Obfuscating variables, classes, structs and method names

I'm not concerned with anyone stealing my code, all I want is for it to be impossible for anyone to see the names I used for my variables and methods if someone decompiles the build.

What would be the most practical and free way to do this? Aside of renaming everything manually.

I am also not concerned about strings.

I was looking into obfuscation and I read that merely using il2cpp will do some amount of obfuscation.

My question is, does it change the name of my variables and methods or are they still visible with a decompiler in this case?

I have also briefly read about R8 and proguard for android, which seem that would solve my issue, but I dont see any options in unity to enable that.

But these are the options for android, what are the options for a windows build? Any advice would be appreciated, thanks!


I wouldn't waste your time. ChatGPT and other large language models like it can reconstruct the names based off of the purpose of the code. It's one of the first things that I tried back when it first released. It basically invalidates most if not all obfuscation.

Not that you need deobfuscation to be able to decipher the meaning behind variables and methods. I've modified code that was obfuscated to fix bugs that the developer never got around to fixing themselves. It's not hard just slow. You're not making it impossible to change the behaviour with obfuscation.

4 Likes


no thats not what i mean, I really dont mind if they find the purpose of the code, I just dont want people to see the EXACT names i use for my variables. For example I might have a jump method and i might use the name jumpyjumpywithsprinklesontop(), its an aesthetic issue. I truly dont care if anyone finds out that the method is used for jumping, I just care that they cant see the name I gave it

Ok... I'm intrigued.

Why do you care if they see the name you gave it?

Are you naming your variables your social security number or something?

2 Likes

Also in regards to your questions.

IL2CPP will convert your source code to C++ (as the name implies). I wouldn't necessarily call it obfuscation. But it does alter the effort required to "decompile" because well, there's no IL dlls to decompile. See the reason C# can be easily decompiled is because the dll generated is full of what is called "IL/CIL" or "common intermediate language". It's not machine code, it's a language that all .net languages can be compiled into that is designed to be quickly compiled into machine code at runtime on the client. This is known as JIT (just in time) compilation.

By using IL2CPP, all of that is converted to C++ and then compiled on the build machine. This means machine code is distributed. And machine code is much harder to decompile. Edited with a hex editor? Sure. There's even tools that will try to turn it into C++, but they're no where near as good at doing it as IL decompilers are. And what they're end up with is C++ if they did... NOT C# which you wrote. Thusly yeah... you'll get some semblance of "obfuscation" in that it doesn't resemble the code you wrote as it's in a completely different language.

...

As for R8... it's in the documentation:
https://docs.unity.cn/Manual/class-PlayerSettingsAndroid.html

When in your player settings, go to Android tab, and under "publish settings" it's under Minify:
8907009--1219281--upload_2023-3-27_13-24-21.png

...

Here's the thing... neither of these are really intended for obfuscation.

IL2CPP is intended for creating machine code at build time which can eek out better performance as well as get you builds on platforms that don't support the .net JIT runtime compiler.

And R8 is for minifying your code base. You know... making it smaller so that it takes up less space on disk.

Can it technically be used for what you ask... sure...

But again... why? Why are you concerned about someone know the name of your function if it's not to do with reverse engineering your project? You know... basically the ONLY reason people are ever concerned about obfuscation.

Thanks for the info. And if I told you why I want to hide the names won't that defeat the purpose of hiding them? XD I would just make a random excuse for it to avoid revealing them lol.

Does R8 also apply for windows or is it only for android builds? Also in my unity version the R8 tick does not show (2019). Do I need to upgrade or is there any package Im missing? Thanks a lot for your reply!

Holy crap, they encoded the map to Atlantis into the naming schema of their code base! Who wants to hack their git repo to get this precious data???

...

If the names of your members don't reflect the intent of the code (since you don't care if people figure out the intent of your code). Why would you name them that?

I don't know about you... but I name my functions... what they do.

I don't know... it sounds to me like you actually do care about obfuscation for the same reasons everyone else does. But you're claiming that's not why you care about it so you don't get told it's pointless.

That or... you stole this code and you don't want anyone decompiling it and figuring out that you stole this code.

...

As for you question about R8.

Look up what R8 is:
https://r8.googlesource.com/r8#:~:text=R8 is a java program,code to optimized dex code.

It converts java bytecode (what programs on android generally run as) to dex code.

Yeah, sounds like an Android thing to me.

