Search Unity

  1. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  2. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

A Warning to Those Who Develop With the Web Player

Discussion in 'General Discussion' started by QuantumTheory, Mar 13, 2012.

  1. QuantumTheory

    QuantumTheory

    Joined:
    Jan 19, 2012
    Posts:
    1,081
    Only days after Quantum Theory submitted its first package, "Quantum Cold," to the asset store, a gentleman emailed me sending me a link to a version of the package on Mediafire.com.

    Later that day, links were found to this package on a popular CG piracy forum.

    Upon examining this package, it appears as if this came from hacking the webplayer package on our website. Someone was able to parse the unity3d package and rip out the contents. They then published their own package.

    The materials were renamed and the normal maps contained in there are useless (the RGB channels are only a single channel from the normal map). But the meshes and diffuse textures were intact.

    After emailing the Asset Store admin, they simply replied:

    "Sorry to hear that someone ripped off your package. But thanks for clearing up that it didn't originate from the Asset Store."

    So this is a warning to those who use the webplayer to demo their content, or use it as a means to distribute your game: it can be deconstructed. If you are a hobbyist or enthusiast, this may not bother you. But if you are trying to protect intellectual property and develop a business, avoid the webplayer. I understand that technically anything can be hacked, but I believe Unity bears at least a portion of responsibility in protecting its customers, free or pro.
     
    rakkarage likes this.
  2. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    1) Webplayer can be easily decompiled.

    2) PC, Mac, iOS, Android etc. aren't going to be much different in reality.

    3) By putting it on the Asset store you lost control anyhow. The idea that demo'ing could be a problem is ridiculous - are you going to prevent your asset store clients from using it in the webplayer?

    4) If you wish to take action - take the correct action: Report to site owners, DCMA, Legal action etc.

    5) Blaming U3D for your ignorance of the reality of modern piracy is sad.
     
  3. OmniverseProduct

    OmniverseProduct

    Joined:
    Feb 26, 2012
    Posts:
    1,568
    Couldn't have said that better.
     
  4. DavidB

    DavidB

    Joined:
    Dec 13, 2009
    Posts:
    530
    Hrm not sure if the OP requires an aggressive response....

    @QuantumTheory I definitely sympathize with you, but at this level I truly don't believe a pirate = a lost sale. Anyone who's legitimately going to use this asset in a sold product will definitely buy your asset and not simply pirate it. It's sad when people will pirate indie work, but it is what it is. You can go to great lengths to avoid piracy, but at some point if someone wants to, they'll pirate it or crack it etc.
     
  5. Noisecrime

    Noisecrime

    Joined:
    Apr 7, 2010
    Posts:
    2,051
    Although I understand your pain, there isn't much Unity can do about this.

    Having looked at the package in the asset store it is only textures and meshes, meaning that Unity cannot possibly hope to protect it, since ultimately its possible to extract the data as it gets passed to the gpu. I'd even hazard a guess that doing so is just as easy (or easier) than hacking the web-player package. Although you may argue it might need greater knowledge to do so, it sadly only takes one person with that knowledge to extract your content and distribute it to all, whatever method they use.

    Your best bet is to try and leverage any interest in pirated copies of this to persuade developers to purchase the genuine thing. So post on the forum where the extracted package has been released, explain that its been ripped and that those who wish to support the developer or want to use it in a commercial project should purchase the asset.

    Obviously don't be heavy handed, approach it more like how the devs of Tiny Tower did with Zynga cloning their idea.
     
    Last edited: Mar 13, 2012
  6. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    No aggressive [and apologies if it reads that way] just abrupt presentation of the facts.

    Piracy sucks, and I'll happily support prosecuting pirates to the full extent of the law. However you must accept it is part of your business plan, and you cannot blame others for your own failings/ignorance. Otherwise you're not suited for this industry.
     
  7. Jaimi

    Jaimi

    Joined:
    Jan 10, 2009
    Posts:
    6,204
    You see these guys all the time, posting in every thread "Webplayer version please!"... It's a good idea to only post videos.
     
  8. QuantumTheory

    QuantumTheory

    Joined:
    Jan 19, 2012
    Posts:
    1,081
    The point is, those developing content using the webplayer should know that the content can be easily decompiled. This is arguably not widely known to those without good programming knowledge. Criticizing those without that knowledge is self-serving. Why would you do that?

    The webplayer demo vs. asset store argument is irrelevant. What is relevant to this discussion is the scope of your web-based demo and the risk of someone decompiling it. My advice is to not use the webplayer if you care about your property. It appears many people are doing just that.

    Again, this helps no one. Let's keep it professional and avoid jumping to irrational conclusions.
     
  9. Starsman Games

    Starsman Games

    Joined:
    Jan 30, 2011
    Posts:
    2,152
    Quantum, I am not sure how long you been doing this, but there is no way you can actually stop anyone that wants to really do it from stealing your assets.

