[gstar 2013] unity security
TRANSCRIPT
Unity SecurityCode ObfuscationData Encryption
PlayerPrefsScriptAssets
About me
CTO at WindySoft● 9 years of online pc / unity game
Lecturer at Gachon Univ.● 3 years of cryptography in game
Speaker● 3rd times at KGC since 2010
Used to make games● Katamari Damacy Online PC game
Forcus on Game Security● PC / Android
Agenda
Unity on Android - what does it mean?
Code Obfuscation
Encryption of● PlayerPrefs● Scripts● AssetBundles
Conclusion
Q&A
Reference site
Protecting your Android content● Unity developer, http://goo.gl/uAAVP4● PlayerPref, http://cafe.naver.com/unityhub/149
Obfuscator● Code Obfuscation, http://goo.gl/E8sOVY● Unitystudy, http://goo.gl/p4AGfJ
PlayerPrefs Encryption & Performance● Encryption, http://goo.gl/YHbDW6● PreviewLabs, http://goo.gl/ri10tJ
Reference site
Other obfuscator● http://www.csharp411.com/net-obfuscators/● red-gate, http://goo.gl/80ezQS● Unity 3D Obfuscator, http://goo.gl/KNzUYT● SafeNet, AndroidEnv● Medusahair, http://medusahair.biz/
Unity Scripting● Unity Reference, http://goo.gl/zRPcXa● Unitystudy, http://goo.gl/h8cTTE
Unity on Android (overview)
Linux Kernel
Mono VM
User script / “Game”
Android / Dalvik VM
Unity on AndroidAppOS
Unity on Android (detail)
C#/Scripts
Dalvik(java)
Unity on Android (detail)
AndroidJavaObject
java.lang.Object
AndroidJavaObject et al
● Script objects wrap Java objects○ AndroidJavaObject > java.lang.Object○ AndroidJavaClass > java.lang.Class○ AndroidJavaRunnalbe > java.lang.Runnable○ AndroidJavaProxy > java.lang.reflect.Proxy
● Automatically maps / instantiates Classes by name● Methods / Fields are handled through reflection looups
AndroidJavaObject (example)
● Javajava.lang.String str = new java.lang.String(“some thing”);int hash = str.hashCode();
● C#AndroidJavaObject jo =
new AndroidJavaObject(“java.lang.String”, “some thing”);int hash = jo.Call<int>(“hashCode”);
Reference site
● http://en.wikipedia.org/wiki/Mono_(software)● http://en.wikipedia.org/wiki/Dalvik_(software)● https://blogs.oracle.
com/javaseembedded/entry/how_does_android_22s_performance_stack_up_against_java_se_embedded
Mono
● Mono is a free and open source project led by Xamarin (formerly by Novell and originally by Ximian) to create an Ecma standard-compliant, .NET Framework-compatible set of tools including, among others, a C# compiler and a Common Language Runtime.
● The stated purpose of Mono is not only to be able to run Microsoft .NET applications cross-platform, but also to bring better development tools to Linux developers. Mono can be run on many software systems including Android, most Linux distributions, BSD, OS X, Windows, Solaris, and even some game consoles such as PlayStation 3, Wii, and Xbox 360.
Dalvik
● Dalvik is the process virtual machine (VM) in Google's Android operating system. It is the software that runs the apps on Android devices. Dalvik is thus an integral part of Android, which is typically used on mobile devices such as mobile phones and tablet computers as well as more recently on embedded devices such as smart TVs and media streamers.
● Programs are commonly written in Java and compiled to bytecode. They are then converted from Java Virtual Machine-compatible .class files to Dalvik-compatible .dex (Dalvik Executable) files before installation on a device. The compact Dalvik Executable format is designed to be suitable for systems that are constrained in terms of memory and processor speed.
Java SE Performance Versus Android
● Java VM uses a stack machines.● Dalvik VM uses a register-based architecute.
The relative merits stack machines versus register-based approaches are a subject of ongoing debate.
Java SE Performance Versus Android
The results show that Java SE Embedded can execute Java bytecodes from 2 to 3 times faster than Android 2.
