This document provides information about code obfuscation for Unity games built for Android. It discusses using code obfuscators like Crypto Obfuscator to protect game code and assets when building Unity games for the Android platform. Specific topics covered include obfuscating scripts, player prefs, and asset bundles. It also provides sample obfuscator settings and rules to properly obfuscate code while avoiding issues with the Unity engine and third party libraries. Command line instructions for extracting code from an APK, obfuscating, and repacking are also included.
Timings of Init : Android Ramdisks for the Practical HackerStacy Devino
Android Ramdisks basics presented at the Big Android BBQ 2014.
Covers some of SElinux for Android, Kernels, Startup Sequences, Services, Classes, and Properties.
Even, some practical examples on how they can be used to help your Android embedded or debugging work.
Ganeti Web Manager: Cluster Management Made SimpleOSCON Byrum
Looking for an easy, scalable way to manage your Ganeti-based clusters? Ganeti Web Manager provides admins an easy to deploy, Django based GUI that effectively manages private clusters & works equally well for providing customers access. With a caching system designed to scale to thousands of virtual machines without decreasing performance, Ganeti Web Manager makes cluster management truly simple.
I have tried to present maximum detail on android booting sequence in a very abstract way. I hope it would be useful. If you find any correction needed please mention it on comments. Happy Coding :)
Timings of Init : Android Ramdisks for the Practical HackerStacy Devino
Android Ramdisks basics presented at the Big Android BBQ 2014.
Covers some of SElinux for Android, Kernels, Startup Sequences, Services, Classes, and Properties.
Even, some practical examples on how they can be used to help your Android embedded or debugging work.
Ganeti Web Manager: Cluster Management Made SimpleOSCON Byrum
Looking for an easy, scalable way to manage your Ganeti-based clusters? Ganeti Web Manager provides admins an easy to deploy, Django based GUI that effectively manages private clusters & works equally well for providing customers access. With a caching system designed to scale to thousands of virtual machines without decreasing performance, Ganeti Web Manager makes cluster management truly simple.
I have tried to present maximum detail on android booting sequence in a very abstract way. I hope it would be useful. If you find any correction needed please mention it on comments. Happy Coding :)
Async task, threads, pools, and executors oh my!Stacy Devino
http://360andev.com/sessions/100-async-task-threads-pools-and-executors/
Frome 360 AnDev conference
There are many ways to use Threads and in the multithreaded world in which we live, it can be confusing when, where, and how to use these functions correctly. Still, that assumes you know what they all mean and how to manipulate them. Novices and Experts welcome as there are many schools of thought, but we will explore them all together.
Don’t worry, we have you covered.
Animated Version : but.ly/asyncThread
A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
Continuous intrusion: Why CI tools are an attacker’s best friendsNikhil Mittal
Slides of the talk I gave at BlackHat Europe and DeepSec 2015. Continuous Integration (CI) tools provide an excellent attack surface due to the no/poor security controls, distributed build management capability, and level of access/privileges in an enterprise.
This talk looks at the CI tools from an attacker's perspective and to use them as portals for getting a foothold and lateral movement. We will see how to execute attacks like command and script execution, credentials stealing, privilege escalation to not only compromise the build process but the underlying operating system and even entire Windows domains. No memory corruption bugs will be exploited and only the features of the CI tools will be used.
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerSematext Group, Inc.
Sematext engineer Rafal Kuc (@kucrafal) walks through the details of running high-performance, fault tolerant Elasticsearch clusters on Docker. Topics include: Containers vs. Virtual Machines, running the official Elasticsearch container, container constraints, good network practices, dealing with storage, data-only Docker volumes, scaling, time-based data, multiple tiers and tenants, indexing with and without routing, querying with and without routing, routing vs. no routing, and monitoring. Talk was delivered at DevOps Days Warsaw 2015.
It is a simple introduction to the containers world, starting from LXC to arrive to the Docker Platform.
The presentation is focused on the first steps in the docker environment and the scenarious from a developer point of view.
