The Photon Forum
is Closed Permanently.

After many dedicated years of service, we have made the decision to retire our Forum and switch to read-only: we´ve saved the best to last! Your search result can be found below. Plus, we offer support via these channels:

Try Our
Documentation

Please check if you can find an answer in our extensive documentation on PUN.

Join Us
on Discord

Meet and talk to our staff and the entire Photon-Community via Discord.

Read More on
Stack Overflow

Find more information on Stack Overflow (for Circle members only).

Write Us
an E-Mail

Feel free to send your question directly to our developers.

Hacking RPC calls

Calvin
2018-01-16 11:31:06

I've recently been using Photon, and I was wondering if there is a way to prevent client from hacking RPC calls. I have basically implemented what seems to be a dedicated server where my game server executes a headless server to host a multiplayer game. But, i realized that if players manage to modify RPC calls, they can hide / send wrong information to other clients.

For an example of sending wrong info, hacked clients can add an RPC call which goes something like:
photonView.RPC("UpdateHealth", PhotonTargets.All, 0);
This could very well ruin the experience for other players if i were do to stuff like disabling specific scripts when the player health reaches 0.

As for hiding information,
photonView.RPC("BeginCasting", PhotonTargets.MasterClient);
In this case, when the client doesnt call this function on other clients, they would not know that that player is about to perform an attack.

So is there a solution to this? Or am I understanding RPC calls wrongly?

Comments

JohnTube
2018-01-16 12:23:46

Hi @Calvin,

I have basically implemented what seems to be a dedicated server where my game server executes a headless server to host a multiplayer game
Are you sure? master client does not host the game and is only used in "pseudo / light / semi / fake authoritative logic".

what I suggest:

  • use RpcSecure to encrypt RPCs.
  • use obfuscation and other techniques to make it harder to cheat or hack your game. good tutorial.
  • ban cheaters by making use of custom authentication to disallow reported or flagged users (e.g. by the community) from connecting to your game.

the other alternative is server side code.

Calvin
2018-01-16 12:58:29

Hey @JohnTube ,

@JohnTube wrote:

Are you sure? master client does not host the game and is only used in "pseudo / light / semi / fake authoritative logic".

Well yeah what I meant was having a client (not controlled by players) which does the "authoritative logic" such as game object interactions and such.

@JohnTube wrote:

the other alternative is server side code..

Im still quite a beginner at doing real time multiplayer games so I don't really know how to do this. Would this be something like

Example:

  1. A Client sends RPC_DoSomething() to the MasterClient
  2. MasterClient's version of RPC_DoSomething() does some authoritative logic and sends back an RPC_DoSomething() to related clients
  3. Clients check if RPC_DoSomething() is from the MasterClient and perform whatever is required on the Client version
  4. So basically my clients only accept RPCs from the MasterClient

Sorry if i am misunderstanding a lot of things haha. I'll probably have to stick with the obfuscation and whatnot. Thanks a lot for the suggestion and link for it :smile:

Back to top