Java SE Performance Versus Android
Unity code obfuscationPractical guide for Android buildhttp://www.4infinity.com.hk/tutorial/code_obfuscation
Bartholomew IU
When I just finished my first mobile game in Unity3D,
I found that a C# decompiler like ILSpy can easily decompile my game.
There are a lot of obfuscators available for .Net, but no one is specialized for Unity3D Android.
Bartholomew IU
I have to test them one by one. I tried some free obfuscators, however, the result is not good enough.
Then I tried some other paid obfuscators. Some paid obfuscators have no fine tuning of the obfuscation process, they keep the name of all public methods and fields unchanged.
Although this behavior is correct, it exposes too much coding information.
Bartholomew IU
It would be better if an obfuscator can keep the public methods used by Unity engine, such as Awake(), Update(), OnGUI()... unchanged, while rename other public methods.
The obfuscator also need to have a way to exclude those public variables which have their value set by Unity editor.
Bartholomew IU
After tried several obfuscators,
I found Crypto obfuscator is quite good
(in terms of price and functionality), although I haven't test all other paid obfuscators found in the Google search.
I guess other obfuscators should work for Unity3D too, provided that the obfuscator has the similar settings described above.
Bartholomew IU
When I try the obfuscators, I find that I can test the obfuscated code using PC build instead of installing the result apk file into my phone in order to save time.
Comparing the re-build time using my game, PC version takes around 20 seconds to build while Android version takes around 4 minutes.
Bartholomew IU
It seems that PC build and Android build using the same mono to interpret the IL bytecode, what obfuscation setting works in PC build works in Android build too.
In PC build, there is a log file named output_log.txt inside the data folder. If you run the game and find that there are any errors after obfuscation, you can look into the log file and check what's going wrong.
The common errors are class not found and instance is null if the obfuscation setting is wrong.
Tools
C# decompiler● ILSpy, http://ilspy.net/
Obfuscator● CO, http://goo.gl/kobNg6
Uncompress● 7-zip, http://www.7-zip.org/
Java version● 1.6.xx, Java SE 6 Download, http://goo.gl/FfDwZq
Tools
Microsoft Visual C++ 2008 Redistributable Package● http://goo.gl/0jMXon
Android SDK● http://goo.gl/cK71GA , http://goo.gl/rmG3tP
Try using the PC build
Location of the log file
Location inside the "Managed" folder
Target is to obfuscate the Assembly-CSharp.dll. We don't need to obfuscate the Assembly-UnityScript-firstpass.dll as non of our code is inside this dll.
Symbol Renaming Schemes:
I tested all different schemes, all scheme works (Although Test Mode works too, don't use it for production. It is for testing only). I prefer using "Unprintable", because it can reduce the file size a bit.
I also checked the options inside "Use Advanced Overload Renaming".
Assembly Specific Settings 1:
Advanced Protections:
● "Encrypt String" may not be too useful as the iOS build keeps the string in the stripped bytecode. If you won't publish to iOS platform, you can choose this option.
● "Protect Against Reflection-Based Examination" may break the code as Unity3D engine uses the reflection feature.
● "Enable Tamper Detection" is not useful in my case.
Assembly Specific Settings 2:
Symbol Renaming:
● "Public and Non-Public..." option. This option will rename all the public things inside the dll.
● Unity3d needs to call the public method (Awake(), Update(), OnGUI()...) of the MonoBehaviour subclass and these method must be excluded from renaming by setting the "Obfuscation Rules".
Assembly Specific Settings 3:
Optimizations:
● "Mark Classes As Final..." option, as it will increase the performance a bit.
Control Flow Obfuscation:
● Max level. Max level will boat the final dll. If you want to reduce file size, choose Medium level.
Obfuscation Rules 1:
CO process the rules from top to bottom. If the rules order is different, some classes may be wrongly obfuscated.
● All the class name should not be renamed. I tried that some non MonoBehaviour subclass does not get referenced by reflection, it just fail to work if renamed. If your game can have all the non MonoBehaviour subclass renamed and run correctly, remove this rule.
