  11. mrm83

    mrm83

    Joined:
    Nov 29, 2014
    Posts:
    345
    There is also this

    Invalid hash for: global [CodeHashGenerator ERROR] Something went wrong while trying to hash current APK: java.util.zip.ZipException: invalid LOC header (bad signature)
     
  12. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Got it, please let me know if you'll be able to find out repro steps for any of the issues.

    Please also try updating ACTk to the latest version. I'd be glad to know if it will help (or not) with abnormal speed hack detections.

    This looks like it couldn't open APK as ZIP file.
    It can happen if APK was repackaged incorrectly making signature corrupt or that's some new issue I'm not aware yet.

    Looking at this list, I don't think this could be caused by some new Google Play format for the APK files since it seem to happen on older OS \ API versions as well.

    I'm afraid I can't do much with this without having such APK or repro steps on my hands since my local tests can't confirm this problem with any apk I could build both from Unity and Android Studio.
     
  13. unity_147E125C3E38CE7ECD7D

    unity_147E125C3E38CE7ECD7D

    Joined:
    Nov 15, 2022
    Posts:
    1
    Hi! Time Cheating Detector work in offline mode?
     
  14. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Greetings, it uses online time so internet connection is required.
    I'm going to introduce offline fallback in future as well, but it won't be as reliable as online checks.
     
  15. mrm83

    mrm83

    Joined:
    Nov 29, 2014
    Posts:
    345
    Updated to latest version and speed detect is still reporting false detection.
    There were so many false detection it is practically useless.

    Seems to be getting more unstable with new updates..
    first it was ban type detection, then it was hash errors, now its speed detection..
     
  16. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hi, it's sad to hear the latest update didn't fix it for you.

    I still couldn't get the reproducible case where it would trigger the speed hack detection false positive in order to investigate and fix it, nor I get the Detection backlog for such false positive.

    Please follow the workaround I've sent in PM for now.
    I'll release it with next update if it still will be not possible to catch and fix that false positive in the meantime.

    Does it still occur for you? Is it possible to get the repro steps to analyze it on my side?

    Same question, could you please confirm you're still seeing this and do really see it's not the wrongly repackaged APKs after some modifications but the errors on legit devices with non-modified apks? If it's the latter, is it possible to get such APK and exact device model and OS verion where it happens in order to try repro it?

    I try to react to any false positives reported by the community and improve detection algorithms to reduce their count keeping the sensitivity where possible.
     
  17. mrm83

    mrm83

    Joined:
    Nov 29, 2014
    Posts:
    345
    These were observed in production and I can not reproduce any of them. I can not provide you any builds, any steps, or logs.

    The last hash errors I reported seem to have disappeared with the latest update.

    I will try your fix with the next build. But I have updated the detections such that it will no longer auto ban as it is no longer safe to do it. So it shouldn't be much of a problem in the future, just that it is annoying to see all the false detections.
     
  18. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    That's understandable, and I can't do much without having reproducible bug, can only try to guess what could go wrong and make it safer where possible.

    Glad to hear it helped, though I didn't touch CodeHashGenerator for a while already so not sure how it worked out.

    Thanks, please let me know how it will work for you.
     
  19. SOL3BREAKER

    SOL3BREAKER

    Joined:
    Oct 11, 2021
    Posts:
    42
  20. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hi @wechat_os_Qy09VpiDaSiV8EETWQqNeGZuk

    Yes, I'm not using BinaryFormatter due to security and performance considerations and serialize binary data manually instead.

    ObscuredFile does encrypt data by default, so storing it as a string doesn't make sense. Do you wish to deactivate decryption and store it in a human-readable form? If so, why you wish to use ObscuredFile for this?
     
  21. SOL3BREAKER

    SOL3BREAKER

    Joined:
    Oct 11, 2021
    Posts:
    42
    I wish to save data from dialogue system and the other asset, and it will convert data to string instead of byte[]. Maybe I could use "Convert.FromBase64String" to do that.

