What is the best way to secure your game's files?

Hi everybody unity's lovers and haters xD

So... there is this video (spanish):

It is about a guy who hacks someone's game made with unity, this guy is inside the project in unity, he made it from the standalone exported project.
So to clarify: I'm not mad or sad about this guy hacking someone's game. Is not my problem.
Now my question is: Is there a way to avoid that? i know is imposible to protect your game project 100% but is there a way to at least make it more "difficult"? is there some kind of protection to avoid this?

Thanks...

 

If you never release your game, then nobody will ever peek inside the files. Likewise, if you have an online component for your game, then as long as it is never distributed to the users, nobody will look into it either.

To be honest, this sort of thing is one of unity's strong points, because it allows modding of the games to extreme degree and there are people that are into that. If your game is interessting, they can prolong its life.

Practically, if they start stealing your content, then you sue.

Related: https://forum.unity.com/threads/how...rom-tools-like-asset-bundle-extractor.467922/

 

Yes but is better to have control over that, by making mod tools for your game and stuffs

 

The project he has is just a skeleton of the game, it doesn't really work and is filled with issues and missing scripts/files.
There's nothing you can do to make it impossible, but in my opinion things that cost nothing (time included) and do something are things you should try if you really want to do this.

Investing time into this though is not really a good idea, unless you have a good reason to do it. (Competitive game maybe)

1 - First, and maybe only thing you should do is use il2cpp. This will make it so they basically can't get any of your C# scripts.
They can still dump files (with a public application) to get .dll names, script class names, maybe variables (can't remember), but that's it. None of your code will be found.

When it comes to the assets themselves (meshes, texture) not sure what you can do about that. There's applications out there that scan read the files unity uses to store all your textures/meshes. But it's a messy thing to do, and it still doesn't do it very well.

Maybe il2cpp helps with the asset thing, I can't remember, but either way like I said using il2cpp is enough.


I believe you could encrypt the asset bundles (it's the file that unity stores assets in, and the one players read to get your meshes/textures)) but I don't have experience with that.

 

Not another one of these threads.

 

Have a central server authorize literally everything your game does. The more code you run on a device the player has access to, the less secure it is.

 

yes of course that is a good idea but xD i do not have money to pay for a server haha i have to make this game with literally no money

 

Okay, and?

You wanted a solution, that's the solution. Any code running locally on a compute will be able to be accessed. If they want access to your asset files there are loads of ways they can do that because they have to be loaded into memory before they can be used by the computer. If they want to access your code, decompilation tools exist.

What, exactly, are you scared of them doing?

 

Even if it were possible to make your game unhackable, someone can still steal it by downloading it and uploading it unchanged to their own storefront.

If someone hacks your game and makes their-own release out of it, the professional solution is to send your legal team after them.

 

once your game has sold ten million copies you could hire a PI and assassin to go after the hackers.

 

Sounds like paranoia to me stemming from the thought that something new and ground breaking has been achieved in their project and they don't want anyone to steal it.

I would suggest completing and shipping your game. Then if things go well do what @BIGTIMEMASTER suggested.

 

If you have something really new and groundbreaking you could apply for a patent or something.

 

He doesn't have any money to do that.

 

Also design patents are F***ing trash that, like software patents, discourage innovation and development by preventing there being a base to build off of, instead forcing people to have to dedicate time to workarounds to accomplish the same thing.

 

Yes, in theory, with a streaming service like GeForce Now or Google Stadia.

 

Then protecting its files should among the last things on your priority list.

See minecraft as an example. Pretty much zero data protection.

 

If someone is putting this much time and effort into your game, you've done something right.

 

what is wrong with my question? i saw an older post but tech is always changing, maybe unity did something recently? idk i'm just asking because i saw how easy is to hack a game with just droping a folder

 

lol, pretty good idea xD

 

There's probably 2-3 threads about this every month in various sub-forums (Scripting and Editor Support sub-forums for example).

The answer is always the same: you don't get to decide what people do on their computers. Just focus on making a game that people think worthwhile hacking, because at that point you're already winning.

 

I do not know what makes you think that, to me, looks like the answer to another post

 

yes i agree, like the "nemesis" patent. that is very pathetic in my opinion, a move from people with weak creativity

 

Those threads pop up once in a while.

Basically, when people just start programming they often have that idea that their code has value, people will try to steal it, and therefore it must be protected. Some of them then discover that they can't protect everything fully, and sometimes that makes them freak out. "How is that possible".

The real situation is that that things that have value as code cannot be stolen because of huge amount of effort put into them. When somebody works on their product for a few decades, they create a Leviathan, and you can't just copy pieces of that leviathan into your project, because it is all interconnected. If you do try to do something like that, you'll end up pulling the whole thing, it will be obvious, and that's the time for legal team to step in, for example Silicon Knights story ( https://en.wikipedia.org/wiki/Silicon_Knights ).