Obfuscation Rules 2:
● All the class name of MonoBehaviour subclass should not be renamed, otherwise Unity engine cannot find your class at runtime. The exception is the class added by AddComponent.<T>() instead of adding the class by Unity editor.
Obfuscation Rules 3:
● All the public fields and properties of MonoBehaviour subclass should not be renamed, since the value set in Unity editor is applied to them.
Obfuscation Rules 4:
● Some classes contain methods called by reflection needs to be excluded from renaming. Those classes should extend the interface KeepPublicMethod, which is an empty interfaces with nothing inside it.
Obfuscation Rules 5:
● Some third party code, such as iTween and MiniJSON, is better not to rename. Because they may use the reflection or other dynamic features of C#.
Obfuscation Rules 6:
● All the callback method of MonoBehaviour should be excluded from renaming, such as Update(), Awake()...
How to use the command line instead of GUI
The command lines are: ● take out the dll file from the apk file● obfuscate the dll● put the dll back to the apk● sign it with your signature● finally optimize the apk file
Key Store
c:\Temp>keytool -genkey -alias HeyZombie -keyalg RSA -validity 10000 -keystore HeyZombie.keystore
Command line
Create a directory for the files, for example, c:\temp\. Then:
1. Copy the obfuscator setting file "ofuscator_setting.obproj" to "c:\temp\".
2. Copy your key store, for example, to "c:\temp\AndroidSpecific\HeyZombie.keystore".
3. Create this directory: "c:\temp\AndroidSpecific\Obfuscated\assets\bin\Data\Managed".
4. Build the apk and save it to "d:\temp\test.apk"5. Go to c:\temp6. Open a command prompt and type these:
Open a command prompt 1
move test.apk working.zipdel AndroidSpecific\Original\*.dll /q
rem 7z is the 7-zip command line7z e -y -r -oAndroidSpecific\Original\ working.zip assets\bin\Data\Managed\*.dll
rem Run Obfuscator:del AndroidSpecific\Obfuscated\assets\bin\Data\Managed\*.dll /q"C:\Program Files (x86)\LogicNP Software\Crypto Obfuscator For .Net 2013 R2\co.exe" projectfile=ofuscator_setting.obproj
Open a command prompt 2
rem Don't forget to remove the old signature information.7z d working.zip "META-INF*"cd AndroidSpecific/Obfuscated7z u ../../working.zip assets\bin\Data\Managed\Assembly-CSharp.dllcd ../../move working.zip working.apk
rem Should see the apk is not signed.jarsigner -verify working.apk
Open a command prompt 3
rem This step need password:jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore AndroidSpecific/HeyZombie.keystore working.apk HeyZombieYourPassword
rem optimize the apk file.zipalign -f -v 4 working.apk HeyZombie.apkdel working.apk
rem Verify and should see it signed.jarsigner -verify HeyZombie.apk
Assembly-CSharp.dll location
C:\Temp\HeyZombie.zip\assets\bin\Data\Managed
Here is my coding guidelines:
● The above obfuscator setting can be that simple because I use very few of the reflection or dynamic feature of C#.
Here is my coding guidelines:
● Use this AddComponent.<T>() instead of AddComponent(String className) if you want to obfuscate the class name.
● Use the virtual method / interface to act as callback instead of using SendMessage(). If SendMessage() is used, then the target method name of SendMessage() cannot be renamed. iTween class uses a lot of SendMessage(), so I need to exclude the whole iTween class from renaming.
Here is my coding guidelines:
● Use StartCoroutine(IEnumerator routine) instead of StartCoroutine(String methodName, object value), although I cannot use StopCoroutine(). The technique
I used to code the coroutine is similar to multi-thread program. Every coroutine has code to determine when to stop execution itself instead of relying on the parent object to stop it. In case you really need to use the string version of StartCoroutine(), set the coroutine to public and implements KeepPublicMethod interface.
