Search Unity

  1. Unity Asset Manager is now available in public beta. Try it out now and join the conversation here in the forums.
    Dismiss Notice
  2. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  3. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Yearly IL2CPP on Standalone Thread

Discussion in 'Experimental Scripting Previews' started by fabianzz, Nov 9, 2017.

  1. fabianzz

    fabianzz

    Joined:
    Nov 24, 2012
    Posts:
    39
    So I noticed it's been about a year since the last thread about IL2CPP support for Standalone builds, so I figured what with it being nearly Christmas it'd be a great time to bring it up again.

    Only thing is, it's precisely on the roadmap where it was last year: Nowhere.
    It's the third most voted for Platforms suggestion on the Unity Feedback page, yet it's nowhere to be seen on the roadmap, whilst platform features that almost nobody voted for are in the roadmap for release in 2017.3 and have been released in 2017.2 (*cough* Mixed Reality #spon)

    What's going on? Why is it harder for standalone than it is for, say, Android or WebGL?


    It's something that's really holding Unity back; that developers can't release apps to the most basic, original platforms without their code being prone to being stolen or modified.
    Is IL2CPP, or something which provides equivalent source removal qualities, ever coming to standalone?
     
  2. dadude123

    dadude123

    Joined:
    Feb 26, 2014
    Posts:
    789
    It has probably been deemed not worth the effort.


    What actual advantages do unity users have from IL2CPP? None.

    I hope I can calm your worries with this analysis:
    Even if you feel like that your code will be stolen (which, even if that were the case, would not really matter*), it's not actually holding you back. In fact, there are many devs releasing games despite this perceived issue.


    *) Lets assume you wrote some awesome code and release it? Even though I have the technical means to "steal" your code, would I really bother? Do I even want the hot mess of a codebase? (which real games usually are because of intense time and money constraints)
    Let's even go as far to assume that your code is actually well done and modular, will that give me a full game?

    No, of course it won't, my only options would be:

    a) to either copy your game 1:1 (which makes no sense because even if I'd manage to publish it and not get sued or get my app removed from the stores, you're there earlier so people already buy the game from you instead of me...),

    or

    b) Make my own game. But then again why did I even bother going through the trouble of "stealing" your code anyway? If I did it because I'm too incompetent to write my own game code, then my project will be dead as soon as I hit the first roadblock, bug or limitation that I can't fix myself.

    So in any case, people don't even want your code, because without documentation, comments, and most importantly people who can fix/improve/update the code, its basically a very brittle asset that is basically useless for actual game development. And if they want to know how something in your game is done, they are 100x more likely to just record a video, post it in some forum and get some really really smart people to tell them how its done.


    Well, it would be nice to have more stuff and features implemented, but Unity is notorious for bad communication :p
     
    Enrico-Monese likes this.
  3. Schubkraft

    Schubkraft

    Unity Technologies

    Joined:
    Dec 3, 2012
    Posts:
    1,070
    This is not forgotten and top people are looking into it. There is no ETA we can promise but next year is probably the year your wish will come true. Will take a look at the roadmap issue.
     
    hippocoder likes this.
  4. Baste

    Baste

    Joined:
    Jan 24, 2013
    Posts:
    6,294
    Where does this absurd idea that IL2CPP is a DRM/obfuscation solution come from? I keep seeing it pop up again and again and just... what?

    It's never been advertised as such, there's no reason to believe it's anything like that. It's a tool that translates the compiled IL to c++. That c++ can still be decompiled and edited.


    @Schubkraft, genuine question: why would I want to use IL2CPP on say Windows 64 bit standalone applications? My experience from using IL2CPP on platforms that demand it is that the only noticeable difference is a longer build time.
     
  5. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,645
    I'm currently actively working on supporting IL2CPP on Standalone Windows and Mac. It won't be much longer until you get your hands on it.

    IL2CPP does not prevent your code modification. Do not depend on that or you will be disappointed.

