[Gstar 2013] Unity Security

Unity Security
Code Obfuscation
Data Encryption
PlayerPrefs
Script
Assets

About me
CTO at WindySoft
● 9 years of online pc / unity game

Lecturer at Gachon Univ.
● 3 years of cryptography in game

Speaker
● 3rd times at KGC since 2010

Used to make games
● Katamari Damacy Online PC game

Forcus on Game Security
● PC / Android

Agenda
Unity on Android - what does it mean?
Code Obfuscation
Encryption of
● PlayerPrefs
● Scripts
● AssetBundles

Conclusion
Q&A

Reference site
Protecting your Android content
● Unity developer, http://goo.gl/uAAVP4
● PlayerPref, http://cafe.naver.com/unityhub/149

Obfuscator
● Code Obfuscation, http://goo.gl/E8sOVY
● Unitystudy, http://goo.gl/p4AGfJ

PlayerPrefs Encryption & Performance
● Encryption, http://goo.gl/YHbDW6
● PreviewLabs, http://goo.gl/ri10tJ

Reference site
Other obfuscator
●
●
●
●
●

http://www.csharp411.com/net-obfuscators/
red-gate, http://goo.gl/80ezQS
Unity 3D Obfuscator, http://goo.gl/KNzUYT
SafeNet, AndroidEnv
Medusahair, http://medusahair.biz/

Unity Scripting
● Unity Reference, http://goo.gl/zRPcXa
● Unitystudy, http://goo.gl/h8cTTE

Unity on Android (overview)
User script / “Game”
Mono VM

App
OS

Unity on Android
Android / Dalvik VM
Linux Kernel

Unity on Android (detail)

C#/Scripts

Dalvik(java)

Unity on Android (detail)

AndroidJavaObject

java.lang.Object

AndroidJavaObject et al
● Script objects wrap Java objects
○ AndroidJavaObject > java.lang.Object
○ AndroidJavaClass > java.lang.Class
○ AndroidJavaRunnalbe > java.lang.Runnable
○ AndroidJavaProxy > java.lang.reflect.Proxy
● Automatically maps / instantiates Classes by name
● Methods / Fields are handled through reflection looups

AndroidJavaObject (example)
● Java
java.lang.String str = new java.lang.String(“some thing”);
int hash = str.hashCode();

● C#
AndroidJavaObject jo =
new AndroidJavaObject(“java.lang.String”, “some thing”);
int hash = jo.Call<int>(“hashCode”);

Reference site
● http://en.wikipedia.org/wiki/Mono_(software)
● http://en.wikipedia.org/wiki/Dalvik_(software)
● https://blogs.oracle.
com/javaseembedded/entry/how_does_android_22s_p
erformance_stack_up_against_java_se_embedded

Mono
● Mono is a free and open source project led by Xamarin
(formerly by Novell and originally by Ximian) to create an
Ecma standard-compliant, .NET Framework-compatible set
of tools including, among others, a C# compiler and a
Common Language Runtime.
● The stated purpose of Mono is not only to be able to run
Microsoft .NET applications cross-platform, but also to bring
better development tools to Linux developers. Mono can be
run on many software systems including Android, most Linux
distributions, BSD, OS X, Windows, Solaris, and even some
game consoles such as PlayStation 3, Wii, and Xbox 360.

Dalvik
● Dalvik is the process virtual machine (VM) in Google's
Android operating system. It is the software that runs the
apps on Android devices. Dalvik is thus an integral part of
Android, which is typically used on mobile devices such as
mobile phones and tablet computers as well as more
recently on embedded devices such as smart TVs and media
streamers.
● Programs are commonly written in Java and compiled to
bytecode. They are then converted from Java Virtual
Machine-compatible .class files to Dalvik-compatible .dex
(Dalvik Executable) files before installation on a device.
The compact Dalvik Executable format is designed to be
suitable for systems that are constrained in terms of
memory and processor speed.