    And I have some questions.
    1. How to use custom device id. If I manually assgin steamid to this, I don't know how to detect it.
    ObscuredFilePrefs.DataFromAnotherDeviceDetected += OnLockCheat . It may detect device automatically, but I don't know where to check the custom id.

    2. What's the best practice to use ObscuredTypes. I am using some controller from store. If I modify the code, then I need find a way to serialize obscuredtypes. And those value assigned in the inspector will also lose. And if I update the assets, all the modification will also be overwritten.
    I also checked inheritance, but I can't override the type of value.
    So I tried to customize a class to overwatch those sensitive value. If the obscured health is below zero, I would call a method to set ordinary health to zero. But I need check all the operation like get damage or get health too. It's not very easy compared with simply replacing the original types.
     
  22. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Ah, in such case you can just get bytes from string using
    Encoding.UTF8.GetBytes() and pass them to the ObscuredFile (and use
    Encoding.UTF8.GetString() when loading to get string back).

    Alternatively, you could use ObscuredFilePrefs and pass the string as is, it will be serialized into a byte array internally.

    It will detect IDs mismatch automatically, so you don't need to do that manually. But yeah, you won't know which ID was used in the file when check mismatch and detection event invoke because I don't write the ID itself into the file, only ID hash is written due to security and privacy reasons.

    So you can only figure out "this file has different ID" but can't figure out which ID it has.

    Those are designed to be used instead of regular types for any ling-term sensitive variables which are sitting in memory longer than a few secs.

    So best practice would be to update sensitive variables with obscured types at the long-term declarations like class fields.

    If you wish to apply obscured types to the third-party code, I'm afraid you have not so much options here.

    One option is replacing them "as is" but suffer from the tech debt - you'll need to replace them again every time you update the third-party dependency.

    Alternatively, you could try finding a flexible way to introduce your changes into the third-party code if it allows you to do so, i.e. some libs allow overriding different parts, so this could work. Your current approach seems to use this option, if you keep your inherited code outside the third-party asset folder.

    Lastly, you could ask third-party tool author to add ACTk integration support to let you easily switch regular types with obscured ones.

    Yes, that's not that simple if you're going to add ACTk to the third-party tool which doesn't support such extensions out of the box.
     
  23. mrm83

    mrm83

    Joined:
    Nov 29, 2014
    Posts:
    345
    This is really irritating me. Since updating from 2021 initial release to 2021.6.3, obint are no longer showing as int in inspector, but rather showing up as scientific notations.

    obbigint shows correctly, just not obint.

    how do i fix this?

    ie: 1663942831 becomes 1.663943e+09

    update:
    seems to be an issue with float as well.. working fine with bigint because the propertydrawer is showing a text field? is the fix to make int a textfield instead of int field?

    update2:
    seems to be an issue with "delayed" fields. DelayedIntField showing sci notation, IntField doesn't.

    it is safe to change it to IntField instead of delayed?
     
    Last edited: Feb 9, 2023
  24. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey @mrm83

    Ah that's unfortunate DelayedIntField display differs from the IntField o_O
    Sure, feel free to put the IntField back.

    Could you please let me know which Unity version you're using? I'm going to report this bug to Unity and would be happy to have more data on my hands.
     
  25. mrm83

    mrm83

    Joined:
    Nov 29, 2014
    Posts:
    345
    2021.3.17
     
    codestage likes this.
  26. unity_3F15A3E15E211881BAB4

    unity_3F15A3E15E211881BAB4

    Joined:
    Jan 25, 2023
    Posts:
    2
    Hello @codestage

    I have mobile game with implemented AntiCheat.
    I'm receiving many non-fatal exceptions in crashlytics: CryptographicException : Bad PKCS7 padding. Invalid length 0.

