Download

How not to package dedicated server blueprints with client

Hi!

Like the title says, is there a way not to package certain blueprint pieces with given package “type”. Can these be controlled somehow with cooking or is there some other way to do this?

I know WITH_SERVER defines on C++ side and these are fine, but I’m looking a way to not compile blueprint nodes after “Switch authority” node or just not compile certain function altogether if dedicated server is cooked/built. Is there a direct or some other way (does blueprints have preprocessor or would something like separating blueprints to different module work)?

I’m worried that I’ll ship some blueprint code that enables easy reverse engineering that could lead to exploits. While using plain C++ could be the way, I don’t like the idea that I cannot iterate features quickly with blueprint.

Thanks!

I doubt anybody will do any decoding for blueprints soon, if ever. It is much easier to decompile C++ (IDA for eg), having source for unreal, it is a matter of properly setting up IDA and you can almost read your C++ code.
For blueprints that is not simple, they do not even have normal code flow, all is in exec connections. try to trace that with any decompiller.
So IMO best obfusctaion method for code you do not want to be decompiled is putting everything in one big graph, that way somebody who tries to reverse it will have everything together in one single (and huge) package.

I know it’s kinda far fetched to think about reverse engineer or actually releasing code worth decompiling but still I see this as an issue as someone will do it given someone will benefit from it.

Think about MMO(not my project) quests, having the ability to actually see how quests are structured and “ran” enables easy way to make a custom server with just having the client to reverse engineer.
Or some new <insert big thing> made with UE which has AI code included in client, someone will make a bot exploiting it.

And of course package size as You could potentially strip a lot of code out from builds.

I see there is BP -> C++ on the roadmap, could this be a solution? I’m not releasing anything tomorrow but knowing this is in the pipeline would ease my mind - and others as well, seen this pop up in the answers with no official reply.

It doesn’t matter what you do if someone wants to reverse engineer you’re game and they have the skills and tools to know how to do it then they will, same as hacking you can never completely stop it only minimise the risk. Unless you’re game is going to be a huge success or has mechanics not seen before it is also highly unlikely that anyone will waste the time to do it . There are already thousands of tutorials , whole game codes you can buy etc to make any kind of game you want , so reverse engineers will mainly only target specific games that have unique or different game mechanics that already arnt existing or highly successful games .

So really although it’s a worry I’d choose to not worry about it and concentrate on other things.

I know You both are right on the fact that it’s relatively small or non-existent worry. Focusing on things that actually ships ones game is better.

That said, I still worry about having server logic shipped with client. I understand this must be for some games that have ability to host servers on their own but some situations this is undesired. I don’t worry about actually inventing some new algo that I don’t want to release to the world I worry about my mistakes in logic being exploitable easily.

Blueprint preprocessor would be cool for many things, this included. Think about creating a comment block that You could define when the “insides” of that block are compiled, then control that on cook settings. That would essentially be visual preprocessor. I would even try to branch the code and implement that if I knew anything how the node compiler works.

If you really worry that much and it is problem for you game, write dedicated server yourself, there are sdks to make that.
Blueprints were not meant for this, you probably could separate all that, but i bet a lot of logic is hidden in C++ level.
For eg, when you package client side version of game, then package separate project that has only server side, will client side recognize dedicated server project?

Also by making dedicated server only version you basically are forking your project, now you need to maintain 2 projects instead of one.
Or how you do RPC call to server side if you do not have that code in project?

Recently I had long discussion about my game project with codeveloper, it was about client + listen server or client + dedicated server. All started because we realized we have kind of 3 different games inside our project. And we picked listen server + clients model, because it is easiest to implement.

We both are/were working in IT security for 15 or so years, and we both agreed that we do not care if somebody reverse our code, at least not for first game. If they waste time to reverse it we will be happy that it sells enough to be hacked. And blueprints are quite **** hard to decompile, dont forget there is maste blueprint graph all mixed with your stuff together, so decompiling game means getting all that blueprint code, not only your game.

Ps.
Also all that not linking server side into client side code may be already done by epic.