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, PuppetPuppet
Here are the slides from Nicolas Corrarello's PuppetConf 2016 presentation called Puppet on Windows. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Raphaël Pinson's talk on "Configuration surgery with Augeas" at PuppetCamp Geneva '12. Video at http://youtu.be/H0MJaIv4bgk
Learn more: www.puppetlabs.com
The Hack Spectrum: Tips, Tricks, and Hacks for UnityRyan Hipple
As engineers, we often strive for order and predictability. However, as game developers we are ready to battle obstacles in unconventional ways; anything that we can do to make a great game. This session explores the spectrum of unconventional solutions in Unity, from clever tricks to dirty hacks, and covers some of the techniques we have used at Schell Games to overcome otherwise insurmountable challenges. In the realm of clever solutions, this session will touch on polymorphic array serialization, custom inspectors for directories, universal importer settings, editor scripting and other techniques. Closer to the "hack" end of the spectrum, there are things like using reflection to access private variables, stealing parts of the editor UI, and use editor APIs from game code.
Andrew Chaiko, Heyworks.
The session will take a look at the editor extensions that Heyworks use to speed up and automate the project. They will tell you about add-ins that replace man-hours of routine work in one-click, help us on daily basis and can be of use to you.
Async task, threads, pools, and executors oh my!Stacy Devino
http://360andev.com/sessions/100-async-task-threads-pools-and-executors/
Frome 360 AnDev conference
There are many ways to use Threads and in the multithreaded world in which we live, it can be confusing when, where, and how to use these functions correctly. Still, that assumes you know what they all mean and how to manipulate them. Novices and Experts welcome as there are many schools of thought, but we will explore them all together.
Don’t worry, we have you covered.
Animated Version : but.ly/asyncThread
A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
Continuous intrusion: Why CI tools are an attacker’s best friendsNikhil Mittal
Slides of the talk I gave at BlackHat Europe and DeepSec 2015. Continuous Integration (CI) tools provide an excellent attack surface due to the no/poor security controls, distributed build management capability, and level of access/privileges in an enterprise.
This talk looks at the CI tools from an attacker's perspective and to use them as portals for getting a foothold and lateral movement. We will see how to execute attacks like command and script execution, credentials stealing, privilege escalation to not only compromise the build process but the underlying operating system and even entire Windows domains. No memory corruption bugs will be exploited and only the features of the CI tools will be used.
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerSematext Group, Inc.
Sematext engineer Rafal Kuc (@kucrafal) walks through the details of running high-performance, fault tolerant Elasticsearch clusters on Docker. Topics include: Containers vs. Virtual Machines, running the official Elasticsearch container, container constraints, good network practices, dealing with storage, data-only Docker volumes, scaling, time-based data, multiple tiers and tenants, indexing with and without routing, querying with and without routing, routing vs. no routing, and monitoring. Talk was delivered at DevOps Days Warsaw 2015.
It is a simple introduction to the containers world, starting from LXC to arrive to the Docker Platform.
The presentation is focused on the first steps in the docker environment and the scenarious from a developer point of view.
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, PuppetPuppet
Here are the slides from Nicolas Corrarello's PuppetConf 2016 presentation called Puppet on Windows. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Raphaël Pinson's talk on "Configuration surgery with Augeas" at PuppetCamp Geneva '12. Video at http://youtu.be/H0MJaIv4bgk
Learn more: www.puppetlabs.com
The Hack Spectrum: Tips, Tricks, and Hacks for UnityRyan Hipple
As engineers, we often strive for order and predictability. However, as game developers we are ready to battle obstacles in unconventional ways; anything that we can do to make a great game. This session explores the spectrum of unconventional solutions in Unity, from clever tricks to dirty hacks, and covers some of the techniques we have used at Schell Games to overcome otherwise insurmountable challenges. In the realm of clever solutions, this session will touch on polymorphic array serialization, custom inspectors for directories, universal importer settings, editor scripting and other techniques. Closer to the "hack" end of the spectrum, there are things like using reflection to access private variables, stealing parts of the editor UI, and use editor APIs from game code.
Andrew Chaiko, Heyworks.
The session will take a look at the editor extensions that Heyworks use to speed up and automate the project. They will tell you about add-ins that replace man-hours of routine work in one-click, help us on daily basis and can be of use to you.
In this presentation we will provide in-depth knowledge about the Unity runtime. The first part will focus on memory and how to deal with fragmentation and garbage collection. The second part on performance profiling and optimizations. Finally, there will be an overview of debugging and profiling improvements in the newly announced Unity 5.0.
Lessons we learned while getting Wonderball Heroes on WebGL using Unity 5.
The slides share our challenges, optimizations made and general tips for working with Unity and WebGL.
