Anti-Cheat Toolkit: stop cheaters easily!

Asset Store | Online Demo | Videos | API Reference | Discord | Support

Dear Unity3D developers, I’m glad to share with you my first Asset Store contribution: Anti-Cheat Toolkit (ACTk)!

ACTk will save you a lot of development effort hours and bring handcrafted years of anti-cheat expertise and experience.

Serves both as an easy to use out-of-the-box solution and as a powerful tool in a professional hand which can be flexible enough to complement any other anti-cheat measures you implement.

Regular price: $80
Or get in a bundle for a cheaper price!

WebGL DEMO

Common features

Protects variables in memory.
Protects and extends Player Prefs and binary files.
Generates build code signature for tampering checks.
Detects or allows detecting:
• non Play Store installations on Android
• speedhacks and wallhacks
• time cheating
• managed assemblies injections
Has Obscured Prefs / Player Prefs editor.

Read further to find out more about each feature.

Obscured Types :arrow_forward: tutorial

Keeps your sensitive variables away from all memory scanners and searchers.
All basic and few Unity-specific types are covered.
Detects cheating attempts.

Obscured Prefs & Obscured File

Protects Player Prefs and binary files from common cheating threats:
• identify and read sensitive data (encryption)
• tamper sensitive data (genuine check)
• share cheated files \ saves with more cheaters (device or user ID lock)

Obscured Prefs highlights**:**
• automatic data migration
• automatic crypto keys management
• simple generic API and more data types comparing to vanilla Player Prefs
• Player Prefs and Obscured Prefs editor window
:arrow_forward: Obscured Prefs tutorial

Obscured File & Obscured File Prefs highlights**:**
• background threads-friendly (to avoid IO hiccups)
• simple and easy to use Player Prefs-alike API wrapper
:arrow_forward: Obscured File & Obscured File Prefs tutorial

Code Hash Generator

Generates a code hash signature (both in Editor and Runtime) to compare against the current hash and make sure compiled code was not altered.
Provides hashes for both whole build and separate files in build (helpful for aab Android App Bundles).
Uses background threads to calculate hashes, keeping CPU footprint low.
For Windows Standalone and Android only so far.

Android App Installation Source Validator

Makes you aware from what source your game was installed, be it Google Play, Galaxy Store, manual installation via Package Installer or something else.

Android Screen Recording prevention

Allows easily enable or disable screenshot and screen recording prevention for most non-rooted Android-based operating systems.

Speed Hack Detector :arrow_forward: tutorial

Makes you aware of nasty cheaters trying to slow down or speed up your game.
Correctly reacts to the time glitches.
Allows to resist speed hacks with SpeedHackProofTime class.

Time Cheating Detector

Uses Internet connection to get reliable time.
Reacts to both incorrect system time and actual cheating during or between sessions, allowing you to catch people who change time to speedup long-term processes (like building process, energy restore, etc).
Works with weak internet connection.

WallHack Detector :arrow_forward: tutorial

Covers 3 common wall hack types:
• shoot through the walls
• walk through the walls
• look through the walls
Uses generic sandbox approach allowing to detect unknown cheats.

Injection Detector :arrow_forward: tutorial

Reacts on foreign managed Mono assemblies both injected at runtime or into the build on PC and Android.

Third-party plugins

• actions for Opsive’s Behavior Designer
• actions for PlayMaker (except obscured types due to PM limitations)
• works great with Simple IAP System to process & validate IAPs online with Receipt Validation service
• works great with Cross-Platform Native Plugins to save into the cloud, setup leaderboards and more!
• used in Lovatto Studio MFPS Anti-Cheat And Reporting addon
• used in Stan’s Android Native asset

Resist reverse-engineering threat:
• Protect IL2CPP build with Mfuscator

Compatibility

Supports Unity 2019.4 LTS and newer.

Works on all actual platforms including IL2CPP builds with few limitations:
• Windows Standalone and Android are supported by Code Hash Generator at this moment.
• Injection Detector supports Mono builds only since IL2CPP can’t have managed injections.

