I am developing a game which will post the users score to a server.
I have been reading all the posts about how difficult (impossible) this is.
I came across this tool UMPatcher People talked about trying it out, however I could not find anyone sharing their results? Does anyone have any experience with this tool they can share?
Also
I understand that the best possible method to prevent cheating is to move much of the game logic onto the server.
Does anyone have examples of how this can be effectively/practically done? Or assist me by discussing how I might build such an architecture.
What you need is not UMPatcher. What UMPatcher does is take your game and protect it from people who can de compile the games. I doubt thats what you are going to do.
Since I have more a security background than a graphic background I can tell you a few things about that:
You are right, total security is impossible, at least these days
This can be relaxed, since you donāt want total security but you want to protect your game from the majority of cheaters/players
Obfuscation (that is what UMPPatcher will do I suppose?) do not theoretically raise the security but it does practically, since it is harder to understand you application which is an essential part of ācheatingā among other things. So with obfuscation you just raise the bar of effort but you gain no extra security
Server side game logic is no really necessary. It depends on your type of game. In an MMORPG like WoW you will usually have a server side logic anywayā¦ But in an FPS game like Counterstrike, partial server side logic might already be enough. It would suffice to check if player command are within certain boundaries. Especially when you are using PhysX and other stuff, server side logic can get really complicated. So you will usually want to reduce server side logic to a minimumā¦
The reason why server side security is so complicated is the following: The easiest way would be to just run the game without rendering on the server, collect all inputs from player, timestamp them and broadcast them back to all players. Then you already got the problem of lagging to solve, which can be done via prediction, which is also not so easy to get right. But most importantly, the costs for such a server environment will grow rapidly and you usually want these costs to be kept at a minimum and this is where it gets complicatedā¦
But all this es very advanced and heavily depends on your gameā¦ I guess nobody can give you much insight here, since it is a broad field of scienceā¦ First figure out how much security you really need. And then reduce the server side game logic to a minimum. Or maybe it is even enough to do all this stuff in a player hosted way. You just use one of the players as host and do all the anti-cheat stuff there, which is pretty easy. But of course that certain player could cheat on his convenience but there are other measures to keep this probability lowā¦
I thought you were referring to thngs like anti-cheat engine and such. Because your title suggest this. Unless i interpreted wrongly. But what the saint1987 said is correct in some ways.
PS: This whole thing is also a question of popularity. Unless your game is popular like CS or CoD, the chance is pretty low that anyone will go through all this trouble, especially when you obfuscate your source. And also Unity itself might provide a reasonable obfuscation. I wouldnāt want to find out how to cheat any game BTW, but there seem to be enough guys out there who donāt know what to do with their time ;). But frankly, (I donāt know your game) first get your game popular, and then you can worry about these things, and then you will probably also have the resources to do it rightā¦
I think you have a valid point about multiplayer servers, apparently there was a C# game that used a voxel āMinecraftā style engine that was dropped because it was too easy for people to launch āpirateā servers and cheat in the game, so the developer dropped it.
I am not saying you shouldnāt do anythingā¦But servers side game logic is a very complex subject, especially when we are talking about FPS and not MMORPGS (where you definitely need it) and is kinda shooting squirrels with canonsā¦ After all he didnāt say what type of game he is buildingā¦
I didnāt know about the minecraft thing but honestly, itās his own fault. As soon as you see that your game suffers from cheating and stuff you should do something against it, and dropping the game is definitely the wrong idea, well though luck thenā¦ And some easy anti cheat is not that hard if you have some fundamental knowledge of security and hacking ^^. But it is nothing short enough to be posted hereā¦
Good Anti-Cheat is something that has costs big companies like Valve and stuff millions of dollars if not more and just by assumption, most users of Unity will neither need something like that nor is it economic if you pay only 1500 USD for an engine, but invest a multitude of that money in Anti-Cheat technology ;).