Unite2014: Mastering Physically Based Shading in Unity 5Renaldas Zioma
Light introduction to Physically Based Shading. Presentation discusses theory behind light interaction with different materials, new Standard shader in Unity5 and how to prepare data for your Physically Based workflow.
Docker and Your Path to a Better Staging Environment - webinar by Gil TayarApplitools
** Full webinar recording here: https://youtu.be/cJqSr7ySTfo **
Staging environments are notoriously difficult to setup and maintain. Unless you have a top-notch DevOps team, staging environments are usually different from production environments, and because of that, are fraught with problems—from failing deployments, to out-of-disk-space errors, and various other errors.
Even when the staging environment is great, it has one problem—there’s only one. If you want to test a feature branch, you have to “allocate time”, or alternatively install the feature branch and risk disrupting other testers.
It’s time the testers took control! And build their own testing environments using Docker, Docker-Compose, and Kubernetes.
In this talk, Sr. Software Architect Gil Tayar shows how to deploy an app on your local machine using Docker and Docker Compose, and run an E2E test on it.
He also describes the necessary changes needed to make the application deployable in such a setup—turning it into a Twelve-Factor Application.
Watch this hands-on session. and enjoy these key takeaways:
Remind yourself why staging environments are problematic
-- Learn what Docker is
-- Quickly deploy an app that includes a frontend, backend service, and database, and run an E2E test on it
-- Learn how Docker, Docker Compose and Kubernetes can help you easily build multiple ephemeral staging environments
-- Enable you to help developers change their code so that it can be deployed using a Docker setup
The Android Build System - Android MarshmallowRon Munitz
Part of my workshop in MobModCon 2015, where I explained how to approach the Android Build System, prior to customizing or building a custom ROM. Within the presentation there are updates which are not yet a part of Marshmallow, but are already in the master branch, and I gave them special attention (mostly painted them in Red). Such items include the Ninja build system and some of its derivatives.
While Android’s use in mobile and embedded systems is now common, details about how to debug and develop in its internals are still hard to come by. This session will cover the tools, techniques and hacks that developers can use to debug difficult problems within the Android stack.
View this presentation on YouTube:
https://www.youtube.com/watch?v=vnoY9WwEwIc
Learn how to develop an AndroidApp from a senior developer — for free! We decided to make one of our “Showmaxers teaching Showmaxers” events public. This one is from our Android developer Michal Ursiny. Check it out.
What you will learn and do:
- Introduction to Android development and what it takes to develop for Android - it’s actually pretty easy to start compared to other mobile platforms
- Java vs Kotlin - you can use both, but we recommend Kotlin
- How to create new project using Android Studio, the official IDE for Android development
- How to choose the appropriate minimum SDK version
- Understanding basic project structure:
sources
resources
AndroidManifest.xml
build.gradle
- You will run the demo project generated by Android Studio and modify it
- The basic building blocks:
Activity
Fragment
View
- How to build basic layouts using resources and themes
- The challenges - lifecycles and why to use viewmodels
- Permissions - how to access REST APIs using Retrofit library and why using third party image libraries is a good idea
Getting started
Download Android Studio - the official IDE based on IntelliJ IDEA. Configure your emulator or enable developer mode on your device and connect to the computer. Get acquainted with Android Studio.
Originally, the sample project used within the tutorial was targeting our internal Showmax Search API. It was changed to use GitHub Users Search API so it’s available and useful for everyone.
On our blog on https://tech.showmax.com/2021/02/android-crashcourse/ you can watch Michal’s easy-to-digest and comprehensive presentation embedded from YouTube.
Or just read the deck and learn the basics.
Try building the app yourself by following the shared sample project: https://github.com/Showmax/GithubUsersSearch
Reproducibility in artificial intelligenceCarlos Toxtli
In this presentation, we explore how artificial intelligence experiments can be reproduced by implementing three different approaches such as: Reproducibility frameworks, Reproducible benchmarking tools, and Reproducible standalone methods.
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Codemotion
Ron Munitz - Codemotion Rome 2015
In this session I will present the essential security measures for Application Developers, show how to reverse engineer purely protected apps, and discuss what common security guidelines will and will not work against untrusted, rooted devices. The session will include the confessions of an evil, yet good attacker, and will unleash some serious security flaws you have probably never considered in your app development.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
2. About me
CTO at WindySoft
● 9 years of online pc / unity game
Lecturer at Gachon Univ.
