Search code examples
unity-game-enginedumpil2cpp

How to prevent so file hacking in so file

In my app(unity5, il2cpp build), There is a function like

"GetScore()"

Unfortunately, i found the hacked version of my app in the black market. that hacked version's "GetScore()" function always returns 100. The original return value has to be under 10.

I guess this hacked App is repackaged by using like 'il2cppDumper' and changing my return value to 100;

Is there any way to prevent this problem?

Solution

  • Security is always a matter of making it harder for hackers - you can never make it impossible for them to tamper.

    So here are some thoughts:

    • Obfuscation: GetScore() gets BananaJungle() - hackers cannot find the correct function without stepping through the source code for hours (hopefully)
    • Validate the score on multiple spots: the function calling GetScore() should do a sanity check: "is it below 10?"
    • In Addition to this: You may want to ignore scores above 10 to fool the hacker he succeeded. You may lock the app after 2 hours or so.
    • Add a ScoreLogger somewhere that logs the history of the score, so getScore() may return values <10 but someone might just overwrite the score in code to 999999. ScoreLogger will check the score history for jumps etc.
    • Validate Score with total playtime (approximately)