Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.

Discussion BinaryFormatter Security

Discussion in 'Scripting' started by Munchy2007, Nov 7, 2022.

  1. Munchy2007

    Munchy2007

    Joined:
    Jun 16, 2013
    Posts:
    1,714
    I think I get how the BinaryFormatter security issue could be exploited in a business PC environment, where unauthorized users could use it to possibly run malicious code on a PC.

    But, In a single player game on a PC that is only being used by the person playing the game in question (which is the most likely scenario for most games), how exactly could the BinaryFormatter security issue manifest itself?

    Been meaning to ask for a while, because I see this mentioned on many occasions, and have never yet seen an explanation.

    I'm not advocating using BinaryFormatter over something like JSON in most cases, but the security issue isn't usually the main reason I would make that choice.
     
  2. spiney199

    spiney199

    Joined:
    Feb 11, 2021
    Posts:
    3,410
    Sharing of save files is one possibility. If a game got popular enough, one could share a save file which instead damages a users computer.

    Bottom line is there's no point risking it. There's no real benefit to using the binary formatter anyway.
     
    Ryiah, Munchy2007 and Bunny83 like this.
  3. Munchy2007

    Munchy2007

    Joined:
    Jun 16, 2013
    Posts:
    1,714
    That's a good point, which hadn't occurred to me and is the answer I was missing.

    As I mentioned, there are plenty of other reasons to use something other than BinaryFormatter for saving data, I just couldn't think of how it could be exploited in the usage case described in my opening post.
     
    Last edited: Nov 7, 2022
  4. Bunny83

    Bunny83

    Joined:
    Oct 18, 2010
    Posts:
    2,640
    Right, it may also depend on how and for what purpose the BinaryFormatter is used. If it's used to serialize data for network connections (which was it's original purpose as it's part of the Remoting protocol).
     
    Munchy2007 likes this.
  5. AnimalMan

    AnimalMan

    Joined:
    Apr 1, 2018
    Posts:
    1,164
    So what happens it gives the hacker access to remote procedure call and the ability to modify a script and create files or hijack system resource? If the game contains a script that runs here then the player can connect to another player?
    What happens?
    Why use binary formatter at all?
     
  6. Bunny83

    Bunny83

    Joined:
    Oct 18, 2010
    Posts:
    2,640
    Other potential issues would be actual malware that infects save files of games..
     
    Ryiah and Munchy2007 like this.
  7. Munchy2007

    Munchy2007

    Joined:
    Jun 16, 2013
    Posts:
    1,714
    I already guessed it could be an issue for multiplayer games, which is why I specified single player in my question.

    I've developed multiplayer games myself and avoided the use of BinaryFormatter for serializing data because of the security issue.
     
  8. AnimalMan

    AnimalMan

    Joined:
    Apr 1, 2018
    Posts:
    1,164
    So the binary formatter is for noobs, but a pro will format the binary in script themselves. And it will be specific. And secure. And not provide a general utility.
     
    Bunny83 likes this.
  9. passerbycmc

    passerbycmc

    Joined:
    Feb 12, 2015
    Posts:
    1,737
    even if you still want binary saves, you can work around this just by using a more structured binary format of your own making. That can also result in faster loading and allow the save files to have a few other nice features like being seekable and, having built in checksums and easily being able to read metadata out of the save without loading the whole thing.
     
    Bunny83 likes this.
  10. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    18,360
    The
    BinaryFormatter
    resolves serialized data types using
    Type.GetType
    . When
    Type.GetType
    tries to resolve a type it will attempt to load the assembly that it belongs to. Assemblies can have "module initializers" which when they are loaded will be executed and they can contain any code.

    https://stackoverflow.com/questions...call-type-gettype-with-an-untrusted-type-name
    https://stackoverflow.com/questions...-deserialise-malicious-code/67107584#67107584
     
    AnimalMan likes this.