We are finally releasing the first part of a series of tools that will allow developers to easily hide Interlude keys in their games and apps.
First a disclaimer: this is a very bare bone, alpha version. We have limited the features as much as possible, because we absolutely need to incorporate feedback from users to develop the product further. If as a developer you find something is lacking, please get in touch and share your opinion, this is exactly what we are hoping for!
So here it goes: hide a key in your Unity game in 30 seconds!
- Download or clone our Github repository
- Import the InterludeScavengerHunt Unity package at the root of the repo in your Unity project.
- The package contains two prefabs: the ScavengerHuntManager prefab and the Key prefab. Drop the two in your scene. The ScavengerHuntManager is already configured, and contains most of the scripts. It carries the script that will call for the key, as well as the UI Canvas that will display it. The script needs to know the BSC address of the player, so there is a second UI Canvas with a form to ask for the address:
You have to trigger the display of this form before the player finds the key (since the address is necessary to request the key). In general this should be done at the beginning of the game, maybe just after spawning on the map. You can put it in your Main Menu, or trigger programmatically the display by calling
4. The Key is made of a key 3D model with a Key script and a collider, that calls the relevant function once triggered by the player:
Interlude.ScavengerHunt.KeyFound(int id, string secret)
The Key script offers just two public fields:
Alternatively you can trigger the display of the key yourself by calling the function in your own script.
5. To find these fields head to the developer dashboard on our website:
6. Click on the “Generate key” button. The fields “Public key”, “Private key” and “Key secret” will be automatically filled.
7. Fill the “Message” field. The message should contain enough information to enable the players to find your keys, for example a URL to your website or game page, along with indication to find the key inside your game.
8. Click on “Register key” and validate the transaction on Metamask. Once the transaction is successful, the UI will display the ID of the newly registered key:
9. Copy the ID and the Key Secret field, and paste them in the respective fields in the Key script. That’s it! Your game is now connected to the Interlude network! Once the player hits the trigger the key should be displayed automatically:
Of course all this is very customizable. In essence this is a very simple API call that you can find in the ScavengerHunt.cs class:
WWWForm form = new WWWForm();form.AddField("ticket", ticket);
form.AddField("password", password);UnityWebRequest www = UnityWebRequest.Post(GetURL("getKey"), form);
www.timeout = 20;
yield return www.SendWebRequest();
You can modify all the rest, for example by using your own model for the key or a different UI that would fit your game’s art style better. And of course the main design decision is yours: when does the player actually finds the key? Where will you actually hide this key? This kind of considerations will be the subject of a coming series of article, and will have to be refined together with the community of both players and developers.
How does this work under the hood?
For security and simplicity of development reasons we don’t hide the keys inside the games themselves. We provide a key management service that stores the keys securely indexed by their Ids, and will serve the requests from the games. When you “Register the key” on our website two operations actually take place:
- the public part with the message is stored on the ScavengerHunt smart contract on the BSC. The smart contract sends back the Id of the newly registered key
- the public and private part of the key, along with the secret and the Id are sent to our secured (centralized) server
On the game side during the scavenger hunt:
- when the player is asked for its BSC address inside the game, the script checks on the blockchain that the player has actually started a Scavenger Hunt, and that the key to find is actually the one in the game. If it’s not the case the OnNullTicket Unity event is called.
- when the player “finds the key”, the ScavengerHunt script actually does the call to the secure server, with the key id and the password for authentication.
Is this decentralized?
Not exactly in this setting since we’re controlling the keys. However, while the current architecture maximize simplicity of development (both on our side and on the developer’s), developers can opt to manage their own key store at any moment (they just need to change the ServerIP in the ScavengerHunt script), so that’s not a real issue.
Is this secure?
Not at all! Unity games are based on the .NET/C# platform, and as a result it is very easy to decompile them and analyze their source. For a hacker that has access to our Github repo and knows where to look, it would take less than a minute to retrieve the secret word and make the API call himself, without playing the games. However we can easily make that a lot harder:
- first by obfuscating the sources and encrypting the password. The Unity Asset Store has some nice assets that do that, for example Obfuscator.
- second, by generating the password dynamically during gameplay, instead of simply storing it as a public field in the Unity component.
These simple measures will make it non trivial to retrieve the key secret, and we will publish examples and tutorials of how to do that in the coming weeks. It is true however that these security considerations will remain one of the big concern of the project. The more Interlude will grow and with it the size of the rewards, the more sophisticated and intense the efforts of hackers to break the games will be. Securing games is an unsolved problem to this day (and actually unsolvable as long as players have access to the games’ binaries), and even for the biggest companies we still see an “arm race” between developers and cheaters, where any security measure only lasts a few days before it is pierced by hackers. There are a lot of things we can do however, and Interlude as a project is actually in a very good position in this respect, as we will see in a forthcoming article.
As we saw in this tutorial, integrating your game to Interlude can be done in literally a few seconds. As soon as your key is registered on the smart contract, it will be available to be picked by the Scavenger Hunt protocol, players will come play your games, and the ISH tokens will start to accumulate on your wallet! So don’t hesitate. If you have an old Unity game or app taking the dust somewhere on your computer, now might be the time to recycle it!
Important remarks (as of 08/13):
Interlude is currently in beta. We are looking to convince the first developers to join the project, and we have therefore restricted the registration of new keys as you will notice by visiting our web interface. If you want to propose your game, contact us! This way we’ll be able to:
- help you with the key integration
- discuss of a compensation in ISH token, since you’re an early joiner of the project
Another important question that has been raised often, we are only aiming at supporting PC games at the moment. MacOS might come later, but mobile games are not currently our focus. This might change if we realize there is sufficient demand for it in the community.