2 Likes


Yes I understand that you find my naming practices mysterious

I even told the truth about why I want to obfuscate and you add multiple choice theories based of malice, i just want a little privacy is all, is that too much to ask that people cant see my naming XD As you say if it was for other reasons the reverse obfuscators can spot it anyway. But you cant argue that if i just want to change the names its impossible to reverse engineer, and thats exactly what I want, if I just want to hide the names no one can find it unless they hack my pc.

But thanks for the info, could you also point me to the alternative to R8 that can be used for windows. Thanks! And please take my words at face value =)

I'm not your google bro.

Also... only 1 of my suspicions, and a joke one at that, was of malicious intent. Though you're immediate reaction to that... hrmmm... sus.

nah 2 of them were malicious, i reply like that because you have already decided for yourself what my intentions are, you are even replying just out of spite XD

My suspicions were:

1) hiding your social security number - not malicious
2) that you hid the map to Atlantis in your code - not malicious (edited in cause I forgot 1)
3) to protect your intellectual property rights (the main reason most people want to obfuscate) - not malicious
4) to hide if you stole code - malicious
...

See, the main reason I want to know why. Is the main reason I ask everyone what they need some logic/code/answer for when they come here with the "I have a solution, but I need to make it work" question.

We're not answering how to solve your problem.

We're answering how to fix your assumed solution to your problem... when the solution to your problem could be much simpler.

1 Like


2 is malicious, you accuse me of subverting my intentions to deceive you into replying outside of the dialogue tree of "bro its gonna get decompiled anyway" > and just because i word it like this now you are gonna assume that my goal is option 2

You cant deviate from the common trend of when people ask you how to do X, and you must reply "never do X" instead your goals are better reached if you do Y, heres how to do Y.

But you go even further, when someone gives you a reason they really want to do X, now you cant believe them and must create fantasy scenarios because you cannot fathom that someone would really want to do X for the reason they claim. All just to avoid giving the solution of how to do X.

Its sad because theres no way to prove my true reason. Whats the point of doubting me? I gave my truthful reason but you don't want/care to believe.

That's not accusing you of malice. It's accusing you of naivete!

[quote]
You cant deviate from the common trend of when people ask you how to do X, and you must reply "never do X" instead your goals are better reached if you do Y, heres how to do Y.

But you go even further, when someone gives you a reason they really want to do X, now you cant believe them and must create fantasy scenarios because you cannot fathom that someone would really want to do X for the reason they claim. All just to avoid giving the solution of how to do X.

Its sad because theres no way to prove my true reason. Whats the point of doubting me? I gave my truthful reason but you don't want/care to believe.
[/quote]

Because your reason is weird.

Your reason is "privacy" which doesn't make any sense. It leads me to believe that your choice in solution to your unknown problem is even more poorly chosen.

It's like if you came to us and said "How do I get my boat started? Mind you I don't need to move across water, nor am I trying to get anywhere that is on the other side of some water. I can't tell you why I need to get a boat working... just trust me it has nothing to do with water. Rather it has to do with flying."

Wat?

2 Likes


Why is it hard to believe that I want privacy?

You think privacy is not a hot topic and in high demand?

Yes, and I want privacy about the color of my house when people drive by.

Obfuscation is a lot of effort to hide that your function that moves the player isn't named "MovePlayer" when the code within the function obviously moves the player.

Everybody here is making great points.

But I don't feel like this is going to go anywhere.

May I suggest an alternate approach for @flasker to try?

Flasker, why don't you build your binary, then fire up your favorite hex editor and go through the files looking for stuff you want obfuscated.

For instance, I just xxd-dumped JetpackKurt.exe and I was not able to find the word "jetpack", "kurt", "spaceflight", "mainmenu," anywhere.

I then strings-ed it and found same thing. Nothing recognizable except all the Unity identifiers.

Those things are ALL in the source code, and also in the help strings and variable names but they are nowhere in the EXE file. Nowhere!

So ... back to you @flasker : show us a binary and what identifiers you want gone!

1 Like


well I am unaware of a method to rename all my variables and methods that is not obfuscation. If you can point me towards it I would appreciate it. Of course I could do it manually but there are many of them, I would rather have an automatic way and I was under the impression the way to do that was obfuscation.


also if your house was pink you could paint it blue. Thats what I want to do. The house works the same whether its pink or blue, but I dont want people to know that it was pink.

Show us the pink in your source code and show where that pink is in the executable.

We'll wait. :)

Yes, analogies fall apart if you pick them apart.

Here's the thing though. I gave you your answer early on. Kurt even repeats your answer and demonstrated how they even tested it and it works just fine and suggests you attempt the same.