● 3 years of cryptography in game
Speaker
● 3rd times at KGC since 2010
Used to make games
● Katamari Damacy Online PC game
Forcus on Game Security
● PC / Android
3. Agenda
Unity on Android - what does it mean?
Code Obfuscation
Encryption of
● PlayerPrefs
● Scripts
● AssetBundles
Conclusion
Q&A
12. Mono
● Mono is a free and open source project led by Xamarin
(formerly by Novell and originally by Ximian) to create an
Ecma standard-compliant, .NET Framework-compatible set
of tools including, among others, a C# compiler and a
Common Language Runtime.
● The stated purpose of Mono is not only to be able to run
Microsoft .NET applications cross-platform, but also to bring
better development tools to Linux developers. Mono can be
run on many software systems including Android, most Linux
distributions, BSD, OS X, Windows, Solaris, and even some
game consoles such as PlayStation 3, Wii, and Xbox 360.
13. Dalvik
● Dalvik is the process virtual machine (VM) in Google's
Android operating system. It is the software that runs the
apps on Android devices. Dalvik is thus an integral part of
Android, which is typically used on mobile devices such as
mobile phones and tablet computers as well as more
recently on embedded devices such as smart TVs and media
streamers.
● Programs are commonly written in Java and compiled to
bytecode. They are then converted from Java Virtual
Machine-compatible .class files to Dalvik-compatible .dex
(Dalvik Executable) files before installation on a device.
The compact Dalvik Executable format is designed to be
suitable for systems that are constrained in terms of
memory and processor speed.
14. Java SE Performance Versus Android
● Java VM uses a stack machines.
● Dalvik VM uses a register-based architecute.
The relative merits stack machines versus register-based
approaches are a subject of ongoing debate.
15. Java SE Performance Versus Android
The results show that Java SE Embedded can execute Java
bytecodes from 2 to 3 times faster than Android 2.
18. Bartholomew IU
When I just finished my first mobile game in Unity3D,
I found that a C# decompiler like
decompile my game.
ILSpy can easily
There are a lot of obfuscators available for .Net,
but no one is specialized for Unity3D Android.
19. Bartholomew IU
I have to test them one by one. I tried some free
obfuscators, however, the result is not good enough.
Then I tried some other paid obfuscators. Some paid
obfuscators have no fine tuning of the obfuscation
process, they keep the name of all public methods and
fields unchanged.
Although this behavior is correct, it exposes too much
coding information.
20. Bartholomew IU
It would be better if an obfuscator can keep the public
methods used by Unity engine, such as Awake(),
Update(), OnGUI()... unchanged, while rename other
public methods.
The obfuscator also need to have a way to exclude
those public variables which have their value set
by Unity editor.
21. Bartholomew IU
After tried several obfuscators,
I found
Crypto obfuscator is quite good
(in terms of price and functionality),
although I haven't test all other paid obfuscators found
in the Google search.
I guess other obfuscators should work for Unity3D too,
provided that the obfuscator has the similar settings
described above.
22. Bartholomew IU
When I try the obfuscators, I find that I can test the
obfuscated code using PC build instead of installing the
result apk file into my phone in order to save time.
Comparing the re-build time using my game, PC version
takes around 20 seconds to build while Android version
takes around 4 minutes.
23. Bartholomew IU
It seems that PC build and Android build using the same
mono to interpret the IL bytecode, what obfuscation
setting works in PC build works in Android build too.
In PC build, there is a log file named output_log.txt
inside the data folder. If you run the game and find that
there are any errors after obfuscation, you can look into
the log file and check what's going wrong.
The common errors are class not found and instance is
null if the obfuscation setting is wrong.
28. Location inside the "Managed" folder
Target is to obfuscate the Assembly-CSharp.dll.
We don't need to obfuscate
the Assembly-UnityScript-firstpass.dll as non of our code is
inside this dll.
29.
30. Symbol Renaming Schemes:
I tested all different schemes, all scheme works (Although
Test Mode works too, don't use it for production. It is for
testing only). I prefer using "Unprintable", because it can
reduce the file size a bit.
I also checked the options inside "Use Advanced Overload
Renaming".
31. Assembly Specific Settings 1:
Advanced Protections:
● "Encrypt String" may not be too useful as the iOS build
keeps the string in the stripped bytecode. If you won't
publish to iOS platform, you can choose this option.
● "Protect Against Reflection-Based Examination" may break
the code as Unity3D engine uses the reflection feature.
● "Enable Tamper Detection" is not useful in my case.