Here is my coding guidelines:
● Concentrate all the animation event code to a single class, and don't obfuscate the public method of this class by implementing the KeepPublicMethod interface. If the method name for the animation event code is renamed, your game won't run correctly.
v2013 R2 Enterprise
Unity EncryptionPlayerPrefs Encryptionhttp://cafe.naver.com/unityhub/149
Kerckhoffs's principle
In cryptography, Kerckhoffs's principle (also called Kerckhoffs's desiderata, Kerckhoffs's assumption, axiom, or law) was stated by Auguste Kerckhoffs in the 19th century:
“A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”
PlayerPrefs Encryption
Why?● Prevent simple cheating● Prevent cracking IAB purchases (if you cache anything
locally)● In general good practice for sensitive data (like game
progress)
How?● Encrypt key / values before inserting them in the
PlayerPrefs● Use a user-specific encryption so prefs cannot be copied,
but still shared in a cloud
Change algorithm
Block Cipher Mode, http://goo.gl/yU5K7d
● ECB > CBC
Padding Mode, http://goo.gl/JWy92j
● PKCS7(default)
Encryption Algorithm, http://goo.gl/3fJBfj
● 3DES and RC2 > AES
Example: CipherMode
public static void SetString(string _key, string _value, byte[] _secret) { TripleDES des = new TripleDESCryptoServiceProvider(); des.Key = _secret;
des.Mode = CipherMode.ECB; ICryptoTransform xform = des.CreateEncryptor(); byte[] encrypted = xform.TransformFinalBlock(bytes, 0, bytes.Length);}
Block Encryption modes
● Block ciphers encrypt only fixed-size blocks. If you want to encrypt something that isn’t exactly one block long, you have to use a block cipher mode.
● Currently, NIST has approved nine modes of the approved block ciphers in a series of special publications.
● There are six confidentiality modes (ECB, CBC, OFB,
CFB, CTR, and XTS-AES), one authentication mode (CMAC), and two combined modes for confidentiality and authentication (CCM and GCM).
Electronic codebook(ECB)
Cipher-block chaining(CBC)
Compare ECB versus other modes
Original image Encrypted using ECB mode Modes other than ECB result in pseduo-randomness
Padding
100010110101Plantext ?127bit 0
0100001101010Block size
128bit
PaddingMode Enumeration
● ANSIX923○ The ANSIX923 padding string consists of a sequence of bytes filled
with zeros before the length.○ The following example shows how this mode works. Given a
blocklength of 8, a data length of 9, the number of padding octets equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:
○ Data: FF FF FF FF FF FF FF FF FF○ X923 padding: FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 07
● ISO10126○ The ISO10126 padding string consists of random data before the
length.○ The following example shows how this mode works. Given a
blocklength of 8, a data length of 9, the number of padding octets equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:
○ Data: FF FF FF FF FF FF FF FF FF○ ISO10126 padding: FF FF FF FF FF FF FF FF FF 7D 2A 75 EF F8 EF 07
PaddingMode Enumeration
● PKCS #7○ The PKCS #7 padding string consists of a sequence of bytes, each
of which is equal to the total number of padding bytes added.○ The following example shows how these modes work. Given a
blocklength of 8, a data length of 9, the number of padding octets equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:
○ Data: FF FF FF FF FF FF FF FF FF○ PKCS7 padding: FF FF FF FF FF FF FF FF FF 07 07 07 07 07 07 07
● None○ No padding is done.
● Zeros○ The padding string consists of bytes set to zero.
