ScriptableObjects vs BinaryObjects - security concerns

Hi all!

for my 2D game, which is going to be playable also offline, I am trying to find the best possible solution to store and load important/sensible data (like current level, items posessed, xp) in Unity. I know that soon or late a game will always be cracked, but I don't want to make that an easy process, at least.

So my question is: how secure are scriptable and binaryObjects in comparison? Can I store my prefabs as ScriptableObjects and store their HP(health points) there as a property in an attached script? Or is it better to extract HP and store it in a separate binary file, which is loaded on starting the game and setting the HP for the prefab (and all other prefabs) on init?

Thank you for any ideas and advices! I kinda miss a "best practice" solution here.. in case there is one?

 

I believe the consensus from previous threads of this ilk is that it's not worth the time/effort to try to lock down non competitive single player experiences given the relative ease of "cracking" the game compared with the added code management overhead/design time taken to "achieve" anything.

I'm curious as to the specific technical answer to how the ScriptableObjects shape up in that regard though...

 

The thing is, the game is going to be competitive (that's the online mode) -> only when online a player can enter an "arena" for a competition, where his score is measured for the ladder.

Usually, that kind of probs are solved with extraction of game logic to a (distributed) server (farm) - but I don't have the ressources($$) for a server side computation of game score.. Don't think that Google Play Game Services will help here!

So I am even ready to make the whole game all time online, if that would preserve the security of the game. If a bit more complex architecture of the game (using BinaryObjects and ScriptableObjects) would help here I am ready to use them!..

 

Nothing you can do can stop a 12-year-old with unlimited time and the will and skills to pick through your code byte by byte until he figures out how to get it to do what he wants.

Don't waste your time. Focus on the game, focus on finishing it and getting it out there. That's the easy part. Getting players is the hard part.

 

If your data is entirely client side it would only take a couple minutes for an experienced "cheater" to find static addresses in memory and paste them into a trainer. Serialization and even client side encryption has nearly zero effect on security. The only way to secure data is to make an authoritative server.

You should have the income to rent a basic dedicated server($50-70/month) by the time you have enough players that cheaters start taking notice and effecting your game.. An authoritative server framework is a requirement for any respectable competitive online game and should not be overlooked

 

Thank you all for the responses! They do help!

Just short about my game: imagine the classical worm or snake game, where the items, that the snake eats, move in a random manner across the field (it's more complicated, but that is the maximum simplification, just to get the idea).

So right now, I wonder if it's worth it to use BinaryObjects at all. Still, I would like to have something like "daily" and "server" ladder and achievments just because people love to compete and it's fun! That means - servers! And long time I lived with the thought that Google Play Game Services is the solution for my simple "ranking" and "achievements". Until I read on their site about the request quota limitations..

Don't get me wrong, I am a programmer (though not a hacker) and I am not scared to code. But authoritative servers is the part where I have NO CLUE where to start:
- How should I split my client code, what to implement on server side - code convention, best practices?!
- Where can I rent authoritative servers? What are the big and reliable players here? Can you help me? @jimroberts ?

 

You wont be able to just rent a server and expect it to work. There is a lot of programming involved in creating an authoritative server framework... You need to decide what data needs to be protected and allow only the server to manipulate it. Your game client should be sending input to the server and the server should return a result. Depending on the complexity of your game this could be a very long and difficult task.

There are many server providers like OVH.