How protected is source code in a published build?

I was wondering how “safe” source code might be when deploying a public build. Specifically, how easy would it be for an end user to figure out the source code studying only the distributed build?

The question came up because we wanted to build some serial number validation within the Unity code. Of course, if you could just open up some file from within the build and see scripted source code, it would be too easy to see and break the validation code.

My question is not whether the code is impenetrable to even the most hard core hacker because we all know that’s always going to be an impossible achievement, but rather, does anyone know if the published files have easily viewed code? For example, I read about how easy it is to pull undocumented functions out of Unity’s own DLL’s.

Incidentally, server-side validation is not an option. It must be something local. Thanks!

This is an excellent thread on the matter of code security: http://forum.unity3d.com/threads/103167-UNITY-DEVs-!-Is-Obfuscation-of-NET-assembly-sufficient-to-protect-code

By default, unity’s code is about as protected as a .txt file. While it’s impossible to entirely protect your code, obfuscation can make life harder on hackers/crackers/curious people.

This neat little tool will show you just how protected Unity builds are: http://wiki.sharpdevelop.net/ILSpy.ashx

If you want something protected, you may want to keep it on your own server and be clever about what you give to the end-user.

http://www.siliconrealms.com/ offers some sort of key-validation service, but again you can’t really protect anything from people who hack stuff for fun. :slight_smile:

There is info about encrypting unity source code and resources and applying computer unique activation with various license types at: