I have a multiplayer game which performs logic and validation server-side. However, there are client-side properties (ie physics - mass, thrust, angular drag, etc) which are defined in C# classes which could be edited via a hex-editor (see FINAL FANTASY IV How to hack the auto battle speed multiplier for an example.
Has anyone tried precomputing a hash of GameAssembly.dll, and then validating this hash in the game client via a remote server? What pitfalls did you run into? Of course the check itself could be modified via a branch in compiled IL2CPP code.
For the professionals who do try to block cracking, what approaches do you take?
While it seems like you have considered a lot of the problem space, the underlying problem that the user is on an untrusted problem has not changed.
Here’s an example of how much effort and money professionals (in this case Valve) are dedicating to anti-cheat:
Meanwhile this is my standard blurb, aimed more towards people endlessly wasting their time on it:
If you’re concerned about the user ‘hacking your save files,’ or ‘cheating in your game,’ just don’t be. There’s nothing you can do about it. Nothing is secure, it is not your computer, it is the user’s computer. If it must be secure, store it on your own server and have the user connect to download it.
Anything else is a waste of your time and the only person you’re going to inconvenience is yourself when you’re debugging the game and you have savegame errors. Work on your game instead.
Remember, it only takes one 12-year-old in Finland to write a script to read/write your game files and everybody else can now use that script. Read about Cheat Engine to see more ways you cannot possibly control this.
The good news is that most likely nobody will care enough about your game to bother, so you’re safe.
And as far as stealing your code or assets, don’t bother trying to stop that either:
I appreciate your thoughts and consideration. As stated, it is an online game. There are no local save files and the majority of state is managed and validated server-side.
To be completely honest, I kindly disagree with your position — in a multiplayer game it is important there are barriers to minimize hacking.
I think calculating hashes of game files and validating them with the game server is a sensible step. With this said, I am curious to know what other Unity devs have tried.