    You're right that IL2CPP is not DRM. It does prevent trivial decompilation, though. And IL2CPP builds will always have longer build times.

    The main advantages are faster startup time (since there's no JIT) and faster script execution.
     
    MechEthan and dadude123 like this.
  6. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,042
    Are you working on improving this times by caching? Can assembly definition files help on this? I mean sometimes between two builds you only change a line when you are fixing bugs and having to wait the same time between this previous and the current build doesn't make sense.

    It's a real problem because IL2CPP it's going to be on all platforms in the future.

    We need fast iteration times.

    If now I get a windows build in 30 seconds and with IL2CPP it's going to be 3 minutes it doesn't worth it.
     
  7. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,645
    Caching is already there. There were big improvements on this in 2017.1. If you build to the same folder as you built before, only a few C++ files should be recompiled, which means way quicker iteration times. It doesn't help the first build, but all subsequent builds should be significantly faster.

    We do have plans on improving it further, but we are not working on it right now.
     
    MechEthan likes this.
  8. fabianzz

    fabianzz

    Joined:
    Nov 24, 2012
    Posts:
    39
    .Net bytecode can be decompiled by automated tools in such a way that the game can be decompiled, modified and recompiled fully. It's not even about DRM (for me). It's also more difficult to detect these modifications because the detection code could also be reversed!

    I'm currently having to use a system-level service to ensure against assembly modification.



    I'm aware of this [that it's not DRM, build times and startup times]; and I'm really glad to hear it's coming to standalone platforms! The reason I'm speaking about it from a perspective of code modification is because of how much easier it is to make really gamechanging modifications in .net, and how much harder it is to make modification detection mechanisms which can't be bypassed just as easily. I've had a look at the intermediate files on IL2CPP builds for other platforms (WebGL) and can say that it's definitely enough that, when coupled with a thin in-house solution such as Blizzard's Warden, Valve's VAC etc it could be effectively tamper-proof.


    C++ can be edited, but saying it can be decompiled when .net bytecode is the topic of conversation is almost the overstatement of the century. Speaking from experience, it's so much harder to make the simplest of edits when it's C++ compiled to native code than .net bytecode translated JIT to native code.

    The two aren't even comparable. You can see for yourself how much 'protection' it provides just by looking at the intermediate files of a WebGL build. I mean, sure, there's still what amounts to export symbols packaged in there (it's in the data segment, I imagine this is for Unity's core use of some reflection features?), but if you wanted to significantly change game logic it just isn't an option, as it is with .net.

    Tasks such as deactivating components (e.g. colliders) will be relatively easy with or without IL2CPP, but still a lot harder with, and a lot harder to maintain the 'hacks'.
     
    larku likes this.
  9. rastlin

    rastlin

    Joined:
    Jun 5, 2017
    Posts:
    127
    For people who are actually afraid of someone tempering with their code and "hacking" it, I think you should ask Unity to implement a mechanism actually designed as countermeasure to this, which is Strong Names for assemblies, instead of pushing for IL2CPP, which as indicated by likes of Baste, is not meant as a hack-prevention mechanism.

    Also support for a digitally signed exe's would raise the protection level even more.
     
    Qbit86 likes this.
  10. fabianzz

    fabianzz

    Joined:
    Nov 24, 2012
    Posts:
    39
    Digital signature enforcement is only as strong as the enforcement code itself. Same applies with strong names. The only way you could truly stop code tampering is by stopping the code from ever being executed or available on the users PC. SN would be nice in addition though - they all make life more difficult, but only cloud gaming (think: NVidia Shield) makes it impossible!
     
  11. dadude123

    dadude123

    Joined:
    Feb 26, 2014
    Posts:
    789
    Strong names in the context of anti-cheating or DRM is laughable.
    Removing a strong name requirement is a trivial thing (assuming you don't have other protections)

    It has its place though, but it aims for something completely different.
    See here: https://docs.microsoft.com/en-us/do...ed-assemblies#why-strong-name-your-assemblies

    In some scenarios it can also have the benefit of preventing malicious code from easily replacing a strong named dll to gain elevated permissions.

