- Home /
Unity 5 Obfuscation. Is it possible to properly protect a Project?
Hi everyone, I'm making a game in unity and I am adding obfuscation to my project to prevent pirates and other code thieves.
Now before you say that 'anybody who wants to steal your code can do it', I use lambda's, iterators and local variables wherever possible throughout my code, however, I think that this is not enough protection, especially for my anti-pirating module, which is very vulnerable.
I've tried using several professional obfuscators but they seem to not work with unity 5 upwards. I also took a look at unity obfuscator, which only has support for unity 2 and 3.
When using redgate's SmartAssembly obfuscator, it tells me that my game's executable and assembly.dll files are not valid .net assemblies, though ILSpy has no issue decompiling them...
So which options are best for protecting a unity program?
-Causticlasagne (^^)
Hmmm very true. A hardcore pirate could crack the game, but what if it had integrity checks and all that. I mean unity isn't very friendly when it comes to pirates substituting different versions of the assembly.dll. I plan to make my game Pirate Proof. and I have several ways to do it.
@tanoshimi, I didn't know that function lambda's and iterators were decompilable. I've tried using several decompilers on one of my old projects to get the source files back, but they use iterators, so I can't get most of the code. Lucky I didn't use spaghetti code on these source files, otherwise there would be no recompiling that stuff.
Thanks guys for your comments.
Let me be clear, if your spending time trying to make your game hack-proof, your game WILL suffer and you've just wasted your time, as player will simply not even want to buy it. No matter what field you look into, the more security you put around something the less convenient that something will be to everyone. No fortress is impregnable, just costly to break.
let say you do manage to make your game hack proof, well congrats but no ones will want to play your game because the only software that can be hack proof is software that completely ignores the outside world, that doesn't interact with anything. which means players can't play the game... and that means even YOU can't work on that game. if YOU can edit the game, then technically it is not hack-proof.
the more secure you make something then by definition the less accessible it becomes to "everyone". trust me when I say this, but not only will you have a much more productive time making the game fun than making it hack proof, no company in their right $$anonymous$$d will be interested in a "hack-proof system" that would hurt a game sales.
Yes, security is important and steps should be taken to protect your game. Encryption, litigation, and isolation are effective countermeasures. but these are not hack-proof, they just make it very costly and/or risky to hackers.
You know... It is I$$anonymous$$POSSIBL$$anonymous$$ Some people are sick, they invest years of their lives cracking games. I am already expecting my games to be cracked anyway so i am not worried at all
Answer by JoshuaMcKenzie · Feb 08, 2016 at 01:26 AM
Obfuscation is not the answer to piracy. DRM follows the same mistaken reasoning that you can prevent piracy by simply making it harder for pirates to steal. However as history has shown, many pirates are smart and they usually have the motivation to overcome said obstacles and all it leaves you is simply inconveniencing the wrong people (developers, honest consumers, etc.). All it takes is one hardcore pirate to break a game open for an entire population.
The real solution to solving piracy is to understand why there is a need for piracy in the first place. As Gabe Newell, the guy behind Valve's Steam, has said (2011): "Our goal is to create greater service value than pirates, and this has been successful enough for us that piracy is basically a non-issue for our company...". His philosophy is that piracy primarily stems from a supply and demand issue, that products are pirated because most users (usually foreign countries) can't gain access to the said product.
If you provide a better service than the pirates then people won't feel compelled to steal your work due to the inconvenience. and you can rely on networks like Steam to provide this type of service for you
Hey, while this philosophy is true, it is DEFINITELY not a reason NOT to obfuscate. Obfuscation does not buy you security, it buys you the time you need to stay ahead of the cheaters and give your community the great service they need in order to prevent them from cheating. This way, cheaters will never be able to add the features you have to their game and keep up with you. They will always be a few months/years behind, which usually stops people from starting in the first place.
