Anti-Cheat and other things i Unity Games

Hi,

first of all: Im new to Unity, im not a Game Developer, nor i have any experience with Unity. I bought 2 Years ago a Book for Unity 4 that i started, but never finished. Just after a while Unity 5 was released and People say, that some Parts of the Book for v4 is now deprecated and in special with 2018. As i read, the API in Unity seem to get deprecated with each new Version. They add new things and within a Update they are removed/changed.

I want to make a Game, competitive Shooter, at least thats my long-time Goal for the Future. Working since quite a while on a Concept. But for now, i want to get into the Stuff in the first Place. One of my concerns is the Question a lot may asked themself: Which Engine.

I occupy with Unity since a few Days and ive noticed, that it seem not possible to protect the Game from Cheaters. For a Singleplayergame its not such a big Deal when a Player spoils his Fun, but Online is a bigger Issue.

The Anti-Cheat-Toolkit seem to be entirely removeable, ive seen a Youtube Video. The .net Framework is the other thing im concerned, not just because of Unity, about the Framework itself, because a Assembly is more or less Opensource. Especially with Tools like Reflector, ILSpy etc. With DevX, seem so, that their Obfuscator cant be purchased anymore.

Client-Side checks can be patched, so using ACT seem to be useless.

Then ive seen, that there is a gerneric Aimbot/Wallhack…

Another Problem is piracy. Some of you know, that Two Hospital used Denuvo and was patched by replacing a DLL. Nice Copyprotection, seem to work only when its compiled into the Exe. Obfuscators are not a real Solution, they just make it harder. Classes, Variables etc. may be renamed, but the Code/Logic can still be seen and a experienced Programmer can read/understand the Code anyway.

So im wondering if its possible at all to prevent Cheating. Which Options are avaible to prevent those things as good as possible? I know that it cant be 100% avoided, but at least to make it as difficult as possible, but with generic Hacks that work for all Unity based Games :-/

Give people system to report hackers and hire someone to scroll through these reports.

Worry about becoming big enough for cheaters first, worry about cheaters later

That said you should offcourse do the low hanging fruits when developing your game. For example validate shots on server etc.

Makes sense to some degree, but better be prepared and with a Unity Game and C#, it wont be a easy Task.

C# or native code doesn’t matter. Both are executed on the client and can be tampered with. If your game gets popular enough cheats will emerge even if its native

The fun part is when your monetization depends on in game purchases or microtransactions. Hackers are able to get all of them for free.

Cheating vs anti-cheats is not really a question of which engine or which language. Regardless of those choices, cheat prevention has to be designed into the game. This is true of every game engine and every language. If that is not obvious, then I suspect you might not be ready yet to build a big competitive shooter. I would recommend starting small. Build a few simple games as learning projects. If you are unsure of which game engine to use, then I recommend building a few simple games in each game engine you are considering.

Every popular competitive online multiplayer game will suffer from some cheaters. For example, PUBG (UE4) and Counter-Strike (Source) are both popular and suffer from some cheaters, and neither one was built in Unity.

You answered your own question.

Piracy isn’t a problem because people who actively pirate games aren’t potential customers. They won’t just buy your game if they’re unable to pirate it. That’s a fallacy that the big studios like to throw around but it simply isn’t true. Likewise there really aren’t people who “pirate to try the game out”.

If anything you might be chasing away potential customers with complex anti-piracy measures. GOG’s main claim to fame is that it doesn’t have anti-piracy measures and then there are the problems that often come with advanced solutions like being unable to play the game if it’s a little off on it’s detection methods.

Don’t jump into game development with a competitive multiplayer game. That would be like trying to make your own car from scratch, and deciding you’re going to make something with the performance of a McLaren. You’re going to fail. You need to start with something comparative to building your own go-cart instead of a high performance super car. A very simple single player game is still going to take 6 months or more of your spare time for you to get to a polished enough state that you should consider publishing it for example. You’ll learn a lot along the way building something simple that will save you a lot of trouble when you go onto your dream project that is exponentially more complex and time consuming.

That said, generally the best way to prevent cheating in a multiplayer game is to never trust input from the client and do as much as possible regarding managing the game state on the server. This unfortunately is next to impossible on a twitchy competitive shooter like a Call of Duty game, because even today’s fairly low ping times are still too slow for many functions the game needs. So the client has to be trusted in some cases, which opens up the game to cheats fairly easily wherever the client is trusted. You’re then stuck with looking for patterns on the server in client inputs that are suspicious or should be impossible.

As far as using ILSpy or removing anti-cheat packages, that becomes more difficult when compiling using IL2CPP instead of Mono. ILSpy can’t even be used when compiling using IL2CPP for example.

But cheating is only a problem when your game has become popular and successful. Yeah I would think about it, and maybe take some effort to design your game to minimize cheating from the start, but I wouldn’t put a huge focus on it without ever even completing a game in the first place. Worrying about cheating at this point in your indie dev career is like worrying about how you’re going to invest all the millions of dollars your game is going to rake in, where are the best interest rates, how do I avoid capital gains taxes, etc. You’re putting the cart before the horse.

Our multiplayer shooter only has two anti cheats shots are validated on the server, and we check the clients potistions if they are valid. If they are not valid we move them to last valid position. We also keep ammo count on server etc so you cant tamper with that state.

I think thats some low hanging fruits you can start with

Errm, there is a difference when you use a Engine that compiles into Native Code or a Engine that has its Scripts based on .net Framework. There is a difference when you load a EXE/DLL into da Debugger and to see the Assembler Code, or to use a Decompiler like Reflect to load a Assembly and see (almost) recompileable Sourcecode.

With .net you might could use a Obusfactor and mangle Methodsnames, Strings etc. But the Logic behind it, is still visible through the Decompiler. The Obfuscator will make it more difficult to read but not impossible. I know that Cheaters will always find Ways to create Hacks and that there is no Way to prevent it 100%.

With native Code you can use DRM or Protections like Denuvo (hated or not). With a .net based Game, this is not possible. As i wrote before: Two Hospital Game was protected by Denuvo and it got cracked by replacing a DLL. If you compare that to AAA-Titles that use Denuvo, the Game might be cracked one time but when you make Updates you can change it again.

Of course Denuvo and Anti-Cheat are different things, but i ment this with the Aspect of ‘protecting’ the Games entrails.

.net is “easier” to decompile and Hack - compared to native Code. For Native code you still need knowledge of Assembler and Reverse Code Engeneering and a proper Toolset (Ollydbg, proper Plugins, Scripts, or a Debugger like Ida).

You might could hook your own DLL into the Games Process and make some Sort of Api-Hook to hook the Renderer Stuff where they could inject Code to draw Rectangles around Models. (for Aimbot etc.). But even this could be removed or Patched/Bypassed.

Did u actually spend time reading my first Post? I wrote, that the Shooter is for the long-time Goal, there is no Line where i wrote, that i want to begin with it. This is stupid so start unexperienced such a Project, even i know that. Some People may did that, had succcess, because its a neverending Challenge, but can increase the frustration level very quick. Then you either keep trying or you give up. So, better start with small things. Thank you anyway for your Advice, even when im already past these train of thougts.

With Sourcecode of the Engine, there should be Ways to make it harder, but who can effort Unity Source? People might end using a different Engine where the Source is avaible without paying a Fortune. Unreal is avaible for free.

With a normal Unity License it seem not to be possible (at least in a way it makes sense) and nobody here proved me wrong or hinted Ways to protect a Game as good as possible. Again, there is no 100% protection.

It doesnt matter if a Game has to get popular in the first Place or not. This is a general Issue of a Unity based Game.

€dit
Fixed some Typos.

A determined hacker can and will hack any game regardless of which engine the game was created with. PUBG was built using UE4 and it has been successfully hacked over and over. Everything from aimbots, wall hacks, speed hacks, spawn hacks, and even flying cars in game.

I would flip this other way round. Encourage to cheat from the start and collect feedback. Then you will know, where the problems are, and you will be able fix over the time, step by step.

When possible, send only data to client, which can be visible / interacted by the player. What is behind a wall for example, should not be sen by a server/host to the player.

I would be interested in P2P solutions, where all data is shared between players. Then you can check across players for any discrepancies. This may be complex solution, but is doable. This method has potential issues with only 2 players, or if alt accounts are in game too.

I don’t think hackers actually need encouragement. Hackers will start looking for ways to cheat in a game as soon as it becomes popular.

Is not that they need encouragement. You want entourage genuine players, as you get chance to get genuine feedback.

Hacker using hacks for their benefits, won’t be sharing loopholes, and you as dev, will be pulling hears off, how this things happening.

A lot of the hacks today are coming from a relatively new phenomenon of hacking games for profit. It used to be that people would create hacks and distribute them for nothing more than a bit of bragging rights, or just to watch the game burn a bit. Now hacks have largely become their own commercialized industry (primarily centered in one highly populated country for whatever reason).

These hack for profit developers are the ones you would really want testing your game’s susceptibility to hacks, but they won’t jump onto your game until after it has become popular. So during an early launch or beta period you’re only likely to get amateurs trying to hack your game who respond to your challenge, and then later once your game gets popular the folks who develop hacks for a living jump in who know exactly what they are doing and discover a whole lot more than you may have expected.

Of course ideal would be to hire a hacker, to hack you game and get feedback. But even as you called “amateur” hackers could save you from hours to days of work. Or basically any fun boy/girl, who is looking for challenges as you stated. Should not underestimate them either.

Other than that, yes I agree.

There are differences but they’re negligible for an experienced hacker and it only takes one experienced hacker to create a tool to bypass everything and make it available to the public. Everyone else who is less accomplished will just use their tool if and when they reach the limits of their own abilities.

At best you can only slow down the hacker and only for a short while. You can’t prevent them from achieving their goal.

Technically you can. Just don’t give them goal, by not getting popular
I had Follout Shelter game for short period of time. Is kind of idle game. But more pay to win, so you need pay some real cash, if you want get beyond certain point. Any way, game is buggy as hell. But I am of course not going waste time on paid idle game. It happens, that simple cheat by shifting system clock back and forth, allowed me bypass or IDLE concept. AND I made it quite a bit like action game
This is just example of simple cheat, without spending any $ on a game.

Other idle game was online. Wan’t bad, until certain point, where everything went pretty much into halt, dragging as hell.
Found the way to manipulate registers, so I could add practically inf resources, removing whole idle aspect

So plenty ways do bypass, no matter what you do. From simple hacks, registers manipulations, to cracks.

Minecraft had by default obfuscated java code. Different with each iteration of game.
Yet didn’t stop people to make huge variety of mods.