I'm working on a multiplayer game in the Unity framework with custom networking code programmed in C# (not using the built-in Unity networking framework). Due to the large scale (difficult to moderate many players) and competetive nature (don't want people to have an unfair advantage) of the game, it is very important that the packet protocol and the handling of those packets on the client side is protected as much as possible from persons who would like to exploit that information to create bots / hacks, etc... Ultima Online is a great example of a game that has been "completely figured out"--and there are lots of programs out there that people have developed that can spoof a real client and bot the gameplay. That's the kind of thing I would like to avoid if at all possible.
As far as I can tell, this is an extremely difficult problem (perhaps without a great solution). Obviously the packets are openly visible, though I believe that there are some fairly simple tricks to make them unintelligible to a blind observer and constantly changing in nature...
My main concern is decompilers. Any tricks I have to hide the packet content / protocol would almost certainly be revealed when the C# code is simply decompiled. I'm probably over-thinking this, and you are probably thinking "just use an obfuscator". I confess that I don't have any experience with obfuscators--would it really stop a savvy individual from being able to discover how the packets are being "decrypted" / handled by and "encrypted" and sent by the client? I suppose I'm getting off topic, though--this isn't meant to be a question about obfuscators, though I think I would welcome a simple answer like "just write your code in C# and use an obfuscator."
My question is this: since C# code is so readily discoverable with a decompiler and programs implemented in C++ are far more difficult to get much from through decompiling, would it be possible to exploit a circular reference between the C# program (loading an external C++ library and executing functions with it that manipulate data before sending) and the C++ library (which in turn loads the C# library and executes functions with it--functions that may or may not modify particular data important to the network protocol but without any visible context since it was called externally)? It would seem to me that in this way (if it's even possible), the true "massaging" of the data before it is sent out is always some interplay between the two libraries, and therefore any potential "explorers" could be very easily misdirected since only half of that interplay is even remotely visible. I hesitate to rely on a C++ library completely (without it having a complex "conversation" to the C# code) since it seems like it would be easy for a programmer to exploit that interface if they knew the C# side of it... Or perhaps I have no idea what I'm talking about.
Is it possible to create such an interaction between two such libraries?
If it is possible, is this even remotely a good idea--why or why not?
Are there any other better solutions available to protect your packet protocol and make it nigh impossible for somebody to discover just what the packet data means and how they are handled on the client side?
Thanks in advance for any insight you can give!