    Code (CSharp):
    1.  
    2. Non-fatal Exception: CryptographicException
    3. 0  ???                            0x0 ThrowBadPaddingException (Mono.Security.Cryptography.SymmetricTransform)
    4. 1  ???                            0x0 FinalDecrypt (Mono.Security.Cryptography.SymmetricTransform)
    5. 2  ???                            0x0 FlushFinalBlock (System.Security.Cryptography.CryptoStream)
    6. 3  ???                            0x0 Dispose (System.Security.Cryptography.CryptoStream)
    7. 4  ???                            0x0 Close (System.IO.Stream)
    8. 5  ???                            0x0 DecryptInternal[T] (CodeStage.AntiCheat.Utils.CryptoUtils)
    9. 6  ???                            0x0 ReadAllBytesInternal (CodeStage.AntiCheat.Storage.ObscuredFile)
    10. 7  ???                            0x0 ReadAllBytes (CodeStage.AntiCheat.Storage.ObscuredFile)
    11. 8  ???                            0x0 ReadEncryptedFile (AntiFraudModule.Runtime.src.Feature.Services.EncryptedFilesHandler)
    This problem exists only for iOS devices on Android everything is ok.
    I'm using Unity 2021.3, AntiCheat 2021.6.2.
    Also parameters for encryption and decriptyion are the same.

    Could you help me solve this problem?

    Best regards
     
  27. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hi @unity_3F15A3E15E211881BAB4, looking weird indeed, thanks for reporting it!

    Could you please let me know which iOS versions do spawn such error?
    I also wonder if this somehow affects the data which is being read from the ObscuredFile / ObscuredFilePrefs?
     
  28. unity_3F15A3E15E211881BAB4

    unity_3F15A3E15E211881BAB4

    Joined:
    Jan 25, 2023
    Posts:
    2
    @codestage after investigation I found out that the problem on my side.
    Everything ok with Anti-Cheat. Sorry for disturbing and thank you for your time.
    Best regards.
     
    codestage likes this.
  29. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Thank you for letting me know, glad it sorted out after all!
     
  30. RomanBard

    RomanBard

    Joined:
    Mar 27, 2020
    Posts:
    7
    After updating the asset from v2 to 2021, the "Time Cheat Detector" is malfunctioning. We don't have enough information to be sure, but user reports indicate that Time Cheat is checked "when the game freezes due to an error after being on for a long period of time." There are no changes to the game's logic, and this was not an issue in v2.
     
  31. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Thank you for reporting this @RomanBard ,

    This is the first time I have heard about this problem unfortunately, and I'm afraid it will be difficult to do something about it without steps to reproduce the issue.

    I'd be happy to know more about the incidents if you have any stack traces or exceptions logs to look deeper into the possible cause of this behavior.

    The following information will help too:
    - did you update Unity to a newer version along with ACTk?
    - what's your Unity version?
    - what are the affected platforms?

    Please don't hesitate to drop a PM with all the details you might have on this case, so I could try to investigate it further.

    Thanks!
     
  32. RomanBard

    RomanBard

    Joined:
    Mar 27, 2020
    Posts:
    7
    @codestage I'm still getting reports from my users, but I'm not getting enough information. Here's what I know so far

    1. It happens on both AOS and IOS.
    2. unity version is 2021.3.14f1 (no unity version change, only v2 -> 2021)
    3. according to the report, the problem occurs when.
    - When you receive a call.
    - When a game popup mode while watching Netflix.
    - When the game freezes and they are forced to close the game.
    I'm guessing it has something to do with switching apps?

    For the past 1.5 years, v2 has been working fine, so I added a feature to force delete save data for people who cheat. now I'm losing a lot of users with this update. so sad...
     
  33. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    @RomanBard thank you for the additional info, I'm going to investigate this further and try reproducing the incoming call case at least.

    Really feeling your pain here and wish to make everything possible to figure out a cause of the problem.

