- Home /
Source code security
We had an Unity project that can build a complete game. Now we are hiring new staff to update the code inside it. Is there any best practice to provide the Unity project to him for development, but he cannot steal the source code for his own use?
no is imposible, you need to share the full project and have confidential contracts, the only other solution is to divide the full project into libraries, atleast the important scripts
"new staff" to do what exactly? In which way should they interact with your project? When you hire people you usually let them sign a disclosure contract which does not allow any usage outside the project. If they have to work with the code there's no way to "prevent" them from stealing it. If you can't trust your workers, you should find better ones.
Answer by TenaciousDan · Aug 24, 2020 at 01:28 PM
If I understand you correctly, the new staff will be using the code you wrote like a library or asset you'd download from the asset store and you don't want them to see or reverse engineer the source code.
There are ways to "protect" the source although they have nothing to do with Unity. The first thing you can do is generate a DLL for your source code (). This alone is not enough to protect it though, a DLL can be easily decompiled using free software. You will have to do some code obfuscation. As the name suggests, this makes it so that your code is extremely hard to read making variable names like "fdh42ed" which make no sense to a person reading it. Some code obfuscators do a pretty good job making the code unreadable. Please note that this does not make the code "unstealable", it is still possible to reverse engineer the source code (however it is much, much more difficult to do so). Most people won't bother to try at this point.
Something things to note:
- When creating the DLL you will have to add all the Unity DLLs that your source code references as references. Here is a video example (video) however this example is very basic and he only adds the UnityEngine DLL but you can find all the DLLs you need in or around the location shown in the video.
- I have run into some problems where I suspect reflection was involved and obfuscating the code made those scripts throw errors. Unfortunately I was not able to completely solve this issue so for that one script, I removed it from the DLL and left it **un**obfuscated.
Here is the Obfuscation software I used (of course you can try others if you wish): ConfuserEx There is a plugin for Visual Studio that let's you chose which DLL's you want to obfuscate with some options. These are the options that worked for me:
There are also some paid options on the Unity Asset store I think which I have not tried.
I hope that helps.
Cheers.
This doesn't make much sense if those people should
update the code
in the project. I wouldn't work on a project as a programmer without seeing the code.
Apart from that the main concern was that the project is fully functional. So obfuscation is pretty pointless since they could simply steal and use everything as it is. Obfuscation is never a security measure, it's just a way to make it harder / more diffcult to reverse engineer the code.
I mentioned that it is still possible to steal the source even with obfuscation just makes it more difficult.
And yes, the new staff can still steal the DLL and use it, but if that was the concern of the OP, I'd say the only solution is "don't share your stuff with people who you don't trust". But I feel like that would be pretty self explanatory. I assume that the OP was looking to prevent new staff from copy pasting his source code and using it in their own projects. Like I said, DLL and obfuscation prevents most people from trying.
The best way to protect your source code is to do it legally via contractual agreement I guess.
But that's still pointless in his situation since the "new staff" should work ON that code. So what code do you want to obfuscate? It's like you're hiring a driver but you are worried he could steal the car so you don't give him the keys and won't let him get close to the car...
Your answer
Follow this Question
Related Questions
How to protect my project from decompiling? 1 Answer
Desktop Game & More 2 Answers
security of Asset Server 1 Answer
Can I export a swf from Unity which is "local-with-filesystem"? 0 Answers
Unity standalone app blocked by security preferences 1 Answer