Getting Started
SigChain Guard SDK
Hardware-level anti-cheat and app integrity verification for Unity VR games. The SDK handles everything automatically — you make one call, SCG does the rest.
How It Works
The SCG bridge fires before Unity finishes loading. It collects hardware attestation data, encrypts and signs the payload, and sends it to the SCG backend. Your game receives a simple result code. No security logic runs client-side — the server makes every decision.
Requirements
System requirements
Unity Version
Unity 6 (6000.x) · Unity 2022.3 LTS
Tested on Unity 6.4 and Unity 2022.3
Android API Level
API 29+ (Android 10)
Required for hardware TEE access
Platform
Android VR
Meta Quest, Pico, Android VR headsets
Account
Active SCG subscription
sigchainguard.com/dashboard/
Installation
Getting set up
The SCG Unity package is available from your dashboard. You need to complete account creation and BTKV verification before the SDK will function.
BTKV Required
BTKV (Beta Test Key Verification) is how SCG confirms you own the app you are registering. An unverified API key causes all validation calls to return CHECK_DASHBOARD. You must complete this before going live.
Step 01
Create an account
Go to sigchainguard.com/dashboard/ and sign up. Verify your email. You will be taken to the dashboard.
Step 02
Register your game (BTKV)
In the dashboard, go to Register Game. Upload your signed
.apk — SCG extracts your app's certificate fingerprint and package name automatically. This is the BTKV verification step. Once complete, your API key is issued and bound to that certificate.Step 03
Download the Unity package
In the dashboard, go to Downloads. The .unitypackage is only available after BTKV is complete. Download the package for your Unity version.
Step 04
Import into Unity
Assets → Import Package → Custom Package → select the downloaded file → Import All.Step 05
Configure the SDK
Window → SigChain Guard → Setup. Paste your API key from the dashboard. The setup window also has a Fix All button that checks your project settings and resolves common integration issues automatically.Step 06
Call SCG.Validate()
Add the validation call to your game's start logic. The bridge fires before Unity finishes loading — your game receives the result before any gameplay code runs.
Quick Start
First integration
GameManager.csC#
1using SigChainGuard;
2using UnityEngine;
3using Photon.Pun;
4using Photon.Realtime;
5
6public class GameManager : MonoBehaviour
7{
8 async void Start()
9 {
10 SCGResult result = await SCG.Validate();
11
12 if (result == SCGResult.PASSED)
13 {
14 // Pass SCG token to Photon before connecting
15 var auth = new AuthenticationValues();
16 auth.AuthType = CustomAuthenticationType.Custom;
17 auth.AddAuthParameter("token", SCG.GetLastToken());
18 PhotonNetwork.AuthValues = auth;
19 PhotonNetwork.ConnectUsingSettings();
20 }
21 else if (result == SCGResult.FAILED)
22 {
23 // Kick, show error, or block — your logic here
24 }
25 else if (result == SCGResult.NO_CONNECTION)
26 {
27 // Handle offline — your logic here
28 }
29 }
30}
2using UnityEngine;
3using Photon.Pun;
4using Photon.Realtime;
5
6public class GameManager : MonoBehaviour
7{
8 async void Start()
9 {
10 SCGResult result = await SCG.Validate();
11
12 if (result == SCGResult.PASSED)
13 {
14 // Pass SCG token to Photon before connecting
15 var auth = new AuthenticationValues();
16 auth.AuthType = CustomAuthenticationType.Custom;
17 auth.AddAuthParameter("token", SCG.GetLastToken());
18 PhotonNetwork.AuthValues = auth;
19 PhotonNetwork.ConnectUsingSettings();
20 }
21 else if (result == SCGResult.FAILED)
22 {
23 // Kick, show error, or block — your logic here
24 }
25 else if (result == SCGResult.NO_CONNECTION)
26 {
27 // Handle offline — your logic here
28 }
29 }
30}
Photon Integration
If your game uses Photon, pass SCG.GetLastToken() to Photon's AuthValues before calling ConnectUsingSettings(). This allows the SCG backend to verify the player server-side on every room join — banned players are blocked even if client-side checks are bypassed.
