Hey all, I hope this is the right place to post this. I posted this in the answers forum, but deleted it after reading the faq as this may be more of a discussion.
Regarding the built in unity networking (and networking overall)…
Question 1 - Related to network security, what should I be aware of? Player launches game, logs in and through www I verify, players enter a lobby that shows all available games which are being hosted by one client (listen server), player enters listen server and now the host handles things. Since the host talks directly to the clients, and since I have to assume there will be those that look at my games source code and hack the game, what exactly could the host do? Im sure he can probably instant kill all players, move them to where ever he desires, never die, etc… However, can he do even more harm outside of the actual game? Can he gain full control over their pc, send some virus through the game, etc…? With listen servers, sometimes the players need to port foward. What risks are they at if they port foward for my game? What recommended port should I use or avoid? Could trojans on those ports now infect their computer through my game? If so how can I protect them? Do they need to be on my game for the port to do harm, or is just having the port always open enable hackers to put stuff on their computers regardless if they go on browsers or other programs? Im fine with there being a hacker in the game that doesnt die, but im not fine feeling responsible for my players recieving viruses and such.
Question 2 - As stated in the above question, I plan on having a listen server type setup, however, is there a way to have the clients connected directly to the host still contact the server on special occasions during gameplay (without going through the host). Example : players see that the host is a hacker, players all vote to kick the host (host migration happens afterwards). If the host handled the kick system, he could hack that to be unkickable. I want the kick system to be ran by the server which all clients can talk to directly. Is there a way to do this? Could this be done through www maybe, so that after a certain amount of votes the server through www then blocks the user access back to the same game.
Thank you for replying!
You say “if” he can, but isnt it a definite “yes” he can? He can just change the games code to run debug features. I would love some more info on what debug can do to help compromise ones computer. Also, by server application you mean something like unity network or photon? If he crashes it, doesnt he lose connection? Player joins lobby and talk to the unity network master server. Once he creates a game, he no longer is connected to the master server and is now the host and all players can join him. If the host crashes his server, isnt all connections lost? How does this help him hack or send a virus to their computer?
In reality, unless you have a very successful game, hacking should not be a problem for you (although it may be!) You should always plan for hacking, but generally you need a fun game that people want to spend the time hacking. Either that or you pissed someone off and they want to mess with your game for fun.
Some general rules:
Do not trust clients to do anything. This is what it means to have an authoritative server. Everything from physics to player location to player stats, etc, should come from the server if possible.
If using a peer-to-peer game, #1 is impossible. In these scenarios the best thing you can do is obfuscate your code and/or use tools like PunkBuster.
In the client-server model, clients can only do what you let them do. They can’t send a virus to other players unless you let them send executable files to other players (why you would do this is beyond me.)
Expect clients to try and overflow your server calls, forge packets, etc. For example, they may send SQL in-line with the user-name to attempt to take over your database. There are thousands (millions actually) of hacks possible.
Use SSL if going over HTTP(s).
I can’t even begin to scratch the surface here as multiplayer game security is a VERY in-depth topic.
Listen servers are client-server models, except the server is one of the players. Of course i wouldnt put in my game code “send executable file to clients”, but cant the host change the code to do that?
Also keep in mind that I do not care if there are hackers cheating in my game. What I care about is every players computer security.
I can see how it would be a big topic. Is there anywhere you recommend someone can learn about it?
A host can send any old data they want to the clients, but the clients would have to be modified to actually respond to an executable packet.
The biggest security threat to your users is, as always, your users. Computers are hard to hack, but humans are easy to manipulate. Modern cybersecurity is more of a psychological science than computer science.
What about the open port problem. Some users will need to open ports to play online multiplayer games. If the port is opened, and since the host can see all players ip, can he abuse this in any way? Im not exactly sure on how things work so this may not be possible, but can the host/hacker send something directly to the ip through the port, bypassing their firewall and such, and hacking their computers? If so, is there anything I can do?
A player will always be able to hack their own client to do weird stuff, that is a given and out of your control. What you want to make sure of and is in your control is making sure an unaltered client that you distribute to the honest players of the game does not do unexpected behavior when it receives weird stuff from that hacked client, like return personal information, launch a network attack, send spam, etc.
There are of course then vulnerabilities that may exist in your external libraries you include with your client, within Unity itself, etc. Those would be much trickier for you to discover and probably not worth worrying about as they are largely out of your control beyond notifying the authors. This is a good reason to only use assets that provide source code however, so you can verify they are safe.
An open port is not a vulnerability by itself, the attacker has to be able to exploit the application running on that open port, in your case the Unity client. If your client is secure then the port being open does not open up any sort of vulnerability.
Is there anywhere I can read up on such protection for the clients?
Would I have to sanetize all data (not just data relevant to php or sql)? For example : is there any way data such as
Application.OpenURL (“http://site with virus/”); can be sent from altered client code? Almost in a cross site scripting (xss) type way?
If you have anything that accesses the local environment such as reading/writing files, spawning applications, etc. this should be sanitized if it takes parameters from other clients/servers.
If you are asking if it would be possible to force it to spawn a application when such a call does not already exist in your code, well the answer is “maybe” but that is out of your control as it would be a flaw in Unity itself, something like a buffer overflow etc. Or maybe you write files using the client’s name as the filename, what happens if they manipulate that so it causes a important system file to be overwritten, etc.
If you’re interested in secure coding practices I would probably start by getting familiar with OWASP and the top 10 list, make sure you are in compliance there. There are tons of books on secure SDLC but I don’t have any particular recommendations.
Not sure as to what you mean, perhaps you can elaborate?
Is there a way to disable the application.openurl or not have its code work at all even if a client changes his own files and inserts application.openurl into it somewhere? Would unity just not include any of the application.openurl code when compiling the game if it was never used?
I think you are overthinking the second question, if the hacked client is running as the host the best option is simply for the players to leave and form a new game. Who knows what kind of bad data the host had been feeding you at that point anyways, best to clear it all out by reloading the game. Writing the banned player’s IP address to your lobby server’s firewall to block him would be possible but might itself be open to exploitation if you don’t do it manually.
The question is mainly asking if I am able to have clients in a listen server, created by the unity network, be able to talk directly to the server for certain things without going through the host. The kicking player was only an example of where this functionality would be needed. As for players leaving a room when the host is a hacker, that might be a pain for some to do. If I was to ban hackers, it would be through their account and not their ip (if the game wasnt paid for then an ip ban would probably be best).