    But since a user has elevated permissions on their computer already, they can just remove the strong name requirement from all the dlls and the game, and patch the code that checks for that (which is not hard).
     
    fabianzz likes this.
  12. larku

    larku

    Joined:
    Mar 14, 2013
    Posts:
    1,422
    That is very true, but for some the task of finding an exploit/hacking/cheating is several orders of magnitude harder for compiled code vs decompiled IL or similar.

    Not only that, the pool of people who can understand and meddle with decompiled IL vs object code I'd guess is also orders of magnitude apart.

    Anyone with the know how knows it's not too difficult to modify the object code (just ask fravia) , but reading assembly/object code vs reading decompiled IL is just not in the same league.

    IMO having object code vs IL will increase the barriers for some - perhaps so much so they may not bother. It's about making it difficult enough that the time-benefit is diminished enough to discourage it.

    I totally understand there is no security through obscurity, but it makes things harder. There's no need to hand things over on a silver platter.
     
    fabianzz likes this.
  13. fabianzz

    fabianzz

    Joined:
    Nov 24, 2012
    Posts:
    39
    Not to mention how hard it is to identify changes in native code Vs managed IL. You could never get away with mass detection banwaves on a .net game. It's too easy for malicious developers to spot new potential detection mechanisms and correctly identify them.

    It really is just for the sake of making life more difficult for "the bad guys" that I want the feature. Well, the performance boost wouldn't go unappreciated either.

    But currently it's a case of cat and mouse, and the game devs are the morbidly obese mouse who can't run, can't hide and can't protect themselves. Unity games are literally 'easy catches'.
     
    larku likes this.
  14. rastlin

    rastlin

    Joined:
    Jun 5, 2017
    Posts:
    127
    That's why the SN verification mechanism should be incorporated in Unity launcher exe which starts the Mono, which is a classic machine code exe. It should also be digitally signed.

    The launcher would guarantee the SN are kept intact, and you can verify digital signature of a launcher on server side.

    This approach would make it orders of magnitude harder to temper with the files. Obviously it wont protect against hacks which overwrites memory.

    Ultimately there is no way to prevent all hacks on client machine.

    I think the reason it takes so long to get IL2CPP on Windows standalone is because the number of compatibility concerns is way greater than on any other platforms.
     
  15. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,645
    However, once that is broken once by somebody, now suddenly all Unity games are affected by it. And we're not ready to play whack-a-mole game with crackers.

    Not really, it was just lower priority than other platforms. It was the only platform where not having IL2CPP would prevent Mono upgrade.
     
    Last edited: Nov 14, 2017
    MechEthan and fabianzz like this.
  16. larku

    larku

    Joined:
    Mar 14, 2013
    Posts:
    1,422
    I'm not arguing for the SN verification mechanism as I'm not familiar with it ... but if it is broken wouldn't the worst case scenario be that a Unity game would be as vulnerable as it is now?

    I don't get how this could be an issue.
     
  17. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,645
    The issue is that if we start implementing DRM, developers who want to use DRM would use our solution (instead of using something specific for their game), and then it would be our responsibility that this DRM solution keeps working. And as I mentioned before, we are not going to play this patching/fixing game with crackers.
     
    MechEthan and fabianzz like this.
  18. BrUnO-XaVIeR

    BrUnO-XaVIeR

    Joined:
    Dec 6, 2010
    Posts:
    1,687
    When IL2CPP is added to Desktop then Unity will be at least usable again.

    Whenever a team wants to build a game on Unity I show them why we shouldn't do it, show how long it takes to crack a anti-cheat's function in Unity's DLLs then recompile: (4 seconds).

    (I find pretty funny when developers add anti-cheat functions in their games that are written in C# or UnityJS, really, to say the least)

    If you're checking something online I will just patch your function to return "true" in the client, never calling the real online check, so it doesn't really matter if your checks are client-side or not.