    Could you please provide a bit of the extra info?
    - Which ACTk v2 version did you used before migrating (if it wasn't the latest v2.3.4)?
    - Which settings do you have in your detector inspector?
    - How do you listen for the detection event and do you filter out non-cheating events like wrong time if you use the non-Unity event?

    I'd be happy to reproduce it using as closest conditions as possible, so any portion of information would be nice to have.

    Thanks!
     
  34. RomanBard

    RomanBard

    Joined:
    Mar 27, 2020
    Posts:
    7
    @codestage I'm still getting information.

    But it's slow because I have to wait for the user to respond. I'll let you know if I find out anything more.

    Share information about my development environment.

    - Version change: v2 (2.3.4) -> 2021 (2021.6.3)
    - I followed the guide and deleted the v2 folder and then imported the new version.
    - The game was detecting two types of detections, "Obscured" and "Speed Hack". After the update, the misbehavior seems to only occur with "Speed Hack". Based on logs reported to Firebase, the number of detections has increased by 3500% compared to the previous version.
    - I did not change the detector inspector from the default setting, see image.
    speed2.png
    - I used it by adding "Speed Hack Detector" to the empty game object.
    - I don't use the Time Cheating Detector anymore. I used it at first, but then I changed the structure to get the time from Google at the start of the game and synchronize it, so I stopped using it.
     
  35. RomanBard

    RomanBard

    Joined:
    Mar 27, 2020
    Posts:
    7
    @codestage I found a clear way to reproduce it, and it works 100% so far.

    test1.jpg

    1. prepare your IOS device
    2. launch Netfilx and convert to pop-up mode
    3. launch the game
    4. watch a reward ad (Admob) while playing Netflix - Netflix video will pause
    5. Receive a reward after the reward ad ends - Netflix video auto-restarts
    6. Speed Hack Detector works!

    This method only works on iOS and only when other apps are turned on at the same time.

    There is an issue on iOS where the game doesn't freeze when you play an admob rewards ad. To solve this problem, the admob provides a function called "MobileAds.SetiOSAppPauseOnBackground(true);" function.
    My guess is that the behavior of this function is incorrectly checked when the game is running alongside other apps.

    This test flow does not work on Android.
    However, there are user reports of the cheat malfunctioning on Android as well, so there may be a way to reproduce it that we are not aware of.

    I hope this helps you.
    I am unable to resolve this issue, so I will not be using the asset until you are ready.
    I'll be waiting. Good luck.
     
    Last edited: Mar 9, 2023
  36. RomanBard

    RomanBard

    Joined:
    Mar 27, 2020
    Posts:
    7
    I think this issue is related to pause: the game speed goes to zero, and the error occurs when the threshold value of 0.2 is exceeded.
    Right now, the threshold value applies to both + and -. But what if we could split it up?
    In mobile environments, speedhacks are used to speed up the game. In most situations, there is no benefit to making it slower.
    I think splitting the threshold would help with stability, as the OS is likely to evolve and introduce more exceptions. What do you think?
     
  37. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hey @RomanBard thank you for a so many details about the issue.

    So, it's SpeedHackDetector, not the TimeCheatingDetector is faulting for you. Which is actually great since I have a guess on the possible cause of the false speed hack positives from the new too-sensitive DSP module I've added before to detect speed hacks in sandboxed environments (where all possible timers are faked).

    I believe the latest version update I've just released on the store should fix it for you.
    DSP is now optional and off by default. I've left it as an option for the bravest ones who do really need such sensitivity. In the future, I'm going to introduce online time checks for the speedhacks detection which should help with sandboxed environments too and, hopefully, will replace the DSP module altogether.
     
  38. RomanBard

    RomanBard

    Joined:
    Mar 27, 2020
    Posts:
    7
    @codestage I mistook 'Speed Hack' for 'Time Hack', sorry for the confusion.
    I'm glad to hear the issue has been resolved.
    I'll try to be a little more careful when updating the next version of my project.
     
  39. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    @RomanBard no worries, it's easy to get them mixed up since both are actually time-related
    Will be happy to know how the new update will work for you.
     