Java SE Performance Versus Android
● Java VM uses a stack machines.
● Dalvik VM uses a register-based architecute.
The relative merits stack machines versus register-based
approaches are a subject of ongoing debate.

The results show that Java SE Embedded can execute Java
bytecodes from 2 to 3 times faster than Android 2.

Unity code obfuscation
Practical guide for Android build
http://www.4infinity.com.hk/tutorial/code_obfuscation

Bartholomew IU
When I just finished my first mobile game in Unity3D,
I found that a C# decompiler like
decompile my game.

ILSpy can easily

There are a lot of obfuscators available for .Net,
but no one is specialized for Unity3D Android.

Bartholomew IU
I have to test them one by one. I tried some free
obfuscators, however, the result is not good enough.
Then I tried some other paid obfuscators. Some paid
obfuscators have no fine tuning of the obfuscation
process, they keep the name of all public methods and
fields unchanged.
Although this behavior is correct, it exposes too much
coding information.

Bartholomew IU
It would be better if an obfuscator can keep the public
methods used by Unity engine, such as Awake(),
Update(), OnGUI()... unchanged, while rename other
public methods.
The obfuscator also need to have a way to exclude
those public variables which have their value set
by Unity editor.

Bartholomew IU
After tried several obfuscators,
I found

Crypto obfuscator is quite good

(in terms of price and functionality),
although I haven't test all other paid obfuscators found
in the Google search.
I guess other obfuscators should work for Unity3D too,
provided that the obfuscator has the similar settings
described above.

Bartholomew IU
When I try the obfuscators, I find that I can test the
obfuscated code using PC build instead of installing the
result apk file into my phone in order to save time.
Comparing the re-build time using my game, PC version
takes around 20 seconds to build while Android version
takes around 4 minutes.

Bartholomew IU
It seems that PC build and Android build using the same
mono to interpret the IL bytecode, what obfuscation
setting works in PC build works in Android build too.
In PC build, there is a log file named output_log.txt
inside the data folder. If you run the game and find that
there are any errors after obfuscation, you can look into
the log file and check what's going wrong.
The common errors are class not found and instance is
null if the obfuscation setting is wrong.

Tools
C# decompiler
● ILSpy, http://ilspy.net/

Obfuscator
● CO, http://goo.gl/kobNg6

Uncompress
● 7-zip, http://www.7-zip.org/

Java version
● 1.6.xx, Java SE 6 Download, http://goo.gl/FfDwZq

Tools
Microsoft Visual C++ 2008 Redistributable Package
● http://goo.gl/0jMXon

Android SDK
● http://goo.gl/cK71GA , http://goo.gl/rmG3tP

Location inside the "Managed" folder
Target is to obfuscate the Assembly-CSharp.dll.
We don't need to obfuscate
the Assembly-UnityScript-firstpass.dll as non of our code is
inside this dll.

Symbol Renaming Schemes:
I tested all different schemes, all scheme works (Although
Test Mode works too, don't use it for production. It is for
testing only). I prefer using "Unprintable", because it can
reduce the file size a bit.
I also checked the options inside "Use Advanced Overload
Renaming".

Assembly Specific Settings 1:
Advanced Protections:
● "Encrypt String" may not be too useful as the iOS build
keeps the string in the stripped bytecode. If you won't
publish to iOS platform, you can choose this option.
● "Protect Against Reflection-Based Examination" may break
the code as Unity3D engine uses the reflection feature.
● "Enable Tamper Detection" is not useful in my case.

Symbol Renaming:
● "Public and Non-Public..." option. This option will rename
all the public things inside the dll.
● Unity3d needs to call the public method (Awake(),
Update(), OnGUI()...) of the MonoBehaviour subclass and
these method must be excluded from renaming by setting
the "Obfuscation Rules".

Optimizations:
● "Mark Classes As Final..." option, as it will increase the
performance a bit.

Control Flow Obfuscation:
● Max level. Max level will boat the final dll. If you want to
reduce file size, choose Medium level.

