Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. Unite 2023 Registrations are now LIVE! We are thrilled to announce that Unite 2023 Registration is now live and open for all!
    Dismiss Notice
New Forum User Notice Unite 2023 Registrations are now LIVE!

Any way to protect the assets in a WebGL game?

Discussion in 'General Discussion' started by nestg, Oct 28, 2014.

  1. nestg

    nestg

    Joined:
    Oct 8, 2012
    Posts:
    155
    Hi, sorry if the question is repeat (i search before in the forum) I understand that WebGL is a client tecnology as javascript that run in browsers and have not encription, then is possible protect the assets or the entire game code of be copy for anybody (not code obfuscation)? thanks.
     
    nestg, Oct 28, 2014
    #1

  2. lmbarns

    lmbarns

    Joined:
    Jul 14, 2011
    Posts:
    1,628
    Even non webgl builds are simple to rip as it is. If you publish a game, people can get your assets.

    You can process everything on your server and simply update the client views when stats change.

    You can try locking down your server in the .htaccess to prevent people from directly accessing the resource files.

    But honestly any platform can be ripped in minutes.
     
    lmbarns, Oct 28, 2014
    #2
    calmcarrots likes this.

  3. Cygon4

    Cygon4

    Joined:
    Sep 17, 2012
    Posts:
    382
    The asm.js-based JavaScript generated by compiling a Unity project to WebGL is not a direct translation of C#/UnityScript to JavaScript. Instead, it goes through this (rather creative) pipeline:

    • Your C#/UnityScript code gets compiled into .NET bytecode
    • A tool named IL2CPP converts the .NET bytecode into C++
    • This C++ then gets compiled by CLang into LLVM bitcode
    • LLVM applies heavy optimization to this code (just like machine code compilation, which LLVM usually does)
    • The resulting LLVM code is then converted into asm.js-based JavaScript
    In this asm.js-based JavaScript, all of your scripts, Unity's scripts, Mono BCL and C++ standard library classes are mangled into one big blob of bytes that is massaged by crazy low-level JavaScript instructions.

    That's about as hard to decompile as any machine code-compiled application. The most likely path of attack would be to try to get back to LLVM bitcode from the asm.js-based JavaScript and then decompile the LLVM bitcode into plain C. But the result would have close to nothing in common with the original C#/UnitScript code (just a bunch of sequentially numbered functions). It may help someone understand your license check or such, but stealing code this way would be harder than just writing it from scratch.
     
    Cygon4, Oct 28, 2014
    #3
    timthecoder, Ryiah and Meltdown like this.

  4. lmbarns

    lmbarns

    Joined:
    Jul 14, 2011
    Posts:
    1,628
    ^^ Just opened up a webgl build and it has the data in .asset files and a mainData file (unity scene), which can be copied into individual objects/textures/shaders/rigs/etc……………………..
     
    lmbarns, Oct 28, 2014
    #4

  5. Meltdown

    Meltdown

    Joined:
    Oct 13, 2010
    Posts:
    5,797
    And the code??
     
    Meltdown, Oct 29, 2014
    #5

  6. lmbarns

    lmbarns

    Joined:
    Jul 14, 2011
    Posts:
    1,628
    I think the code is safe, only way I know to get the code in current unity platforms is in .NET reflector (get the actual classes as written in c#), but the models/shaders/textures/ can be accessed easily from .asset files.
     
    lmbarns, Oct 29, 2014
    #6
    DBarlok and calmcarrots like this.