In today’s digital age, pirating software has become a rampant issue, especially for developers who pour their heart and soul into creating unique game copies. Unity, a renowned cross-platform game engine, is no exception to this threat.
As the popularity of Unity-based games soars, so does the need to shield these apps against piracy.
This blog post will discuss best practices for protecting Unity applications from piracy.
Whether you’re revisiting this topic or this is your first time on our original post, we aim to equip you with the knowledge to protect your Unity applications from unauthorised reproductions.
Unity’s Il2cpp Metadata Explained
Unity stands out as a versatile game engine, allowing developers to craft games for both Android and iOS using just one set of code.
The engine employs C# for scripting, a language that isn’t inherently compatible with Android or iOS.
To bridge this gap, Unity’s Il2cpp compiler steps in, converting the C# scripts into C++ code. This C++ code then paves the way for the creation of Xcode and Android Studio app projects.
But there’s more to Il2cpp than just C++ conversion. It also produces metadata, stored in a file named ‘global-metadata.dat’.
This metadata file, nestled within the resulting application, is accessed by the Il2Cpp runtime when the app kicks off. This metadata is a treasure trove of details about every runtime component in the app.
It lists out>class names, method types, properties, and their interconnections. Even string literals from the C# code, like API keys, find a home here.
This metadata isn’t just for show; the C++ code generated references it, ensuring methods align with their designated functions.
The Threat of Piracy
Understanding the Impact
Piracy, the unauthorised use or reproduction of someone else’s work, has been a thorn in the side of developers for decades. But why is it such a big deal?
Imagine pouring your heart, soul, and countless hours into creating a Unity application, only to find it being distributed freely without your consent.
Not only does this rob you of potential revenue, but it can also tarnish your brand’s reputation.
Why Unity Applications are Targeted
Unity, being one of the most popular game development platforms, naturally attracts attention from both genuine users and pirates.
Its ease of use and accessibility mean that a plethora of games and apps are developed using Unity.
But what makes them a prime target for piracy? The answer lies in their popularity and the vast user base, which pirates see as a lucrative opportunity.
Understanding Unity’s Stance on Obfuscation
Unity doesn’t champion obfuscation as a primary security measure. Why? Because obfuscation can inadvertently lead to runtime errors and potentially hamper performance.
Moreover, if someone has access to the software, completely preventing them from attempting to decompile it is a tall order.
For those venturing into the realm of multiplayer games, a word of caution: never blindly trust data from connected clients. Always ensure the data’s authenticity and validity.
If you’re still inclined to obfuscate your source code, tread carefully. Avoid altering:
- Class names
- Unity callback names
- Public field names
- Methods invoked through string/reflection or via functions like SendMessage, Invoke, StartCoroutine, RPC, and their ilk.
For those seeking specialised solutions, the Asset Store does offer third-party obfuscation tools.
The Importance of Obfuscating Unity Metadata for Game Studios
The global-metadata.dat file, while crucial, is a potential goldmine for attackers. This metadata is easily accessible and can be a gateway for those aiming to reverse engineer mobile games.
Tools like Il2CppDumper, which are open-source and easily available, can extract this metadata.
This tool can produce a comprehensible C# ‘dump.cs’ file using the metadata and an app binary. It also lists all string literals in a ‘stringliterals.json’ file.
Moreover, it generates a dummy dll file, which can be a boon for those using standard C# reverse engineering tools to delve deeper into the app’s internal workings.
For instance, the insights gained from this can be manipulated to create tools like aimbots, giving some players an undue edge over others.
Il2CppDumper not only maps methods to the right addresses in the provided binary, streamlining the reverse engineering process, but it also exports all string literals.
This could potentially expose sensitive data, such as API keys, to malicious entities.
Suggested Reading: Anti-Piracy Protection
Best Practices for Protecting Unity Applications from Piracy
a. Code Encryption
Taking protection up a notch, consider encrypting your code. Encryption transforms your code into a format that’s unreadable without a specific key.
This means even if pirates get their hands on your application, deciphering the code becomes a Herculean task.
b. Anti-Tamper Tools
These tools are like silent guardians for your application. They constantly monitor for any signs of tampering or unauthorised modifications.
If they detect anything fishy, they can shut down the application or trigger other protective measures.
c. Server-Side Checks
Why not keep some of your game’s logic on your server?
By doing this, you ensure that even if someone has a pirated version of your game, they can’t access all its features without connecting to your server. And if they do try to connect? You can detect and block them.
Suggested Reading: Android Piracy Protection
Guarding Your Unity App Games Against Piracy
Piracy is a persistent challenge for game developers, especially in the Unity platform. To fortify your Unity app games against unauthorised access and distribution, consider the following measures:
a. Leverage Android Licensing Service: This service ensures that only users who have legitimately purchased or downloaded your app can access its features.
b. Adopt Code Obfuscation: By obfuscating your code, you make it considerably harder for potential attackers to decipher, read, and reverse engineer the app’s source code.
c. Introduce In-App Authenticity Checks: By having checks within the app, you can validate if the version being used is genuine or a tampered version.
d. Stay Updated: Continuously updating your app not only provides users with the latest features but also ensures you’re always a step ahead of potential security vulnerabilities.
e. Implement Online Authentication: Require players to log in to a dedicated server to play. This not only verifies the authenticity of the user but also adds an extra layer of protection against unauthorised access.
f. Maintain vigilant monitoring of online platforms to identify any instances of pirated copies of your game. If discovered, promptly take legal actions to discourage and combat piracy.
How Do Leading Game Studios Tackle Piracy?
Piracy is a concern for many developers, and they’re not just standing by watching their hard work get stolen.
Let’s delve into the strategies employed by some renowned game developers to counteract piracy.
Pokémon Series
Nintendo faced a staggering loss of nearly USD 1 billion from unauthorised copies of Pokémon Diamond, Pearl, and Platinum in Japan. In response, they introduced intriguing anti-piracy measures.
In Pokémon HeartGold and SoulSilver, if the game detects it’s being played on unofficial hardware, battles become unwinnable.
With Pokémon Black and White, Nintendo upped the ante. Here, if the game senses it’s a pirated version, Pokémon cease to earn experience, making leveling up an impossibility.
Arma II
The brains behind this shooter game embedded a unique anti-piracy system. Over time, the gameplay subtly deteriorates until it’s unplayable.
Players find their weapons misfiring, shots going astray, and even the display becoming distorted. Ultimately, the screen gets plastered with Arma II logos.
Game Tycoon
In a twist of irony, Greenheart Games, the developers of Game Tycoon—a game about managing a game studio—decided to give pirates a dose of their own medicine. Players with pirated copies initially face no issues.
However, as they progress and find success, their virtual studio begins to bleed money.
Eventually, in-game characters inform the player that their games are being pirated, leading to their downfall.
Batman: Arkham Asylum
Rocksteady, the studio behind Batman: Arkham Asylum, had zero tolerance for piracy. In pirated versions, Batman’s cape malfunctions, preventing him from gliding. This becomes fatal in a room filled with toxic gas.
When a player raised this issue on a forum, the response was sharp: “The issue you’ve run into is a feature of the copy protection to deter those using cracked versions. It’s not a game bug, but a flaw in your ethics.” Burn.
GTA IV
Rockstar North, the creators of GTA IV, unleashed a plethora of anti-piracy measures.
In unauthorised copies, players face a perpetually inebriated camera effect, vehicles that are prone to breakdowns, and an inability to accelerate.
If these hindrances don’t deter the player, the game further tightens the screws by making vehicle repairs unattainable and locking certain missions.
Guarding Genius: Bytescare’s Unyielding Shield Against Digital Piracy
Bytescare’s Digital Piracy Monitoring service is a game-changer for developers, shielding their creations from unauthorised distribution.
From comprehensive protection across all media formats to swift action against infringements, Bytescare ensures your game remains in safe hands.
With continuous monitoring and prompt takedown notices, they’re at the forefront of battling digital piracy.
With continuous monitoring and prompt takedown notices, they’re at the forefront of battling digital piracy.
To Protect your game’s integrity with Bytescare, schedule a demo.
Conclusion
In the realm of entertainment software, especially for budget games, the importance of a robust layer of protection cannot be overstated.
From safeguarding app-specific files, assets files, and audio files to ensuring the integrity of code from files, every measure counts in the fight to combat piracy.
Regularly updating security patches enhances app security capabilities, fortifying both application servers and individual application projects.
An effective approach to security will not only protect application assets but also ensure that genuine copies of the game reach the intended audience.
As the landscape of application protection evolves, it’s crucial for developers to stay ahead, ensuring their creations remain in the hands of genuine fans and not in the clutches of piracy.
FAQs
What is the purpose of code obfuscation?
Code obfuscation is the process of making programming code intentionally difficult to understand.
This is done primarily to protect intellectual property, safeguard trade secrets, and deter attackers from reverse engineering a proprietary software application.
Why might one apply obfuscation to guard against decompiling?
Obfuscation serves as a protective shield against decompiling by increasing the intricacy of the program’s logic.
When obfuscation is applied, even sophisticated decompilers struggle to interpret the code.
For instance, a straightforward “if” statement could be transformed into a construct that’s far more convoluted and challenging to decipher.
Why should developers obfuscate Unity code?
Obfuscating Unity code, especially for iOS or Android applications, is crucial to prevent third-party applications developed on the Unity platform from accessing your application’s metadata files, which contain vital game data.
Essentially, Unity Code Obfuscation acts as a type of Digital Rights Management (DRM).
Gaining access to these metadata files could enable potential attackers to view and potentially tamper with the app’s sensitive internal logic.
How can I encourage users to buy legitimate copies of my Unity application?
Offering incentives like exclusive content or discounts can motivate users to purchase legitimate versions.
How to protect Unity games from piracy?
Methods such as code obfuscation, anti-piracy features, licensing services, and regular updates are employed to ensure the security and effectiveness of the game.