Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.

What is the best way to secure your game's files?

Discussion in 'General Discussion' started by impheris, May 17, 2022.

  1. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    Hi everybody unity's lovers and haters xD

    So... there is this video (spanish):


    It is about a guy who hacks someone's game made with unity, this guy is inside the project in unity, he made it from the standalone exported project.
    So to clarify: I'm not mad or sad about this guy hacking someone's game. Is not my problem.
    Now my question is: Is there a way to avoid that? i know is imposible to protect your game project 100% but is there a way to at least make it more "difficult"? is there some kind of protection to avoid this?

    Thanks... :)
     
  2. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    11,708
    If you never release your game, then nobody will ever peek inside the files. Likewise, if you have an online component for your game, then as long as it is never distributed to the users, nobody will look into it either.

    To be honest, this sort of thing is one of unity's strong points, because it allows modding of the games to extreme degree and there are people that are into that. If your game is interessting, they can prolong its life.

    Practically, if they start stealing your content, then you sue.

    Related: https://forum.unity.com/threads/how...rom-tools-like-asset-bundle-extractor.467922/
     
  3. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    Yes but is better to have control over that, by making mod tools for your game and stuffs
     
  4. PutridEx

    PutridEx

    Joined:
    Feb 3, 2021
    Posts:
    880
    The project he has is just a skeleton of the game, it doesn't really work and is filled with issues and missing scripts/files.
    There's nothing you can do to make it impossible, but in my opinion things that cost nothing (time included) and do something are things you should try if you really want to do this.

    Investing time into this though is not really a good idea, unless you have a good reason to do it. (Competitive game maybe)

    1 - First, and maybe only thing you should do is use il2cpp. This will make it so they basically can't get any of your C# scripts.
    They can still dump files (with a public application) to get .dll names, script class names, maybe variables (can't remember), but that's it. None of your code will be found.

    When it comes to the assets themselves (meshes, texture) not sure what you can do about that. There's applications out there that scan read the files unity uses to store all your textures/meshes. But it's a messy thing to do, and it still doesn't do it very well.

    Maybe il2cpp helps with the asset thing, I can't remember, but either way like I said using il2cpp is enough.


    I believe you could encrypt the asset bundles (it's the file that unity stores assets in, and the one players read to get your meshes/textures)) but I don't have experience with that.
     
    Last edited: May 17, 2022
  5. spiney199

    spiney199

    Joined:
    Feb 11, 2021
    Posts:
    1,760
    Not another one of these threads.
     
    xVergilx, JoNax97 and Murgilod like this.
  6. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    8,577
    Have a central server authorize literally everything your game does. The more code you run on a device the player has access to, the less secure it is.
     
  7. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    yes of course that is a good idea but xD i do not have money to pay for a server haha i have to make this game with literally no money :(
     
  8. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    8,577
    Okay, and?

    You wanted a solution, that's the solution. Any code running locally on a compute will be able to be accessed. If they want access to your asset files there are loads of ways they can do that because they have to be loaded into memory before they can be used by the computer. If they want to access your code, decompilation tools exist.

    What, exactly, are you scared of them doing?
     
  9. kdgalla

    kdgalla

    Joined:
    Mar 15, 2013
    Posts:
    3,482
    Even if it were possible to make your game unhackable, someone can still steal it by downloading it and uploading it unchanged to their own storefront.

    If someone hacks your game and makes their-own release out of it, the professional solution is to send your legal team after them.
     
  10. BIGTIMEMASTER

    BIGTIMEMASTER

    Joined:
    Jun 1, 2017
    Posts:
    4,693
    once your game has sold ten million copies you could hire a PI and assassin to go after the hackers.
     
    OCASM, Saniell, arkano22 and 4 others like this.
  11. Amon

    Amon

    Joined:
    Oct 18, 2009
    Posts:
    1,239
    Sounds like paranoia to me stemming from the thought that something new and ground breaking has been achieved in their project and they don't want anyone to steal it.

    I would suggest completing and shipping your game. Then if things go well do what @BIGTIMEMASTER suggested.
     
  12. kdgalla

    kdgalla

    Joined:
    Mar 15, 2013
    Posts:
    3,482
    If you have something really new and groundbreaking you could apply for a patent or something.
     
  13. Amon

    Amon

    Joined:
    Oct 18, 2009
    Posts:
    1,239
    He doesn't have any money to do that.
     
  14. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    8,577
    Also design patents are F***ing trash that, like software patents, discourage innovation and development by preventing there being a base to build off of, instead forcing people to have to dedicate time to workarounds to accomplish the same thing.
     
  15. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    18,005
    Yes, in theory, with a streaming service like GeForce Now or Google Stadia.
     
    Rodolfo-Rubens likes this.
  16. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    11,708
    Then protecting its files should among the last things on your priority list.

