Anti-Cheat Toolkit: stop cheaters easily!

Hey, @M0rph3v5
It's not that easy to work with Unity-serialized Obscured type.
But it's still possible to do this.
You should be careful to avoid corruption of your data.
You can take a look at the example at the PropertyDrawers, e.g.
Assets\Plugins\CodeStage\AntiCheatToolkit\Editor\Scripts\PropertyDrawers\ObscuredStringDrawer.cs

 

1.5.5.0 is available at the store!
It has fixes and improvements to the existing features, most important fixes - for the possible fake detections of some obscured types cheating.
If you're updating from 1.5.1.0 or earlier, please run the migration script using menu:
Tools > Code Stage > Anti-Cheat Toolkit > Migrate Obscured types on prefabs...
to fix possible corrupted prefabs.

Spoiler: changelog

1.5.5.0
- menu items migrated to the "Tools > Code Stage > Anti-Cheat Toolkit"
- added new utility script to migrate ObscuredDouble and ObscuredFloat
instances on prefabs when updating from 1.5.1.0 and previous to the
1.5.2.0 +; you can run it via menu Tools > Code Stage > ACTk > Migrate...
- improved compatibility with Unity 5.5+
- fixed ObscuredCheatingDetector false positives (huge thx Fiete)
- fixed vulnerability of the obscured types
- fixed ObscuredShort inspector output in Unity 5.0+
- fixed false cheating detections for obscured types which are able to
show up in the inspector in some cases (thx mrm83)

 

Hi Dmitriy,

New user here
I'm running unity 5.6 and would like to define the crypto Key.
I tried this in awake :

Code (CSharp):

1.  
2. void Awake()
3. {
4.     CodeStage.AntiCheat.ObscuredTypes.ObscuredPrefs.SetNewCryptoKey("MyKey");
5. }
6.  

But I have this error :
error CS0122: `CodeStage.AntiCheat.ObscuredTypes.ObscuredPrefs.SetNewCryptoKey(string)' is inaccessible due to its protection level

Also about the crypto Key, it could be whatEver string with any lenght ?
I understand that to be compliant with Apple it should be under 7 char.
Is there a huge performance impact if i set it to like 32 or 16 chars ?

Thank you

 

Hey, @rattlesnake !

There is a CryptoKey property, use it instead:
http://codestage.net/uas_files/actk..._prefs.html#ad6e15d0a034c16ffaf2cc75eeb2e8913

yes

There will be impact, but not huge.
I'd suggest to avoid using too long keys as it's almost useless in terms of security: in Unity world more likely cheater will try to find \ obtain your key instead of brute forcing it.

 

Thank you it works :

Code (CSharp):

1. void Awake()
2. {
3.     ObscuredPrefs.CryptoKey = "blablablabla123";
4. }
5.  

 

Hey Dmitriy,
Thanks for the great tool. Easy to use and effective.
One addition that would be great is support for Reflection. Since the Obscured* types use implicit casting, it's not possible to use Reflection to set or get its values using primitives. It could be done using a TypeConverter. But perhaps there is a better way to do it.

 

Hey, @artaka

Did you tried to use temporary obscured instances, like here:
https://forum.unity3d.com/threads/a...p-cheaters-easily.196578/page-13#post-2733132
?

 

That's pretty much what I ended up doing. I was thinking there may be a cleaner way.
Thanks

 

Hello, I purchased the plugin and I have some questions -
1.we are using "BigInteger" variable in our game does the plugin support this variable for encryption.
2. can u provide the sample code for the time glitch
3.we are using "cloudprefs" plugin for saving data in cloud, will this plugin support it?
This is that plugin - https://www.assetstore.unity3d.com/en/#!/content/60633

Could you please respond on these issues? thank you very much

 

Hey, @romit99 !

Oh, somehow I missed your post, my humble apologies!

First of all, thanks for your purchase!

No, there is no Obscured counterpart of the BigInteger. However you're free to use simple obscured types to store the actual data if possible.
I'm adding BigInteger obscuration to the TODO list since you're the first customer on my memory who asked about this type, thanks!

