Hello,
I’m making small webgl games and I sell licenses to gaming websites (currently only coolmathgames).
I use a script that prevents my game to be played on unauthorized websites, so it was quite surprised to found it HERE.
My script is inspired from the one coolmathgames sent me. I just call Application.Quit() to stop the game while coolmathgames is redirecting to their site using a jslib. I though that it was better not to use a jslib as they are easier to modify than the webassembly file.
I tested my script and it seems to works as intended. It doesn’t prevent the game to be iframed, though.
But the site that “hacked” my game didn’t iframed it, they are hosting it on their own servers. It should not be possible with my script. I don’t know how they did it. I didn’t found anything obvious on their site.
Obviously as the authorized domains strings are serialised somewhere in the game data, it is possible to edit it. But I didn’t think that they would bother doing that. I’m not sure how to do it myself, so I wasn’t able to check if they did it.
Here is my script
public class SiteLock : MonoBehaviour
{
public string redirect = "https://mysite.com/";
public string[] domains = new string[] { /* My urls here*/ };
private void Start()
{
#if (UNITY_WEBGL && !UNITY_EDITOR)
if (!IsValidHost(domains))
{
Application.Quit();
}
#endif
}
private bool IsValidHost(string[] hosts)
{
foreach (string host in hosts)
if (Application.absoluteURL.IndexOf(host) == 0)
return true;
return false;
}
}
Does someone know a way to sitelock a game that is more reliable than my script?