is it possible to hack built asset files? i know in theory all encrypted files can be decrypted. is the algorithm a strong one? is there any way for us to choose the algorithm that unity uses for encrypting .asset files in the exe build or web player build? did anyone hacked these files before? many archiving formats like EA's big is hacked and can be modified now and it's a good idea to have the ability to change the encryption algorithm.
It's not a matter of the encryption algorithm, it's a matter of the decryption key being compromised the moment you distribute your game.
Suppose you determine that Unity is currently storing assets encrypted with ROT13. You decide you're going to plug in AES and encrypt all asset bundles with it. You now need to distribute your game to players. You've basically run into the same problem that DVD encryption runs into, which is:
Now, I'm doing it with a web-based game, you say. I'm not distributing an executable at any point, so I can distribute the key securely via https! That does not save you, for several reasons:
Even if you were to do something crazy, like having a .unity3d file server that responds solely to signed requests from the webplayer, and sends then a just-packaged copy encrypted with a one-time key agreed by both parties via something like Diffie-Hellman; do you really want to run that much computational expense on your server, knowing that at some point the webplayer will need to decrypt your assets in order to play them, which means they'll be decrypted somewhere in memory (and maybe the temp files or swamp)?
It doesn't seem to be worth it. Any approach that doesn't involve a trusted third-party server ( la having a Unity Certificate Authority) can be bypassed without that much grief, and the worst thing is that it only needs to be circumvented one and it's broken, forever.
I guarantee you that the reason because the film industry can't solve the problem is not because they're incompetent, but because it's not a trivial one, even when you have their pockets.
answered Feb 19, 2010 at 11:32 PM
This gets hashed out on the forum from time to time. You can search there for details but the short answer is: "You're pretty safe from casual hackers/thieves but someone who is determined can steal from you". The question you have to ask yourself is "how big of a threat is this really?".
answered Feb 19, 2010 at 10:43 PM
To my knowledge and as stated in the forums, there is no evidence that anyone had successfully open and decrypted the assets part of an Unity 3D package. It is not the same for the code, as it is based on .net and as everyone knows, .net can be opened and hacked in many ways. But so far, unless someone come with a demonstration that he did it successfully, it is not yet the case and your assets are protected.
answered Apr 04, 2011 at 04:45 PM
Taking apart a .unity3d file is a pretty well documented exercise in the hacker community these days. Source code and assets to games are easily obtainable.
Use this software to pull out the DLL from the .unity3d package: http://unity3d.netobf.com/Unity3dObfuscatorSetup.exe
Use this software to dump the .NET MSIL code: http://reflector.red-gate.com/download.aspx?TreatAsUpdate=1
Rename .assets to .asset and then in Unity just import new asset to access all of the models, textures, etc. Not all assets are obtainable but most of them are.
answered Aug 05, 2011 at 06:52 AM