Documentation

API Reference
• Readme.pdf User Manual (included in the package) with samples, additional details and helpful pro-tips

Overall highlights

Easy to start:
• detailed User Manual with examples and tips
• examples scene
video tutorials

Easy to extend:
• full API Reference
full C# sources included!
• explore, learn, extend and build fully customized anti-cheat solution for your games!

Support and updates since 2013 :heart:

Skilled and motivated cheaters can break any protection, and thus it’s not guaranteed your game will be 100% safe from all cheaters if you’ll use this toolkit. Though, massive “casual” cheating can be eliminated for good.
Where to go from here

Like it? Hate it? Leave a review at the Asset Store to help others to make a good choice.

Need support, have any questions, suggestions or any other feedback?
Here are options for you:

P.S. No holy wars about cheating/hacking protection methods please :stuck_out_tongue:

Asset Store | Online Demo | Videos | API Reference | Discord | Support

1 Like

I already used ACT with my games, and I can only say it’s awesome. Incredibly simple to implement, and very effective :slight_smile:

1 Like

Thanks for your feedback, Daniele, as always! :slight_smile:

Maybe upload an example project (the button one is enough) to test it?

Sure, you can try it here: http://codestage.ru/unity/anti-cheat/demo/

Version 1.0.0.7 is sent to Asset Store team for review!

New in 1.0.0.7

  • Fixed error in ObscuredString (now it works in WebPlayer without errors).
  • Fixed error in ObscuredFloat (now it works in WebPlayer without errors).
  • ObscuredFloat is memory wiser now.
  • ObscuredFloat.SetNewCryptoKey() accepts int now (was long).
  • Added changelog :slight_smile:

And I created a small page for ACT with changelog and some extra info: http://blog.codestage.ru/act/

Sounds great,

But how does it work on mobile (iOS, Android, Windows Phone, Blackberry)?

Thanks,

Hey, Crazy Robot!
It should work on mobile same as on desktops - I’m trying to keep it platform independent! :slight_smile:
Some additional testing is still needed though (I tested it on Android mobile platform only so far, but it should be fine on iOS and all other mobile platforms as well).

1.0.0.8 is out!

New in 1.0.0.8

  • PlayerPrefsObscured now able to lock saved data to the current device. See PlayerPrefsObscured.lockToDevice field description in API docs.
  • Improved PlayerPrefsObscured stability and obscuration strength (use Get*Deprecated() methods to load data, saved with ACT 1.0.0.6 or earlier)
  • PlayerPrefsObscured now has own encryption key. Use PlayerPrefsObscured.SetNewCryptoKey() to change it from default value.
  • Created home page for ACT: http://blog.codestage.ru/act/

Asset Store guys can’t overtake me :stuck_out_tongue:

P.S.: Yey, demo video got 100 views on YouTube! :smile:

Latest 1.0.0.9 update was approved at Asset Store (finally)!
It includes one tiny yet important fix:

  • Fixed data loss in PlayerPrefsObscured (use Get*Deprecated to read data saved with ACT 1.0.0.8 version)

What happened with ACT on the Asset Store? Where I can find this tool?

Hey, mrbroshkin, ACT was removed from Asset Store accidentally, I’m working on this issue, sorry for any inconvenience.
Feel free to subscribe to this thread - I’ll post here as ACT will be restored.

Thank you for your interest in ACT.

Hey everyone, I’m glad to let you know, issue with ACT availability is fixed now, Anti-Cheat Toolkit is available for purchase at the usual link in Asset Store (https://www.assetstore.unity3d.com/#/content/10395/)!

Hi Dmitriy,

Great project, but before I download it, I’d like to ask a question about iOS export compliance: if I integrate your plug-in into my app, will I have to get permission in order to export my app? You can find details here: http://stackoverflow.com/questions/10973567/what-constitutes-encryption-for-the-purpose-of-export-compliance-e-g-in-app

Thanks in advance, if I can get a good answer, I will be able to switch over from SecurePlayerPrefs and/or CryptoPlayerPrefs (I can’t seem to find any information on whether or not either one complies with US cryptography export regulations).

