koobas.hobune.stream
Is it possible to change builds structures?
HI, just wondering if it is possible to change the build game structure, because i'd need to re-structure the folders and files, and i don't want to have .assets files, i want to have my own file types. Thanks a lot!
For what purpose? WHY would you ever what to change it?
@Benproductions1 Just want to protect my assets and my scripts
What platforms are you building for? None mobile platforms could be made to load script from encrypted external DLLs. Your assets could be encrypted and loaded from files stored in Strea$$anonymous$$g Assets or even decrypted from resources in a Resources folder.
iOS is encrypted anyway.
The same approach is possible on Android I believe.
A dedicated cracker could find your decryption code however, as somewhere is the bootstrapping that would be possible to locate - on the other hand, it would discourage most.
Is there a particular reason for this need? Gambling system or something? In those cases you'd be better off putting important logic on a server.
Ok so you are probably going to use System.Security.Cryptography to do the encryption and create a CryptoStream that you would use to load some of your assets. The easiest thing to do would be to create asset bundles and then encrypt those files and decrypt them before using AssetBundle.CreateFromMemory on a decrypted byte array.
This would cover your assets but not your scripts.
The best way to manage scripts would be to download a chunk of your code from the server in an encrypted stream and use Assembly.Load on the decrypted byte array to load some script into the game.
A clever approach would be to automatically update such components every hour or so and have it send a GUID to the server. The server would maintain a list of currently valid GUIDs (last one, this one) and would reject the code if it was out of date or messed with and not allow any play. This does mean compiling a set of different executables or resources that have the keys.
Given that you have to decrypt these streams you will somewhere in your code have to have the key, which a hacker can find so it isn't 100% secure (apart from the script method I just described which is secure on every period you change the code, though even this could be "auto hacked" especially if the location of the encoding did not change or was easily identifiable). But it would need to be hunted for. Don't download keys from the server, this gives a packet sniffer more chance of identifying the keys location.
Also consider generating an $$anonymous$$D5 hash value from the downloaded binary and send that to the server to be sure that it matches.
Ok, this is really usefull. I think I'll have to investigate more the AssetBundles and System.Security.Cryptography.
BUT (there's always a but), I don't really like the idea of strea$$anonymous$$g my scripts, at least not for this project. It's a really good method, but I'm more afraid of Packet Sniffers (that can, for example, extract my databases password from one of those scripts) than I am of hackers.
Anyways, this is really usefull and I'll give a try to the cryptography method you exposed and some Obfuscators I found on the internet.
Thank you very much both @whydoidoit & @DaveA
Well you'd be strea$$anonymous$$g your script encrypted - so it would take proper decompilation to find it. And why would you put a database password in the client application?? Surely that's server side only.
You should not directly query a database from your client, go through a server side facade that owns the real database connection.
Like having a PHP script that returns a query and C# takes that data?
That completely depends on how you build your muiltplayer. You say that this is for an $$anonymous$$$$anonymous$$O game, so if you build your networking right (as in, authoritative servers etc...) then you shouldn't have to worry at all about hackers.
If you are using the built-in Unity Networking, by which I mean network Views syncing the data (Not RPCs), then you are not using an authoritative system (and it won't work as an $$anonymous$$$$anonymous$$O either). You should then either build your own or use a networking package :)
That would probably be very difficult. For what it's worth: There are, for example, Obfuscators you can get which will troll through the built game files and sort-of encrypt them (really just make them less obvious what they contain). So a precedent exists for that. And if you google around how to extract assets from Unity games, you'll find a bunch of people talking about how they did it.
I just had a look, one simple google search and i got a decompiler :S. That's why i want to keep all my files protected. I also investigated the obfuscators, that would be a plus, but i'd also like to know howe to change the structure of builded clients, for total security ;)
Thanks
This is also a answer, but I cant choose both... Dunno why ;(
You can change your answer choice but the other is a good answer. FWIW there are those who believe that the more you try to hide your assets, the more valuable they must be, and you have thrown down the gauntlet, challenging them to hack you. And they will. So many consider this a waste of time. I'm on the fence about it myself. There are ways to have your stuff ping a server to let you know that it's in use, letting you track such usage, to get an idea of how many people are using it (vs how many actually paid for it).
