Secured PlayerPrefs - Release

@arkon, there is no problem, 1.4.0 users on 3.5.7 was not able to update from the store (as it was labeled for unity 4.0+), the 1.4.1 version just re-label the plugin to 3.5.7

 

It depends on the platform. For example on iOS, when the user delete the app, it deletes all saved data with it (even PlayerPrefs data). There is no problem when the user updates from a version to another, the system keep saved data in this case.

 

Taliwut, I sent you an email with a screen shot of the xcode crash caused by SecurePlayerPrefs but have heard nothing back, did you get it?
I had to turn off all stripping optimisations and now I can't re release my game as it's size has gone up by 10mb+.
The asset folder has the xml link in it that is supposed to solve the striping problem but it didn't solve it for me on IOS.

 

Its not working for me on webplayer - is this a known issue ?

 

You won't get a reply from the developer, he seems to have disappeared.

 

I sent him email directly, but unfortunately no reply. Lets hope he comes back!

 

Ive now sent 2 direct emails, even left bad feedback on the store which for me is a first. Its a real shame he has disapeared as this could have been a good and essential tool.

 

Anyone know if this plugin use UDID ? If so, I´m afraid my app will get rejected.

 

Are not any of you worried about using a plugin that you probably are using for something pretty important in your app/game, that gets absolutely zero response and support from the author?

 

Fattie: Good point, thanks alot!

 

If the thing's code is open theres no drama if the dev desappeared...
But I pretty much think you should not support devs who show up around here to grab some quick cash and then run to the hills with your money, leaving you with a dead tool and no support.

Also I can't see why he need to use encryption libraries for a simple tool like this, the stripping factor is exactly why I don't use them for SecureClient.

 

I agree, I bought this plugin and it is closed source, it's all in a DLL or lib so you can't fix or maintain it yourself. I can't use it because it uses the .net encryption layer so I can't turn off stripping which adds about a fair few extra mb to my app size. Like you say it should have had it's own encryption code in it so stripping could still be enabled. Add to all that the developer doesn't support it and you have a recipe for a disaster sooner or later.

 

does it work with the latest build of unity?

 

thanks Fattie, luckyly there some few dev help out to point out some clearer light, i m surprise that there no more plug in like that in the asset store, it s a must for who want to protect their in apps integration. but i just find out that if a pirate want to hack your app, he can use any apk s and rebuild with his own codechange and resubmit it to the store. that s really terrible.
anyway thanks for the help again Fattie.

 

http://u3d.as/content/-zeichen-kraftwerk/crypto-player-prefs/4Kv looks to be a competitor to this plugin, can't test it yet as seems to be some issue with the asset store!

 

Reporting back on http://u3d.as/content/-zeichen-kraftwerk/crypto-player-prefs/4Kv - works great as an alternative and it's open source which I much prefer, especially if it's handling *my* sensitive data!

 

If the game has the code to encrypt the data and store it and to decrypt the data and use it. And the game is right there, on my computer.

What do you think is going to stop me from extracting that code and abusing it?

 

Has the 1.4 version been updated to work as a singleton yet? And why does it still have Null Reference Exemptions whenever SecuredPlayerPrefs.Save() is called?

Code (csharp):

1.  
2. NullReferenceException: Object reference not set to an instance of an object
3. SecuredPlayerPrefs.signHashtable ()
4. SecuredPlayerPrefs.Save ()
5.  

If I call SetKey() in each scene, it complains about the data being corrupted in all susequent scenes in my game from the first one. And that's despite using the exact same key for each and every scene where I call SetKey(). Should I try to get answers, or should I just buy CryptoPlayerPrefs and use it in my game? After all, SecuredPlayerPrefs is causing me tons of problems even with the full .NET framework enabled and all stripping turned off.