Obfuscation Rules 1:
CO process the rules from top to bottom. If the rules order
is different, some classes may be wrongly obfuscated.
● All the class name should not be renamed.
I tried that some non MonoBehaviour subclass does not
get referenced by reflection, it just fail to work if
renamed. If your game can have all the non
MonoBehaviour subclass renamed and run correctly,
remove this rule.

● All the class name of MonoBehaviour subclass

should not be renamed, otherwise Unity engine
cannot find your class at runtime. The exception is the
class added by AddComponent.<T>() instead of adding
the class by Unity editor.

● All the public fields and properties of

MonoBehaviour subclass should not be
renamed, since the value set in Unity editor is
applied to them.

● Some classes contain methods called by reflection
needs to be excluded from renaming. Those classes
should extend the interface KeepPublicMethod, which
is an empty interfaces with nothing inside it.

● Some third party code, such as iTween and MiniJSON,
is better not to rename. Because they may use the
reflection or other dynamic features of C#.

● All the callback method of MonoBehaviour

should be excluded from renaming, such as
Update(), Awake()...

How to use the command line instead of GUI
The command lines are:
● take out the dll file from the apk file
● obfuscate the dll
● put the dll back to the apk
● sign it with your signature
● finally optimize the apk file

Key Store
c:Temp>keytool -genkey -alias HeyZombie -keyalg RSA
-validity 10000 -keystore HeyZombie.keystore

Command line
Create a directory for the files, for example, c:temp. Then:
1. Copy the obfuscator setting file "ofuscator_setting.obproj" to
"c:temp".
2. Copy your key store, for example, to "c:
tempAndroidSpecificHeyZombie.keystore".
3. Create this directory: "c:
tempAndroidSpecificObfuscatedassetsbinDataManaged"
.
4. Build the apk and save it to "d:temptest.apk"
5. Go to c:temp
6. Open a command prompt and type these:

Open a command prompt 1
move test.apk working.zip
del AndroidSpecificOriginal*.dll /q
rem 7z is the 7-zip command line
7z e -y -r -oAndroidSpecificOriginal working.zip
assetsbinDataManaged*.dll
rem Run Obfuscator:
del AndroidSpecificObfuscatedassetsbinDataManaged*.dll /q
"C:Program Files (x86)LogicNP SoftwareCrypto Obfuscator
For .Net 2013 R2co.exe" projectfile=ofuscator_setting.obproj

rem Don't forget to remove the old signature information.
7z d working.zip "META-INF*"
cd AndroidSpecific/Obfuscated
7z u ../../working.zip assetsbinDataManagedAssemblyCSharp.dll
cd ../../
move working.zip working.apk
rem Should see the apk is not signed.
jarsigner -verify working.apk

rem This step need password:
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 keystore AndroidSpecific/HeyZombie.keystore working.apk
HeyZombie
YourPassword
rem optimize the apk file.
zipalign -f -v 4 working.apk HeyZombie.apk
del working.apk
rem Verify and should see it signed.
jarsigner -verify HeyZombie.apk

Assembly-CSharp.dll location
C:TempHeyZombie.zipassetsbinDataManaged

Here is my coding guidelines:
● The above obfuscator setting can be that simple
because I use very few of the reflection or dynamic
feature of C#.

● Use this AddComponent.<T>() instead of
AddComponent(String className) if you want to
obfuscate the class name.
● Use the virtual method / interface to act as callback
instead of using SendMessage(). If SendMessage() is
used, then the target method name of SendMessage()
cannot be renamed. iTween class uses a lot of
SendMessage(), so I need to exclude the whole iTween
class from renaming.

● Use StartCoroutine(IEnumerator routine) instead of
StartCoroutine(String methodName, object value),
although I cannot use StopCoroutine(). The technique
I used to code the coroutine is similar to multithread program. Every coroutine has code to
determine when to stop execution itself instead of
relying on the parent object to stop it. In case you
really need to use the string version of
StartCoroutine(), set the coroutine to public and
implements KeepPublicMethod interface.