    See minecraft as an example. Pretty much zero data protection.
     
    MadeFromPolygons likes this.
  17. SamTheLearned

    SamTheLearned

    Joined:
    Jun 23, 2021
    Posts:
    79
    If someone is putting this much time and effort into your game, you've done something right.
     
    Marc-Saubion and xVergilx like this.
  18. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    what is wrong with my question? i saw an older post but tech is always changing, maybe unity did something recently? idk i'm just asking because i saw how easy is to hack a game with just droping a folder
     
  19. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    lol, pretty good idea xD
     
  20. spiney199

    spiney199

    Joined:
    Feb 11, 2021
    Posts:
    1,760
    There's probably 2-3 threads about this every month in various sub-forums (Scripting and Editor Support sub-forums for example).

    The answer is always the same: you don't get to decide what people do on their computers. Just focus on making a game that people think worthwhile hacking, because at that point you're already winning.
     
    Meltdown likes this.
  21. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    I do not know what makes you think that, to me, looks like the answer to another post
     
  22. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    yes i agree, like the "nemesis" patent. that is very pathetic in my opinion, a move from people with weak creativity
     
  23. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    11,708
    Those threads pop up once in a while.

    Basically, when people just start programming they often have that idea that their code has value, people will try to steal it, and therefore it must be protected. Some of them then discover that they can't protect everything fully, and sometimes that makes them freak out. "How is that possible".

    The real situation is that that things that have value as code cannot be stolen because of huge amount of effort put into them. When somebody works on their product for a few decades, they create a Leviathan, and you can't just copy pieces of that leviathan into your project, because it is all interconnected. If you do try to do something like that, you'll end up pulling the whole thing, it will be obvious, and that's the time for legal team to step in, for example Silicon Knights story ( https://en.wikipedia.org/wiki/Silicon_Knights ).

    And if you have something that is not a result of huge amount of work, then it can be duplicated without source code access. Basically, if you create (no offense) roll-a-ball puzzle supreme, and someone like EA takes a note of it and says "hey, we want that to become ours", they can sic sufficient number of people at the project, and they'll replicate your entire project in matter of months if not weeks. Now, that's going to cost them, but they can. Although instead of trying to clone it, they can try to buy your project (see Minecraft).

    So, if you have something valuable and people try to steal it, that will be obvious, and that'll be a matter of lawsuit. And if you have something that is not valuable, then people do not need to steal it, because they can make a clone.

    Additional issue is that a user on their computer is a god. If your game is for PC and they have physical access to the PC the game is running on, they're omnipotent relative to your program/game, so they can extract every single resource you store, even if you actually go out of your way and encrypt them. The situation becomes different when you're dealing with consoles and locked platforms, because on something like Oculus Quest, for example, you no longer have infinite cosmic power you got on a PC, where you can hijack every system call.

    In regards of your query, normally you'd want to:
    1. Look into il2cpp (pretty sure tools for decompiling that exist too, but it is harder to alter)
    2. Look into obfuscators (that will make it harder to alter the game logic, but they'll be able to still rip all your data).
    3. If you're really determined you could investigate asymmetric encryption of your assets, but they'd still be able to rip and hijack those, although altering your game will be harder.

    At the end of the day, however, a good idea is to ask yourself, what are you trying to achieve and how it is going to bring your more money or make your project more successful. It is not uncommon for a game to use human-readable plain text for game data.
     
    xVergilx, DragonCoder and spiney199 like this.
  24. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    again, is not my case, but thanks for you reply
     
  25. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    18,005
    There's nothing wrong with your question. It's just that the only real solution is to stop caring. You mentioned tech is constantly advancing and while that's true it's not just for one side. If it can be made by someone it can also be broken by someone.

    What's worse is that they don't even have to break the files. There are multiple ways to extract the assets from a game including photogrammetry (yes, the method to extract from the real world works for a video game too) and extracting assets from memory (it has to be loaded and decrypted to be used after all).

    https://github.com/aknavj/articles/blob/master/Grabing models and textures from game or 3D application.md

    Unity has never tried to secure your content for you.
     
    Last edited: May 19, 2022
    Meltdown likes this.
  26. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    8,577
    You have literally not explained what your case is.
     
  27. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
  28. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    maybe i thought i was obvious.
    There are all those ways to extract all the code and assets from your games, well, i want to know the other side, what are the ways to protect your files from being hacked. From what i'm looking, it seems that trying to protect your games from being hacked is a "bad looking thing" (sorry i do not know how to say that expression in english) like, is a bad thing to do, i'm not agree, even if my code is very basic and bad, even if is a tetris clone or just a box moving with wasd in a plane, is my product, my thing i have the right to protect it, i do not know why you guys think that i need an amazing new idea for that. I'm not against hacking games for educational purposes like the video (in fact i already did it with 3 old games) in my OP but i do not think that trying to protect your game's files is a bad thing or a bad idea o . O (unpopular opinion i guess)
     
  29. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    11,708
    You pretty much have to host your game on something like GeForce Now and stream video.
    Because the moment it is on user's computer, they can rip data from it.