SDK Reference
SDK Methods
All public methods on the SCG static class. Click any method to expand full documentation.
SCG.Validate()
async▾
The primary validation call. Fires the SCG bridge, collects hardware attestation data and device signals, encrypts and signs the payload, and sends it to the SCG backend for server-side verification. Can only be called once per session — subsequent calls return the cached result. Player HWID is automatically tracked in your dashboard on every call.
Returns
Task<SCGResult>
ExampleC#
1SCGResult result = await SCG.Validate();
2if (result == SCGResult.PASSED) { // safe to proceed }
2if (result == SCGResult.PASSED) { // safe to proceed }
SCG.ValidatePS()
async▾
Checks Photon server availability and confirms your configured Photon endpoint is reachable. Call this before attempting to connect a player to a multiplayer session. Returns NO_CONNECTION_NOPS if Photon is unreachable or not configured in your dashboard.
Returns
Task<SCGResult>
ExampleC#
1SCGResult ps = await SCG.ValidatePS();
2if (ps == SCGResult.PHOTON_ONLINE) { // matchmaking logic }
2if (ps == SCGResult.PHOTON_ONLINE) { // matchmaking logic }
SCG.ReValidate()
async▾
Triggers a manual mid-session re-validation for the current player. Runs the full validation pipeline identically to Validate(). Rate limited to once every 2 minutes per player — additional calls within the window return RATE_LIMITED. Use this if your game detects suspicious behavior and you want an immediate check.
Returns
Task<SCGResult>
Rate Limit
Maximum once per 2 minutes per player. Enforced both in the bridge and on the backend — editing client code cannot bypass the backend limit.
ExampleC#
1SCGResult check = await SCG.ReValidate();
2if (check == SCGResult.FAILED) { // handle fail }
2if (check == SCGResult.FAILED) { // handle fail }
SCG.HWIDPlayer()
async▾
Registers the current player's HWID against your game in the SCG database. Call this after a successful Validate() to associate that device with your game's player records. If the player has been seen in other SCG-protected games, their existing record is linked — no duplicate is created. Returns the player's HWID string. HWID tracking is automatic via Validate() — you only need this if you want to explicitly trigger registration at a specific point in your code.
Returns
Task<string>
ExampleC#
1string hwid = await SCG.HWIDPlayer();
2if (!string.IsNullOrEmpty(hwid)) { Debug.Log("HWID: " + hwid); }
2if (!string.IsNullOrEmpty(hwid)) { Debug.Log("HWID: " + hwid); }
SCG.ReturnHwid()
sync▾
Returns the current device's HWID string locally without any network call. The HWID is derived from factory-burned hardware values and is stable across reinstalls, factory resets, and OS updates. Use this if you need the HWID string in your own game code or to display it to the player.
Returns
string
ExampleC#
1string hwid = SCG.ReturnHwid(); // no network call
SCG.GetLastToken()
sync▾
Returns the signed JWT issued by the SCG backend after the last successful Validate() call. Pass this to Photon's AuthValues before connecting so Photon can verify the player server-side via the SCG Photon auth endpoint. The token expires 5 minutes after issue — if the player takes longer than that to connect, call Validate() again.
Returns
string
ExampleC#
1var auth = new AuthenticationValues();
2auth.AuthType = CustomAuthenticationType.Custom;
3auth.AddAuthParameter("token", SCG.GetLastToken());
4PhotonNetwork.AuthValues = auth;
2auth.AuthType = CustomAuthenticationType.Custom;
3auth.AddAuthParameter("token", SCG.GetLastToken());
4PhotonNetwork.AuthValues = auth;
Error Reference
SCGResult codes
Every possible value returned by SCG methods. Click any row to highlight it. Use the search bar to look up any code instantly.