● Concentrate all the animation event code to a single
class, and don't obfuscate the public method of this
class by implementing the KeepPublicMethod
interface. If the method name for the animation event
code is renamed, your game won't run correctly.

Unity Encryption
PlayerPrefs Encryption
http://cafe.naver.com/unityhub/149

Kerckhoffs's principle
In cryptography, Kerckhoffs's principle (also called
Kerckhoffs's desiderata, Kerckhoffs's assumption,
axiom, or law) was stated by Auguste Kerckhoffs in the
19th century:

“A cryptosystem should be secure
even if everything about the system,
except the key, is public knowledge.”

PlayerPrefs Encryption
Why?
● Prevent simple cheating
● Prevent cracking IAB purchases (if you cache anything
locally)
● In general good practice for sensitive data (like game
progress)

How?
● Encrypt key / values before inserting them in the
PlayerPrefs
● Use a user-specific encryption so prefs cannot be copied,
but still shared in a cloud

Change algorithm
Block Cipher Mode,

http://goo.gl/yU5K7d

● ECB > CBC

Padding Mode,

http://goo.gl/JWy92j

● PKCS7(default)

Encryption Algorithm,
● 3DES and RC2 > AES

http://goo.gl/3fJBfj

Example: CipherMode
public static void SetString(string _key, string _value, byte[] _secret)
{
TripleDES des = new TripleDESCryptoServiceProvider();
des.Key = _secret;

des.Mode = CipherMode.ECB;
ICryptoTransform xform = des.CreateEncryptor();
byte[] encrypted = xform.TransformFinalBlock(bytes, 0, bytes.
Length);
}

Block Encryption modes
● Block ciphers encrypt only fixed-size blocks. If you
want to encrypt something that isn’t exactly one block
long, you have to use a block cipher mode.
● Currently, NIST has approved nine modes of the
approved block ciphers in a series of special
publications.
● There are six confidentiality modes (ECB, CBC, OFB,
CFB, CTR, and XTS-AES), one authentication mode
(CMAC), and two combined modes for confidentiality
and authentication (CCM and GCM).

Compare ECB versus other modes

Original image

Encrypted using ECB mode

Modes other than ECB result
in pseduo-randomness

Padding
0

127bit
Plantext

100010110101

Block size

0100001101010
128bit

?

PaddingMode Enumeration
● ANSIX923
○
○

○
○

The ANSIX923 padding string consists of a sequence of bytes filled
with zeros before the length.
The following example shows how this mode works. Given a
blocklength of 8, a data length of 9, the number of padding octets
equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:
Data: FF FF FF FF FF FF FF FF FF
X923 padding: FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 07

● ISO10126
○
○

○
○

The ISO10126 padding string consists of random data before the
length.
The following example shows how this mode works. Given a
ISO10126 padding: FF FF FF FF FF FF FF FF FF 7D 2A 75 EF F8 EF 07

PaddingMode Enumeration
● PKCS #7
○
○

○
○

The PKCS #7 padding string consists of a sequence of bytes, each
of which is equal to the total number of padding bytes added.
The following example shows how these modes work. Given a
PKCS7 padding: FF FF FF FF FF FF FF FF FF 07 07 07 07 07 07 07

● None
○

No padding is done.

● Zeros
○

The padding string consists of bytes set to zero.

Example: CipherMode
public static void SetString(string _key, string _value, byte[] _secret,
byte[] initVec)
{

Aes myAes = Aes.Create();
myAes.Key = _secret;
myAes.IV = initVec;
myAes.Mode = CipherMode.CBC;
myAes.Padding = PaddingMode.PKCS7;
}

PlayerPrefs xml data encryption

Source analysis
void Start()
{
string userName = "Unity3D";
MD5 md5Hash = new MD5CryptoServiceProvider();
byte[] secret = md5Hash.ComputeHash(System.Text.Encoding.UTF8.GetBytes(userName));
// Game progress ( key, value ) pair.
string key = "test_key";
string _value = "Encrypt_Example";
// Insert ( key, value ) pair.
CustomFunction.SetString(key, _value, secret);
// Retrieve ( key, value ) pair.
string ret = CustomFunction.GetString(key, secret);
}

