Jump to content

  • Log In with Google      Sign In   
  • Create Account

FREE SOFTWARE GIVEAWAY

We have 4 x Pro Licences (valued at $59 each) for 2d modular animation software Spriter to give away in this Thursday's GDNet Direct email newsletter.


Read more in this forum topic or make sure you're signed up (from the right-hand sidebar on the homepage) and read Thursday's newsletter to get in the running!


Unity Network.Destoy problem.


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
12 replies to this topic

#1 Butabee   Members   -  Reputation: 238

Like
0Likes
Like

Posted 29 June 2013 - 12:42 AM

I've run into a problem using Unity I'm not sure how to solve. How can I prevent a player from calling Network.Destroy on game objects or otherwise prevent object destruction by players?

Sponsor:

#2 Valoo   Members   -  Reputation: 406

Like
0Likes
Like

Posted 29 June 2013 - 12:55 AM

Dont include Destroy functions in their code. Instead make them signal the server that they want to destroy something and let the server do Network.Destroy (if valid).

#3 Butabee   Members   -  Reputation: 238

Like
0Likes
Like

Posted 29 June 2013 - 01:04 AM

How would I prevent the code from being included with the client? AFAIK it's built into the unityengine.

#4 Valoo   Members   -  Reputation: 406

Like
0Likes
Like

Posted 29 June 2013 - 03:03 AM

dont code it in.




Oh, or do your clients have access to the source code?

#5 AgentC   Members   -  Reputation: 1417

Like
0Likes
Like

Posted 29 June 2013 - 03:16 AM

I guess the OP is talking about someone unpacking the game's assets and script assemblies, and modifying the script bytecode to call Network.Destroy. I would think that cannot be prevented. You could rather use a 3rd party networking library such as Lidgren to do all the networking yourself, in which case you build all the network messages yourself and can do more extensive verification on the server against hacking.


Every time you add a boolean member variable, God kills a kitten. Every time you create a Manager class, God kills a kitten. Every time you create a Singleton...

Urho3D (engine)  Hessian (C64 game project)


#6 hplus0603   Moderators   -  Reputation: 5723

Like
0Likes
Like

Posted 29 June 2013 - 09:10 AM

Someone with access to your client code will be able to modify the game state. There's no way around this.

 

Think about it: Instead of calling Network.Destroy(), the function, your attacker could simply inject a network packet that looks like the packet usually sent when Network.Destroy() is called.

 

This is why game rules need to always be enforced on the server side if you want to have a chance of reducing the surface area available to a cheating attacker.


enum Bool { True, False, FileNotFound };

#7 Butabee   Members   -  Reputation: 238

Like
0Likes
Like

Posted 29 June 2013 - 08:37 PM

So I guess Unitys built in networking is completely useless for any serious project? Guess I'll have to switch to Lidgren.

#8 Dave Weinstein   Members   -  Reputation: 536

Like
1Likes
Like

Posted 29 June 2013 - 10:16 PM

So I guess Unitys built in networking is completely useless for any serious project? Guess I'll have to switch to Lidgren.

 

Every networking scheme has exactly the same vulnerability.

 

If the Client isn't supposed to be able to destroy an object, you need to block that functionality at the Server.



#9 Butabee   Members   -  Reputation: 238

Like
0Likes
Like

Posted 29 June 2013 - 10:58 PM

There's no way I know of to intercept a Destroy call and prevent it at the server. Do you know how I'd do it with the default networking?

#10 Valoo   Members   -  Reputation: 406

Like
0Likes
Like

Posted 30 June 2013 - 12:14 PM

Dont use network.instantiate and/or dont attach a networkview to those objects. reference them by id or something similar. And use your own rpc's for all it's functions.

#11 Butabee   Members   -  Reputation: 238

Like
0Likes
Like

Posted 30 June 2013 - 06:29 PM

Thanks but I've already switched to Lidgren, I think other clients could still be destroyed if a malicious player just looped through networviewIDs and called destroy on them.

#12 Kylotan   Moderators   -  Reputation: 3338

Like
1Likes
Like

Posted 02 July 2013 - 09:07 AM

It does appear to be a significant flaw in Unity's networking model, to be honest.

 

http://answers.unity3d.com/questions/227723/prevent-players-from-using-networkdestroy.html

http://forum.unity3d.com/threads/138412-Clients-can-call-Network-Destroy

http://forum.unity3d.com/threads/138437-What-do-security-conscious-people-do-for-multiplayer-networking-x-post-r-Unity3D

 

Switching to an external solution is probably the best bet.



#13 Dave Weinstein   Members   -  Reputation: 536

Like
0Likes
Like

Posted 02 July 2013 - 02:18 PM

Yeah, based on that, I'd say avoiding Unity's networking is a good idea.






Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS