Is Cheating / Modding possible with dots?

firstly, burst compiler seems to obfuscate the code, when you attempt to decompile with dnspy would seem to impede you from trying to edit it


but also, if you use il2cpp, would trying memory editing scripts that do things like (player pointer + health offset) -> value = 9999 not work considering that its not an object so not stored sequentially and so there would be no way of knowing the location of player health in memory?

also since you're using entity to index data vs object pointers, wouldn't trying to figure out the player pointer in cheat engine not work since its not at all be deterministic? (ie using entity as an index would point to a random memory location each time the game is launched)

 

Yes. I constantly write hacks for our game to annoy my colleagues during playthroughs at after work drinks.

 

It's not burst, its the IL post processing that generate create Job from the lambda.

 

is this a unity thing or does using delegate signatures always do this?

 

Both, c# compiler generate a class with the lambda/closure as method and the closure parameter as fields. Unity change the compiler generated code with IL-postprocessing to use Job. I haven't looked at it more closely, so I don't know in detail what will be changed.

 

I don't think there's a good way to obfuscate the memory layout to deter cheating (and if there were, it would have huge ramifications on performance and engineering efficiency). You can put client-side anti-cheat software in place (eg VAC), but it's probably best to handle this at the server level.

 

There is a better way to look at/approach this problem.

All games have a limited number of things that actually matter. Where hacking would give some advantage. And pretty much all of those have well known correct solutions.

Fighting hackers on their own terms means you are trying to cover all entry points. You want to keep them from getting inside your house because once inside it's all open. And a game is this huge mansion with dozens of exterior doors and hundreds of windows and some you don't even know where they are. And it's dark, and you have a pot of gold in your house, and 100 people outside trying to get at it.

The house is lost. The only sane approach is you protect the gold more directly. A 1000 lb safe should probably do the trick. Not only that once the people outside know you have the safe, they stop trying.

See the difference?

It's actually easier to just do it right.

 

If you want to prevent someone using memory editing software like cheat engine you could generate a hash of your ecs world before updating any system and the next tick you compare the hashes to see if any data has changed. If you trim it done so that the hash only includes important data then it should be pretty fast.

 

And what stops someone just memory editing the hash

 

you do a hash of the hash

 

Which is totally timing/order dependent so easily bypassed.

There is always someone that knows more angles then you. You are just playing a game of whack a mole you can't win.

 

Turtles all the way down

 

I believe it should be trivial to make mods/cheats
If you know that there is a system that does X to Y component spouting out Z
You can make a W system that [UpdatesAfter(X)] and you write Z to whatever you want it to be instead based on Y value
For instance, a system that sets all PlayerHeatlh to 100 every frame is trivial, just add it to the game and it should start working seamlessly, I think

 

I'm assuming that the original question was an attempt to prevent cheating/modding their game... and I also see that everyone's response is "you can't win, so give up." (here and a lot of other places.)
But, my single question throughout all of this is:
What if the part that you are trying to protect in your game, is the part that makes the game fair for everyone playing it?
In that, a case example: having a (any level of) multiplayer fps. be it something as big as say, overwatch in 2017, or something as small as a lan-only game. The biggest issue is the "AimBot" cheat/mod. (For those that don't know - aimbot killed TeamFortress, and it's where one team all shoots directly up in the air, and somehow the other team all dies simultaneously.) Obviously, this makes the game that you downloaded/paid for/ etc., worthless and meaningless. I'd say that's a big issue... I mean, your game isn't going to get popular enough to become huge, if it's destroyed by 12 yr old script kiddies a month or two after launch.

which, in every scenario I have run, means that the only real, viable option... well, in unity at least (don't know about other engines) comes down to pay-for (pay to play) single player games. Mind you, I am not against modding. I just think that certain aspects of games shouldn't be modded...*ESPECIALLY* if the game is multiplayer.

 

Network games have ways to stop cheating. Either with an authoritative server or with deterministic lock-step. However at the end of the day in either case you will still need to run some anti-cheat code; to validate that the input you are receiving are valid. Some classes of cheats like wall hacks and map hacks are very hard to detect. Deterministic lock-step is more resistant to some forms of cheating, without any special code, but is especially vulnerable to map hacks.

At the end of the day hacks are prevalent in all popular games. You probably can only be reactive rather then proactive in most cases.

 

Best that I have found, Authoritative server, never trusting the client, etc. lol. But, that's only 1/10 of it. BepInEx (think I spelled that right) does aggressive injections, loads up before your own code does, and allows the modder to alter every aspect of the game. So... even with the Server Authoritative aspects, there goes in-game purchases, unlocks, etc. Are users really going to go to your website to buy things? wait for [whatever] dlc to download? I highly doubt it. And... there's also the fact that they can delete walls and see whatever the server has sent to the client to display... including Enemy Players. I guess that rules out any kind of competitive e-sport style game.