    When machine code is involved however, ain't all that easy tho, most non-crackers would just leave the game alone drastically reducing scope when you have to identify where a cheat software is coming from and making not that impossible to patch current vulnerabilities in the game code.
     
    fabianzz and larku like this.
  19. fabianzz

    fabianzz

    Joined:
    Nov 24, 2012
    Posts:
    39
    Exactly. And speaking from experience doing a simple modification such as the one you just suggested in native code, could take hours depending how hard it is to find- another thing which IL doesn't let you manipulate.

    The patch you describe is just a JZ-JNZ or vice versa but they're really difficult to find sometimes.
     
  20. fabianzz

    fabianzz

    Joined:
    Nov 24, 2012
    Posts:
    39
    We don't want to a unity DRM, Just the ability to add support for it which isn't then overwhelmingly easy to remove.

    For example, DRM provided by a native DLL (say SteamAPI) in unity, at it's current level, could be bypassed by simply replacing the library calls with static functions which verify it, then recompiling it.

    Doing the same with IL2CPP would be much harder.
     
  21. R1PFake

    R1PFake

    Joined:
    Aug 7, 2015
    Posts:
    533
    Sorry to pull this off topic but i have a question about Il2CPP standalone.

    Will it still be possible to load a (c#) assembly at runtime (for example to load a plugin or 'mod') if the game was built with IL2CPP?

    How does that work?
     
  22. joncham

    joncham

    Unity Technologies

    Joined:
    Dec 1, 2011
    Posts:
    276
    Dynamic loading of code when application was built with IL2CPP will not be possible. We are considering how/if to enable this, but it's not possible for the foreseeable future
     
  23. R1PFake

    R1PFake

    Joined:
    Aug 7, 2015
    Posts:
    533
    I assume this also applies for the CSharpCodeProvider Class https://msdn.microsoft.com/en-us/en-en/library/microsoft.csharp.csharpcodeprovider(v=vs.110).aspx
    which would allow to compile/create the code in memory?

    Is there a list which (C#) features are not available with IL2CPP (or general things which should be avoided/noted)?
     
  24. joncham

    joncham

    Unity Technologies

    Joined:
    Dec 1, 2011
    Posts:
    276
    R1PFake likes this.
  25. R1PFake

    R1PFake

    Joined:
    Aug 7, 2015
    Posts:
    533
    Thanks for the link! Looks like the System.Xml.Serialization.XmlSerializer will also be a no-go, because it uses reflection and creates a dynamic assembly behind the scenes.

    I currently can't play around with it, because im working on a windows standalone project, but i will try it when Unity 2018 is released and supports IL2CPP for standalone.
     
  26. alexzzzz

    alexzzzz

    Joined:
    Nov 20, 2010
    Posts:
    1,447
    @R1PFake
    2018.1 beta with IL2CPP for standalone is already available.
     
  27. bakanekofr

    bakanekofr

    Joined:
    Feb 28, 2014
    Posts:
    122
    Hello, a few questions about IL2CPP for PC:
    - The Unity roadmap indicate that IL2CPP is coming to Windows and Mac, but not Linux. Why is that? Will it support Linux too at some point?
    - I have currently CPU usage spikes due to the garbage collector in C#. Will switching to IL2CPP fix this issue? Or will it result in memory leaks?
    - I'm currently using Obfuscator for basic scripts protection. Will switching to IL2CPP make it obsolete?
    Thanks!
     
  28. joncham

    joncham

    Unity Technologies

    Joined:
    Dec 1, 2011
    Posts:
    276
    Right now you can't cross compile IL2CPP for standalones. That means you can do a Windows Standalone IL2CPP build on Windows. Same for Mac. Doing a Linux Standalone IL2CPP build would require a Linux Editor which is not fully supported ATM.

    IL2CPP will not fix garbage collection issues.

    IL2CPP is not designed to be an obfuscator, but the native compilation does by it's very nature improve obfuscation over managed dlls.
     