  40. Sensistaar

    Sensistaar

    Joined:
    Nov 12, 2021
    Posts:
    3
    Hi, i want to buy your Anti Cheat Toolkit. I have ECS (Entity Component System) installed and i am wondering if the unmanaged types like int, float, bool ... are still unmanaged types when i use ObscuredInt, ObscuredFloat, ObscuredBool in ECS for my structs? Because ECS requires all the structs for the data oriented programming to be unmanaged types to be able to convert it to an entity. Overall im questioning if this works for ECS in Unity 2022. There is no free version to test so i wanted to make sure it works before i buy the toolkit.
     
  41. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hi @Sensistaar, only a few obscured types do fall under unmanaged struct criteria.
    For example,
    ObscuredInt
    does satisfy the unmanaged constraint while
    ObscuredFloat
    doesn't.

    Overall, ACTk obscured types were not designed to work with the ECS entities as is and weren't tested in such conditions, but it may be possible to adopt most of them to satisfy the criteria.
    ObscuredFloat
    can be made unmanaged with nested struct inlining, for example.

    You can also store initial data in obscured types and cast it implicitly when you do create the entities in case your entities are short-living, i.e.:

    Code (CSharp):
    1. public class BoidAuthoring : MonoBehaviour
    2. {
    3.     public ObscuredFloat CellRadius = 8.0f;
    4. }
    5.  
    6. [Serializable]
    7. [WriteGroup(typeof(LocalToWorld))]
    8. public struct Boid : ISharedComponentData
    9. {
    10.     public float CellRadius;
    11. }
    12.  
    13. class Baker : Baker<BoidAuthoring>
    14. {
    15.     public override void Bake(BoidAuthoring authoring)
    16.     {
    17.         var entity = GetEntity(TransformUsageFlags.Dynamic);
    18.         AddSharedComponent(entity, new Boid
    19.         {
    20.             CellRadius = authoring.CellRadius, // implicitly casts ObscuredFloat into the float with decryption
    21.             // ...
    I did send you a PM with ACTk, so you could try it in your environment.

    ADDED:
    After further investigation, I believe Obscured types are not DOTS-compatible, since I'm using managed code inside (like System.Random), which is not allowed in Burst. So keeping them out from the ECS entities is a way to go for a time being.
     
    Last edited: Apr 6, 2023
  42. Sensistaar

    Sensistaar

    Joined:
    Nov 12, 2021
    Posts:
    3
    This is what made me buy this tool for my ECS project :)
    1. public class BoidAuthoring : MonoBehaviour
    2. {
    3. public ObscuredFloat CellRadius = 8.0f;
    4. }
    I do this within a scriptedobject instead of a naked ObscuredFloat.
    Thanks for your help.
     
    codestage likes this.
  43. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Greetings everyone!

    Glad to let you know Anti-Cheat Toolkit 2023 is now available at the Unity Asset Store!

    Despite my plans to go with yearly paid upgrades, it was decided to release this 2023 update free of charge for all existing ACTk 2021 customers, as it doesn't include all planned and announced features (yet!).

    Still, this update introduces some nice additions and improvements to the plugin:

    Android App Installation Source validation

    A brand new
    AppInstallationSourceValidator
    tool was added to the Toolkit, allowing to quickly check current application installation source on the Android platform.

    Super easy and convenient way to make sure your app was installed from the Google Play, or Samsung Galaxy Store, for example:

    Code (CSharp):
    1. using CodeStage.AntiCheat.Genuine.Android;
    2.  
    3. var source = AppInstallationSourceValidator.GetAppInstallationSource();
    4.  
    5. if (source.DetectedSource != AndroidAppSource.AccessError)
    6. {
    7.     Debug.Log($"Installed from: {source.DetectedSource} (package name: {source.PackageName})");
    8.     if (source.DetectedSource == AndroidAppSource.SamsungGalaxyStore)
    9.         Debug.Log("App was installed from the Galaxy Store");
    10. }
    11. else
    12. {
    13.     Debug.LogError("Failed to detect the installation source!");
    14. }
    There are few predefined
    AndroidAppSource
    values to cover most popular installation sources, but it also returns a raw string with the installation source package name, so you could parse it and process on your own if you need some extra flexibility:

    Code (CSharp):
    1. // Prints "com.sec.android.app.samsungapps"
    2. Debug.Log(source.PackageName);
    That's something which was asked frequently, so hopefully you'll find this tool useful!

