Is this a good secure way to load my game's items?

Or do you have a better idea?

My idea takes a similar approach to how minecraft forge loads its items. The items are hard coded into the game, leaving no files containing the item's stats that can me edited by a hacker (. Hackers in some games like unturned can modify a weapon's stats by opening it's base file in the game's folder and changing a few values).

In my game, the items are hard coded in, so that they can't be modified, unless you access the game's source code itself.

Here is an example:

Item Base Class:

Code (CSharp):

1. using System.Collections;
2. using System.Collections.Generic;
3. using UnityEngine;
4.  
5. [System.Serializable]
6. public class Item
7. {
8.     public string itemName, itemDescription, itemID;
9.     public List<string> itemTags = new List<string>();
10.     public int stackSize = 1, maxStackSize = 1;
11. }

Part of the script that initializes an example item:

Code (CSharp):

1.         Item pineLogs = new Item();
2.         pineLogs.itemName = "Pine Logs";
3.         pineLogs.itemDescription = "A pile of logs cut from a pine tree";
4.         pineLogs.itemID = "LOG_0";
5.         pineLogs.itemTags = new List<string>()
6.         {
7.             "Natural Resource"
8.         };
9.         pineLogs.stackSize = 1;
10.         pineLogs.maxStackSize = 20;
11.         database.addItem(pineLogs);

When the game launches it calls the function that contains the code setting all the pine log item's values.

I do not mind hard coding each item's values manually, as this is exactly the same thing I did when minecraft modding. But I want to know if you think this is a good idea. Thanks in advanced.

 

It seems like something that scriptable objects would be good for. You could then make a window in the editor to create a new item so that the non-programmers on your team could add them.

 

Doesn't matter where you put it: if it is on the customers computer or phone, they can hack it. Get over it. You are wasting your time trying to secure an untrusted computer. It is akin to attempting to make water NOT wet.

 

This doesn't really provide any protection from hackers. It makes your game a lot less maintainable though. Hackers can modify the data in your game's memory at runtime.

 

There is no 100% effective way to secure your game on the user's device.

 

They can access the source code using any decompiler. They will just open the Assembly-CSharp.dll and change the code.

 

If you want your data to be safe than make it online. Anything you store on the local machine of a client can be edited & manipulated. If you want your game to %100 safe from injections, making it online is the only way. Handle all the logic in your own server and use the client only for rendering. But if you are making a single player game this is just waste of a time + resources. Any code that runs on the client can be modified. It's way more easy than you imagine too. Even a 12 year old can do some basic memory modifications with tools like CheatEngine, it's damn scary lol

 

I don't think scriptable objects will work in this system due to the fact that item values change mid game. When an item spawns, it is cloned from the list of items in the itemDatabase class. When the player for instance, fires a gun, I only want the bullet count on the gun in the player's inventory to drop, not the original from the database.

 

Scriptable Objects are just data containers, they aren't editable in a build. They can only be changed permanently in the editor. Although you can always just create an instance of a scriptable object and use the one created in the editor as a template.

 

The fact that you can't edit them in a build does not make them safe from memory manipulation. That's not how memory works. If I know the address of any data stored in the memory I can even put the name of my grand mother inside there. Memory is everything.

It is possible to encrypt & decrypt the stuff you are allocating to the memory but that wont save you too. 1st: It is unnecessary performance lost as you have to wait for the encryption/decryption to finish. 2nd: You have to store that encyrption key/algorithm some where, what are you going to do? Encrypt the encryption key? Yet again that has to be stored somewhere locally...

Welcome to the age of cloud where everything you want safe is being stored in servers rather than local client machines. Any other suggestion is outright irrelevant and wrong.

Edit: It is even harder to protect your data with a language like C# which does not support manual memory allocation/management(Last time I checked).

 

I never suggested it did, just that so's may be a good fit for their use case. You'll never stop people from cheating in games.