Search Unity

  1. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Question C++ for security

Discussion in 'General Discussion' started by tomlugin100, Nov 26, 2023.

  1. tomlugin100

    tomlugin100

    Joined:
    May 6, 2023
    Posts:
    79
    Hello everyone,
    Thank you so much for reading my post! I've been doing some research about hacking into games' leaderboards (high scores) and I've seen it mentioned a few times that because a good C++ decompiler does not exist, it can be a good security feature to use C++ as opposed to a language like Java which has a very good decompiler. Is this true? My apologies if I'm making some error here - I am still a beginner. If I manage to add some C++ to important parts of my Unity game will that be good for security? And on that note, does that mean that using Unreal Engine is inherently more secure than Unity?
     
  2. halley

    halley

    Joined:
    Aug 26, 2013
    Posts:
    2,274
    Security through Obscurity is not security.

    There are code decompilers for just about any language, and C++ is no exception. It doesn't take a 100% decompile to reverse-engineer your protocol and figure out how to game your leaderboard. Wireshark or other network sniffers can do half the job without even decompiling anything, and a weak decompiler will easily get them within range of understanding and exploiting your innermost secrets that you foolishly left on the client's machine.
     
  3. CodeSmile

    CodeSmile

    Joined:
    Apr 10, 2014
    Posts:
    4,975
    Security by obscurity is not a feature, and definitely not security. There ARE good decompilers for ANY compiled executable, period. It‘s just that the average developer would see these as hard to work with, but the hacker? Not so much, for them it‘s second nature. This is like what Unity is to the average computer-challenged person. But we have no real issues working with this software.

    Security does not lie in the language, it‘s part of the system design. If you save the leaderboard locally to a json file and then you have a button „upload score“, everyone can edit that file easily before uploading and it does not matter the least bit if you used Assembler to program this part of the software.
     
    tomlugin100, Nad_B and Bunny83 like this.
  4. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    20,699
    I've had some success with LLMs (eg ChatGPT) reverse engineering binaries into understandable code. We're not yet at the point you can process a large executable but it's only a matter of time. Meanwhile skilled developers can do it by hand if for some reason they actually need the code.

    But this isn't a case where they would need the code.
     
    Last edited: Nov 26, 2023
  5. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    10,010
    It also doesn't really matter.

    Anyone who is going through the trouble of decompiling code is going to know their way around a debugger. They're going to step through the whole process to figure out what's going on. As everyone else has mentioned, this is just security through obscurity, not actual security.

    I harp on this a lot, but it's the same as people who desperately clamour for code obfuscation while not being even a little familiar with how obfuscation works and the purpose it serves. Similar to a lot of DRM, it is an industry that exists mostly to justify itself rather than provide a valuable service.
     
  6. Apparently it is that time of the month again.
     
    Antypodish and CodeRonnie like this.
  7. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    13,483
    Here we go again.

    Your leaderboard is a database stored on a backend. Hacking it requires figuring out how backend accepts score submissions, then submissing a bogus one. It is language agnostic and C++ won't help you here.

    "Obscurity is not security"
     
  8. tomlugin100

    tomlugin100

    Joined:
    May 6, 2023
    Posts:
    79
    Thank you everyone for your great answers. What I was thinking of doing is encrypting my high scores in C++ before sending them to a cloud server, where they are decrypted. @neginfinity So then the hacker couldn't submit a bogus one because it won't decrypt since they don't know the encryption key. That's unless they can see my source code. But based on the answers I see here, a hacker could figure out the encryption key even from complied C++ code, is that correct? Thank you for your help!
     
    Last edited: Nov 26, 2023
  9. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    20,699
    C++ isn't an encryption scheme. It's a programming language.

    Said hacker would just modify the score before it's encrypted.
     
    Ruslank100 and Murgilod like this.
  10. angrypenguin

    angrypenguin

    Joined:
    Dec 29, 2011
    Posts:
    15,601
    Absolutely. It doesn't magically disappear when you compile your C++. If it did then your executable also wouldn't know the key and also couldn't send valid messages to the server. At best, during compilation the key changes format. Anyone half decent at hacking will be able to identify it and convert it back to whatever else they need.