32. Assembly Specific Settings 2:
Symbol Renaming:
● "Public and Non-Public..." option. This option will rename
all the public things inside the dll.
● Unity3d needs to call the public method (Awake(),
Update(), OnGUI()...) of the MonoBehaviour subclass and
these method must be excluded from renaming by setting
the "Obfuscation Rules".
33. Assembly Specific Settings 3:
Optimizations:
● "Mark Classes As Final..." option, as it will increase the
performance a bit.
Control Flow Obfuscation:
● Max level. Max level will boat the final dll. If you want to
reduce file size, choose Medium level.
34.
35. Obfuscation Rules 1:
CO process the rules from top to bottom. If the rules order
is different, some classes may be wrongly obfuscated.
● All the class name should not be renamed.
I tried that some non MonoBehaviour subclass does not
get referenced by reflection, it just fail to work if
renamed. If your game can have all the non
MonoBehaviour subclass renamed and run correctly,
remove this rule.
36.
37. Obfuscation Rules 2:
● All the class name of MonoBehaviour subclass
should not be renamed, otherwise Unity engine
cannot find your class at runtime. The exception is the
class added by AddComponent.<T>() instead of adding
the class by Unity editor.
38.
39. Obfuscation Rules 3:
● All the public fields and properties of
MonoBehaviour subclass should not be
renamed, since the value set in Unity editor is
applied to them.
40.
41. Obfuscation Rules 4:
● Some classes contain methods called by reflection
needs to be excluded from renaming. Those classes
should extend the interface KeepPublicMethod, which
is an empty interfaces with nothing inside it.
42.
43. Obfuscation Rules 5:
● Some third party code, such as iTween and MiniJSON,
is better not to rename. Because they may use the
reflection or other dynamic features of C#.
44.
45. Obfuscation Rules 6:
● All the callback method of MonoBehaviour
should be excluded from renaming, such as
Update(), Awake()...
46. How to use the command line instead of GUI
The command lines are:
● take out the dll file from the apk file
● obfuscate the dll
● put the dll back to the apk
● sign it with your signature
● finally optimize the apk file
48. Command line
Create a directory for the files, for example, c:temp. Then:
1. Copy the obfuscator setting file "ofuscator_setting.obproj" to
"c:temp".
2. Copy your key store, for example, to "c:
tempAndroidSpecificHeyZombie.keystore".
3. Create this directory: "c:
tempAndroidSpecificObfuscatedassetsbinDataManaged"
.
4. Build the apk and save it to "d:temptest.apk"
5. Go to c:temp
6. Open a command prompt and type these:
49. Open a command prompt 1
move test.apk working.zip
del AndroidSpecificOriginal*.dll /q
rem 7z is the 7-zip command line
7z e -y -r -oAndroidSpecificOriginal working.zip
assetsbinDataManaged*.dll
rem Run Obfuscator:
del AndroidSpecificObfuscatedassetsbinDataManaged*.dll /q
"C:Program Files (x86)LogicNP SoftwareCrypto Obfuscator
For .Net 2013 R2co.exe" projectfile=ofuscator_setting.obproj
50. Open a command prompt 2
rem Don't forget to remove the old signature information.
7z d working.zip "META-INF*"
cd AndroidSpecific/Obfuscated
7z u ../../working.zip assetsbinDataManagedAssemblyCSharp.dll
cd ../../
move working.zip working.apk
rem Should see the apk is not signed.
jarsigner -verify working.apk
51. Open a command prompt 3
rem This step need password:
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 keystore AndroidSpecific/HeyZombie.keystore working.apk
HeyZombie
YourPassword
rem optimize the apk file.
zipalign -f -v 4 working.apk HeyZombie.apk
del working.apk
rem Verify and should see it signed.
jarsigner -verify HeyZombie.apk
54. Here is my coding guidelines:
● The above obfuscator setting can be that simple
because I use very few of the reflection or dynamic
feature of C#.
55. Here is my coding guidelines:
● Use this AddComponent.<T>() instead of
AddComponent(String className) if you want to
obfuscate the class name.
● Use the virtual method / interface to act as callback
instead of using SendMessage(). If SendMessage() is
used, then the target method name of SendMessage()
cannot be renamed. iTween class uses a lot of
SendMessage(), so I need to exclude the whole iTween
class from renaming.
