question

MGGD avatar image
MGGD asked

Can GetUserData be replicated?

Hello,

I am new to multiplayer games, and was wondering if I have to make some precautions so the player cannot replicate important server responses.

For example, the user has a limited number of tickets, I use GetUserData to get them from the database. The question is: Can a user replicate the response (send their modified response as if it was sent by the server), so instead of receiving the few actual available tickets, the game receives 100 million tickets?

And what is the best way to prevent that (if needed)?

Thanks.

Player Data
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

JayZuo avatar image
JayZuo answered

I'm not sure what the tickets are used for, but you should verify and use it in your game server to prevent cheating. It would be something like user statistics, which should be updated by an authoritative server with Server APIs. You would do this either from a hosted game server or via Cloud Script. For example, you can check processPlayerMove function in the default Cloud Script. Players send raw data from the client with ExecuteCloudScript, and in the script, you can add any checks you need to help prevent cheating (checking maximum scores, time since last score reported, etc.). Custom game server would be similar. So that even the player faked the request or response, it won't affect your game as you always have the valid value in your server.

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan avatar image brendan commented ·

Please note though that the processPlayerMove example is for a turnbased game example. For realtime multiplayer games, you would need to use a custom game server (dedicated server), in order to have the higher rate of requests those games require.

Also, have you considered using a stackable inventory item for your tickets? That might be the easiest way to add server authority on how many the player has and how they receive/spend them.

1 Like 1 ·
MGGD avatar image
MGGD answered

Thank you @Brendan and @JayZuo

Sorry if my question was somewhat ambiguous. The question is simply about the Man-In-Middle attack.

My logic is simply:

1. Game Event -> 2. Server checks if the Event is a valid win state -> 3. Server sends the reward (10 items) -> 4. Game gives the player 10 Items.

Q1: What if someone intercepted the request coming from step 3, changed 10 to 10000000, and sent it to step 4. Would Playfab SDK on the client side detect this (I assume so), or should the developer handle it some how?

Q2: Can someone replicate the response somehow and keep sending it to receive the reward infinitely?

For example, if someone could intercept the response in step 3, copied the data, then kept sending it to the game infinitely, as if it was sent legitimately from the server?

Of course the client should implement such a safety check: Don't execute more than 1 reward response per minute.

However, this threshold could be hacked/reverse engineered on the client side to be like 1000000/ per minute. So the solution should be to use a secure response in the first place.

I want to know what are the best practices I should use on my side, and what does Playfab handle on its side?

Thank you.

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

JayZuo avatar image JayZuo ♦ commented ·

You can let Server gives the player 10 items directly with GrantItemsToUser method. Then all these will be done in server side. And PlayFab uses https protocol for communicating. Usually, you don't need to worry about Man-In-Middle attack.

1 Like 1 ·
MGGD avatar image MGGD JayZuo ♦ commented ·

That sounds better. Thanks for the quick reply :)

0 Likes 0 ·
brendan avatar image
brendan answered

A MitM attack requires that the attacker have access to something in between the two points. I'm not clear how that's possible in this case, unless the attacker has compromised your dedicated game server. Your server would be making a call directly to PlayFab. So your attack scenario would require that the attacker a) can intercept any arbitrary traffic between a hosted game server and PlayFab, and b) can decrypt SSL traffic in order to change the details of the call before it would time out. The computational resources required to do that would be staggering.

Server and Admin API calls require the Secret Key from your game, which should never be available to anyone outside your dev team. The only way an attacker could form their own requests using those APIs would be if they had a functioning Secret Key. And if someone from your team leaked the key, you could always just invalidate it in the Game Manager and generate a new one (and, of course, update your game servers with the new one).

But no, the response is irrelevant. It doesn't actually cause anything to happen - it's just our service telling you what happened. If they were to re-send that to the client, that still wouldn't impact the actual player inventory in any way. The authoritative version of the player inventory is still going to be unaltered in PlayFab even in that case.

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

MGGD avatar image MGGD commented ·

This makes things a lot more clear now. Thank you very much :)

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.