playMaker

Author Topic: Protecting game made in Playmaker from hacking  (Read 497 times)

krmko

  • Beta Group
  • Hero Member
  • *
  • Posts: 1119
    • View Profile
    • Fat Pug Studio
Protecting game made in Playmaker from hacking
« on: November 23, 2020, 02:19:19 PM »
Hello guys,

I should be launching the game soon, but i want the demo to be a full fledged game only with a time limit. I implemented local variable timer which shuts down the game after a while. I tried decompiling the game but i didn't manage to find anything close resembling any of the fsms. Any way it could be cracked?

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #1 on: November 23, 2020, 03:00:21 PM »
I think anything can be cracked with enough time.

One thing you could do is make the hacker's life more difficult by creating a complicated logic inside your app, literally a cypher where only you knows where the key elements are found so even once decompiled, the code will not have an obvious neon sign saying where your time variable is.

Then you can top this with options to scramble your data that's saved in the file, with a hash. Be careful though because there are legal regulations regarding the use of encrypted data but if it stays local and minimal, if data is not exchanged and not sent outside of one's device, it should be fine.

heavygunner

  • Sr. Member
  • ****
  • Posts: 336
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #2 on: November 24, 2020, 01:19:26 AM »
I regular follow a forum called Unknowncheats.
What i found is, they find very difficult when decompile a game which use obfuscator.

Those people on that forum hate Beebyte obfuscator

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #3 on: November 24, 2020, 06:09:48 AM »
I regular follow a forum called Unknowncheats.
What i found is, they find very difficult when decompile a game which use obfuscator.

Those people on that forum hate Beebyte obfuscator

This one looks good indeed.
https://assetstore.unity.com/packages/tools/utilities/obfuscator-48919
Have you encountered any issues with publishing on iOS/Android and using Playmaker and this obfuscating tool?

krmko

  • Beta Group
  • Hero Member
  • *
  • Posts: 1119
    • View Profile
    • Fat Pug Studio
Re: Protecting game made in Playmaker from hacking
« Reply #4 on: November 24, 2020, 02:11:24 PM »
Yeah, obfuscator is the most popular over there. I figured out the best would probably be to just cut out the part of the game and when you get to the end of demo you just get a nice "thanks for playing the demo" message.

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #5 on: November 24, 2020, 02:55:01 PM »
I would be removing the other levels. Is it on PC? Seems so but a form of IAP could allow the player to buy the whole game inside and download the rest as a bundle.

krmko

  • Beta Group
  • Hero Member
  • *
  • Posts: 1119
    • View Profile
    • Fat Pug Studio
Re: Protecting game made in Playmaker from hacking
« Reply #6 on: November 25, 2020, 02:23:22 AM »
Yeeah, PC, so IAP is a no go, i'll just remove the portion of the game with all the code and assets.

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #7 on: November 25, 2020, 03:56:38 PM »
Any tips on using Obfuscator? Do you use all the options and pad your app with many kilobytes of extra confusing decoy code?

For example there's a skip namespaces for third party plugins:
Quote
Third party namespaces should be added here to leave their files untouched.
Doesn't that defeat the purpose of the obfuscator to some extent?
« Last Edit: November 25, 2020, 05:39:13 PM by Broken Stylus »

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #8 on: April 14, 2021, 05:32:13 AM »
Refreshing this, I'm currently trying Obfusfactor.
I had to read some documentation on internet about the elements it attempts to hide from thieves.
Unfortunately there is no thread for this plugin on the Unity forum. I ran into an error that stops the building on for Android.

Quote
Obfuscation Failed: Mono.Beebyte.Cecil.AssemblyResolutionException: Failed to resolve assembly: 'Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKeyToken=somenumbersandletters'

The Newtonsoft.Json file is strictly located in a Playmaker folder, namely:

Quote
Assets/PlayMaker Datamaker/Json/Plugins/Newtonsoft.Json.dll

Datamaker is used in PM to manage CSV or XML files for example.

Solving this error is rather simple.

The information states that you shall provide an absolute path (like C:/.../.../) but a relative path works too as far as I know. You don't even need to put the file's name into the path since a folder destination suffices.