    Newtonsoft Json Converter for Obscured Types

    Another frequently asked feature - now you can easily serialize Obscured types if you're using Newtonsoft Json.NET in your project with
    ObscuredTypesNewtonsoftConverter
    class.

    It will automatically activate if you have the com.unity.nuget.newtonsoft-json package version 2.0.0 or newer added in your project.

    All you need to do is just add the converter to your Json serialization code:

    Code (CSharp):
    1. using CodeStage.AntiCheat.ObscuredTypes.Converters;
    2.  
    3. var json = JsonConvert.SerializeObject(input, new ObscuredTypesNewtonsoftConverter());
    4. // ...
    5. var output = JsonConvert.DeserializeObject<T>(json, new ObscuredTypesNewtonsoftConverter());
    Alternatively, just add it to the default settings and you're good to go:
    Code (CSharp):
    1. using CodeStage.AntiCheat.ObscuredTypes.Converters;
    2.  
    3. // add it to default converters one time globally
    4. // ----------------------------------------------
    5. JsonConvert.DefaultSettings = ()=> new JsonSerializerSettings
    6. {
    7.     Converters = { new ObscuredTypesNewtonsoftConverter() }
    8. };
    9.  
    10. var json = JsonConvert.SerializeObject(input);
    11. // ...
    12. var output = JsonConvert.DeserializeObject<T>(json);
    See more details at the Obscured Types JSON Serialization chapter in the User Manual.

    CodeHashGenerator improvements

    Multithreading support

    Now both Editor and Runtime versions do support multithreading.
    Editor version (
    CodeHashGeneratorPostprocessor
    ) will always occupy all available cores, improving hashing time for large projects by 50% on average, depending on your CPU configuration.

    Runtime CodeHashGenerator now accepts
    maxThreads
    argument and uses 1 thread by default.
    Here is how you can use all cores for the runtime hashing:
    Code (CSharp):
    1. // using all available cores except 1 (we need to keep it free for the Main / UI thread)
    2. var availableCores = Math.Max(1, Environment.ProcessorCount - 1);
    3. var generationResult = await CodeHashGenerator.GenerateAsync(availableCores);
    As a small bonus, the Summary Hash calculation time was improved up to 99.8% (getting summary from 4367 hashes reduced from 510ms in ACTk 2021 down to 1ms in ACTk 2023).

    Build content hashing will arrive in future updates as well to let you validate content binaries and detect content tampering such as removing game objects or swapping materials, so multithreaded hashing will be a great help there reducing hashing duration.


    Async-friendly APIs


    It's possible now to perform hashing from the async method and get the hashing result right away without using the events:
    var hashingResult = await CodeHashGenerator.GenerateAsync();


    Same for the Editor code, you can now await build hashes generation with these new APIs:

    Code (CSharp):
    1. var hashingResult = await CodeHashGeneratorPostprocessor.CalculateBuildReportHashesAsync(buildReport, printToConsole);
    2. // or
    3. var hashingResult= await CodeHashGeneratorPostprocessor.CalculateExternalBuildHashesAsync(buildPath, true);
    Obscured Types cheat detection information

    Now you can gather last detection details through the
    LastDetectionInfo
    property