MachCUBED

Hey, MachCUBED!

Current Anti-Cheat Toolkit version have simple and fastest possible symmetric encryption with key not exceeding 56 bits implemented under the hood.
And this encryption is used to protect developer’s intellectual property by hiding from hackers and cheaters sensitive information.
These facts should claim exemption from the review accordingly to the information from page you linked to. Well, I think so, but not sure for 100%.

Anyway, I’m open for discussion and will be glad to fix any issues you may encounter with my plugin while using it (even after buying, cough).

BTW, I’ll spoil a bit upcoming update - it will have additional hashing implemented (not encryption) to allow you “sign” your assemblies in Unity IDE (prob automatically, after Assemblies reloading) and check if assemblies are genuine at runtime just like you do with Application.genuine on iOS, but it will check assemblies only (if regular Application.genuine is not available) on desktops and all (I hope) mobile players (Flash Player and Web Player dismissed here, sorry), allowing you to react on cheaters, trying to alter your assemblies. It’s WIP, so I’ll post here more details about it as update will be ready for public.

Please, let me know if you have any further questions on my plugin, and thanks for your interest in ACT!

Anti-Cheat Toolkit 1.0.1.0 update is ready and was sent to the Asset Store team for review (and ready for download by any customer)!

  • Added Assemblies signing functionality * EXPERIMENTAL *
  • Fixed web player detection, now ObscuredFloat can be used in static conditions (thanks Andriy Pidvirnyy)

I’ll quote here piece of the readme.pdf about new feature:

In addition I’d like to mention any additional precompiled assemblies used in your project will not be checked for integrity ATM, this is possible to add in future updates.

Thank you for your response Dmitriy. For further discussion, I have found Apple’s own guide:

The information is under “Authorizing for Export and Indicating Legal Issues” on the linked page and provides further details on Apple’s export compliance. I am posting this because although your solution probably complies because it uses 56-bit symmetric encryption, you also said that you’re not 100% sure of the requirements.

MachCUBED.

I see, thanks for your addition.
I read about it a bit more and looks like all this crazy export stuff can be avoided using 7 byte or shorter keys for all Obscured variables to make encryption not satisfying for “symmetric encryption” as described in the a.1.a. of Category 5 Part 2 (of Bureau of Industry and Security Commerce Control List) thus not being threaten as “Information Security” in Note.4 a.1 of the Category 5 Part 2 document, thus allowing you to choose “Yes” for second question of the Apple’s Export Compliance survey.
Well, I think this is so, I have not enough lawyer skills to be 100% sure in this though.

I use keys <= 56 bit for all Obscured types except ObscuredInt (it has 64 bit key, I’ll shorten it in future version) by default. But I provide APIs to change encryption keys from default values for all Obscured types: SetNewCryptoKey(newKey), so just make sure you’re setting there short enough keys and you should be safe.

Actually I assume most users will use this API to change default encryption keys to increase their app security level a bit. Maybe I should add a kind of warning if default key is still not changed, I’ll think about it.

PS: If someone wish to obtain CCATS, here is a short guide for obtaining CCATS for your APP:
http://zetetic.net/blog/2009/8/3/mass-market-encryption-ccats-commodity-classification-for-ip.html

Latest 1.0.1.2 update is available at Asset Store!

1.0.1.2

  • fixed .meta files handling
  • moved Anti-Cheat Toolkit/Options menu item to the Window/Anti-Cheat Toolkit/Options
  • moved plugin into CodeStage directory (to compact placing of any future plugins I’ll release)
  • reduced ObscuredInt default key length
  • attempt to fix async assemblies reloading issue

1.0.1.1

  • Added assemblies signing process duration estimation
  • Fixed issues with Anti-Cheat Toolkit .dll import in Unity 4.x

Afaik it’s no big deal to answer the encryption question for the AppStores as long as you have registered at BIS SNAP-R Registration

More info:
http://tigelane.blogspot.jp/2011/01/apple-itunes-export-restrictions-on.html

I’m pretty certain the bis / encryption question system is just in place so the NSA has a nice register of apps to check without having to hunt for them;-)