56. Here is my coding guidelines:
● Use StartCoroutine(IEnumerator routine) instead of
StartCoroutine(String methodName, object value),
although I cannot use StopCoroutine(). The technique
I used to code the coroutine is similar to multithread program. Every coroutine has code to
determine when to stop execution itself instead of
relying on the parent object to stop it. In case you
really need to use the string version of
StartCoroutine(), set the coroutine to public and
implements KeepPublicMethod interface.
57. Here is my coding guidelines:
● Concentrate all the animation event code to a single
class, and don't obfuscate the public method of this
class by implementing the KeepPublicMethod
interface. If the method name for the animation event
code is renamed, your game won't run correctly.
62. Kerckhoffs's principle
In cryptography, Kerckhoffs's principle (also called
Kerckhoffs's desiderata, Kerckhoffs's assumption,
axiom, or law) was stated by Auguste Kerckhoffs in the
19th century:
“A cryptosystem should be secure
even if everything about the system,
except the key, is public knowledge.”
63. PlayerPrefs Encryption
Why?
● Prevent simple cheating
● Prevent cracking IAB purchases (if you cache anything
locally)
● In general good practice for sensitive data (like game
progress)
How?
● Encrypt key / values before inserting them in the
PlayerPrefs
● Use a user-specific encryption so prefs cannot be copied,
but still shared in a cloud
66. Block Encryption modes
● Block ciphers encrypt only fixed-size blocks. If you
want to encrypt something that isn’t exactly one block
long, you have to use a block cipher mode.
● Currently, NIST has approved nine modes of the
approved block ciphers in a series of special
publications.
● There are six confidentiality modes (ECB, CBC, OFB,
CFB, CTR, and XTS-AES), one authentication mode
(CMAC), and two combined modes for confidentiality
and authentication (CCM and GCM).
71. PaddingMode Enumeration
● ANSIX923
○
○
○
○
The ANSIX923 padding string consists of a sequence of bytes filled
with zeros before the length.
The following example shows how this mode works. Given a
blocklength of 8, a data length of 9, the number of padding octets
equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:
Data: FF FF FF FF FF FF FF FF FF
X923 padding: FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 07
● ISO10126
○
○
○
○
The ISO10126 padding string consists of random data before the
length.
The following example shows how this mode works. Given a
blocklength of 8, a data length of 9, the number of padding octets
equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:
Data: FF FF FF FF FF FF FF FF FF
ISO10126 padding: FF FF FF FF FF FF FF FF FF 7D 2A 75 EF F8 EF 07
72. PaddingMode Enumeration
● PKCS #7
○
○
○
○
The PKCS #7 padding string consists of a sequence of bytes, each
of which is equal to the total number of padding bytes added.
The following example shows how these modes work. Given a
blocklength of 8, a data length of 9, the number of padding octets
equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:
Data: FF FF FF FF FF FF FF FF FF
PKCS7 padding: FF FF FF FF FF FF FF FF FF 07 07 07 07 07 07 07
● None
○
No padding is done.
● Zeros
○
The padding string consists of bytes set to zero.
87. Encryption of Scripts
Why?
●
●
●
●
Scrips are generally insecure
Gameplay could be altered
Security checks could be disabled
Code needs to be “hidden” for some reason (i.e.
IAB logic)
88. Encryption of Scripts
How?
