Reverse engineer apk and progaurd

I have a mobile game I made with unity. I read it can be reversed engineered with some external tools. If someone does this what do they get, is it all source code and assets, including art and music?
I heard I can prevent this by using progaurd, is progaurd on by default, if not how do I turn this on?

 

ProGuard (Now replaced by Google's own R8) is just a Java byte code minification tool. It does not protect any assets that goes in the APK. The minification is not on by default, but unless you have other Java/Kotlin code, there will be very minimal benefit to minify that part because it is a very small setup to run the Android Player, and is virtually the same for every Unity game.

For Unity games on Android, all of the C# code you wrote will be compiled down to either a .NET DLL if you use Mono backend or a native shared library if you use IL2CPP backend. For .NET DLL, if you don't do any step to minify/obfuscate it yourself, it can be decompiled rather easily. IL2CPP is generally recommended as an easy way to deter low-effort hacking because it produces a native binary that has gone through multiple stages of compilation, of which the end result is unlikely to be close resemblance.

As for assets, unfortunately, Unity does not offer built-in asset encryption. But personally I don't worry about it.

 

You can't stop it and also it really doesn't matter.

 

Also wrong forum.

 

I released a game on the google play store, and someone reverse engineered it. They modified to code to give themselves cheats (invincibility, max attack power, etc.), and re-built/re-signed the APK and uploaded to a series of cheat websites. I tried to combat this by writing an authentication function call that sends client's signing cert info to our game server on login to reject any version of the app that wasn't signed with a valid cert, but either I implemented it wrong, or the hackers modified the client to spoof the parameters, as that didn't do anything to stop them. The best advice I can give you from my experience is:
1) compile out all your debug cheats from the release build to make it harder for hackers to write client side cheats
2) don't trust the client, be server authoritative wherever possible.

 

What are you using as your server, Ive been thinking of having somewhere where players can send a top score and pull new scores from a server. But Im not sure how to do this without it costing me much money

 

Amazon Web Services (AWS). You can get lots of free trials and credits for small businesses, but it wont last forever. It does cost money eventually. Take a look at Google Play Services leaderboards (if you don't mind alienating IOS), that might be a good fit for you.
https://developers.google.com/games/services/common/concepts/leaderboards

 

Adding to this. Any attempts to stop it will almost universally be a great pain to your players that aren't being bad. Meanwhile, it doesn't actually stop the bad guys, and is just a total fustercluck for your paying customers.

There are better ways to handle this, like by flooding torrent sites with broken/special versions of your game, so that anyone who steals it finds its a total pain to try to play it like that, and some of them may be driven to buy a legitimate copy.

But as far as preventing people from decompiling it to steal code or assets... all you can really do is leverage the legal system if and when someone tries to use that content to sell their own product.

And the chances of that all happening are not huge. So don't really worry about it, just focus on making a great game.

 

This won't work either. The most commonly used trackers will just delete the listings and ban accounts (because anonymous torrents are rarely supported anymore) and the working copies will be the only ones with any reasonable amount of seeds anyway.

The best way to handle this is to stop wasting mental and emotional effort on it in the first place.

 

Are there really people who still trust/use torrents for such stuff (since you mention seeds)?
Against torrents there is legal action available after all. It's not fully anonymous (sicne the IPs are known) and the people who share cannot hide behind "we are just a data sharing platform" like the file sharing platforms which are the main source of cracked games nowadays as far as I know.

 

Yes. Torrenting is still massively popular and how the majority of pirated games are distributed.

Please, try and enforce any of this. Go on. I'll wait. Torrents are enduring and it's absolutely trivial to get around the IP issue if your ISP is that strict (the vast majority are not.) The misconceptions people have about piracy on a dev forum especially is frankly astounding, especially with how many people here try and speak as if it's something that can be so easily counteracted.

 

I don't think you need to be so bellicose about people having misconceptions. For example, I didn't pull my comment out of nowhere. Several companies had done what I mentioned successfully. I think Game Dev Tycoon was one? Also Animal Crossing if I recall correctly? Albeit it may not be as simple to do what they did in current year. It can't feel good snapping at people so often...

 

Game Dev Tycoon came out eleven years ago and basically every site aside from TPB had functional versions of the game. What it actually did was become newsworthy because of this. On top of that, Animal Crossing didn't seed broken versions, it was literally running hardware specific checks that were easily bypassed within a few weeks.

These anti-piracy measures never actually convert to sales. All they do is provide the illusion that they do.

 

And a good feeling to the devs and company that their rights are not trampled with feet.

 

I was actually in talks with CBS's IP / Copywrite division / Bla bla bla regarding how they were affected by torrents of their primetime shows, and various game companies.I wish i could link a credible article, but if you look, you'll find it. They all said the same thing amusingly.."Torrents and ripped files actually increased their Shows Public awareness, and actually increased sales. i am not shiiting you. i was actually talking all this over with CBS's top dog in terms of IP management, and I wont go into all he said, but it was amusing.

Let me just say this, and this needs to be something you have to consider if your going down the selling route regarding software.

If there is a demand for your program, there will be people that will crack it. If YOUR game is popular enough to be cracked, then this means that you actually have a valid fanbase. believe it or not, this is market data you can use to gauge how your product is doing.
Major companies like EA, Ubisoft, Ect+ all monitor their "cracked/torrent" fanbase as market data.

Lastly, if you're deploying your product on a marketplace, the only real worry is your user's sensitive data, such as microtransactions and such, and that's normally handled by your server, and network encryption. that should be your primary concern, and then, watch your programs popularity, both on official market, and on cracked sites. these websites will actually be a godsend in showing you how to fix your program in the long run.

Gah that was a long post, my apologies.

Best of luck.