And if you have something that is not a result of huge amount of work, then it can be duplicated without source code access. Basically, if you create (no offense) roll-a-ball puzzle supreme, and someone like EA takes a note of it and says "hey, we want that to become ours", they can sic sufficient number of people at the project, and they'll replicate your entire project in matter of months if not weeks. Now, that's going to cost them, but they can. Although instead of trying to clone it, they can try to buy your project (see Minecraft).

So, if you have something valuable and people try to steal it, that will be obvious, and that'll be a matter of lawsuit. And if you have something that is not valuable, then people do not need to steal it, because they can make a clone.

Additional issue is that a user on their computer is a god. If your game is for PC and they have physical access to the PC the game is running on, they're omnipotent relative to your program/game, so they can extract every single resource you store, even if you actually go out of your way and encrypt them. The situation becomes different when you're dealing with consoles and locked platforms, because on something like Oculus Quest, for example, you no longer have infinite cosmic power you got on a PC, where you can hijack every system call.

In regards of your query, normally you'd want to:
1. Look into il2cpp (pretty sure tools for decompiling that exist too, but it is harder to alter)
2. Look into obfuscators (that will make it harder to alter the game logic, but they'll be able to still rip all your data).
3. If you're really determined you could investigate asymmetric encryption of your assets, but they'd still be able to rip and hijack those, although altering your game will be harder.

At the end of the day, however, a good idea is to ask yourself, what are you trying to achieve and how it is going to bring your more money or make your project more successful. It is not uncommon for a game to use human-readable plain text for game data.

 

again, is not my case, but thanks for you reply

 

There's nothing wrong with your question. It's just that the only real solution is to stop caring. You mentioned tech is constantly advancing and while that's true it's not just for one side. If it can be made by someone it can also be broken by someone.

What's worse is that they don't even have to break the files. There are multiple ways to extract the assets from a game including photogrammetry (yes, the method to extract from the real world works for a video game too) and extracting assets from memory (it has to be loaded and decrypted to be used after all).

https://github.com/aknavj/articles/blob/master/Grabing models and textures from game or 3D application.md

Unity has never tried to secure your content for you.

 

You have literally not explained what your case is.

 

Wow this is very interesting, i will read it later, thanks

 

maybe i thought i was obvious.
There are all those ways to extract all the code and assets from your games, well, i want to know the other side, what are the ways to protect your files from being hacked. From what i'm looking, it seems that trying to protect your games from being hacked is a "bad looking thing" (sorry i do not know how to say that expression in english) like, is a bad thing to do, i'm not agree, even if my code is very basic and bad, even if is a tetris clone or just a box moving with wasd in a plane, is my product, my thing i have the right to protect it, i do not know why you guys think that i need an amazing new idea for that. I'm not against hacking games for educational purposes like the video (in fact i already did it with 3 old games) in my OP but i do not think that trying to protect your game's files is a bad thing or a bad idea o . O (unpopular opinion i guess)

 

You pretty much have to host your game on something like GeForce Now and stream video.
Because the moment it is on user's computer, they can rip data from it.

Also, ripping data from your game is harder if it is on closed platform or on consoles.

Rather than "bad looking thing" it is a distraction. People worry about protecting their data before they have a good product. Basically, people who will rip data are minority and in many cases are not even your customers. So instead of focusing on folks that do not bring your money, it normally makes more sense to focus on your fans instead and things that make fans happy (and bring you more money)

Basically, the whole talk about resource protection reminds me of some fan-made game I played in the past. The author made an extremely dull and grindy game (single player title). However, at the same time the author made a point to implement anti-cheat into it (in a single player title). If you got fed up with the grind, fired CheatEngine, and gave yourself more money, the game would detect it(!) and post an angry message along the lines of "How DARE you cheat while playing my magnificent Opus Magnum!".

It was bizarre and created a very strong negative impression. That anti-cheat was probably the most advanced part of the game from technical standpoint.

 

Fallout Shelter is an example of bad game design. Besides is buggy hell.

Its design is pay to win, while "free to play".
You pay real mine to be able to progress.
While game most likely do everything to mitigate the game progress.
Technically game is a single player only.
And is mobile port.

While payment process is online, the game progress is stored lockaly on the device. You can not have multiple saves.

Now, with all that things, using cheat engine, I was able to skip all payment process, to get perks.

Loosing progress wasn't something unusual for players. Hence players lost spent money.

 

well i'm not exactly focused on this, i'm focused on finishing the game.... just asking.

 

Yes, there are, and there's no way to prevent it. More than that, however, it doesn't F***ing matter. If anyone does this in a commercial setting, they're opening themselves up to more legal issues than anyone would ever want to deal with. If they do, DMCA claims are right there, and they're free. You can submit a DMCA claim to any storefront and have the game in question immediately taken down. If the storefront does not adhere to this, you'd never have been making money from that storefront in the first place.

No, it's a pointless thing to do because it accomplishes nothing. Not just because it's ineffectual, but because there are a million better ways to handle this that don't involve wasting time on this angle.

