Hacking RPC calls
Options
Calvin
✭
I've recently been using Photon, and I was wondering if there is a way to prevent client from hacking RPC calls. I have basically implemented what seems to be a dedicated server where my game server executes a headless server to host a multiplayer game. But, i realized that if players manage to modify RPC calls, they can hide / send wrong information to other clients.
For an example of sending wrong info, hacked clients can add an RPC call which goes something like:
photonView.RPC("UpdateHealth", PhotonTargets.All, 0);
This could very well ruin the experience for other players if i were do to stuff like disabling specific scripts when the player health reaches 0.
As for hiding information,
photonView.RPC("BeginCasting", PhotonTargets.MasterClient);
In this case, when the client doesnt call this function on other clients, they would not know that that player is about to perform an attack.
So is there a solution to this? Or am I understanding RPC calls wrongly?
For an example of sending wrong info, hacked clients can add an RPC call which goes something like:
photonView.RPC("UpdateHealth", PhotonTargets.All, 0);
This could very well ruin the experience for other players if i were do to stuff like disabling specific scripts when the player health reaches 0.
As for hiding information,
photonView.RPC("BeginCasting", PhotonTargets.MasterClient);
In this case, when the client doesnt call this function on other clients, they would not know that that player is about to perform an attack.
So is there a solution to this? Or am I understanding RPC calls wrongly?
0
Comments
-
Hi @Calvin,I have basically implemented what seems to be a dedicated server where my game server executes a headless server to host a multiplayer gameAre you sure? master client does not host the game and is only used in "pseudo / light / semi / fake authoritative logic".
what I suggest:
- useRpcSecure
to encrypt RPCs.
- use obfuscation and other techniques to make it harder to cheat or hack your game. good tutorial.
- ban cheaters by making use of custom authentication to disallow reported or flagged users (e.g. by the community) from connecting to your game.
the other alternative is server side code.1 -
Hey @JohnTube ,
Well yeah what I meant was having a client (not controlled by players) which does the "authoritative logic" such as game object interactions and such.JohnTube said:Are you sure? master client does not host the game and is only used in "pseudo / light / semi / fake authoritative logic".
Im still quite a beginner at doing real time multiplayer games so I don't really know how to do this. Would this be something likeJohnTube said:the other alternative is server side code..
Example:
1. A Client sendsRPC_DoSomething()
to the MasterClient
2. MasterClient's version ofRPC_DoSomething()
does some authoritative logic and sends back anRPC_DoSomething()
to related clients
3. Clients check ifRPC_DoSomething()
is from the MasterClient and perform whatever is required on the Client version
4. So basically my clients only accept RPCs from the MasterClient
Sorry if i am misunderstanding a lot of things haha. I'll probably have to stick with the obfuscation and whatnot. Thanks a lot for the suggestion and link for it0