Are you asking about SpeedHackDetector example?
You may find it at the ExampleScene in the package.
Actually all yo need to do - add detector to the scene and assign a detection callback at the inspector.
You also may rn it fully from code, just use the SpeedHackDetector.StartDetection() API.
Please let me know if I understood you incorrectly.

No, I didn't hear this plugin is supporting ACTk integration.
Could you please let me know why do you wish to encrypt cloud-based prefs?

 

Thanks for your prompt response! looking forward to the update!

 

Hey all, I'm glad to let you know new version 1.5.6.0 is available!
Most interesting things in this update:

• New TimeCheatingDetector!
  • Checks local time for cheating using NTP time servers
  • Has configurable sensitivity threshold to avoid false positives
  • Can skip checks when Internet connection is absent
• New kind of Speed Hack cheating is detected now with SpeedHackDetector

More to come with future updates, stay tuned!

Spoiler: changelog

1.5.6.0
- brand new TimeCheatingDetector (needs Internet connection)
- another kind of SpeedHack detection added (thx lol)
- third-party integration packages paths are match ACTk path now
- added switches for all important conditional compilation symbols
to the Settings window
- improved Unity 2017 compatibility

 

How to use time cheat detector ?

 

Hey, @vistriter

Let me shamelessly copy-paste my reply to you from email:

 

Hello, apologies if this has been asked before, but does anyone know if this is compatible with tvOS? Thank you!

 

Hey, @kathode

I had no reports of it not working under tvOS.
Generally, most features should work on all platforms, except InjectionDetector.

Please let me know if you have any issues with tvOS and I'll try to help as much as I can.

 

Thanks for ACTk!

Two questions:

1. Will it cause problems to create new encrypted variables by code, instead of using the Prefs Editor?

2. Can ACTk be set to create a save file (and later load it) at a certain file path?

 

Hello
Just a quick question. Is there any way to serialize obscured floats and bools through Photon Cloud? I keep getting a serialization error. Just wondering if there is some way to get this amazing asset working with photon cloud.
Thank you.

 

Hey, @ScottSummers

It's totally fine, Prefs Editor is more for debugging purposes.

Not really, ACTk's ObscuredPrefs currently works only using PlayerPrefs base, in uture it will be able to save to the separate file, it's on my TODO.
Though, you may use ACTk's Obscured types to encrypt and decrypt any raw data you have.
For example, you may use ObscuredString.EncryptDecrypt() API to encrypt some data, save it to file with any preferred method, later load it and decrypt it back with same API.

 

Hey, @RealAspireGames

You may get encrypted data to safely transfer it over network using GetEncrypted() API of any obscured type and decrypt it back with SetEncrypted() API.

I'm not sure current Photon versions allow to customize or control (de)serialization though.

Proper Photon integration is on my TODO list, reaching there step-by-step with every update.

 

Awesome, thank you so much. I will look into that now.

 

Great!
1. Can you say what are the lines of code a script should use to create a new encrypted variable?

2. Once the game is built for PC, can you say what path and file the data gets written into?

 

Will this ever get 100% PlayMaker support? I can barely code something (but can copy paste code and slightly adjust), so should I stay away from this asset or could I get this running with the help from the support or forum?

 

Is there a Playmaker tutorial somewhere? I was hoping to see how I would set up the unbiased timer to keep track of time before refilling lives using this in Playmaker. but I'm not exactly sure how. Any suggestions or resources I could turn to?

 

Hey, @ScottSummers
1. If you need to save something encrypted:

Code (CSharp):

1.  
2. // save
3. ObscuredPrefs.SetInt("Health", 100);
4.  
5. // load
6. int health = ObscuredPrefs.GetInt("Health");
7.  

It will save variable to the PlayerPrefs but in encrypted state.

If you need to create runtime encrypted variable to resist memory hacking:

Code (CSharp):

1.  
2. // just declare it as a field of your class for example
3. public ObscuredInt health;
4.  

2. Same as for PlayerPrefs:
"On Windows, PlayerPrefs are stored in the registry under HKCU\Software\[company name]\[product name] key, where company and product names are the names set up in Project Settings."

 

Hey, @FlyHigh

PlayMaker didn't allow to make custom types effectively without huge waste of resources (and garbage for GC), that's why ACTk has no 100% support yet.

There is unofficial method of adding support to PM, with extra overloads, so you could try it:
example and explanation by kreischweide

Though I should re-iterate on this to take a look at the latest PM versions. There is a hope it allows custom types now or at least has some proper API to make this without extra overload.

It's on my TODO and in future updates I'll re-visit PM support to check how things changed since last time I dived deep into it.

Regarding staying with asset or not - it's totally up to you, depending on what anti-cheat features you would like to have.

 

Hey, @ecequalsm2

I believe official Play Maker forums and website is a right place to go for learning:
Tutorials
Forums
Website

 

Hi, would it be possible to get a simulate speed hack button in a future update?
Or a point in the direction where a *2 in the code can be added to simulate it XD

 

Hey, @jesusluvsyooh

What exactly you expect from the simulation?
Actually it's not that easy to make an actual speed hack from the managed side.
Also I wonder why you ever need this?

 

I could not get cheat engine to work with editor .apps or webgl's on chrome or safari, its a new $Mac, and i am still in that stage of placing it down gently and whispering good night to it before bed, and trying not to download lots of dodgy .dll's from internet to get cheat engine to work (just yet).

Just wanted to trigger the detections without using cheat engine
Maybe not a simulation.. but rather a button to make the various cheat detections fire without use of cheat engine, for developing purposes.
I'm a Java/UnityScript guy, but after a bit of exploring i managed to do it.

 

Ah, understood now, @jesusluvsyooh
Just call your cheat callbacks manually, from a button click, it's not hard to make an UI button with proper Event on it targeting your cheating callback functions without any programming at all.

 

Hi, any recent progress with this? I'm interested in buying ACTk soon.

 

Hey, @arlevi09

Not there yet, hope to reach this part late summer/early autumn, but can't guarantee.

 

Hello, i bought the plugin a while ago and all seem to work ok except injection protection.
I am able to inject code and edit stuff easily and no trigger ever happens :O
PM or email me for details, dark.xxx.bfk@gmail.com my email.

P.S. I am total begginer in injecting just saw a 10 min youtube video

 

Hey, @NightmarexGR

InjectionDetector should detect managed assembly injections, it's not intended to detect any unmanaged injections.
If it's not detecting managed injections - I'd be happy to know more for sure, please check your PM inbox.

 

i dont know what is the difference between managed and unmanaged, i pm you :/

 

I'm very new to this topic, does this falls into managed or unmanaged assembly injection? Or neither?

 

Hey, @MrSaoish

Managed injections - it's a managed-code (mono-compatible assembly) injection into your Application Domain.
Unmanaged injection - it's an unmanaged-code (native library) injections into the Unity Player process.

As to your link, it's not an injection, but a code patching.
ACTk will have a code integrity check in future updates to make it possible to detect such code patching.

For now, I'd suggest to use any third-party tools for code protection.
Most popular are code obfuscators.
Look for any C# / IL obfuscators compatible with Mono and if possible, Unity.
Obfuscators will rename most of the classes, methods, variables, etc. making it harder to reverse-engineer your code.

For example, this Obfuscator from the Asset Store is a good starting point in your searches since it's easy to use, it integrates into the build pipeline nicely and "knows" about special Unity callbacks and events, keeping you safe from breaking your code.

There are also free and even opensource C# obfuscators (e.g. Confuser, ConfuserEx, etc.) but most of them are not aware of Unity \ Mono specific and may break your code, so it would require more granular control over the obfuscation process and settings.

Also, as an addition measure of the code protection, I'd suggest to use IL2CPP instead of Mono when possible.
Mono builds have IL-compatible assemblies (dlls) which can be very easily decompiled with any IL/C# decompiler to the readable code, pretty similar to the initial source code, making patching process very easy too.

ILC2PP builds are built to the native binaries which can't be decompiled to the source using those IL/C# decompilers, making it pretty hard for the beginner hackers to inspect and patch your code: they'll need to use native-friendly tools like IDA which are not as straightforward as IL/C# decompilers.