● Compile scripts outside Unity
● Run a sysmmetric / asymmetric encryption on the
Script.dll
● Choose a delivery mechanism
○ Embed in the application, or
○ Download it from a trusted server
● Decrypt the Script.dll in memory
● Load it through Assembly.Load(byte[])
89. Compile scripts outside Unity
● Compile the script (Plugin.cs) with ‘gmcs’
● Reference the UnityEngine.dll assembly to access to
Unity
$ gmcs
-target:library
-out:Script.dll
-r:AndroidPlayer/Managed/UnityEngine.dll
Plugin.cs
90. Encrypt the assembly
● Using OpenSSL
● Converted to ‘text’ using Base64 encoding
● Result can be embedded in Unity as a TextAsset
$ openssl rc2 - nosalt -p -in Script.dll -out Encrypted.bin
key = …
iv = …
$ base64 Encrypted.bin > ~/UnityProject/Assets/Encrypted.txt
91. Example: Plugin.cs
public class Plugin : MonoBehaviour
{
void Start()
{
StartCoroutine(Log());
}
IEnumerator Log()
{
Debug.Log("Script Loaded");
yield return new WaitForSeconds(1f);
StartCoroutine(Log());
}
}
92. Command line
C:UsersjooDocumentsCrypto_ScriptAssets>gmcs
-target:library
-out:Plugin.dll
-r:"C:Program Files (x86)UnityEditorDataManagedUnityEngine.dll"
Plugin.cs
C:UsersjooDocumentsCrypto_ScriptAssets>openssl
rc2 -nosalt -p -in Plugin.dll
-out Plugin.bin
enter rc2-cbc encryption password:
Verifying - enter rc2-cbc encryption password:
key=409C1892B68CB394799262AC57F6D4F1
iv =7AC77EFF3F65E62D
C:UsersjooDocumentsCrypto_ScriptAssets>openssl
Plugin.txt
base64 -in Plugin.bin -out
98. About RC2,
http://en.wikipedia.org/wiki/RC2
Designers
First published
Ron Rivest
leaked in 1996, designed in 1987
Key sizes
8–1024 bits, in steps of 8 bits;
default 64 bits
64 bits
Source-heavy Feistel network
16 of type MIXING, 2 of type
MASHING
Block sizes
Structure
Rounds
Best public
cryptanalysis
A related-key attack is possible
requiring 234 chosen plaintexts
(Kelsey et al., 1997).
99. Command line
C:UsersjooDocumentsCrypto_ScriptAssets>gmcs
-target:library
-out:Plugin.dll
-r:"C:Program Files (x86)UnityEditorDataManagedUnityEngine.dll"
Plugin.cs
C:TempPlugin>openssl aes-128-cbc -nosalt -p -in Plugin.dll -out Plugin.bin
enter aes-128-cbc encryption password:
Verifying - enter aes-128-cbc encryption password:
key=409C1892B68CB394799262AC57F6D4F1
iv =7AC77EFF3F65E62D9D3438FB5031C27F
C:UsersjooDocumentsCrypto_ScriptAssets>openssl
Plugin.txt
base64 -in Plugin.bin -out
101. Openssl,
http://www.openssl.org/docs/apps/enc.html
● enc - symmetric cipher routines
○ All the block ciphers normally use PKCS#5 padding
also known as standard block padding: this allows a
rudimentary integrity or password check to be
performed. However since the chance of random
data passing the test is better than 1 in 256 it isn't
a very good test.
102. PKCS#5 vs PKCS#7,
●
http://goo.gl/k11EB3
PKCS#5 padding is identical to PKCS#7
padding, except that it has only been
defined for block ciphers that use a 64 bit
(8 byte) block size. In practice the two can
be used interchangeably.
107. Encryption of Assets
Why?
● Some assets might need to be protected from
tampering
● “Assets” doesn’t necessarily mean just “textures”;
could be
○
○
○
○
○
Game logic
Dalvik bytecode
Script code
Native code
… “anything”
108. Encryption of Assets
How?
● Create an AssetBundle from the “secret” assets
● Run a symmetric / asymmetric encryption on the
AssetBundle.unity3d
● Choose a delivery mechanism
○ Embed in the application, or
○ Download it from a trusted server
● Decrypt the AssetBundle.unity3d in memory
● Load it through AssetBundle.CreateFromMemory
(Byte[])
109. Command line
C:Temp>openssl rc2 -nosalt -p -in gstar.unity3d -out gstar.bin
enter rc2-cbc encryption password:
Verifying - enter rc2-cbc encryption password:
key=EDD8F85DA1A1E7EEC271266DBD684452
iv =68F7497BECA087F2
C:Temp>openssl
base64 -in gstar.bin -out gstar.txt
113. Key save in trust server
Why?
● Local are generally insecure
● Gameplayer exchange save data each other
114. Key save in trust server
How?
● Make a key server
● Gameplayers download different keys from a key
server
● Every time get a new key
● Choose a encryption mechanism
○ Using Unity script encryption & decryption
● Decrypt save data in memory
● Load it through Assembly.Load(byte[])
120. RAM problem
● RAM search programs look for a specific set of
conditions, like numbers that have increased,
decreased, not changed, equal to, greater
than, less than, not equal to and other logical
comparison operations. To make this method
pretty much unusable, all you need to do is
make your score (which is visually a number)
not to be a number inside memory.
121. Conclusion
● Sensitive code must be protected
● Combine the different approaches, and create new
ones
● Finally: Do spend too much time on this
○ Also update the logic for each new release