PhotonStream, RPC Hacked ?
Options
I have a live game that has a hacker directly trying to destroy it. He literally changes his techniques for every fix I make.
It seems he has compromised OnPhotonSerializeView somehow (I didnt know this was possible).
I say this because clients control their own movement yet somehow he seems able to affect their positions. I am simply using PhotonTransformView.
I also have 2 variables which I send to others via OnPhotonSerializeView and somehow he's managing to Reset the senders end.
Is this possible? Could he somehow figure out a way to write into the stream of other players?
Considering switching from PhotonStream to rpcSecure to update the 2 variables.
(Though I am not sure of the overhead on this function)
Also, I can strongly backup that PhotonStream is the ONLY method that interacts with these 2 values. No rpc's affect them so I dont see any other way for him to logically reset them other than reversing the stream somehow.
It seems he has compromised OnPhotonSerializeView somehow (I didnt know this was possible).
I say this because clients control their own movement yet somehow he seems able to affect their positions. I am simply using PhotonTransformView.
I also have 2 variables which I send to others via OnPhotonSerializeView and somehow he's managing to Reset the senders end.
Is this possible? Could he somehow figure out a way to write into the stream of other players?
Considering switching from PhotonStream to rpcSecure to update the 2 variables.
(Though I am not sure of the overhead on this function)
Also, I can strongly backup that PhotonStream is the ONLY method that interacts with these 2 values. No rpc's affect them so I dont see any other way for him to logically reset them other than reversing the stream somehow.
0
Comments
-
Also, is there a way to check if too much data is being sent from a specific client, usually before the levels reset, the game lags intensely0
-
I've now added this in stream.isReading, basically:
if ( this == playerCharacter) ignore
I'm assuming that should solve it as I only need to send the values to other players.
I will have to wait until he comes online tomorrow again and attempts to break it.
PS. I've already IP banned him several times to no effect, may be using a VPN0 -
Hi @jCan,
I'm sorry to hear that this happened to you.
You could try to obfuscate the code as it seems the hacker managed to reverse engineer your code by disassembling it.
See this nice post.
What we recommend in Photon:
- make use of Custom Authentication to allow only wanted (genuine) users, so you could later ban or blacklist some.
- make use of encryption like RPC Secure.
- later you could try Plugins for server authoritative code.1 -
Also, you can delegate some stuff to a Master Client and pray that this Master Client does not end up a hacker as he will gain more power.0