    Also, ripping data from your game is harder if it is on closed platform or on consoles.

    Rather than "bad looking thing" it is a distraction. People worry about protecting their data before they have a good product. Basically, people who will rip data are minority and in many cases are not even your customers. So instead of focusing on folks that do not bring your money, it normally makes more sense to focus on your fans instead and things that make fans happy (and bring you more money)

    Basically, the whole talk about resource protection reminds me of some fan-made game I played in the past. The author made an extremely dull and grindy game (single player title). However, at the same time the author made a point to implement anti-cheat into it (in a single player title). If you got fed up with the grind, fired CheatEngine, and gave yourself more money, the game would detect it(!) and post an angry message along the lines of "How DARE you cheat while playing my magnificent Opus Magnum!".

    It was bizarre and created a very strong negative impression. That anti-cheat was probably the most advanced part of the game from technical standpoint.
     
    Lurking-Ninja likes this.
  30. Antypodish

    Antypodish

    Joined:
    Apr 29, 2014
    Posts:
    9,662
    Fallout Shelter is an example of bad game design. Besides is buggy hell.

    Its design is pay to win, while "free to play".
    You pay real mine to be able to progress.
    While game most likely do everything to mitigate the game progress.
    Technically game is a single player only.
    And is mobile port.

    While payment process is online, the game progress is stored lockaly on the device. You can not have multiple saves.

    Now, with all that things, using cheat engine, I was able to skip all payment process, to get perks.

    Loosing progress wasn't something unusual for players. Hence players lost spent money.
     
  31. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    well i'm not exactly focused on this, i'm focused on finishing the game.... just asking.
     
  32. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    8,577
    Yes, there are, and there's no way to prevent it. More than that, however, it doesn't F***ing matter. If anyone does this in a commercial setting, they're opening themselves up to more legal issues than anyone would ever want to deal with. If they do, DMCA claims are right there, and they're free. You can submit a DMCA claim to any storefront and have the game in question immediately taken down. If the storefront does not adhere to this, you'd never have been making money from that storefront in the first place.

    No, it's a pointless thing to do because it accomplishes nothing. Not just because it's ineffectual, but because there are a million better ways to handle this that don't involve wasting time on this angle.

    Yes, and if you want to protect it, there are legal channels to do so. This is not a problem that needs to be solved with code.


    The reason it's unpopular is because we're all experienced devs here who know that ultimately these measures either do nothing or negatively impact the end user.
     
    Ryiah and Amon like this.
  33. Amon

    Amon

    Joined:
    Oct 18, 2009
    Posts:
    1,239
    On an unrelated note, I read an article regarding software protection and it specifically used Elden Ring as an example. It broke down how Denuvo, a software protection system, was so integrated into the game that it affected the performance (FPS) of the game and brought the minimum specs up quite dramatically. The article compared two versions of Elden Ring. One with Denuvo, what you would buy retail, and one which had Denuvo removed by some software/game cracking group. The difference in performance was so noticeable it prompted quite a lot of complaints and refund requests.

    What am I getting at? Well, you could protect your game with the very best protection software available; use various other big name tools to secure assets, but at the end of the day within 2-3 days it would have been for nothing. Not only will it affect your games performance but the protection would be removed and any assets you tried to hide would be accessible.

    To the point. Save yourself the hassle and just make your game, finish it, release it and let its gameplay and style be the driving force. Forget all this protection of assets and code stuff as it won't make a single bit of difference to a person dedicated to allowing what you are trying to prevent.
     
    Ryiah likes this.
  34. Antypodish

    Antypodish

    Joined:
    Apr 29, 2014
    Posts:
    9,662
    Any DRM is a path to refunds and user complains.
    These fore further driving down negative reviews and shrinking potential sales.

    Who is to pirat / crack, will pirat regardless. No DRM has stopped on that.
    Even WoW with whole server structure behind, had so many clone servers.
    It didn't stop anyone of doing so.

    You should be proud of, if someone puts hassle to pirate your game.
    Means it reached some meaningful visibility in a gaming world. :)
     
  35. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    I'm not saying i'm not finishing the game just for that, in fact i said that is not an important thing but but something that i have in mid (it seems like people do not read my comments) so anyway, if making this is useless and makes nothing, then why elden rings devs did it? why AAA studios or even indies are doing it in their games?
     
