[UMPatcher] Safely Protect the Managed DLLs/C# code in Unity3d application

UMPatcher is a tool to proetct the managed dlls which is built in Unity3d standalone applications. It simply encrypts the dlls in managed folder and helps Unity3d application to run with these encrypted dlls.

[New]UMPatcher also protects javascript code in mainData.

UMPatcher can be used to protect your own logic code, your distributed plugins for the windows standalone application.

UMPatcher supports all versions of Unity3d applications, supports encrypting the dlls with your own password, supports running in command line for auto builder.

Just try it and get rid of the scary state. Your code will be safe from now!

Download UMPatcher V1.0.

Download the test package.

 

What's the benefit to encrypting a .dll with a password? Is the application still able to call the .dll or does it need to pass it a password in order to run it? FWIW, there's no benefit to protecting the .exe as it can be easily replaced with another unencrypted .exe.

 

Encrypting the dll is to prevent reflector decompiling the C# code or to protect the game logic, for example communication protocol with server, or some key algorithm...

The application can still call the encrypted dlls with the help of ump. So bigkahuna, you can try to do the things you guess. And you will find it's useful

 

so, does it protect game scripts? like obfuscating?

 

Yes, it protects game scripts written in C#. It's more powerful than obfuscator.
Obfuscator only renames the classes and function names. But some code logic can still be deduced.

UMPatcher doesn't give chance to see any C# code, because it's totally encrypted.

 

Looks good, site isn't loading right now though.

 

You can't download the packages? The site runs well.

 

Getting DNS resolution errors, probably temporary, I'll just wait.

 

Hello!

Will it work for webplayer?

thanks,
Slav

 

Thanks for this great tool lubo3d

 

Currently UMPatcher doesn't support webplayer. However there are more ways to protect your code in webplayer distribution. First it will be encapsulated into unity3d package also the package can be set to hidden which I haven't tried yet.

From this post, we can see the windows standalone application needs protection most.

http://forum.unity3d.com/threads/17117-Hack-resistance

 

Thank you for the tool!

Webplayer is unpacked very easily - I think it needs protection too .

 

Yes, gnoblin. You are right.
If this tool is accepted by more standalone application developer, we can start porting it to the managed C++ which can be used in webplayer.

 

Just ensure that the MC++ code has no unsafe refs anymore, as they will fail too, even if you "hide" them in a .NET assembly as the whole p/invoke layer is cut on the webplayer

 

Thanks to dreamora.

That's to say porting to MC++ has no difference with writing in C#/.Net dlls.
However the webplayer package is more or less safer than the standalone application.

 

Hi,
Just a note on security... There are two methods for dealing with security.
The first one is to trust on a commercial company, with thousands of costumers and a reputation gained after years of work, like the xtrap solution.
The second one is to choose an open source solution, certified by thousand of users, that can check the code and see there are no backdoors.

See, I think lubo3d is a great guy for making it available, and I´m not saying we cant trust him. I´m just saying that solutions that patch game executables, and that are distributed through executable files should all be checked if you dont know the source for a long time or even if you dont know his real name.

I´m just saying that this is not the correct approach to distribute a security app. lubo3D should start a company, with his real name on it, and start to get customers to build his reputation or deliver the app as open source.

[]s, gandhi (Ricardo Andere de Mello)

 

I would be inclined to agree; I'd want to see the source for this and make sure it's not going to be used to redirect clients to pornsites in a month or install logic bombs or suchlike, lol.

I love the basic idea, though, and will definitely test it out.

 

Thanks ricardo.mello. You proposal sounds really nice to improve the reliability of this tool.
But it significantly increase the cost of this tool. Launch a commercail company doesn't mean anything because we are international communication and the law of each country is quite different.

If the tool is free and requires no benifite for the effort making this tool, you can guess it might benifite from other ways like backdoors.
This tool requirces user to purchase which means we want to provide the tool and service for user to solve their problems and really benifite from the product sales.

I think there's other ways which can analysis if one tool has backdoors except open source. Use processexplorer or some network tools to monitor the encrypted application.

Anyway, thanks for your idea. And we shall consider to build one company if we get enough support with the tools or plugins we create.

 

Thank you kind sir, for this program.

 

This does not protect javascript files, right ? Only C# ?

 

The latest version also encrypts the mainData file. That's to say it encrypts the javascript files.
Try it and you will find the mainData file becomes smaller.

 

mainData is a scene number 0, why would you encrypt it?

 

Basically this is very interesting. However, I do not trust your presentation enough to use it in any commercial product.
1) add some explanation what it does and how it does it (don't reveal secrets, but explain in more detail)
2) add some documentation
then I would readily pay 150 bucks and use it for our commercial games

 

Thanks azeitler to give us a chance to explain what UMPatcher does to the Unity application.
Yes, there's no need to reveal secrets since all the data is encrypted using user's password. There's little chance decrypting and peeking the dlls and mainData.

UMPatcher compresses and encrypts the managed dlls in "App_Data\Managed" folder except the Unity System dlls.
That's to say all the user define dlls including Assembly*.dlls will be encypted.
Also the "App_Data\mainData" will be encrypted.

After the encryption, Unity executable will no longer recognize these dlls and mainData.
So ump.dll is needed to help Unity exe to parse these data.

It's simply but hard to hack, for the dlls and exes are packed.
If you think this way can protect your product, you can pay. Otherwise, just consider it as a toy.

 

What's the cost of a license?

 

$150. Just encourage us to make it better!

 

Update for UMPatcher:
(1)Fully support for Unity 2.X.
(2)Fix the corruption when mainData size is larger than 4K.

Pls try the latest download from the original address.

 

Unity 3D Obfuscator

http://en.unity3d.netobf.com/download

 

What's stopping someone from dumping the host's memory and obtaining the encryption key?

 

gonna try this out

 

gonna try

 

Has this been updated ever to work with webplayers? Or can I just unpack the unity3d file apply this and pack it all up again? Or is there another solution to use other than the $150 Obfuscator for Unity, all I really need is something to rename all the params really.
Chris

 

obfuscator for unity has a free version, if I remember correctly, and it's functionality allows simple renaming

 

Hi,

Did anyone try the Memory hack to obtain the encryption key?

Sk.

 

Download link is invalid.

 

Hey~ Your dll file ( ump.dll ) included virus ( Troijan ). Aren't you check virus??

 

I have this but it's hard to use. Once I have created an .exe of my game and run the UMPatcher on the exe what next? I want to load my code back into Unity with the script files unreadable. ie I eventually want to publish a package on the Asset Store which has unreadable scripts inside Unity. Is there a step by step guide anywhere?

 

Virus Detected

 

I don't believe you can protect a Unitypackage file with this, from what I've read this only works on built Unity projects (with .exe/app files etc).

I've heard that Apshai Arts CodeGuard will soon include an option to protect your script files inside the Unity Editor, so you can release assets with protected code.

 

the patch file have TROJ_SPNR.03CA13 virus, when i downloading it , my anti-virus software just detected this virus : TROJ_SPNR.03CA13

 

how can I download?please