I elaborated on it in a post here: https://medium.com/@pimdw/i-used-to-reverse-engineer-clients-for-a-living-a9369942c179#.hp50kb667
The reason NOT to obfuscate is if it slows your own development down, in which case it's doing precisely the opposite of buying you time.... Unity is a very different beast to Java in this respect, and obfuscation can break the messaging and serialisation system, leading to some hard-to-track errors.
Of course, as with all risk-management decisions, it depends on the severity of the outcome if your game is hacked. For most games, the worst outcome is that the player gets to browse your assets or see how your code is structured and possibly copy it in their own product. So what? If they were skilled enough to decompile, understand, and reimplement your code, they were probably capable of co$$anonymous$$g up with it themselves anyway. If you're creating an e-sports game with a million dollar league behind it, the case for obfuscation is slightly stronger...
Yes my answer was primarily focused on the fact that its not the "end-all" solution to piracy.
Obfuscation itself remains an effective and useful tool, but against Piracy it not a fully effective countermeasure, and it doesn't solve the problem, especially on its own.
That is all I was getting at.
Answer by tanoshimi · Feb 07, 2016 at 10:59 PM
This question has been asked several times, and the answer is always the same - you simply cannot have "properly protected" client-side code. At best, obfuscation slows down both your code development and execution and, at worst, it will break your game (callbacks won't be found if their names have been changed during compilation, for example).
If code must be secure and tamperproof, keep it on a server. Anything else can relatively trivially be read, lambdas, iterators or not. Why does it matter?
Server code is only as secure as the client code talking to it. If anyone can access the client code then the server is also compromised.
That's not true. The user would have no access to the server code regardless of the client. And even if they reverse engineered the client to make their own, they can only perform actions within the structure defined by the server.
A completely secure app/game is a "dumb" client. Just sending commands and receiving the end result. It doesn't matter what they do, because the actual game runs on your server.
..but these are the Unity forums, an engine built for creating game clients, not dumb ter$$anonymous$$als.
I appreciate your point, but without the ability to obfuscate client code the only remaining option is to write everything server-side. With obfuscation, you can allow the client to do the heavy lifting. If you can at the very least obfuscate any keys or algorithms you use to communicate with a server, the server can then validate those actions.
Search Anno 2070 in ANY torrent website or something, and try to play it. I bet you can't.
Why? Because it uses a Server, and it is actually very simple: You can't play if you don't have an Uplay account with that game. Seriously, this is the only game i know in history that hasn't been hacked.
Correct me if i am wrong, but seriously this is the only one. (I don't know very much about pirated games)
Anno 2070 has been cracked for a very long time and you don't need to be connected or logged in to play it. That being said, I strongly recommend purchasing it as it's a fantastic game well worth the buy.
Hey, I wrote a post about this specific topic. I recommend you guys check it out if you are considering whether or not to obfuscate. It's a bit long to post in a reply, but what it comes down to:
Obfuscation does not buy you security, it buys you the time you need to stay ahead of the cheaters and give your community the great service they need in order to prevent them from cheating. This way, cheaters will never be able to add the features you have to their game and keep up with you. They will always be a few months/years behind, which usually stops people from starting in the first place.
I elaborated on it in a post here: https://medium.com/@pimdw/i-used-to-reverse-engineer-clients-for-a-living-a9369942c179#.hp50kb667
Answer by getwreckedgame · Nov 06, 2016 at 06:56 PM
Obfuscation does not buy you security, it buys you the time you need to stay ahead of the cheaters and give your community the great service they need in order to prevent them from cheating. This way, cheaters will never be able to add the features you have to their game and keep up with you. They will always be a few months/years behind, which usually stops people from starting in the first place.
Your answer
Follow this Question
Related Questions
iphone: this executable was signed with invalid entitlements 2 Answers
How to generate a Linux ARM build of Unity application? 1 Answer
FOV script does not change camera FOV on executable, but it does in the unity playtest. 0 Answers
what are the different ways of creating an exe from a unity game? 2 Answers