x


Prevent players from using Network.Destroy()

Hi,

I currently have a problem with Unity's network system. I have a band of colleagues who test my networkgame for me to find any bugs. Recently they decompiled the game, and found themselves able to recompile it again with their new code in it.

Now normally this wouldnt give any problems as my game is working with authoritive server, but they can also call upon Network.Instantiate and Network.Destroy.

I Guess I can prevent Network.Instantiate, by checking wether the object was made by the server or not, and banning the networkView.viewID, but I can't do anything against Network.Destroy.

For example, I have a GameObject in the scene which manages the server (Slots, chat and such). Therefor, it uses a networkView to allow RPC messages. Once you decompile it and add Network.Destroy in a OnConnectedToServer() function, that corrupted client will crash the entire game for all players once he connects to the server because he destroys the server GameObject for everyone.

Are there any methods of preventing this abuse?

Many thanks in advance.

Edit: Additionally, I just found out that they can also add RPC calls themselves. Can anyone shed some light on how to make sure that clients ony accept RPC calls send by the server? I tried to ensure that the NetworkMessageInfo.sender was equal to Network.connections[0], but that didnt work out.

more ▼

asked Mar 15, 2012 at 09:15 AM

morgaza gravatar image

morgaza
31 3 2 4

Well, you can try embedding some kind of checksum into the program, to ensure that it was compiled and built by you. Not sure how to do that, though- I'm not exactly a security expert!

Mar 15, 2012 at 09:16 AM syclamoth
(comments are locked)
10|3000 characters needed characters left

3 answers: sort voted first

I know this is extremely old but this is the top result on google for this question.

I have as short write up of how this may be prevented posted on reddit Here.

A quick copy and paste.

HOW TO PREVENT

Set the networkView that conducts your server/client handshaking to a particular group using: networkView.group = group#;

As soons as a client connects block incoming messages using: Network.SetReceivingEnabled(justConnectedPlayer, group#, false);

Have the server Network.Instantiate() a GameObject with a new NetworkView, assign this NetworkView a unique group number.

Send this group number to the client, remember you can still send messages to the client, they just cannot send messages to you.

This will be the group channel that the client is allowed to send messages to the server with. All other NetworkViews will set their scope to ignore this channel.

The client will still be able to call Network.Destroy() but the only thing they should effectively be able to destroy (since everything is ignoring its messages) is the channel it uses to communicate with the server. This would effectively terminate the connection with the client giving no possibility for manipulation.

more ▼

answered Oct 15 at 09:31 PM

MrGuy1212 gravatar image

MrGuy1212
16 1

(comments are locked)
10|3000 characters needed characters left

Hello,

Just use a obfuscator, they make it hard to decompile the game (I think thats what it's called...)

Thanks

more ▼

answered Mar 15, 2012 at 11:49 AM

dehan gravatar image

dehan
55 83 62 62

(comments are locked)
10|3000 characters needed characters left

I don't think that would make much difference. For every method of obfuscation, theres a method of de-obfuscation.

I managed to rewrite all my RPC calls in a way that they cannot be abused anymore for hacking, that was just a case of using my own common sense.

I cannot make any changes to the Network.* functions though, so clients can still call Network.Destroy(gameObject); in a OnConnectedToServer() function.

I am thinking of a few possibilities that I might have missed, and I wonder if any of them are possible:

  1. Have I missed some Network.Boolean that disallows clients to call Network.Destroy() and such? I have read the Script Reference on this subject through and through, and couldnt find anything.
  2. Is there a method to filter Network Messages that are send before they are applied on the server?
  3. Is there perhaps a C# way of Overriding the Network.Destroy function, so I can check wether Network.isServer is true before destroying anything?

Or any other way that would yield same result?

A awnser on this problem would be most exhilarating!

more ▼

answered Mar 18, 2012 at 04:21 PM

morgaza gravatar image

morgaza
31 3 2 4

(comments are locked)
10|3000 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Topics:

x1228
x125
x23
x14
x5

asked: Mar 15, 2012 at 09:15 AM

Seen: 1727 times

Last Updated: Oct 15 at 09:31 PM