Jump to content

Image of the Day

BL00DG0R3
#screenshotsaturday #gamedev #indiedev https://t.co/SytiLEa4G5
IOTD | Top Screenshots

The latest, straight to your Inbox.

Subscribe to GameDev.net's newsletters to receive the latest updates and exclusive content.


Sign up now

Unity Network.Destoy problem.

4: Adsense

Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.


  • You cannot reply to this topic
12 replies to this topic

#1 Butabee   Members   

274
Like
0Likes
Like

Posted 29 June 2013 - 12:42 AM

I've run into a problem using Unity I'm not sure how to solve. How can I prevent a player from calling Network.Destroy on game objects or otherwise prevent object destruction by players?

#2 Polymo   Members   

840
Like
0Likes
Like

Posted 29 June 2013 - 12:55 AM

Dont include Destroy functions in their code. Instead make them signal the server that they want to destroy something and let the server do Network.Destroy (if valid).

#3 Butabee   Members   

274
Like
0Likes
Like

Posted 29 June 2013 - 01:04 AM

How would I prevent the code from being included with the client? AFAIK it's built into the unityengine.

#4 Polymo   Members   

840
Like
0Likes
Like

Posted 29 June 2013 - 03:03 AM

dont code it in.




Oh, or do your clients have access to the source code?

#5 AgentC   Members   

2324
Like
0Likes
Like

Posted 29 June 2013 - 03:16 AM

I guess the OP is talking about someone unpacking the game's assets and script assemblies, and modifying the script bytecode to call Network.Destroy. I would think that cannot be prevented. You could rather use a 3rd party networking library such as Lidgren to do all the networking yourself, in which case you build all the network messages yourself and can do more extensive verification on the server against hacking.


Every time you add a boolean member variable, God kills a kitten. Every time you create a Manager class, God kills a kitten. Every time you create a Singleton...

Urho3D (engine)  Hessian (C64 game project)


#6 hplus0603   Moderators   

10811
Like
0Likes
Like

Posted 29 June 2013 - 09:10 AM

Someone with access to your client code will be able to modify the game state. There's no way around this.

 

Think about it: Instead of calling Network.Destroy(), the function, your attacker could simply inject a network packet that looks like the packet usually sent when Network.Destroy() is called.

 

This is why game rules need to always be enforced on the server side if you want to have a chance of reducing the surface area available to a cheating attacker.


enum Bool { True, False, FileNotFound };

#7 Butabee   Members   

274
Like
0Likes
Like

Posted 29 June 2013 - 08:37 PM

So I guess Unitys built in networking is completely useless for any serious project? Guess I'll have to switch to Lidgren.

#8 Dave Weinstein   Members   

1291
Like
1Likes
Like

Posted 29 June 2013 - 10:16 PM

So I guess Unitys built in networking is completely useless for any serious project? Guess I'll have to switch to Lidgren.

 

Every networking scheme has exactly the same vulnerability.

 

If the Client isn't supposed to be able to destroy an object, you need to block that functionality at the Server.



#9 Butabee   Members   

274
Like
0Likes
Like

Posted 29 June 2013 - 10:58 PM

There's no way I know of to intercept a Destroy call and prevent it at the server. Do you know how I'd do it with the default networking?

#10 Polymo   Members   

840
Like
0Likes
Like

Posted 30 June 2013 - 12:14 PM

Dont use network.instantiate and/or dont attach a networkview to those objects. reference them by id or something similar. And use your own rpc's for all it's functions.

#11 Butabee   Members   

274
Like
0Likes
Like

Posted 30 June 2013 - 06:29 PM

Thanks but I've already switched to Lidgren, I think other clients could still be destroyed if a malicious player just looped through networviewIDs and called destroy on them.

#12 Kylotan   Moderators   

7731
Like
1Likes
Like

Posted 02 July 2013 - 09:07 AM

It does appear to be a significant flaw in Unity's networking model, to be honest.

 

http://answers.unity3d.com/questions/227723/prevent-players-from-using-networkdestroy.html

http://forum.unity3d.com/threads/138412-Clients-can-call-Network-Destroy

http://forum.unity3d.com/threads/138437-What-do-security-conscious-people-do-for-multiplayer-networking-x-post-r-Unity3D

 

Switching to an external solution is probably the best bet.



#13 Dave Weinstein   Members   

1291
Like
0Likes
Like

Posted 02 July 2013 - 02:18 PM

Yeah, based on that, I'd say avoiding Unity's networking is a good idea.






Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.