question

markasaadramzy99 avatar image
markasaadramzy99 asked

What would be the best approach to prevent hacking an item into a match?

I already have logic in a cloudscript to detect if players equipped items they shouldn't own, but how do I actually prevent them from instantiating different items than what's stored in their UserInternalData?

Since the instantiation happens on the client side, they can just ignore their data and spawn a different item right? And to my knowledge there is no way for a cloudscript to handle the instantiation.

So how would I do that?

Thanks.

Player Dataunity3dCloudScriptdata
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Seth Du avatar image
Seth Du answered

There is no solid solution to completely avoid client cheating, but the data that sync and upload to the server can be verified. UserInternalData can only be updated via server API and cannot be changed by players.

Cloud Script cannot directly monitor the states of a client, but when a match ends, players need to upload the scores or result to your function. There can be few gaming statistics that can be tracked during the game, for example, if the time that the player costs is reasonable, or if the score is within a theoretical range. Besides of this, you may consult anti-cheating related community for dedicated support.

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

markasaadramzy99 avatar image markasaadramzy99 commented ·

"but the data that sync and upload to the server can be verified"
Yeah but the main problem is that players can just ignore what's stored in their data and instantiate what they want, is there no solution to that?

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ markasaadramzy99 commented ·

I am not an expert on it but, usually, an online game requires integrity checking to prevent cheating, and there are many external anti-cheating service providers (for example, Easy Anti-Cheat), which requires extra efforts to implement. You may also do root check (on Android), processes check (malicious plugins on PC), etc.

It is more common in a real-time game and besides of client-side checking, because there is multiplayer servers, clients will need to communicate with server in time. It doesn't matter what spawns on the client because eventually only actions on server will be counted. Meanwhile, for a near-time game, only the data uploaded to the server matters. You can monitor each step of a player's action, but each data reads & writes will be metered for the cost. This is also determined by the genre of your game.

1 Like 1 ·
marcel avatar image
marcel answered

list of hacking techniques that you and your employees should know about and take every ecommrece platform possible step to avoid Phishing.

Bait and Switch Attack. Key Logger. Denial of Service (DoS\DDoS) Attacks. ClickJacking Attacks. Fake W.A.P. Cookie Theft. Viruses and Trojans

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jeremy Rose avatar image
Jeremy Rose answered

Your not going to be able to stop it. It will really depend on the logic.

If the client does all the damage or whatever calculations as well. You won't be able to stop it.

Only things that are done on an external server will be able to stop it.

And then it would just stop the server logic, they could still hack the client to show something different than they should have.

It just would only be a visual effect since the server would know what they are really using and react accordingly.

As seth mentioned you can only try and verify things if its all client side on playfab before issuing rewards or other things. But its probably a loosing battle. Unless you introduce time.

Can not claim rewards or finish levels faster than X minutes.

At least you can somewhat control the amount of rewards given out. But can't control them say getting a perfect score every time.

But timeout can lead to bad experiences incase something crashes and they restart before the minimum time.

All about trade offs and your game, and whats important to protect and at what costs.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.