Search for the file ObfuscatorOptions (or ObfuscatorOptionsImport, I noticed that between two installs without any update of the asset, the name had changed) that is used to set up the plugin, click on it.
Look into the first main category of the plugin in the Inspector panel, Assemblies.
Under Referenced Assembles, increase the list's size and add the new element that will be the path to Newtonsfot.Json.dll. Then Obfuscator will be able to "see" it and manage it.

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #9 on: April 14, 2021, 01:01:42 PM »
Ok there we are. I've done several tests with ticking on/off some options.
In the Rename list wherein I tried each option separately, here's where I encountered issues (red):

 
  • Classes
     
  • Methods
     
  • Parameters
     
  • Fields
     
  • Properties
     
  • Events

    In classes, a playmaker action from a third party plugin could not be loaded.
    In fields, a playmaker action relative to XML reading/management failed to load too.


Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #10 on: April 14, 2021, 01:11:38 PM »
I would kindly suggest not missing out on Jean's very detailed post here.

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #11 on: April 15, 2021, 01:11:41 PM »
Doing a development build, with some options eventually, will come with errors through il2cppcore.dll, with the system computing a large amount of relocations being truncated to fit. Adding this dll to the assembly list won't help. Pathways or perhaps other types of information are made unreadable by the obfuscator there too I guess.
The only glimpse of a solution I think I might have found was here but it deals with another obfuscating tool. However the problem was similar. I haven't tried any of the manual options described, but simply dropping the script in some Editor folder didn't suffice to circumvent the build errors.

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #12 on: April 16, 2021, 06:01:34 AM »
I'm still experimenting with custom filters that can be added in ObfuscatorOptions; this file seems to have automatically renamed itself as this instead of the longer name with the -import suffix it came with right after the reinstallation.

I'm still trying to have the action XmlSelectNodes work properly. When the Player, and then Playmaker, try to rebuild the action at launch on the device, it's noticed that the parameters have changed. It's called parameters according to PMK but it's actually known as fields. Obfuscating classes and fields creates problems with Datamaker:

Quote
XmlSelectNodes: Action has changed since SM was saved.

Still working on this. Considering the importance of being able to read data files in protected applications, this requires a solution.

Broken Stylus

  • Beta Group
  • Hero Member
  • *
  • Posts: 648
    • View Profile
Re: Protecting game made in Playmaker from hacking
« Reply #13 on: April 16, 2021, 09:18:20 AM »
I tried adding [Skip] to all fields that I wanted to protect. This specific attribute avoids the obfuscation on everything about that field, name and content.
This meant I had to edit the XmlSelectNodes.cs script (using beebyte.obf...).
Unfortunately it creates more errors as the values remain unreadable, resulting in bad attempts at converting types, out of range happiness, etc.
I wish I knew how to directly declare a whole skipping on the entire script specifically.

I had tried to isolate the class directly, XmlSelectNodes, it didn't work. Since it inherited from another class, DataMakerXmlActions, I also added this one to the list of classes to skip, but to no avail. It worked for protecting another plugin's content, but for Datamaker it does not. I even tried to isolate the whole class inside the script with the [Beebyte.Obfuscator.Skip].
So logically, even if the action itself is said to have changed when loading, I might afford some wild guess here that an implicit file type used in the action lives outside of said action and no amount of protection on this action's script will save it.
This could be for example the nearly invisible file reference that's used to read the nodes' content once it's been extracted from the XML file.

By default Obfuscator does not touch files in the (or perhaps any) Plugins folder.
Or maybe it's obfuscating the xml files too but then I do not know how to spare the file. I moved my XML files into a Plugins folder but it didn't stop the errors coming.
I added System.Xml to the namespaces list, didn't work. Added System.Xml.XPath, didn't work either (somehow these were desperate attempts).

Purely for verification purposes, I tried the option "Only Obfuscate Specified Namespaces" with an empty list, which means that unlisted namespaces won't get obfuscated (well, that's the theory). At least that worked, the build and loading of the app went through.



I also noticed that obfuscating builds has made Visual Studio fall into a tendency of locking itself up and requiring force quitting. Never had that before, I have no idea why this happens.