BTW, all classes that must access SecuredPlayerPrefs eventually inherit from this one, in my code:

Code (csharp):

1.  
2. using UnityEngine;
3. using System.Collections;
4.  
5. public class SecureStringKey : MonoBehaviour {
6.  
7.     protected string secretKey = "keyValueGoesHere4Ever"; // NEVER change!
8.    
9.     public string SecretKey
10.     {
11.         get { return secretKey; }
12.     }
13.    
14.     protected virtual void AdditionalPreSetup()
15.     {
16.     }
17.    
18.     protected void Awake()  {
19.        
20.         SecuredPlayerPrefs.SetSecretKey(secretKey);
21.         Debug.Log("Secret key: " + secretKey);
22.        
23.         AdditionalPreSetup();
24.        
25.     }
26.    
27. }
28.  

The problem is that except for the first time the Awake function is called by a subclass (in MainMenu.cs), string secretKey is shown to be null, since it is only printed in the console the first time the relevant code is called.

 

Since upgrading to XCode 5 / iOS7 I get errors in XCode whenever I call the SecuredPlayerPrefs API running on an iPhone:

Dumped data is corrupted </var/mobile/Applications/9BE54C8C-B098-463F-9C80-BB41A2041DFB/Documents/SecuredPlayerPrefs.json> - System.Security.Cryptography.CryptographicException: Bad PKCS7 padding. Invalid length 137.
at Mono.Security.Cryptography.SymmetricTransform.ThrowBadPaddingException (PaddingMode padding, Int32 length, Int32 position) [0x00000] in <filename unknown>:0
at Mono.Security.Cryptography.SymmetricTransform.FinalDecrypt (System.Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) [0x00000] in <filename unknown>:0
at Mono.Security.Cryptography.SymmetricTransform.TransformFinalBlock (System.Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock (System.Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.CryptoStream.Read (System.Byte[] buffer, Int32 offset, Int32 count) [0x00000] in <filename unknown>:0
at System.IO.StreamReader.ReadBuffer () [0x00000] in <filename unknown>:0
at System.IO.StreamReader.Read (System.Char[] buffer, Int32 index, Int32 count) [0x00000] in <filename unknown>:0
at System.IO.StreamReader.ReadToEnd () [0x00000] in <filename unknown>:0
at SecuredPlayerPrefs.DecryptStringFromBytes (System.Byte[] cipherText, System.Byte[] Key, System.Byte[] IV) [0x00000] in <filename unknown>:0
at SecuredPlayerPrefs.DecryptString (System.Byte[] input) [0x00000] in <filename unknown>:0
at SecuredPlayerPrefs.Load (Int32 version) [0x00000] in <filename unknown>:0
UnityEngine.Debug:Internal_Log(Int32, String, Object)
UnityEngine.Debug:Log(Object)
SecuredPlayerPrefs:Load(Int32)
SecuredPlayerPrefs:SetSecretKey(String)

Is it tested on XCode 5 / iOS7?

And while I'm posting, I had previously to turn all stripping off to get the plug-in to work running on an iOS device. In theory I should be able to go with the StripByteCode setting in Unity as that will not use the micro mscorlib lib which I get that SecuredPlayerPrefs needs.

Any help appreciated.

 

there is no longer any support from the developer. I have it working on IOS7 but Xcode4.
Be warned all my live store games that used this plugin had all the playerprefs lost when users upgraded to IOS 7, thus losing all their purchased
credits etc. I think it was caused because this plugin thought it was now running on a new or different device.

 

Thanks arkon, seem's we'll have to go with another solution

 

If this plugin relies on SystemInfo.deviceUniqueIdentifier and it changed after upgrading to iOS7 - it's Unity fault - it shouldn't change after such updates.
BTW if someone have difficulties or show-stopping issues with Secured PlayerPrefs - feel free to try my plugin with same functionality.

