Closed temel61 closed 1 year ago
How?, All currency thing must not be able to be changed by client.
lucky patcher hack your game (or clone and change package name I guess), They can obtain cash (diamond in my game) without any payments process.This is not about this kit.General problem.Maybe there are a few way to prevent it.I want to ban if they try to use diamond(cash) hack in kit.
So you just ask it for other projects which is not using the mmorpg kit?
no I am asking for this project.Are there any way to prevent cash hack in kit ?
It won't be hacked because currency thing will proceeding at the server, so change anything at the client won't be affected
I see you but we tried lucky patcher and hacked game.Infinitive cash by lucky patcher in my game.Use lucky patcher in my mobile mmorpg game (made with this kit) -> https://play.google.com/store/apps/details?id=com.TemelKIRCI.ErlikOnline .Lucky patcher somehow find a way to hack my game.
So I asked, how?
Hack from which part?
Infinitive cash without payment by lucky patcher.I guess it changes app signature or package name.Need protection mode for this.I googled it and founded these, maybe help you to understand about issue.
https://stackoverflow.com/questions/13445598/lucky-patcher-how-can-i-protect-from-it https://www.edureka.co/community/162447/lucky-patcher-how-can-i-protect-from-it https://forum.ionicframework.com/t/is-there-anyway-to-protect-my-app-from-malicious-apps-like-lucky-patcher/196328 https://stackoverflow.com/questions/48792256/how-can-i-stop-my-app-from-being-lucky-patched https://stackoverflow.com/questions/66196159/how-do-you-protect-your-in-app-purchases-against-lucky-patcher https://stackoverflow.com/questions/10585961/way-to-protect-from-lucky-patcher-play-licensing https://stackoverflow.com/questions/30023618/android-anti-piracy-stop-patchers
But as I said, all currency thing must be proceeding at the server, so changing anything from client must not affected, are there any feature you add which relatesto currency?
I did not add anything about currency.İf kit proceed in-app purchase and verification at server side, it should not be hack.You can check it on your own game or kit.You will see that It will be hacked, you will obtain cash without pay money.I found some piracy checker scripts and tools for google play on github.I will try all of them.
So... , might be the in-app purchasing system which is cause of the issues?
Only cash which only can be bought with IAP system can be hacked in your game?
of course.You open cash panel in kit and click a cash package, open lucky patcher, click button on lucky patcher, you will have this package without pay money.Some people use this method and have thausands cash(diamond), I follow them on database, I do not receive any money on my google play account and ban account.I do not want to watch database anymore.I need to prevent lucky patcher.
of course.You open cash panel in kit and click a cash package, open lucky patcher, click button on lucky patcher, you will have this package without pay money.Some people use this method and have thausands cash(diamond), I follow them on database, I do not receive any money on my google play account and ban account.I do not want to watch database anymore.I need to prevent lucky patcher.
Did you find something?
If you are rushing, you can try to implement it in MMOServerCashShopMessageHandlers.cs
class, -> HandleRequestCashPackageBuyValidation
function, you can get receipt data from request
and use it to validate IAP at the server.
Or just wait for me to do it, the old Unity IAP system doesn't have any receipt validation APIs,
About my personal projects, I've made it pass the receipt to a web-service which made for that purpose.
If you are rushing, you can try to implement it in
MMOServerCashShopMessageHandlers.cs
class, ->HandleRequestCashPackageBuyValidation
function, you can get receipt data fromrequest
and use it to validate IAP at the server.Or just wait for me to do it, the old Unity IAP system doesn't have any receipt validation APIs,
About my personal projects, I've made it pass the receipt to a web-service which made for that purpose.
ive found a receipt verification and asked players who can patch game via lucky patcher and it seems to work. but i thought maybe there is a way to verificate inapp in server somehow, something like this: client send to server data about inapp, server ask google api is it true or not, then server do some stuff. i have a multiplayer game, but not have any database yet, and all what i found its a verification in moment when user buy something
I already implemented server-side IAP validation in 1.82c3, you will have to setup IAP obfuscating
@insthync please can you share your MMOServerCashShopMessageHandlers.cs file and server side function with us ?
my I has changed it like that
public async UniTaskVoid HandleRequestCashPackageBuyValidation(
RequestHandlerData requestHandler, RequestCashPackageBuyValidationMessage request,
RequestProceedResultDelegate
bool validPurchase = true; // Presume valid for platforms with no R.V.
// Unity IAP's validation logic is only included on these platforms.
// Prepare the validator with the secrets we prepared in the Editor
// obfuscation window.
var validator = new CrossPlatformValidator(GooglePlayTangle.Data(),
AppleTangle.Data(), Application.identifier);
try
{
// On Google Play, result has a single product ID.
// On Apple stores, receipts contain multiple products.
var resultValidator = validator.Validate(request.receipt);
// For informational purposes, we list the receipt(s)
Debug.Log("Receipt is valid. Contents:");
foreach (IPurchaseReceipt productReceipt in resultValidator)
{
Debug.Log(productReceipt.productID);
Debug.Log(productReceipt.purchaseDate);
Debug.Log(productReceipt.transactionID);
}
}
catch (IAPSecurityException)
{
Debug.Log("Invalid receipt, not unlocking content");
validPurchase = false;
}
if (validPurchase)
{
// Unlock the appropriate content here.
// TODO: Validate purchasing at server side
IPlayerCharacterData playerCharacter;
if (!GameInstance.ServerUserHandlers.TryGetPlayerCharacter(requestHandler.ConnectionId, out playerCharacter))
{
result.InvokeError(new ResponseCashPackageBuyValidationMessage()
{
message = UITextKeys.UI_ERROR_NOT_LOGGED_IN,
});
return;
}
CashPackage cashPackage;
if (!GameInstance.CashPackages.TryGetValue(request.dataId, out cashPackage))
{
result.InvokeError(new ResponseCashPackageBuyValidationMessage()
{
message = UITextKeys.UI_ERROR_CASH_PACKAGE_NOT_FOUND,
});
return;
}
AsyncResponseData<CashResp> changeCashResp = await DbServiceClient.ChangeCashAsync(new ChangeCashReq()
{
UserId = playerCharacter.UserId,
ChangeAmount = cashPackage.CashAmount
});
if (!changeCashResp.IsSuccess)
{
result.InvokeError(new ResponseCashPackageBuyValidationMessage()
{
message = UITextKeys.UI_ERROR_INTERNAL_SERVER_ERROR,
});
return;
}
// Sync cash to game clients
playerCharacter.UserCash = changeCashResp.Response.Cash;
result.InvokeSuccess(new ResponseCashPackageBuyValidationMessage()
{
dataId = request.dataId,
cash = changeCashResp.Response.Cash,
});
}
else
{
}
}
luckypatcher is not working but I cannot buy nothing :(
It is already shared
Included in the update about a week
My purchase won't work, it pop up connection timeout and didn't reward cash reward. Is there a method that i missed? I have also setup receipt validation obfuscator.
How can I protect my mobile mmorpg game (Android) from cheat like lucky pacther ?
Some players use lucky patcher to obtain diamonds from google play.I want to prevent this.