Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. Unite 2023 Registrations are now LIVE! We are thrilled to announce that Unite 2023 Registration is now live and open for all!
    Dismiss Notice
New Forum User Notice Unite 2023 Registrations are now LIVE!

[Solved] Exception on GooglePlayValidator.Validate

Discussion in 'Unity IAP' started by Nicolas1212, Jun 28, 2016.

Thread Status:
Not open for further replies.

  1. Nicolas1212

    Nicolas1212

    Joined:
    Dec 18, 2014
    Posts:
    139
    Hi there,

    We recently added Unity IAPs to an update of our game which was released yesterday. Looking through the logs I can see a few exceptions, of 2 main types:

    System.Convert.FromBase64String (System.String s)
    UnityEngine.Purchasing.Security.GooglePlayValidator.Validate (System.String receipt, System.String signature)
    UnityEngine.Purchasing.Security.CrossPlatformValidator.Validate (System.String unityIAPReceipt)
    UnityPurchaseManager._validateProductLocally (UnityEngine.Purchasing.Product product, System.String& errorMsg)
    UnityPurchaseManager._handlePurchase (UnityEngine.Purchasing.Product product, Boolean isWaitingPurchase)

    and

    Mono.Security.Cryptography.PKCS1.OS2IP (System.Byte[] x)
    Mono.Security.Cryptography.PKCS1.Verify_v15 (System.Security.Cryptography.RSA rsa, System.Security.Cryptography.HashAlgorithm hash, System.Byte[] hashValue, System.Byte[] signature, Boolean tryNonStandardEncoding)
    Mono.Security.Cryptography.PKCS1.Verify_v15 (System.Security.Cryptography.RSA rsa, System.Security.Cryptography.HashAlgorithm hash, System.Byte[] hashValue, System.Byte[] signature)
    System.Security.Cryptography.RSACryptoServiceProvider.VerifyHash (System.Byte[] rgbHash, System.String str, System.Byte[] rgbSignature)
    UnityEngine.Purchasing.Security.RSAKey.Verify (System.Byte[] message, System.Byte[] signature)
    UnityEngine.Purchasing.Security.GooglePlayValidator.Validate (System.String receipt, System.String signature)
    UnityEngine.Purchasing.Security.CrossPlatformValidator.Validate (System.String unityIAPReceipt)
    UnityPurchaseManager._validateProductLocally (UnityEngine.Purchasing.Product product, System.String& errorMsg)
    UnityPurchaseManager._handlePurchase (UnityEngine.Purchasing.Product product, Boolean isWaitingPurchase)

    UnityPurchaseManager is our class for handling purchases with UnityIAP.

    From what I can tell, this is because this is a fraudulent purchase - the transactionID doesn't match what a normal Google Play transactionID would be (e.g. GPA.XXXX...) - but I'd like to be sure. If any of the Unity people want to verify, I can send on the relevant files and receipt.

    Where this is a problem is that even though we have the call to Validate() surrounded by a try..catch, the exception seems to happen in native code, so the function never returns, and the purchase is never marked as complete, so Unity IAP is notified about the purchase again, which tries to validate again, which crashes, etc etc.

    Our code:

    CrossPlatformValidator validator = new CrossPlatformValidator( GooglePlayTangle.Data(), AppleTangle.Data(), Application.bundleIdentifier );
    try
    {
    IPurchaseReceipt[] result = validator.Validate( product.receipt );
    }
    catch( IAPSecurityException e )
    {
    return false;
    }

    I guess I could change the IAPSecurityException to a general Exception - would that catch everything? The current code is based on the example at https://docs.unity3d.com/Manual/UnityIAPValidatingReceipts.html - if there's a page that shows the types of Exceptions thrown, please let me know.

    Note, this is in the wild; I haven't been able to reproduce this locally.

    Thanks,
     
    Nicolas1212, Jun 28, 2016
    #1

  2. erika_d

    erika_d

    Unity Technologies

    Joined:
    Jan 20, 2016
    Posts:
    413
    Hi @Nicolas1212,

    Thanks for bringing this to our attention! IAPSecurityException is the only type of exception our code specifically throws, but clearly some other exceptions are slipping through. We're looking into adding some additional input/error checking into our validator code so that IAPSecurityException is the only exception users have to catch.

