- Home /
The question is answered, right answer was accepted
Hacking Unity3d Games
Hi,
I'm developing a multiplayer game with Unity3d and in most network tutorials there are advices on how to prevent hacking. The general principle is always (in all examples I've seen) the same:
- The client sends its input to the server
- The server calculates the client's new position and status (lives, ammo) based on the input
- The server returns the new position and status to the client
When the client processes its input itself, the player can hack a game like this
- The client processes its input
- The new position is send across the network. Now the hacker interferes. Somehow he filters the datastream for the information the game is sending. Then he changes that information. As a consequence he might be flying in the sky or shooting three times faster than all the other players
- The server receives the distorted data and spreads it over the network
Edit: I don't think I need an authoritative server. Nevertheless I'm interested in the process of hacking. Is it really "dangerous" or too difficult to be performed on a simple game like mine ? How can a hacker find the data Unity3d sends and modify it without knowing everything about my game ?
As per the FAQ, you shouldn't ask multiple questions at once. It makes it harder to answer. You should split your problem into multiple parts and ask them as separate questions or refocus your question so you can ask it in one part.
The first part of your question describes an authoritative server. The second part describes a non-authoritative server. Stating that it shouldn't be difficult to set an authoritative server up doesn't really say anything, yet you say "however (the game isn't finished and your QA $$anonymous$$m is small)" as though to contradict the ease of setting up an authoritative server. What exactly does this have to do with your questions?
How difficult it is to "hack a game" and how to go about it depends entirely on your setup. If you are using an authoritative server, these shouldn't be an issue. Precautions Unity makes to "save your data"? Are you talking about preventing incorrect data transmission? That should be accommodated for in the network protocol. If you mean invalid values, then that would depend on what a valid value is for your game and Unity couldn't really catch that, so you would have to check those yourself.
Answer by Anton Petrov · Nov 08, 2010 at 07:54 PM
You should have an authoritative server which receives client's input, validates it and performs movement from this input. Then server sends new position to the client.
You should not send any positions to the server, because only server knows true positions. And server performs all true movements. Clients tipically perform movement just for predictions.
So you can not hack the game.