  29. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,645
    At some point, yeah. But as Jonathan mentioned, we still don't have a supported Linux editor. Furthermore, Linux as a platform is smaller than both Windows and Mac in terms of gamers, so it was naturally lower priority (and we couldn't do all of them in time).

    Not entirely. It's still possible (and it's not very complicated) to get your class, method and field names out of compiled binary.
     
  30. bakanekofr

    bakanekofr

    Joined:
    Feb 28, 2014
    Posts:
    122
  31. alexzzzz

    alexzzzz

    Joined:
    Nov 20, 2010
    Posts:
    1,447
    Well, I have tried IL2CPP for Windows standalone.

    1. Created a new empty project.
    2. Switched the backend to IL2CPP (the only change I made).
    3. Ran the build process with the default settings.
    4. Build failed.

    Code (csharp):
    1.  
    2. Failed running G:\Unity 2018.1\Editor\Data\il2cpp/build/il2cpp.exe --convert-to-cpp --enable-array-bounds-check --compile-cpp --libil2cpp-static --platform="WindowsDesktop" --architecture="x64" --configuration="Release" --outputpath="G:\Unity Projects\Temp 7 (IL2CPP)\Temp/StagingArea/Data\Native\GameAssembly.dll" --cachedirectory="G:\Unity Projects\Temp 7 (IL2CPP)\Assets\..\Library/il2cpp_cache" --map-file-parser="G:\Unity 2018.1\Editor\Data\Tools\MapFileParser\MapFileParser.exe" --assembly="G:\Unity Projects\Temp 7 (IL2CPP)\Temp\StagingArea\Data\Managed\UnityEngine.Analytics.dll" --assembly="G:\Unity Projects\Temp 7 (IL2CPP)\Temp\StagingArea\Data\Managed\UnityEngine.dll" --generatedcppdir="G:\Unity Projects\Temp 7 (IL2CPP)\Temp\StagingArea\Data\il2cppOutput"
    3. stdout:
    4. Building GameAssembly.dll with MsvcDesktopToolChain.
    5.  Output directory: G:\Unity Projects\Temp 7 (IL2CPP)\Temp\StagingArea\Data\Native
    6.  Cache directory: G:\Unity Projects\Temp 7 (IL2CPP)\Library\il2cpp_cache
    7. il2cpp.exe didn't catch exception: System.InvalidOperationException: Builder is unable to build using selected toolchain (MsvcDesktopToolChain) or architecture (Unity.IL2CPP.Common.x64Architecture)!
    8.   at Unity.IL2CPP.Building.CppProgramBuilder.Build(IBuildStatistics& statistics)
    9.   at Unity.IL2CPP.Building.Statistics.BuildingTestRunnerHelper.BuildAndLogStatsForTestRunner(CppProgramBuilder builder, IBuildStatistics& statistics)
    10.   at il2cpp.Program.DoRun(String[] args)
    11.   at il2cpp.Program.Run(String[] args)
    12.   at il2cpp.Program.Main(String[] args)
    13. stderr:
    14. Unhandled Exception: System.InvalidOperationException: Builder is unable to build using selected toolchain (MsvcDesktopToolChain) or architecture (Unity.IL2CPP.Common.x64Architecture)!
    15.   at Unity.IL2CPP.Building.CppProgramBuilder.Build(IBuildStatistics& statistics)
    16.   at Unity.IL2CPP.Building.Statistics.BuildingTestRunnerHelper.BuildAndLogStatsForTestRunner(CppProgramBuilder builder, IBuildStatistics& statistics)
    17.   at il2cpp.Program.DoRun(String[] args)
    18.   at il2cpp.Program.Run(String[] args)
    19.   at il2cpp.Program.Main(String[] args)
    20. UnityEngine.Debug:LogError(Object)
    21. UnityEditorInternal.Runner:RunProgram(Program, String, String, String, CompilerOutputParserBase) (at C:/buildslave/unity/build/Editor/Mono/BuildPipeline/BuildUtils.cs:128)
    22. UnityEditorInternal.Runner:RunManagedProgram(String, String, String, CompilerOutputParserBase, Action`1) (at C:/buildslave/unity/build/Editor/Mono/BuildPipeline/BuildUtils.cs:73)
    23. UnityEditorInternal.IL2CPPBuilder:RunIl2CppWithArguments(List`1, Action`1, String) (at C:/buildslave/unity/build/Editor/Mono/BuildPipeline/Il2Cpp/IL2CPPUtils.cs:349)
    24. UnityEditorInternal.IL2CPPBuilder:ConvertPlayerDlltoCpp(ICollection`1, String, String) (at C:/buildslave/unity/build/Editor/Mono/BuildPipeline/Il2Cpp/IL2CPPUtils.cs:330)
    25. UnityEditorInternal.IL2CPPBuilder:Run() (at C:/buildslave/unity/build/Editor/Mono/BuildPipeline/Il2Cpp/IL2CPPUtils.cs:161)
    26. UnityEditorInternal.IL2CPPUtils:RunIl2Cpp(String, IIl2CppPlatformProvider, Action`1, RuntimeClassRegistry) (at C:/buildslave/unity/build/Editor/Mono/BuildPipeline/Il2Cpp/IL2CPPUtils.cs:41)
    27. DesktopStandalonePostProcessor:SetupStagingArea(BuildPostProcessArgs) (at C:/buildslave/unity/build/Editor/Mono/BuildPipeline/DesktopStandalonePostProcessor.cs:172)
    28. DesktopStandalonePostProcessor:PostProcess(BuildPostProcessArgs) (at C:/buildslave/unity/build/Editor/Mono/BuildPipeline/DesktopStandalonePostProcessor.cs:18)
    29. UnityEditor.BuildPlayerWindow:BuildPlayerAndRun()
     