  36. impheris

    impheris

    Joined:
    Dec 30, 2009
    Posts:
    671
    not agree with this, i mean, i know why you said but i'm not exactly agree
     
  37. Amon

    Amon

    Joined:
    Oct 18, 2009
    Posts:
    1,239
    Various reasons. The Elden Ring devs got slammed for doing it. AAA Studios do it because they can. It gives them a false sense of security. It lasts hours or days though. Have a go at googling what the industry really thinks about protection systems and their usefulness. Regarding Elden Ring again. That game suffered such a large amount of refund requests via steam that it was unreal. All because the legitimate users suffer while those who grabbed it illegally enjoyed it more.

    This is my personal opinion only. Any software protection like Denuvo should be banned. There are far more effective ways to deter the average joe than making a game suffer in performance due to over the top protection systems.

    And, don't get me started on the advertising game/software protection systems use to gather clients.
     
  38. DragonCoder

    DragonCoder

    Joined:
    Jul 3, 2015
    Posts:
    591
    Uhm, it's a 4.5 star rated game (on android) that won awards...
     
  39. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    8,577
    If ratings, sales, and awards were all it took to be good, the Michael Bay Transformers series of films would be regarded as amazing.
     
  40. Amon

    Amon

    Joined:
    Oct 18, 2009
    Posts:
    1,239
    Transformers 1 was pretty cool.
     
    Rodolfo-Rubens likes this.
  41. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    8,577
    It was pretty alright but there's a reason I said series.
     
  42. Antypodish

    Antypodish

    Joined:
    Apr 29, 2014
    Posts:
    9,662
    And? It is buggy pay to win game. If some people like masochistic grinding then they vote likes and since it is for free.

    Until realising it is not. It is money trap/grab. Most people unfortunatelly don't recognise this predatory corpo tactics, they are already sucked into the system.
     
  43. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    18,005
    It's not useless but it's not being used for the reasons you're interested in it. Video games make most of their sales around and shortly after launch. Management insists on including these solutions not to permanently stop piracy but to curb it long enough that most of their sales have been made.
     
    Last edited: May 20, 2022
    angrypenguin likes this.
  44. kdgalla

    kdgalla

    Joined:
    Mar 15, 2013
    Posts:
    3,482
    Right, if you're a AAA studio and you have the marketing budget to hype-up millions of people in to wanting to rush and buy your game at the moment that it comes out then it might worth protecting your game for a day or two.

    AAA studios use a lot of business strategies that leverage their massive capitol. It's not always reasonable for us little guys to try and follow what they do.
     
    DragonCoder likes this.
  45. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    18,005
    That said they may look at the large companies and come to the conclusion that this is something that they should be doing too regardless of whether it's reasonable.
     
  46. Lurking-Ninja

    Lurking-Ninja

    Joined:
    Jan 20, 2015
    Posts:
    8,726
    Because engineers like their profession in general and people, who think like you get into decision making positions in general. And if your boss tells you that you need to include DRM in the project, then you don't have a choice, it is not your project to decide.
    Clueless managers and investors usually think that protection is good and useful thing. As this thread says, it is not always the case. In reality they would be better off without it, probably.

    Also the DRM-selling companies have great marketing people too, who can sell their products to clueless management.
     
  47. Murgilod

    Murgilod

    Joined:
    Nov 12, 2013
    Posts:
    8,577
    Yeah, the thing people don't get is that DRM is almost always an upper management decision and that DRM is also an industry itself, one with decades of history both in and out of games.

    I remember my high school basically had to crack versions of software they owned because physical DRM dongles kept breaking or getting lost.
     
    Amon and Lurking-Ninja like this.
  48. Marc-Saubion

    Marc-Saubion

    Joined:
    Jul 6, 2011
    Posts:
    507
    There is also the matter of investors.

    They are looking for return on investment and covering their ass if the game didn't sell well. They're the one you need to sell the game first and you'd probably lose more money trying to get investors without piracy protection than whatever sales damage it could cause.
     
    Ryiah likes this.
  49. Gekigengar

    Gekigengar

    Joined:
    Jan 20, 2013
    Posts:
    605
    You just have to make the worst spaghetti ever, that they would get seizures reading it. Its free and get your game done faster. ;)
    When your colleagues ask, tell them its built-in anti-piracy protection.
     
  50. Mikkel_SC

    Mikkel_SC

    Joined:
    Jun 3, 2022
    Posts:
    1
    Well I mean you could mabye make a Decrypter or something like unreal engine that makes the code almost impossible for people. Or you could make it so each Script needs Each other. Like Lets say the "hacker" copies 1 of your script but it doesnt work because it also needs the "other" script and that "other" script needs the "thrid". By doing this he will have to manually change everysignle script or copy your entire game and thats when you can Sue. (My grammar is bad ik)
     
unityunity