It's worth noting IL2CPP still not makes your code safe from hackers - it still can be reverse-engineered and patched, but it raises a needed skill level of the hacker.

There are also other ways to protect your code, like modified Mono runtime and assemblies bytecode (making useless any existing decompilers), encrypted assemblies, etc.
But they are either too expensive or too easy to bypass anyway.

 

Hey, @Dmitriy-Yukhanov
Thank you very much for your explanation, and I am really looking forward to:

I am sure this brings so much potentials for those indie online multiplayer projects. I don't really care about piracy, but I do want to at least know a modified client has connected to my server. Please keep up the good work and thank you for sharing ACTk.

 

Couple of things ... Could you please rename Constants to something else (ACTConstants ?) ... I'm lazy

And, any thoughts about adding an ObscuredBigInteger? (I'm not sure this would actually be needed ... no idea how memory hacks would 'see' a big int)

 

Hey, @Aurigan

Sure, I'll rename Constants to something more individual in next update.
Though it's a good practice to put your classes into namespaces to avoid names interference.

Regarding ObscuredBigInteger - it looks like some pretty rare case when you really need to make a big integer variable to store some in-game sensitive data cheater will try to cheat.
Though I'll implement it if customers will request such feature, for now there were no such requests.
Anyways obscuring big integers is not a trivial thing to do especially if you wish to keep performance at a good level (BigIntegers are often used in performance-sensitive scenarios) and there are lots of other great and often-requested features around to implement first, so currently I have no plans implementing it, but it will be a case if customers will request it.

 

Thanks for the reply ... there's a whole genre of games (Incremental aka Idle) where getting really big numbers is pretty much the game. At the moment these are all using doubles as that's the largest commonly available but with BigInteger becoming available I foresee that changing (I'm using it for the current game I'm working on!)

 

Alright, adding BigInteger obscuration to the TODO list =)
Will get there faster with every other request (currently trying to make most requested stuff in first place).

EDIT:
OOPS it's already on the TODO list! =D
Silly me, looks like there was a feature request for it already before which I forgot.
Anyways, moving it upper now.

 

Wouldn't it be better if you use different variables for holding thousands, millions, etc? For example, you have 3 int variables: units (u = 0), thousands (k = 0) and millions (M = 0). Then if you would add 1200 to "u", you would convert the addition so you will end up with u = 200, k = 1, M = 0. This way, you don't have to deal with super big numbers and can extend it to the infinity (in infinite time).

 

Hey, new update is live at the Asset Store!

Mostly improvements and fixes of existing features.
Some new features are on the way with next update.

P.S. Going to a vacation from 1 Aug for few weeks (to mid-late Aug), so please expect increased support replies time during that period.

1.5.6.1
- TimeCheatingDetector now uses async methods to reduce main thread locks
- disabled TimeCheatingDetector for Windows Universal Platform
- fixed initialization of Obscured types with SetEncrypted call (thx Keith)
- added version output at the Settings window
- added tooltips to the compilation symbols at the Settings window
- updated InjectionDetector whitelist to match Unity 2017.2.0b4
- minor improvements
- minor fixes

 

Hello,

The speed hack detection is not working in WebGL (tested on your webgl demo), It's normal?
I can detect it with on of my script but it seem that your script do not work.

Thank you.

 

Hey, @roka

This is not normal, it should work fine.
Could you please share a bit more info to let me reproduce the issue?

I'd like to know:
- Unity version you're working with
- Browser name and version you're using
- Cheat software name and version you're using to make a speed hack
- ACTk version (can be seen at changelog.txt or at the ACTk Setting dialog since 1.5.6.1).

This and any additional details will help resolve this issue.

Thanks!

 

Hum, really strange.

If i do not record a video, the speed hack is not detected and when i record, i got detected everytime ...it's weird.

Tell me if you can test yourself with this web browser https://www.palemoon.org/ on your demo http://codestage.net/uas_files/actk/demo/ because when i try to make a video, i got detected.

Thank you

 

Hey, @roka

I've checked it several times and Speed Hack was detected just fine every time:

 

Do you have used 500 for the speed everytime? because at 500 i got detected directly but at 50 , it take around 1 minutes before i got detected.

Thank you.