Anyone up for server based Pac-Man? Because shy of something like that, I am out of ideas of games that won't be immediately modded, hacked, and cheated. (I guess, what I am getting at is... when it's so easy to just destroy a game with freely available mod/hacks, why even bother?)

 

CD key type systems, like Steam, are secure for online play. If the server cannot authenticate your key then you cannot play online. DRM is also available for offline play but has not proven to be super effective. Trusted platform module 2.0 in windows 11 may change that.

With TPM you can hardware ban machines effectively, unlike MAC addresses that can be spoofed, and probably force CD keys for single player.
https://www.extremetech.com/gaming/...2-0-requirement-to-ban-cheaters-from-valorant

 

But with how open Unity is to being modded by the players, without any say by the developers... a person can bypass anything that we do, at least locally. Also, I highly disagree with what Riot is doing with Valorant. I mean, I get it -- you're game is F2P, so banning someone's account really is a meaningless thing. They will just make a new one, and continue on doing what they do and not think twice. Heck, MiniNinja on Blizzard's gaming platform did that and bought games repeatedly, as he would get banned for everything very frequently. (There's now 20+ MiniNinja accounts, and all but the last one has been banned for a legitimate reason.) Now that Microsoft owns Activision-Blizzard, and has pressed them into the F2P model, they need some way to make real misconduct have some measure of punishment. So that, I kinda get. Don't like the methods being used, though now I am even more happy that I run a linux machine...

Unity will load up any dll in the plugins directory indiscriminately, and the mods out there use that to give a listing of the entire source code to the user, so that they can bypass anything with the mod's use of injection. I mean, I 100% stopped development on one of my mobile games, because there was a near immediate mod to bypass all purchasing from the in-game store. To date, I have not made a penny off of that game. (And, it's still up on APK sites, even after I released a paid version of the game. Courtesy of Google's complete support of software piracy.)

I mean, a quick search gives you the understanding that anything that you make will immediately be ripped apart and completely messed with by a 15 yr following a modding tutorial for unity games. Be it a mobile or pc game... it will be hacked, it will be bypassed, it will be changed, and they will be cheating. This is 100% guaranteed. And that means that you cannot make anything that has a competitive element in it, such as esports, etc., as the first set of players will cheat... and you cannot have a fair, level competition. Yeah, you can do server side Key Unlocks for content. and that will disallow people to use your servers. But, it still makes it impossible to detect cheaters, as they will simply bypass any anticheat coding.

I dunno... I just don't want to pour my life and soul into a game that no one wants to play, because they don't have a chance in heck as everyone else is using 100,000 cheats in. I mean, You cannot even play any of the TeamFortress games because if you do at least 5 other players are using a cheat that allows them to shoot straight up in the air, and two seconds later, everyone falls over dead *but* the cheaters. I quit playing it 3 games in... and I love Hero Shooters.

And the only ones that can make a change to this idiocy are the people that decided that Code Injection was a brilliant idea! Well, them and Unity Technologies. Though I think that Unity Technologies might be a bit stumped on how to change the situation after Code Injection became a mainstream thing. Kinda also think that they hope that us devs "just won't notice" and keep buying assets from the asset store.

 

I am not really sure why you would be against TPM? I mean Riot was silly to broadcast what it was doing.

I guarantee that once games require Windows 11 developers will be using TPM and gamers will not even know. It should increase the cost of cheating to the cost of a motherboard + copy of the game. Script kiddies will get especially burn. They will not know what hit them or how to replace their motherboard. Not only that it takes hours to replace a motherboard and days to order a new one. So unless you are stocking a load of motherboards you are going to be feeling the burn. Many gaming motherboards are also not really cheap.

 

I'm mostly against the longer-term issues with TPM. I mean, I agree that it's a good hit to cheaters, and the ones that get banned for being horridly toxic.

On an interesting note, they made EAC free for developers to use, and it has a SDK for Unity. Though, I do find thinking about the stockpile of Mobo's funny. lol.

It just seems like that every time something to protect the other players is released, 50 people out there publish bypasses on youtube and github.

And really, imho, it's doing a disservice to the gaming industry to know that a simple google search, and someone can destroy your game. I still really believe that Unity needs to fix the automatic installing of any dll in the plugins folder, as that would at least make it harder for people... make it to where the editor registers the dlls at build time and refuses to *load* any others.

 

Ahhh, you're right. my bad.

fixed.