Hello everyone
The reason I started this thread is that the available documentation for obfuscation, specially for Unity is really rare and I know some asset developers (specially those assets that deal with scripting) would really like to dive into this process.
Many people say that if someone want to pirate something, there is no real protection, that is correct, but at the same time, what is the chance of a professional hacker sitting and putting time to decrypt an obfuscated Unity asset ? specially when that asset is obfuscated deeply enough?
also, there is a reason you may want to dive into obfuscation : did you ever thought about how to protect your game data saves from cheaters? some wise people started this process of thinking and one or two assets are available in asset store. also, there was a really interesting blog post on how to encrypt data and save that encrypted info to player prefs or text files.
bottom line is, no matter how good your algorithm for encryption / decryption of data is, if you wonât obfuscate the scripts that do it⌠using a freely available tool like dot peek, any newbie script righter can easily look into your assembly dll and find the algorithm and with little time and effort (much less than many of you think) all the effort that you put for encryption goes to waste !
So, the question is not doing or not doing it. Really, you would need to do it sooner or later. The question is how to do it.
To start this discussion, i need to identify two different assemblies you may have in your unity project :
1- The scripts that are directly related to UnityEngine and UnityEditor and few other Unity related ones.
2- The scripts that you have and use like Helpers, Utilities, and other stuff, these scripts can be thought of stand alone methods and static classes that you may use in more than one project.
There is big difference between these two categories. For obfuscating the first one, you will have tons of restrictions, for example, the class name itself canât be obfuscated, the inheritance from Monobehaviour canât be obfuscated, the mono methods like Update, Awake and many more should keep their names in the obfuscated assembly intact and many more things.
The second category on the other hand, should be decided as stand alone assemblies that you should be able to call into different projects.
Lets use an example here, lets say I have a simple mono class with a simple integer property, I would like to keep track of that property by using player prefs but at the same time i would like to encrypt and decrypt the data. At the same time, because i know i would use encryption / decryption of different data in more than one project, I would like to sit and develop a totally stand alone assembly that i could later import as dll into this project and call itâs methods from the mono script to encrypt the integer value, put that encrypted version in player pref, then read that encrypted version, decrypt it and assign it to the property later on.
As you see in any serious game development project you would want to have that simple scenario at hand and ready to use. Now, if i develop the cryptography assembly and donât use the obfuscation, all my effort is wasted because any script kiddie would use dot peek and find the method names and the algorithm inside that i used and encryption would loose itâs meaning. At the same time, i would like to obfuscate the cryptography assembly in a way that i can access itâs members out side later on.
few days ago I thought it would be really easy, just keep the method and class names intact during obfuscation, hide the internals of the method to look like the lines bellow and you would be golden, correct?
public string encrypt (string .)
{
return .();
}
The lines above can be produced easily using any obfuscation program. So, it will work correct? You are dead wrong !
After trying Crypto Obfuscator Enterprise for more than few days non stop, trying every possible option and rule i can mix with each other, I had one of these two results :
1- The assembly would work without any problem but opening it in dot peek, you would see that there is no real obfuscation going on and the algorithm inside the method is visible to naked eye.
2- The assembly would obfuscate enough to make it impossible to be understood unless you were really professional hacker with years of experience, but it wouldnât work in unity giving errors about missing name space or something close to it.
So? First thing i did was contacting the company for support and right now i am waiting for guide lines from them, but i thought to myself,âŚ, there should be people in community that has experience on such stuff, if not, at least, there should be a centralized place to discuss this. That is why i started this thread.
To finish the wall of text i already made (sorry for that), i want to name few obfuscators i found online that claim they are working properly for Unity 3d.
1- Crypto Obfuscator : The enterprise version, this obfuscator lets you define rules for obfuscation, excluding or including any rule and any number of times, not only on the assembly, but also on even single method or field separately.
2- Babel Obfuscator : I didnât have a chance to try this one, but they have a blog post and in that post they give a xml file that is rules set for unity obfuscation.
3- eazFuscator : this one claims to work without needing any rules. The interface is really simple but I have doubt about itâs level of obfuscation.
Remember, there are tons of obfuscator programs out there, but in my opinion, if they donât give enough flexibility for setting rules, they wonât be good. For that, i think crypto obfuscator is the best.
The only problem is that, I am not sure how to obfuscate good enough to hid the cryptography algorithms (or any critical part of a code) and still be able to read that assembly later on in different projects.
If anyone has experience doing obfuscation, please inform others. By the way, doing even bother mentioning that so called Unity Obfuscator program, go to forums related to the product, you will see absolutely 0 response to questions the costumers ask and many people yelling, kicking and complaining that the developed assemblies are not working.