Search Unity

  1. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Question Hide StringLiterals

Discussion in 'Windows' started by calc1fer, Apr 4, 2021.

  1. calc1fer

    calc1fer

    Joined:
    Oct 5, 2019
    Posts:
    62
    Hi, I'm interested in hiding critical information from distributed binaries.

    I know that most symbols are included in global-metadata.dat. Aside from hiding global-metadata.dat from the filesystem, I do not want String Literals to be included in global-metadata.dat. Is there any options to compile like that?

    Here's the step I'm thinking of.
    Once all the strings are written directly on the exported source code, And make them as XORstring of compile time to protect the data from static analysis and dumping global-metadata.dat.

    Any automatable idea also fine.

    Thanks.

    upload_2021-4-4_20-3-20.png
     
  2. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,628
    IL2CPP is not an obfuscator or a DRM solution. And it doesn't have any features that help you with that. So no, this is not an option that is available.

    At the end of the day, IL2CPP needs to read these things to make them available for reflection, and the attacker could just make an empty Unity project, build it, swap the binaries/metadata file with your binaries and have IL2CPP decode whatever mechanism you suggest using for them. Or just directly call into the exposed IL2CPP API which Unity needs to function.
     
    calc1fer likes this.
  3. calc1fer

    calc1fer

    Joined:
    Oct 5, 2019
    Posts:
    62
    First of all, thank you for reply.
    But as you may have guessed, I'm not satisfied because it's not the answer I was expecting.

    I am not asking for obfuscation or the role of DRM to IL2CPP. We already know that there are no known options for security purposes. However, due to the structure of the generated code by IL2CPP module that I analyzed, I thought it might have been made to receive the option that does not excluded String Literal as a command line argument. If it wasn't designed like that, it would be a sad, but there's no way without licensing source code of unity.

    Someone may think this is meaningless because the way I think is easily bypassed. But I think it has enough meaning to proceed as mush as possible. Hiding some important string literals, even not the whole strings, even if I give up the reflection, will produce quite significant results from my work so far. I have already removed the global-metadata from the file system, map manually UnityPlayer.dll and GameAssembly.dll from data section of EXE. Also, I packed exe by VMProtect. The game's boot-loading time has been slightly increased, but a fairly meaningful static analysis protection system has been established and is "SO FAR" safe from open-source-tools such as IL2CPPDUMPER, Reclass, MonoDataCollector(MonoDissector from CE).

    The biggest problem I face now is that when I dump memory of the application, string literals are always in the same place in memory. This problem starts with import strings from the global metadata. This makes meaningless whole things that I did.

    If there any ideas or hints related to it, I would appreciate if if you could tell me a simple idea. Because I will take my time to do research myself.
     
  4. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,628
    IL2CPP doesn't have the option to put them outside of global-metadata.dat. It's just the way IL2CPP is designed. The reason for that is build size: if you have a multi architecture build (like Android ARM and ARM64, or Intel and Apple silicon Macs), you pay for data files once, whereas data in executables gets duplicated.

    You have a few options. Probably the most practical one is to move your string literals (that you care about) to a separate file and have an editor script "postprocess-encrypt" them as part of the build, so that when you load them, they aren't in memory unencrypted. Then you'd decrypt them as you use them.

    You could also straight up change IL2CPP runtime to load them in whatever way you want.

    You don't need to license Unity source code to do any of that. On most platforms, you can modify the IL2CPP runtime whatever way you want since Unity will just copy the IL2CPP runtime code into your generated IDE project (Visual Studio, Xcode, etc).
     
  5. calc1fer

    calc1fer

    Joined:
    Oct 5, 2019
    Posts:
    62
    Thanks.
    I think I got an idea that I could use about removing string literals from metadata.

    In this regard, it wasn't meant that the codes exported from the generated solution. I already proceed almost postprocesses in the generated cpp solution. As far as I know, source codes of the binary, the build support module, that changes IL code to CPP code and creates global-metadata is not public. I have been confirmed by our local Unity advocator that I can get the codes if I license the code.