SCGResult.PASSED
Pass
All 8 security gates passed. Device has verified boot, locked bootloader, matching certificate fingerprint, and a clean runtime environment. Safe to proceed.
SCGResult.FAILED
Fail
One or more security checks failed, or the player's HWID is banned on this game or the network. Check your dashboard validations tab for details. Ban reason is not exposed to the client.
SCGResult.NO_CONNECTION
Warn
Device has no internet connection. Not a security failure — your game decides how to handle offline sessions.
Tip: Allow limited offline play or show a connection required message.
SCGResult.NO_CONNECTION_NOPS
Warn
Returned by ValidatePS() when your Photon endpoint is unreachable or not configured in your dashboard.
Fix: Check your Photon endpoint URL in the dashboard.
SCGResult.SDK_OUTDATED
Fail
The integrated SDK version is below the minimum version set in the admin panel. All validation calls will fail until updated.
Fix: Download and integrate the latest SDK from your dashboard.
SCGResult.BRIDGE_TAMPERED
Fail
The SCG bridge has been modified from its original compiled state. Serious integrity violation.
SCGResult.HOOK_DETECTED
Fail
A known hook framework or suspicious injected library was detected on the device at runtime.
SCGResult.RATE_LIMITED
Warn
ReValidate() was called within the 2-minute rate limit window. Enforced server-side regardless of client code.
Fix: Wait at least 2 minutes between ReValidate() calls per player.
SCGResult.QUOTA_EXCEEDED
Warn
Your account has reached the MAU limit for the current billing period. New device validations are blocked until the next period.
Fix: Upgrade your plan in the dashboard or wait for the next billing period.
SCGResult.AUTH_PAUSED
Warn
Authentication has been manually paused via the dashboard toggle. All validation calls return this result until resumed.
Fix: Resume authentication in your dashboard.
SCGResult.BACKEND_TIMEOUT
Warn
The SCG backend did not respond within the timeout window. Check sigchainguard.com for service status.
Fix: Retry validation. Contact support if persistent.
SCGResult.CHECK_DASHBOARD
Fail
Your subscription has lapsed, API key is inactive, or BTKV verification has not been completed. All validation calls return this until resolved.
Fix: Check your dashboard for account or billing issues. Contact support@sigchainguard.com if you need help.
SCGResult.COLLECTION_ERROR
Warn
The SCG bridge was unable to collect one or more required device fields. Should not occur on supported devices.
Fix: Ensure target device meets Android API 29 minimum requirement.
SCGResult.REPLAY_DETECTED
Fail
The validation payload nonce has already been used. Each nonce is burned after a single use. Indicates an attempted replay attack — the HWID is automatically flagged.
SCGResult.BASELINE_MISMATCH
Fail
The APK certificate fingerprint or package name does not match the registered baseline. Indicates the APK has been re-signed or modified.
Fix: If you changed your signing key legitimately, re-register in the dashboard.
SCGResult.FAILED
Fail
The device HWID has been added to the SCG network blacklist. The rejection reason is not exposed to the client. Visible in your dashboard as NETWORK_BLACKLIST in checks_failed.
SCGResult.FAILED
Fail
The device HWID has been banned in enough other SCG-protected games to exceed your configured network ban threshold. Configure threshold and message in SCG-AUTH settings in your dashboard.
SCGResult.PHOTON_ONLINE
Pass
Returned by ValidatePS() when your configured Photon endpoint is reachable and responding correctly. Safe to proceed with matchmaking.
SCGResult.UNKNOWN
Warn
An unexpected or unrecognized result was returned. Should not occur in normal operation.
Fix: Update to the latest SDK and contact support@sigchainguard.com if persistent.
Error Lookup
Search any error
Use the search bar at the top to look up any SCGResult code, error message, or integration issue instantly.
Tip
Search by result code, severity, or keywords. Try "fail", "connection", "banned", or specific codes like "QUOTA_EXCEEDED" or "BTKV".
Changelog