 

Hey, Fattie!
My plugin is in my signature
Here is a link to forum thread: http://forum.unity3d.com/threads/196578-Anti-Cheat-Toolkit-RELEASED
And yeah, I'm using SystemInfo.deviceUniqueIdentifier in my package too (but optionally - only if user wish to "lock" saves to the device) since it's an only "right" way to obtain unique device ID in Unity ATM.
Writing own native plugins for doing this really right way (to obtain CPU, internal storage, etc. persistent specs for all platforms) would extra overweight plugin itself and still can be banned somewhere in future, so it's way easier to stick up with SystemInfo.deviceUniqueIdentifier and keep users to decide - use it or not (crypto keys can be changed by user anyway - so user is free to decide how to lock or encrypt data).

 

Hi, It was players using my existing version 1.2, they had bought credit using 'Consumable' in app purchase. I stored those credits in securedplayerprefs.
The players then updated their devices to IOS7 and lost all their secure player prefs! I hadn't changed the game. The players can't get a refund because in app consumables can't be refunded. Really F***ing annoying.

 

Yep, that's really frustrating. Players should blame Apple in first place anyway!
I'm going to add one more warning to the PlayerPrefsObscured.lockToDevice field in my plugin's readme (it already has two )

 

Sorry but this won't get me buying yours either. The whole idea of securing your player prefs is to either lock the file to that user or that device so they can't share the playerprefs file and therefore make pirating your in app purchase stuff easy.

So the ONLY value in a secure player prefs plugin is one that locks the file to the device or user. If such a plugin can't cope with an IOS upgrade then they are both useless.

 

I see your point. I should mention my plugin is not for locking PlayerPrefs only though(it have some addition functionality and I'm working on adding new), and as I said before - users are able to change encryption key themself, so you can set up locking to the device your way, if you're aware of Unity's SystemInfo.deviceUniqueIdentifier.

More to say, plugins developers trust Unity's API and this is generally not our fault SystemInfo.deviceUniqueIdentifier changed after update. If you have any other generic way of locking to any device on any platform - go for it and make your own locking logic suitable for you or\and use it in conjunction with flexible plugins, allowing you to change the crypto key.

 

I'm trying to use SecuredPlayerPrefs with a Windows Store target - API usage validation check is failing within the SecuredPlayerPrefs.DLL. Do you offer a compiled version that works around the specific API usage for Windows Store? Or can you provide source code so that I can do this?

 

Hey, Fattie!
I'm not sure what tool do you mean. I have already released Anti-Cheat Toolkit which has ObscuredPrefs (encrypted PlayerPrefs) few months ago.

 

Yeah, I'm still working on ACT updates, next one is going to happen this week.

 

I bought CryptoPlayerPrefs off the asset store today. Only $10 and seems to be working well...

 

@BillyMFT that asset looking good, be careful with AES though - it may not work in WebPlayer and with micro mscore as stated in the http://docs.unity3d.com/410/Documentation/ScriptReference/MonoCompatibility.html (if that plugin relies on System.Security.Aes).
And you probably going to declare you're using encryption (Apple AppStore export stuff).

 

Hey, @Fattie !

I'm still here for sure =)
And I have no idea about new version of the secured player prefs, it's not my plugin.
I'm working on the other assets and mentioned my Anti-Cheat Toolkit plugin before, here is its thread:
http://forum.unity3d.com/threads/anti-cheat-toolkit-stop-cheaters-easily.196578/

 

lol Hi Dmitriy, I'm so sorry! (Yes I accidentally typed your handle rather than the mysterious Taliwut.)

Funnily enough I just bought another copy of your famous and awesome ANTICHEAT TOOLKIT ! and I was going to ask you about something someone mentioned on the reviews: if one is only using one thing (the secure prefs), how to strip or remove the unused parts? to save a little space for iOS. Anyway I will ask that over there. Cheers!

 

Just wanted to report in case anyone else is googling for this just to save them some time...
The dreaded android.permission.READ_PHONE_STATE will appear in your Unity Android APK if you have this in your project (regardless of if it's used or not).
I'm going to guess it uses Systeminfo.deviceUniqueIdentifier, which is what causes that permission to appear.

 

I was using this plugin and facing following exclamation message in Console.



Please give me some help to solve this.