    With that in mind, you may think that you could obfuscate things further. For example, split the key up and spread it through different parts of your code, and re-assemble it only when you're about to use it. The issue here is that no matter what you do, if your executable can do it then so can a hacker, by just examining how your executable works. And remember, they practice this the way we practice programming. Whatever you think you can do, they can probably undo it faster.

    The basic rule when receiving data from other devices is this: no data or algorithm stored on a client's device is trustworthy, ever.

    If that's a problem then you can't just code around it, you need to fundamentally design around it so that the important stuff is only ever on devices which you control. That's one part of the reason that so much software includes online components these days.
     
    Ruslank100, tomlugin100 and Ryiah like this.
  11. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    20,699
    For example by transmitting information (eg the actions the player took to accomplish the score) that the server can use to determine if the score was legitimately obtained or if they just modified a variable. That makes it much more difficult for the hacker as they now have to figure out all of the steps to mark their score as legitimate.
     
    tomlugin100 and angrypenguin like this.
  12. tomlugin100

    tomlugin100

    Joined:
    May 6, 2023
    Posts:
    79
    Maybe I worded the sentence poorly. Of course C++ isn't an encryption scheme. I meant it as write the encryption code in C++.
     
  13. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    13,483
    Yes, absolutely.

    Basically, submitting score is a system call, which is very easy to locate and gives you a huge clue about where to start looking for the encryption route.

    But. They can also simply alter the score itself while the program is running without ever looking at the disassembly.

    Is the score stored in the memory in encrypted form?

    Basically, it is an uphill battle that is escalating in difficulty. The difference is that each step prolonges the process for the hacker, so it is no longer one click.

    The simplest way to do that would be making a dll and dll basically screams "hey! I'm here and I'm definitely doing something important!". Dlls also declare all functions they contain in a table. Which people can read. Basically, it is not bulletproof.
     
    tomlugin100 likes this.
  14. tomlugin100

    tomlugin100

    Joined:
    May 6, 2023
    Posts:
    79
    Thank you all, I believe I now understand the hopeless situation of leaderboards much better
     
  15. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    10,010
    Okay, so what?

    As we've all pointed out so far, C++ isn't going to save you here. You can write the encryption code in whatever language you want but as Ryiah said:
    Nothing you've said so far is a solution to the problem you're describing. Here's what you need to do:
    • Verify as much as you possibly can on the server itself. Some things you'll be able to do simply through testing and finding theoretical maximums that, if passed, flag a score for review
    • Moderate your leaderboards
    The second one is going to be the most effective, most important part. You can't automate this process away entirely. You're going to have to pay attention to the leaderboards, you're going to have to remove bad scores by hand. You might even want to have some sort of demo that records the play session data as you can and upload that along with the scores themselves.

    You can't just handwave this problem away, you have to be as active a participant in how your leaderboards work as your players are in submitting scores.
     
    tomlugin100 likes this.
  16. angrypenguin

    angrypenguin

    Joined:
    Dec 29, 2011
    Posts:
    15,601
    Why do you say "hopeless"?

    Last time I built a leaderboard I designed around all of this stuff. I didn't even bother to try securing the comms any more than was required for standard privacy stuff.

    First step is to be clear about why I wanted leaderboards. The answer was "I want to encourage repeat plays by showing people when their friends beat them".

    So then, each person's scoreboard should only show themselves and friends. That immediately stops the other 99.9% of the player base from being relevant, whether they're cheating or not.

    With that in mind "security" wasn't even a consideration. Instead, the time and effort went into figuring out how to know who a player's friends are (we integrated the target platform's social features) and some relatively simple code to create unique leaderboards per player which just showed their friends' scores. It then didn't matter what was happening at the top positions on the global leaderboard because nobody who mattered was ever going to see them in that format.
     
    neginfinity and tomlugin100 like this.
  17. tomlugin100

    tomlugin100

    Joined:
    May 6, 2023
    Posts:
    79
    I hadn't given that much thought. I think that is what I will do as well. You're right - it's not so hopeless :)
     
    angrypenguin likes this.
  18. angrypenguin

    angrypenguin

    Joined:
    Dec 29, 2011
    Posts:
    15,601
    You're not alone. Most people jump into how to do something and implementation details, without thinking through why they're doing it and whether there might be a fundamentally better approach to solving the same problem.
     
    Arithmetica and Ryiah like this.
  19. Antypodish

    Antypodish

    Joined:
    Apr 29, 2014
    Posts:
    10,706