Example: CipherMode
public static void SetString(string _key, string _value, byte[] _secret, byte[] initVec) {
Aes myAes = Aes.Create();myAes.Key = _secret;myAes.IV = initVec;myAes.Mode = CipherMode.CBC;myAes.Padding = PaddingMode.PKCS7;
}
PlayerPrefs xml data
PlayerPrefs xml data encryption
Debug.log
regedt32
Source analysis
void Start() { string userName = "Unity3D";
MD5 md5Hash = new MD5CryptoServiceProvider(); byte[] secret = md5Hash.ComputeHash(System.Text.Encoding.UTF8.GetBytes(userName));
// Game progress ( key, value ) pair. string key = "test_key"; string _value = "Encrypt_Example";
// Insert ( key, value ) pair. CustomFunction.SetString(key, _value, secret);
// Retrieve ( key, value ) pair. string ret = CustomFunction.GetString(key, secret); }
128bit
Source analysis
public static void SetString(string _key, string _value, byte[] _secret) { // Hide '_key' string. MD5 md5Hash = MD5.Create(); byte[] hashData = md5Hash.ComputeHash(System.Text.Encoding.UTF8.GetBytes(_key)); string hashKey = System.Text.Encoding.UTF8.GetString(hashData);
// Encrypt '_value' into a byte array byte[] bytes = System.Text.Encoding.UTF8.GetBytes(_value);
// Eecrypt '_value' with 3DES. TripleDES des = new TripleDESCryptoServiceProvider(); des.Key = _secret; des.Mode = CipherMode.ECB; ICryptoTransform xform = des.CreateEncryptor(); byte[] encrypted = xform.TransformFinalBlock(bytes, 0, bytes.Length); }
128bit?
Source analysis tip
● TripleDES Class○ http://goo.gl/RuXdME
Default paddingmode
● SymmetricAlgorithm.Padding Property○ http://goo.gl/QPCE95
AES speed w/ different key sizes
Unity EncryptionScript Encryptionhttp://cafe.naver.com/unityhub/164
Tools: gmcs
C:\Users\joo>cd "C:\Program Files (x86)\Unity\Editor\Data\Mono\bin"C:\Program Files (x86)\Unity\Editor\Data\Mono\bin>dir/w gmcs C 드라이브의 볼륨에는 이름이 없습니다. 볼륨 일련 번호: 529D-ED90 C:\Program Files (x86)\Unity\Editor\Data\Mono\bin 디렉터리gmcs 1개 파일 68 바이트 0개 디렉터리 209,364,811,776 바이트 남음
Tools: Openssl win32
● http://www.openssl.org/● http://slproweb.com/products/Win32OpenSSL.html
Encryption of Scripts
Why?● Scrips are generally insecure● Gameplay could be altered● Security checks could be disabled● Code needs to be “hidden” for some reason (i.e.
IAB logic)
Encryption of Scripts
How?● Compile scripts outside Unity● Run a sysmmetric / asymmetric encryption on the
Script.dll● Choose a delivery mechanism
○ Embed in the application, or○ Download it from a trusted server
● Decrypt the Script.dll in memory● Load it through Assembly.Load(byte[])
Compile scripts outside Unity
● Compile the script (Plugin.cs) with ‘gmcs’● Reference the UnityEngine.dll assembly to access to
Unity
$ gmcs-target:library-out:Script.dll-r:AndroidPlayer/Managed/UnityEngine.dllPlugin.cs
Encrypt the assembly
● Using OpenSSL● Converted to ‘text’ using Base64 encoding● Result can be embedded in Unity as a TextAsset
$ openssl rc2 - nosalt -p -in Script.dll -out Encrypted.binkey = …iv = …
$ base64 Encrypted.bin > ~/UnityProject/Assets/Encrypted.txt
Example: Plugin.cs
public class Plugin : MonoBehaviour { void Start() { StartCoroutine(Log()); } IEnumerator Log() { Debug.Log("Script Loaded"); yield return new WaitForSeconds(1f); StartCoroutine(Log()); } }
Command line
C:\Users\joo\Documents\Crypto_Script\Assets>gmcs -target:library -out:Plugin.dll -r:"C:\Program Files (x86)\Unity\Editor\Data\Managed\UnityEngine.dll" Plugin.cs
C:\Users\joo\Documents\Crypto_Script\Assets>openssl rc2 -nosalt -p -in Plugin.dll -out Plugin.binenter rc2-cbc encryption password:Verifying - enter rc2-cbc encryption password:key=409C1892B68CB394799262AC57F6D4F1iv =7AC77EFF3F65E62D
C:\Users\joo\Documents\Crypto_Script\Assets>openssl base64 -in Plugin.bin -out Plugin.txt
Command line example
Encrypt “Plugin.txt”
Debug.log
About RC2, http://en.wikipedia.org/wiki/RC2
Designers Ron RivestFirst published leaked in 1996, designed in 1987
Key sizes 8–1024 bits, in steps of 8 bits; default 64 bits
Block sizes 64 bitsStructure Source-heavy Feistel networkRounds 16 of type MIXING, 2 of type
MASHING
Best public A related-key attack is possiblecryptanalysis requiring 234 chosen plaintexts
(Kelsey et al., 1997).