128bit

Source analysis
public static void SetString(string _key, string _value, byte[] _secret)
{
// Hide '_key' string.
MD5 md5Hash = MD5.Create();
byte[] hashData = md5Hash.ComputeHash(System.Text.Encoding.UTF8.GetBytes(_key));
string hashKey = System.Text.Encoding.UTF8.GetString(hashData);
// Encrypt '_value' into a byte array
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(_value);
// Eecrypt '_value' with 3DES.
TripleDES des = new TripleDESCryptoServiceProvider();
des.Key = _secret;
des.Mode = CipherMode.ECB;
ICryptoTransform xform = des.CreateEncryptor();
byte[] encrypted = xform.TransformFinalBlock(bytes, 0, bytes.Length);
}

128bit?

Source analysis tip
● TripleDES Class
○ http://goo.gl/RuXdME

Default paddingmode
● SymmetricAlgorithm.Padding Property
○ http://goo.gl/QPCE95

AES speed w/ different key sizes

Unity Encryption
Script Encryption

Tools: gmcs
C:Usersjoo>cd "C:Program Files (x86)
UnityEditorDataMonobin"
C:Program Files (x86)UnityEditorDataMonobin>dir/w gmcs
C 드라이브의 볼륨에는 이름이 없습니다.
볼륨 일련 번호: 529D-ED90
C:Program Files (x86)UnityEditorDataMonobin 디렉터리
gmcs
1개 파일
68 바이트
0개 디렉터리 209,364,811,776 바이트 남음

Tools: Openssl win32
● http://www.openssl.org/
● http://slproweb.com/products/Win32OpenSSL.html

Encryption of Scripts
Why?
●
●
●
●

Scrips are generally insecure
Gameplay could be altered
Security checks could be disabled
Code needs to be “hidden” for some reason (i.e.
IAB logic)

Encryption of Scripts
How?
● Compile scripts outside Unity
● Run a sysmmetric / asymmetric encryption on the
Script.dll
● Choose a delivery mechanism
○ Embed in the application, or
○ Download it from a trusted server

● Decrypt the Script.dll in memory
● Load it through Assembly.Load(byte[])

Compile scripts outside Unity
● Compile the script (Plugin.cs) with ‘gmcs’
● Reference the UnityEngine.dll assembly to access to
Unity
$ gmcs
-target:library
-out:Script.dll
-r:AndroidPlayer/Managed/UnityEngine.dll
Plugin.cs

Encrypt the assembly
● Using OpenSSL
● Converted to ‘text’ using Base64 encoding
● Result can be embedded in Unity as a TextAsset
$ openssl rc2 - nosalt -p -in Script.dll -out Encrypted.bin
key = …
iv = …
$ base64 Encrypted.bin > ~/UnityProject/Assets/Encrypted.txt

Example: Plugin.cs
public class Plugin : MonoBehaviour
{
void Start()
{
StartCoroutine(Log());
}
IEnumerator Log()
{
Debug.Log("Script Loaded");
yield return new WaitForSeconds(1f);
StartCoroutine(Log());
}
}

Command line
C:UsersjooDocumentsCrypto_ScriptAssets>gmcs

-target:library

-out:Plugin.dll
-r:"C:Program Files (x86)UnityEditorDataManagedUnityEngine.dll"
Plugin.cs
C:UsersjooDocumentsCrypto_ScriptAssets>openssl

rc2 -nosalt -p -in Plugin.dll

-out Plugin.bin
enter rc2-cbc encryption password:
Verifying - enter rc2-cbc encryption password:
key=409C1892B68CB394799262AC57F6D4F1
iv =7AC77EFF3F65E62D

Plugin.txt

base64 -in Plugin.bin -out

About RC2,

http://en.wikipedia.org/wiki/RC2

Designers
First published

Ron Rivest
leaked in 1996, designed in 1987

Key sizes

8–1024 bits, in steps of 8 bits;
default 64 bits
64 bits
Source-heavy Feistel network
16 of type MIXING, 2 of type
MASHING

Block sizes
Structure
Rounds
Best public
cryptanalysis

A related-key attack is possible
requiring 234 chosen plaintexts
(Kelsey et al., 1997).

