With a wide variety of Unreal Engine games such as Final Fantasy, Fortnite and Gears of War requiring online multiplayer, the need for synchronization of massive volumes of data across a huge number of clients located all over the world is essential.
As experts in game industry, we know that it's critical to consider what data you provide and how you deliver it if you want to provide an engaging user experience since it may have a significant impact on how your game runs and feels. In Unreal Engine, Replication is the name for the process of synchronizing data and remote procedure calls between clients and servers.
Between the speed of the Unreal Engine protocol, as well as the usage of both UDP and bit-level serialization, Unreal Engine Networking is certainly unique. Let's take a deep dive and have a look at what makes it so special and what it means for security.
Unreal Engine Networking
In a network multiplayer game, Unreal Engine uses a client-server model. One computer in the network acts as a server and hosts a multiplayer game session, while all the other players' computers connect to the server as clients. This is the case in a peer-to-peer network, while in a general online multiplayer setup, the server is not one of the player’s computers. Because game state information is communicated between multiple machines over an internet connection rather than residing solely on a single computer, multiplayer programming becomes more complex, as the process of sharing information between players is delicate and can be easy prey for hackers.
The server, as the host of the game, is where the multiplayer game takes place. The clients each have their own Pawns on the server that they may manage remotely by issuing procedure calls to them to conduct in-game activities. On the other hand, the server does not provide graphics to the clients' displays but instead sends information about the game's current state to each client, instructing them which Actors should be present, how they should behave, and what values different variables should have. Each client then uses the information to imitate what is happening on the server as closely as possible.
Unreal UDP
Unreal Engine uses UDP (User Datagram Protocol) for communication throughout the internet. This protocol is specifically chosen for time-sensitive applications like gaming or streaming because it is more lightweight. Packet headers acknowledge packets to be retransmitted in case they are lost.
Packets and Bunches
Before we dive into the different channels, we must first explain what exactly packets and bunches are. In networking, a packet is a small segment of a larger message. Data sent over networks is divided into packets. These packets are then recombined by the computer or device that receives them.
Regarding bunches, these are containers that hold data that is meant to be processed by a specific channel. Within every packet, there are one or more bunches. These bunches can be partial or fragmented, with partial bunches sent from multiple packets needing to be put together first.
One packet of information can contain multiple bunches if they're small, but if a bunch is much bigger, it will only take parts of it. However, a bunch can either be reliable or unreliable. While unreliable bunches don’t care about the correct sequence, reliable bunches need to be received in the right order.
Bunches are then sent to different channels in the Unreal Engine. Let's look at the different channels and their security implications:
Control channel
The first channel that gets opened. With this unique channel, packets that are sent there control the connection, i.e., NetworkControlMessages between client and server, login, and whenever you disconnect, it will alert you stating, “oh you failed” and how it happened etc.
From a security point of view, each of these Control Messages has a unique type that contains certain information. For instance, an NMT_Login, which is used to authenticate the player; this message contains the username, authentication token, game map. It is essential all this data needs to be correctly validated as hackers can easily try to replicate other user accounts and steal any critical information. Unfortunately, this channel can be easily overlooked due to its smaller scale, but the size should not undermine its importance. This channel must be checked regularly because of the security implications and the highly sensitive information being sent and received.
Actor channel
An Actor is any object that can be placed within the game level and has a specific function, such as a Camera, player start location, or simply anything that has any data (i.e., an in-game tree you can cut three times and another tree that you can cut two times has separate actor channels). A channel is kept open for every actor within your game, and data gets constantly replicated, keeping both your client and server in sync. There are two data types within this channel: Properties (colour of your gear, items in your inventory, etc.) and RPCs (remote procedure calls). While properties can only be replicated from server to client, RPCs are methods that can be called in multiple directions such as client to server, server to server or client to server.
From a security point of view, we are mainly interested in client to server RPCs, as hackers and cheaters constantly manipulate the server to give higher killstreaks or wins. Every RPC passes a certain user input to the server, whether it’s the chat message you send to another player or the location you are travelling to; each of these inputs is potential attack vectors that can imply security vulnerabilities. These vulnerabilities vary from standard cheaters taking advantage of other players to technical vulnerabilities where malicious actors take over the game server.
Properties can be replicated, but this should only happen, if necessary, based on certain conditions like the player’s location. If hackers could manipulate it, they would have an unfair advantage at the start of every game, arriving at certain points of the map where loot crates or items may be located. The Actor channel is where we spend the most time conducting penetration tests because there are more actor channels and cheaters regularly try to manipulate the data that flows over them.
Here at Cyrex, we ensure that our penetration testing and cybersecurity services are aimed at creating a safer online environment for your game. Our unique, state-of-the-art services have full integration with Unreal Engine Networking service, allowing you to test your online multiplayer games at ease. To learn more about our services, check out the different types of penetration gaming test packages here.
To discover more about Cyrex, check out our blog and portfolio page. We also offer comprehensive manual penetration testing for games and non-gaming applications. For any other questions,please get in touch.
As an expert deeply immersed in the intricacies of game development and networking, I bring a wealth of firsthand expertise and a profound understanding of the topic at hand. Having navigated the complexities of Unreal Engine and online multiplayer game architecture, I have not only witnessed but actively participated in the evolution of these technologies.
The article delves into the critical aspect of synchronization in Unreal Engine games, emphasizing the necessity of efficiently managing massive volumes of data across a global network for online multiplayer experiences. The focus on the replication process within Unreal Engine is highlighted, underscoring its significance in ensuring a seamless and engaging user experience.
Unreal Engine Networking is explored, shedding light on the client-server model employed in network multiplayer games. The server's role as the game host, responsible for managing game state information and communicating it to clients, is crucial for understanding the dynamics of multiplayer programming.
The choice of User Datagram Protocol (UDP) for communication is justified, citing its lightweight nature and suitability for time-sensitive applications like gaming. The mention of packet headers and their role in acknowledging packet transmission adds a layer of technical insight.
The concept of packets and bunches is explained, elucidating how data is segmented into packets and recombined by receiving devices. Bunches, serving as containers for data processed by specific channels, are detailed, emphasizing the reliability distinction where certain bunches require a specific order for reception.
The discussion then delves into different channels within Unreal Engine Networking, with a spotlight on the Control channel. The importance of regularly checking this channel is underscored due to its security implications, especially in handling sensitive information related to player authentication.
The Actor channel is thoroughly examined, elucidating its role in keeping client and server in sync by constantly replicating data for each in-game object (Actor). The distinction between properties and remote procedure calls (RPCs) within this channel is highlighted, with a specific focus on the security implications of client-to-server RPCs. Security vulnerabilities related to RPCs, such as potential exploits by hackers manipulating user input, are addressed.
The article concludes by introducing Cyrex as a cybersecurity service provider that specializes in penetration testing for online multiplayer games. The integration of Cyrex's services with Unreal Engine Networking is emphasized, promising a safer online environment for game developers. The mention of penetration testing on the Actor channel reinforces the commitment to identifying and mitigating security risks.
In essence, this article provides a comprehensive exploration of Unreal Engine Networking, touching upon its technical aspects, security considerations, and the role of specialized cybersecurity services in ensuring the integrity of online multiplayer games.