Yes, and if you want to protect it, there are legal channels to do so. This is not a problem that needs to be solved with code.

The reason it's unpopular is because we're all experienced devs here who know that ultimately these measures either do nothing or negatively impact the end user.

 

On an unrelated note, I read an article regarding software protection and it specifically used Elden Ring as an example. It broke down how Denuvo, a software protection system, was so integrated into the game that it affected the performance (FPS) of the game and brought the minimum specs up quite dramatically. The article compared two versions of Elden Ring. One with Denuvo, what you would buy retail, and one which had Denuvo removed by some software/game cracking group. The difference in performance was so noticeable it prompted quite a lot of complaints and refund requests.

What am I getting at? Well, you could protect your game with the very best protection software available; use various other big name tools to secure assets, but at the end of the day within 2-3 days it would have been for nothing. Not only will it affect your games performance but the protection would be removed and any assets you tried to hide would be accessible.

To the point. Save yourself the hassle and just make your game, finish it, release it and let its gameplay and style be the driving force. Forget all this protection of assets and code stuff as it won't make a single bit of difference to a person dedicated to allowing what you are trying to prevent.

 

Any DRM is a path to refunds and user complains.
These fore further driving down negative reviews and shrinking potential sales.

Who is to pirat / crack, will pirat regardless. No DRM has stopped on that.
Even WoW with whole server structure behind, had so many clone servers.
It didn't stop anyone of doing so.

You should be proud of, if someone puts hassle to pirate your game.
Means it reached some meaningful visibility in a gaming world.

 

I'm not saying i'm not finishing the game just for that, in fact i said that is not an important thing but but something that i have in mid (it seems like people do not read my comments) so anyway, if making this is useless and makes nothing, then why elden rings devs did it? why AAA studios or even indies are doing it in their games?

 

not agree with this, i mean, i know why you said but i'm not exactly agree

 

Various reasons. The Elden Ring devs got slammed for doing it. AAA Studios do it because they can. It gives them a false sense of security. It lasts hours or days though. Have a go at googling what the industry really thinks about protection systems and their usefulness. Regarding Elden Ring again. That game suffered such a large amount of refund requests via steam that it was unreal. All because the legitimate users suffer while those who grabbed it illegally enjoyed it more.

This is my personal opinion only. Any software protection like Denuvo should be banned. There are far more effective ways to deter the average joe than making a game suffer in performance due to over the top protection systems.

And, don't get me started on the advertising game/software protection systems use to gather clients.

 

Uhm, it's a 4.5 star rated game (on android) that won awards...

 

If ratings, sales, and awards were all it took to be good, the Michael Bay Transformers series of films would be regarded as amazing.

 

Transformers 1 was pretty cool.

 

It was pretty alright but there's a reason I said series.

 

And? It is buggy pay to win game. If some people like masochistic grinding then they vote likes and since it is for free.

Until realising it is not. It is money trap/grab. Most people unfortunatelly don't recognise this predatory corpo tactics, they are already sucked into the system.

 

It's not useless but it's not being used for the reasons you're interested in it. Video games make most of their sales around and shortly after launch. Management insists on including these solutions not to permanently stop piracy but to curb it long enough that most of their sales have been made.

 

Right, if you're a AAA studio and you have the marketing budget to hype-up millions of people in to wanting to rush and buy your game at the moment that it comes out then it might worth protecting your game for a day or two.

AAA studios use a lot of business strategies that leverage their massive capitol. It's not always reasonable for us little guys to try and follow what they do.

 

That said they may look at the large companies and come to the conclusion that this is something that they should be doing too regardless of whether it's reasonable.

 

Because engineers like their profession in general and people, who think like you get into decision making positions in general. And if your boss tells you that you need to include DRM in the project, then you don't have a choice, it is not your project to decide.
Clueless managers and investors usually think that protection is good and useful thing. As this thread says, it is not always the case. In reality they would be better off without it, probably.

Also the DRM-selling companies have great marketing people too, who can sell their products to clueless management.

 

Yeah, the thing people don't get is that DRM is almost always an upper management decision and that DRM is also an industry itself, one with decades of history both in and out of games.

I remember my high school basically had to crack versions of software they owned because physical DRM dongles kept breaking or getting lost.

 

There is also the matter of investors.

They are looking for return on investment and covering their ass if the game didn't sell well. They're the one you need to sell the game first and you'd probably lose more money trying to get investors without piracy protection than whatever sales damage it could cause.

 

You just have to make the worst spaghetti ever, that they would get seizures reading it. Its free and get your game done faster.
When your colleagues ask, tell them its built-in anti-piracy protection.

 

Well I mean you could mabye make a Decrypter or something like unreal engine that makes the code almost impossible for people. Or you could make it so each Script needs Each other. Like Lets say the "hacker" copies 1 of your script but it doesnt work because it also needs the "other" script and that "other" script needs the "thrid". By doing this he will have to manually change everysignle script or copy your entire game and thats when you can Sue. (My grammar is bad ik)