Table of Contents

Protecting memory with obscured types

Cheaters frequently rely on memory editors (Cheat Engine, Game Guardian, etc.) to locate and modify variables such as health, currency, and timers. ACTk counters these tools with a family of obscured types that transparently encrypt values, randomize keys, and expose hooks for detecting tampering.

private ObscuredInt coins = 100;
public void Add(int amount) => coins += amount;

Obscured types behave exactly like their native counterparts, but store encrypted values in memory. Casting between native and obscured types is implicit.

Feature highlights

  • Drop-in replacements for the most common C# and Unity struct types (ObscuredInt, ObscuredFloat, ObscuredVector3, etc.).
  • Transparent encryption with randomized keys and support for honeypots through the Obscured Cheating Detector.
  • Serialization helpers for Json.NET and JsonUtility.
  • APIs to access or replace encrypted payloads when you integrate custom persistence layers.

Usage guidelines

  • Place the using CodeStage.AntiCheat.ObscuredTypes; directive at the top of each file that needs obscured types.
  • Replace only vulnerable members that are typically long-living fields, properties, and value sources. There's usually no need to use obscured types as method arguments or local variables if they don't live longer than a few frames, due to the nature of the memory hacking process—cheaters need multiple value searches to filter out target values from many addresses, which can't be completed in one frame.
  • Large arrays or hot update loops should remain regular types to avoid performance penalties.
  • ⚠️ Data Loss Warning: When migrating inspector-exposed fields to obscured types, expect serialized values to reset completely. This can lead to permanent data loss if not planned carefully. Always backup your project and plan migrations accordingly.
  • Prefer storing obscured values outside Update loops, and profile on mobile targets to catch hotspots early.
Warning

Enable the Obscured Cheating Detector to catch cheat attempts even without honeypots. Each obscured type maintains internal integrity checks, so any tampering with encrypted values will trigger detection. Honeypots are optional and provide additional protection by serving fake unencrypted values—attackers who freeze these honeypot values will also trigger detection events you can react to.

Serialization support

Json.NET

If your project uses Newtonsoft Json.NET, you can use the bundled ObscuredTypesNewtonsoftConverter for serializing and deserializing ObscuredTypes decrypted values.

For detailed usage examples and API reference, see ObscuredTypesNewtonsoftConverter API documentation.

Note

The converter is wrapped in the ACTK_NEWTONSOFT_JSON symbol. Unity automatically defines it when the com.unity.nuget.newtonsoft-json package (v2.0.0+) is installed. Add the symbol manually if you ship a custom Json.NET build, or use the ACTk Settings (Conditional Compilation Symbols) to manage symbols.

Unity JsonUtility

JsonUtility is less flexible but still workable. Implement ISerializationCallbackReceiver and move encrypted data into regular fields inside OnBeforeSerialize / OnAfterDeserialize. The forum example demonstrates the pattern.

Additional serialization considerations

  • LINQ and XmlSerializer are not supported at this moment.
  • Binary serialization is supported out of the box, but be careful with BinaryFormatter as it's considered non-safe.
  • ISerializable alternative: As an alternative to the JsonConverter, it's possible to implement ISerializable as shown in this example.
  • General recommendation: Cast obscured variables to regular ones for advanced operations, then cast back to obscured types to ensure compatibility.

Advanced usage

  • Custom encryption keys: Use GenerateKey(), Encrypt(), and Decrypt() for custom key management
  • Raw encrypted data: Access GetEncrypted() and SetEncrypted() for custom serialization
  • Key randomization: Call RandomizeCryptoKey() periodically to invalidate memory searches

For detailed API reference and code examples, see ObscuredInt API documentation. Other obscured types share the similar logic and approaches.

DOTS Hybrid workflows

ACTk provides official DOTS Hybrid support for ECS-based games:

Key Points

  • ObscuredFloat, ObscuredDouble, ObscuredInt, ObscuredLong, ObscuredBool, ObscuredVector3, and most other obscured types can be used in IComponentData implementations.
  • Detectors and other native-specific features work fine in Hybrid mode.
  • The package ships an end-to-end sample under CodeStage/AntiCheatToolkit/Examples/DOTS ECS Examples.

Installation

  1. Install the required DOTS packages: com.unity.entities, com.unity.rendering.hybrid, and com.unity.dots.editor.
  2. Open ACTk Hybrid DOTS Setup scene and enter Play mode.
  3. Use the in-game HUD to modify obscured values and trigger the DOTS-compatible detectors.
Caution

Reference types such as ObscuredString, ECS non-compatible types such as ObscuredDecimal, and other managed-only types remain incompatible with IComponentData and should not be stored inside Entities. Keep them on authoring MonoBehaviours instead, here is an example.

Diagnostics and validation

  • Add the Obscured Cheating Detector to ensure modified encrypted values trigger a callback.
  • Use the API Examples scene to profile performance and try edge cases.
  • Use the validation tools from the menu (Tools > Code Stage > Anti-Cheat Toolkit > Migrate > ...) if you suspect serialized instances became corrupted after a package upgrade.