    It looks like the errors you're getting are coming from either a null pointer, empty or partially truncated string being passed into the validator. Did the stack trace include what exceptions exactly are being thrown? Can you DM me the receipt and your google API key so we can test it? (We can also confirm that it is in fact a fraudulent transaction)

    In the meantime, you could add an additional catch for general exceptions like so:
    CrossPlatformValidator validator = new CrossPlatformValidator( GooglePlayTangle.Data(), AppleTangle.Data(), Application.bundleIdentifier );
    try
    {
    IPurchaseReceipt[] result = validator.Validate( product.receipt );
    }
    catch( IAPSecurityException e )
    {
    return false;
    }
    catch (Exception e)
    {
    Debug.LogWarning("Unexpected exception " + e);
    return false;
    }
     
    erika_d, Jun 28, 2016
    #2

  3. Nicolas1212

    Nicolas1212

    Joined:
    Dec 18, 2014
    Posts:
    139
    Hi Erika,

    Apologies, I thought the exceptions were copied in. It's:
    • FormatException: Invalid length for the System.Convert.FromBase64String and
    • IndexOutOfRangeException: Array index is out of range for the Mono.Security.Cryptography.PKCS1.OS2IP.
    I've just sent you a PM with the receipt and google API key, so let me know if you need anything else

    Thanks,
    Damian
     
    Nicolas1212, Jun 30, 2016
    #3
    erika_d likes this.

  4. Nicolas1212

    Nicolas1212

    Joined:
    Dec 18, 2014
    Posts:
    139
    Also full stack traces
     
    Nicolas1212, Jun 30, 2016
    #4

  5. Nolex

    Nolex

    Joined:
    Dec 10, 2010
    Posts:
    115
    I have same problem with release game.

    Maybe this is an exception triggered by hacking payments (Freedom... etc)??
     
    Nolex, Sep 11, 2016
    #5

  6. erika_d

    erika_d

    Unity Technologies

    Joined:
    Jan 20, 2016
    Posts:
    413
    Hi @Nolex,

    Yes, we believe that is the case that these exceptions are coming from attempted fraudulent purchases. We're looking into how IAP can better catch/communicate these exceptions! (But in the meantime adding the catch for all other exceptions as seen above will allow you to at least catch them :)) Thanks!
     
    erika_d, Sep 20, 2016
    #6

  7. Dipso

    Dipso

    Joined:
    Jun 29, 2012
    Posts:
    82
    Hi

    In case this helps:
    We also got the “Mono.Security.Cryptography.PKCS1.OS2IP” exception on Android when we built with Unity 5.3.2 (Free).

    It went away when we built with Unity 5.3.4 (Pro).
    (At least, haven’t seen it yet with Unity 5.3.4, using same bundle ID, product ID and IAP plugin version 1.8.1.)

    .
     
    Dipso, Sep 28, 2016
    #7
    erika_d and ap-unity like this.

  8. TimHeijden2

    TimHeijden2

    Joined:
    Aug 11, 2016
    Posts:
    86
    Just a heads up, we are still having the same validation issues in Unity 5.4.0p3 and IAP 1.9.0
     
    TimHeijden2, Nov 21, 2016
    #8

  9. felipemanera_sticksports

    felipemanera_sticksports

    Joined:
    Oct 31, 2016
    Posts:
    1
    We are using Unity 5.3.6f1, IAP 1.8.3 and getting lots of these from GooglePlayValidator.Validate:
    • InvalidSignatureException;
    • IndexOutOfRangeException on Mono.Security.Cryptography.PKCS1.OS2IP;
    • FormatException on System.Convert.FromBase64String;
    But since we can't reproduce locally and so far no user complained about not being able to purchase an item we are considering these to be actual fraudulent purchases rather than a bug in the IAP code.
     
    felipemanera_sticksports, Nov 21, 2016
    #9

  10. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,519
    ap-unity, Dec 7, 2016
    #10
Thread Status:
Not open for further replies.