  32. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,645
    That error means it couldn't find a suitable C++ compiler on your machine. Do you have VS2017 with C++ components installed?
     
    andrew-lukasik and alexzzzz like this.
  33. alexzzzz

    alexzzzz

    Joined:
    Nov 20, 2010
    Posts:
    1,447
    Hm... VS 2017 - yes, C++ components - no. Never thought it's needed. IL2CPP for Android seemed to work on its own, but I guess the compiler was inside Android NDK.

    Thanks!

    PS
    Works like charm!
     
    Last edited: Jan 17, 2018
  34. kite3h

    kite3h

    Joined:
    Aug 27, 2012
    Posts:
    192
    Oh, my God . You're not really arguing about why you need a native build, right? Are you just kidding me?

    I was using VS 2015. It occurred error. I removed VS 2015 ( it is very difficult ) and reinstall VS 2017 . It worked.
     
  35. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,645
    VS2015 should work too if you install the C++ bits. For 2018.1 release, we aim to support VS2010, VS2013, VS2015 and VS2017.
     
    almosr likes this.
  36. mitaywalle

    mitaywalle

    Joined:
    Jul 1, 2013
    Posts:
    247
    Hello, thanks for info, but wich one tool actualy? I've installed:
    - Classic app C++ dev tools
    - Build Tools for vs2017
    - Unity tools
    - Game dev C++ tools

    Unity version is 2018.1.0b4

    but still getting this error:
    https://vk.com/doc14343415_459148810?hash=58ea6c994dd590de34&dl=2ad12b5ba3f78ab3c0
    sorry for some reason can't add an image

     
    Last edited: Jan 31, 2018
  37. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,645
    That's a different error. It's saying you didn't install IL2CPP components in Unity. Run Unity download assistant again and make sure to tick Windows Support (IL2CPP) checkbox.
     
  38. mitaywalle

    mitaywalle

    Joined:
    Jul 1, 2013
    Posts:
    247
    [QUOTE="Run Unity download assistant again and make sure to tick Windows Support (IL2CPP) checkbox.[/QUOTE]

    Thank you, will make it this way of course. 2018.0 - great update. Thank you for you job :) you'r awesome