koobas.hobune.stream
How to Protect Webplayer Builds?
There's this one user on kongregate that has figured out a way to crack open webplayers and veiw their code. I messaged him on how he did it and very nicely replied, here is what he said: "Unity uses Mono for scripting. So each unity game contains .Net / Mono assembly files which can easily be viewed with any .NET reflector. The Unity-3D-Obfuscator (which has been written to protect your code) can be used to unpack webplayer builds. Anyway, never “steal” other peoples code. Copyright has nothing to do wether you are able to access the source code or not. Reflecting .NET byte code is actually a language feature of CIL, so every appliation that uses .NET / Mono can be viewed. I’m a games developer as well and most companies that use Unity don’t know about that little “problem”. It’s not really a problem unless you have code that shouldn’t be viewed by the user. But in this case always keep in mind “security through obscurity” never works." Now this scares me because I'm planning on making a MMO within the year and I'm planning to use SQL in my code. With his methods would he be able to find my SQL contents and password? If so is there any way to protect against this?
Rule 4 of Database development. There is never, ever any access to the DB from the client. Not in this day and age. $$anonymous$$iddleware has benefits beyond just bloating the development companies' pockets, key among which are performance, load balancing and security security security.
You should run any code that matters on the server, not the client. Never trust the client. Not really anything to do with Unity; all games get hacked.
As Eric said, but also do some google searches for "Unity Obfuscator" and "C# obfuscator". (Don't just grab the tools. Understanding the tech is well worthwhile).
It will always be possible to rip open any .net/mono package. Such is the nature of the technology.
But you can make it so frustrating for the code rippers that they'll pass you by and pick on the easier targets.
NOTE! This is not a solution to failed security models (E.g. having any form of password in your client) but rather a way of reducing the number of times your code is ripped off and used to generate clones of your work. Even if your code were utterly unreadable and unrippable you'd still be transmitting your SQL usernames and passwords across the network every time they were used.
