Hi all,
is unity3 security more that unity2.x?is it possible to heck/decode asset files?
So thanks.
3 Answers
3Anything "readable/downloadable" can be caught and analyzed offline. Once this happends, its just a matter of brain and CPU power.
I develop with this in my mind and place every possible bit of "serious logic/data" within a server and places the data behind a login or some other kinda of authentication + add some "personal data" + "checksum" per session.
So, even if data is copied and tampered, it wont make any use with MY program.
Ofcause if its a matter of protecting interlectual rights (copyright etc) then dont publish the game/program. Nothing is really safe. You can make it harder to copy, but not prevent if they really want it.
You could make it a bit annoying for the lazy of the hackers/crackers.
I havent testet this yet, but back in Flash some protect their applications by this pattern:
- HTML loads SWF with querystring parameters (usually a uniq session ID from the server)
- SWF parses this querystring and requests new packets from the server with the session id's attached.
- the server checks if session ID is valid + checks if the time from the first request to the next is "human" or "machine". If its human, its denys the session ID and throws the user to the "front" with a forced page refresh or similar.
Feel free to expand on this like:
- The loaded content from the server, could be yet another "decoder"... that loads another module
so that even after decompiling the first module, you need to decompile the next, but you cant download the next easily as its only available while the session is valid.
This might sound messy, but I believe that one of the ways to protect against most "newbies" is to put in some sort of time-validation between requests + dont give away import things before needed. Split your modules/assets/packages into small bits so it gets to be a hell to grab it all.
Lastly, obfuscation is very well known too. Replacing normal variables/filenames with strange "coded" names.
Eg. "EndOfLevelMonster" becomes "A1252435" etc.
AFAIK, there weren't any changes in that area from 2.6 to 3.0. There's two pretty lengthy forum threads:
- How to protect Unity games from copying/abuse - directly related
- Hack resistance? - more about "hacking" a game (cheating)
Generally speaking, decoding the script-code is very easy and getting the art assets (in particular models) is pretty hard because Unity uses a proprietary format for those.
Just don't forget the one rule that NEVER changes along the line of the entire human race. If enough people want something bad enough...