Search Unity

  1. If you have experience with import & exporting custom (.unitypackage) packages, please help complete a survey (open until May 15, 2024).
    Dismiss Notice
  2. Unity 6 Preview is now available. To find out what's new, have a look at our Unity 6 Preview blog post.
    Dismiss Notice
Feedback request: Understanding import & export package workflows Unity 6 Preview now available

Can someone else access my game's buildGUID?

Discussion in 'General Discussion' started by ddadkhah, Jan 22, 2020.

  1. ddadkhah

    ddadkhah

    Joined:
    Nov 6, 2017
    Posts:
    60
    Hello. I want to use Application.buildGUID as a encryption key for communicating with the server. Is it possible for anyone else to access the buildGUID of my game?
     
    ddadkhah, Jan 22, 2020
    #1

  2. Joe-Censored

    Joe-Censored

    Joined:
    Mar 26, 2013
    Posts:
    11,847
    I have no idea how that is generated, but the first thing I'd check is just output the buildGUID and then grep every file from your build for that string. I'd venture a guess you will find the string somewhere in one of the files, and always at the same location between builds, which would make it not ideal for an encryption key. I'd be curious to find out if that is the case though.
     
    Joe-Censored, Jan 24, 2020
    #2

  3. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    13,604
    As a rule of the thumb, if you're targeting PC, then all data that can be accessed by your game can be accessed by the user of the game. They can find and alter buildGUID.

    You need to decide what you're trying to do here - protect the traffic from tampering or something else.

    As far as I can tell, buildGuid is implemented as a property that calls InternalCall method, so at least it is not a naked string lying in the open.

    However, hijacking the property and extracting the guid should be easy.
     
    neginfinity, Jan 24, 2020
    #3
    Joe-Censored likes this.

  4. ddadkhah

    ddadkhah

    Joined:
    Nov 6, 2017
    Posts:
    60
    I build an apk and extracted it. I didn't find any file containing the buildGUID string. I think it is possible to access it by using the applications that can watch the variable values for running applications.
     
    ddadkhah, Jan 24, 2020
    #4

  5. ddadkhah

    ddadkhah

    Joined:
    Nov 6, 2017
    Posts:
    60
    I need to Identify the right client version than fake client version in the server
     
    ddadkhah, Jan 24, 2020
    #5

  6. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    13,604
    Well, if the user is untrustworthy, you can't do that through buildGUID, because the user can track it down and spoof it. In Theory.

    Also, you said "encrypt" and not "identify the version". That's not the same thing.
     
    neginfinity, Jan 24, 2020
    #6

  7. ddadkhah

    ddadkhah

    Joined:
    Nov 6, 2017
    Posts:
    60
    If I can protect buildGUID I can use it to identify the client.
     
    ddadkhah, Jan 25, 2020
    #7

  8. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    13,604
    You fundamentally cannot protect buildGUID from being modified by a user. If a user gets interested in modifying it, they will modify it. Inevitably.

    You can assume that known GUID probably belongs to a specific version, but you cannot guarantee that the data wasn't altered and that the game wasn't hacked.

    Either way if you only want to identify version, that's one thing, but if you a 100% guarantee that buildGUID wasn't altered, then that's impossible.
     
    neginfinity, Jan 25, 2020
    #8