Command line
C:\Users\joo\Documents\Crypto_Script\Assets>gmcs -target:library -out:Plugin.dll -r:"C:\Program Files (x86)\Unity\Editor\Data\Managed\UnityEngine.dll" Plugin.cs
C:\Temp\Plugin>openssl aes-128-cbc -nosalt -p -in Plugin.dll -out Plugin.binenter aes-128-cbc encryption password:
Verifying - enter aes-128-cbc encryption password:key=409C1892B68CB394799262AC57F6D4F1iv =7AC77EFF3F65E62D9D3438FB5031C27F
C:\Users\joo\Documents\Crypto_Script\Assets>openssl base64 -in Plugin.bin -out Plugin.txt
Encrypt “PluginAes.txt”
Openssl, http://www.openssl.org/docs/apps/enc.html
● enc - symmetric cipher routines○ All the block ciphers normally use PKCS#5 padding
also known as standard block padding: this allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.
PKCS#5 vs PKCS#7, http://goo.gl/k11EB3
● PKCS#5 padding is identical to PKCS#7 padding, except that it has only been defined for block ciphers that use a 64 bit (8 byte) block size. In practice the two can be used interchangeably.
Debug.log
file size
Unity EncryptionAssets Encryptionhttp://cafe.naver.com/unityhub/207
Encryption of Assets
Why?● Some assets might need to be protected from
tampering● “Assets” doesn’t necessarily mean just “textures”;
could be○ Game logic○ Dalvik bytecode○ Script code○ Native code○ … “anything”
Encryption of Assets
How?● Create an AssetBundle from the “secret” assets● Run a symmetric / asymmetric encryption on the
AssetBundle.unity3d● Choose a delivery mechanism
○ Embed in the application, or○ Download it from a trusted server
● Decrypt the AssetBundle.unity3d in memory● Load it through AssetBundle.CreateFromMemory
(Byte[])
Command line
C:\Temp>openssl rc2 -nosalt -p -in gstar.unity3d -out gstar.binenter rc2-cbc encryption password:Verifying - enter rc2-cbc encryption password:key=EDD8F85DA1A1E7EEC271266DBD684452iv =68F7497BECA087F2
C:\Temp>openssl base64 -in gstar.bin -out gstar.txt
file size
Further studyI’ll update NDC 2014, maybe.;-)
Key ServerDatabase encryption http://goo.gl/W6lOEd
Key save in trust server
Why?● Local are generally insecure● Gameplayer exchange save data each other
Key save in trust server
How?● Make a key server● Gameplayers download different keys from a key
server● Every time get a new key● Choose a encryption mechanism
○ Using Unity script encryption & decryption● Decrypt save data in memory● Load it through Assembly.Load(byte[])
Network SecuritySecure Socket Layerhttp://en.wikipedia.org/wiki/Secure_Sockets_Layer
SSL tunneling
AuthenticationSecure Single Sign Onhttp://en.wikipedia.org/wiki/Secure_Sockets_Layer
Memory encryptionRAM protectionhttp://www.riawolf.com/?p=20
Tools
Cheat Engine● http://www.cheatengine.org/
ArtMoney● http://www.artmoney.ru/
RAM problem
● RAM search programs look for a specific set of conditions, like numbers that have increased, decreased, not changed, equal to, greater than, less than, not equal to and other logical comparison operations. To make this method pretty much unusable, all you need to do is make your score (which is visually a number) not to be a number inside memory.
Conclusion
● Sensitive code must be protected● Combine the different approaches, and create new
ones● Finally: Do spend too much time on this
○ Also update the logic for each new release
Q&A
Thank youhttp://slideshare.net/SeungminShin1/