    Code (CSharp):
    1. public void OnObscuredTypeCheatingDetected()
    2. {
    3.     var detection = ObscuredCheatingDetector.Instance.LastDetectionInfo;
    4.  
    5.     // prints:
    6.     // Obscured Vars Cheating Detected:
    7.     // SourceType: ObscuredInt
    8.     // Decrypted: 5
    9.     // Fake: 999
    10.     Debug.Log($"Obscured Vars Cheating Detected:\n{detection}");
    11. }
    Other notable changes

    There are plenty of other improvements, additions and fixes as well, here are a few most interesting:
    • Update minimum Unity version to 2019.4, farewell Unity 2018!
    • Add
      HashGeneratorResult.PrintToConsole()
      method to easily print hashing results
    • Add state corruption checks for pre-awake API access
    • Add Windows build hashing progress bar
    • Add
      Normalize()
      method and
      normalized
      property to ObscuredVector2, ObscuredVector3, ObscuredQuaternion
    • Add
      buildPath
      argument to
      CalculateExternalBuildHashes
      , so you could hash any build from CLI
    • Improve CodeHashGenerator filtering to include all .dex and .so files on Android (only few Unity-specific .so and all classes*.dex were included previously)
    There were some API refactorings and updates too, please follow the Migration Notes from the User Manual if you're stuck with migrating to new APIs.

    Take a look at the full changelog if you wish to know more about all the changes in this update.

    This release does introduce a new friendly asset: the Simple IAP System from the FLOBUK publisher, which can greatly complement your mobile app security with their online IAP Receipt Validation service.

    Stay tuned for the future updates and improvements to the ACTk 2023!
     
    Last edited: May 10, 2023
    Baroni and JesterGameCraft like this.
  44. JesterGameCraft

    JesterGameCraft

    Joined:
    Feb 26, 2013
    Posts:
    452
    Thank You.
     
  45. haeggongs

    haeggongs

    Joined:
    Jul 19, 2016
    Posts:
    5
    After the update, the original source code does not work.
    ex>
    string text = "abcd";
    ObscuredString text2 = "abcd;

    text.Equals(text2) result : true
    but,
    text2.Equals(text) result : false

    Why different results?
     
  46. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Hi @haeggongs ,

    This is a confirmed regression, thank you for reporting it.
    A fix is coming shortly, and a few extra tests are now added to cover more API usage cases.

    Meanwhile, while fix is not reached the store, you can workaround it at the ObscuredString.API.cs, line 141: just replace

    Code (CSharp):
    1. public bool Equals(string other)
    2. {
    3.     return InternalDecrypt().Equals(other);
    4. }
    with

    Code (CSharp):
    1. public bool Equals(string other)
    2. {
    3.     return InternalDecryptToString().Equals(other);
    4. }
     
    haeggongs likes this.
  47. haeggongs

    haeggongs

    Joined:
    Jul 19, 2016
    Posts:
    5
  48. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    It seems the ACTk native plugin could be obfuscated / minified without proguard exclusions configured.
    Please ensure you have the proguard exclusions file configured.
    Actually, ACTk should suggest it when you make a build while having minification enabled at the Player Settings -> Publish Settings.

    Please let me know if it didn't suggest you to configure the proguard file and what do you have in your Player Settings at the Publish Settings section, I'd be happy to know why it could not happen.

    Anyway, you can manually trigger it using
    Tools > Code Stage > Anti-Cheat Toolkit > Configure proguard-user.txt
    menu item.
     
    haeggongs likes this.
  49. haeggongs

    haeggongs

    Joined:
    Jul 19, 2016
    Posts:
    5
    ObscuredCheatingDetector.StartDetection(OnCheterDetected);
    SpeedHackDetector.StartDetection(OnCheterDetected);

    Since the update, the "OnCheaterDetected" function is being called from time to time. It worked fine before the update.
     
  50. codestage

    codestage

    Joined:
    Jul 27, 2012
    Posts:
    1,931
    Thank you for bringing this to my attention.
    Could you please let me know on which platform it happens for you and how I can reproduce this behavior?