Command line
C:UsersjooDocumentsCrypto_ScriptAssets>gmcs

-target:library

-out:Plugin.dll
-r:"C:Program Files (x86)UnityEditorDataManagedUnityEngine.dll"
Plugin.cs
C:TempPlugin>openssl aes-128-cbc -nosalt -p -in Plugin.dll -out Plugin.bin
enter aes-128-cbc encryption password:
Verifying - enter aes-128-cbc encryption password:
key=409C1892B68CB394799262AC57F6D4F1
iv =7AC77EFF3F65E62D9D3438FB5031C27F


Plugin.txt

base64 -in Plugin.bin -out

Openssl,

http://www.openssl.org/docs/apps/enc.html

● enc - symmetric cipher routines
○ All the block ciphers normally use PKCS#5 padding
also known as standard block padding: this allows a
rudimentary integrity or password check to be
performed. However since the chance of random
data passing the test is better than 1 in 256 it isn't
a very good test.

PKCS#5 vs PKCS#7,
●

http://goo.gl/k11EB3

PKCS#5 padding is identical to PKCS#7
padding, except that it has only been
defined for block ciphers that use a 64 bit
(8 byte) block size. In practice the two can
be used interchangeably.

Unity Encryption
Assets Encryption

Encryption of Assets
Why?
● Some assets might need to be protected from
tampering
● “Assets” doesn’t necessarily mean just “textures”;
could be
○
○
○
○
○

Game logic
Dalvik bytecode
Script code
Native code
… “anything”

Encryption of Assets
How?
● Create an AssetBundle from the “secret” assets
● Run a symmetric / asymmetric encryption on the
AssetBundle.unity3d
● Choose a delivery mechanism
○ Embed in the application, or
○ Download it from a trusted server

● Decrypt the AssetBundle.unity3d in memory
● Load it through AssetBundle.CreateFromMemory
(Byte[])

Command line

C:Temp>openssl rc2 -nosalt -p -in gstar.unity3d -out gstar.bin
enter rc2-cbc encryption password:
Verifying - enter rc2-cbc encryption password:
key=EDD8F85DA1A1E7EEC271266DBD684452
iv =68F7497BECA087F2

C:Temp>openssl

base64 -in gstar.bin -out gstar.txt

Further study
I’ll update NDC 2014, maybe.
;-)

Key Server
Database encryption
http://goo.gl/W6lOEd

Key save in trust server
Why?
● Local are generally insecure
● Gameplayer exchange save data each other

Key save in trust server
How?
● Make a key server
● Gameplayers download different keys from a key
server
● Every time get a new key
● Choose a encryption mechanism
○ Using Unity script encryption & decryption

● Decrypt save data in memory
● Load it through Assembly.Load(byte[])

Network Security
Secure Socket Layer
http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Authentication
Secure Single Sign On
http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Memory encryption
RAM protection
http://www.riawolf.com/?p=20

Tools
Cheat Engine
● http://www.cheatengine.org/

ArtMoney
● http://www.artmoney.ru/

RAM problem
● RAM search programs look for a specific set of

conditions, like numbers that have increased,
decreased, not changed, equal to, greater
than, less than, not equal to and other logical
comparison operations. To make this method
pretty much unusable, all you need to do is
make your score (which is visually a number)
not to be a number inside memory.

Conclusion
● Sensitive code must be protected
● Combine the different approaches, and create new
ones
● Finally: Do spend too much time on this
○ Also update the logic for each new release

Thank you
http://slideshare.net/SeungminShin1/

[Gstar 2013] Unity Security

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to [Gstar 2013] Unity Security (20)

Recently uploaded (20)

[Gstar 2013] Unity Security