Search Unity

Code injection

Discussion in 'Scripting' started by Sly88, Feb 8, 2021.

  1. Sly88

    Sly88

    Joined:
    Feb 22, 2016
    Posts:
    73
    hi guys,
    Do you know how to detect code injection? I use il2cpp and I would like to know if someone tries to use injection in my app.
     
  2. Kurt-Dekker

    Kurt-Dekker

    Joined:
    Mar 16, 2013
    Posts:
    20,166
    Sounds like a question better suited to a hacker forum.

    This forum is for Unity scripting and making games, not fruitlessly trying to stop eleven year olds modding your game.
     
    Joe-Censored and Suddoha like this.
  3. Antistone

    Antistone

    Joined:
    Feb 22, 2014
    Posts:
    2,813
    Code injection usually refers to a security problem where you take some user input at runtime and interpret it as executable code, which allows a malicious user to make you run whatever code they give you. This...doesn't obviously have anything to do with il2cpp?

    The usual example is that you use some input from the user as a parameter in some database command (like SQL), and you expected the user to enter some ordinary string like
    robert

    but instead they entered a string like
    robert'); DROP TABLE Students; --

    But if you just splice their string into your query without checking, then you've just unwittingly allowed a clever user to run arbitrary commands on your database.

    The solution to this problem for most programs is "very carefully never do that." If you have to use any form of outside input when creating an internal command, then either validate or escape the input first. (Libraries for things like SQL will often have built-in commands for this sort of thing, specifically to help you prevent code injection attacks.)

    But you generally shouldn't try to "detect" code injection except indirectly. That is, instead of asking "is this an attempted attack?" you should ask a question like "can I absolutely prove that this input is completely safe?" and if you can't then you shouldn't use it.
     
    Joe-Censored and PraetorBlue like this.
unityunity