    You will run the same risk no matter if you distribute a standalone project, web based one, or mobile. There are people out there that live to crack stuff and even your own custom code wont stop them from doing so.

    Anyone that has ever published web knows how likely it is for their stuff to be pirated, and this is not just from unity web player but also flash.

    I guess the point of view most people in this thread are coming from is: yes, we know it, this isn't news, and FYI: it's not just a Unity issue.
     
  10. Eric5h5

    Eric5h5

    Volunteer Moderator Moderator

    Joined:
    Jul 19, 2006
    Posts:
    32,401
    How does it make any real difference? As soon as you sell a single copy, it's out of your hands anyway, even if the web player was somehow magically unhackable. Though I think it would be assumed that you can get content from the webplayer, such as how Flash content, for example, is trivially rippable. In the end it's better not to turn off potential buyers by making it harder for them to preview your work.

    --Eric
     
  11. DavidB

    DavidB

    Joined:
    Dec 13, 2009
    Posts:
    530
    Maybe I just misread :p I'm tired.. and have been watching too much Walking Dead (or too little?) Starting to sympathize with the Walkers heheh. And well said.... on this scale you can offer a service aspect to go with the asset that makes the value worth it. Still not condoning piracy... but I really don't think someone is going to pirate assets and then sell their game on any legit channels. I'm sure it happens, but you likely have recourse if you want it after something extreme like that happens.
     
  12. puyacorp

    puyacorp

    Joined:
    Jan 16, 2012
    Posts:
    10
    You can encode your assets and shader scripts to draw from an online database with sql encryption. The shaders scripts for example can load from a jquery call method on your web server in which can link to a Unity like Style sheet for server side scripting and C Language programming in your sql database and load it into the unity web player. That is what we are doing with the Visual3d.NET web player but we are streaming assets and this does bog down user clients but the problems are with the bandwidth. This is done by creating a simple java query in there. I am not at authored bases to post these scripts but if you want to design a idealistic version of this for your unity games and assets this can be great examples.


    However, if this doesnt intrege you, you can just pay for a server that can be used for log in only access to your assets so they are only licenses through the jquery method, or just make your assets only accessed by a internet PC like networking solution. IE: User logs into fake PC, .exe plays on the server, and the server broadcasts to user through the streaming video scripts.
     
    Last edited: Mar 13, 2012
  13. Morning

    Morning

    Joined:
    Feb 4, 2012
    Posts:
    1,141
    So much hassle for no result. Then there's the question, is this really worth it? The pirate is going to buy one copy and get the original files then so what difference all your fancy pansy protection make? None. It only wastes your time you could be spending providing support for legit customers.
    See pirate as a potential customer, not a potential lost sale.
    Offer free noncommercial version of your product. Since most pirates are not going to make a game, you're not hurting anyone by allowing people to use your product before buying for noncommercial purposes. Then offer support and community to your customers, update your product, include new things. Show that you're there because you love to develop games, not because you want hard cold cash. Respect is the best drm that beats any software.
     
  14. OmniverseProduct

    OmniverseProduct

    Joined:
    Feb 26, 2012
    Posts:
    1,568
    Wow Morning, that was well said. Congrats. I can confirm at least 1 developer with a commercial product released that follows this. The developers of Torchlight feel the same way, as far as I understood with the CEO's comment anyway.
     
  15. Morning

    Morning

    Joined:
    Feb 4, 2012
    Posts:
    1,141
    It's about time people realize drm is not the right way to combat piracy. All drm does is hurt the customer. The pirate doesn't care. The cracker is excited for another challenge. The developer does not get more sales. It's a lose/win and pirates are the ones who win. After all befriending your enemy is a better victory than slaughtering them all and leaving hate for thousands of years. This is true in both real wars and digital wars. The people who respect you for being a great and supportive developer will buy your stuff, the people who have no respect for your stuff do not count as customers anyway since why would they buy your stuff if they don't respect you?

    The customer does not need your drm. Leave the customer alone. Deal exclusively with the pirate, they're people too and if you manage to win a diplomatic war, you got yourself another customer. Even if the pirate remains a pirate, consider him as free advertising. You can't imagine how good piracy websites are at advertising your products. Piracy is a double sided blade, master both sides and you're the winner, try to fight the blade and you just cut yourself.

    The reason I say this is so developers realize that the market has changed and they have to adapt not fight it. I have three software programs that require a dongle when using them. That is just so annoying and does not prevent piracy or result in more sales.
     
  16. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    Because OP is currently criticize Unity3D for a series of mistakes he made.

    I see no reason to mollycoddle him about it. He stuffed up, and as such he should not be blaming others. Of course, I just gave him the facts so he could learn from then, now it's being dragged out much longer than it needs to be:

    So if you do read this OP you made a mistake, but it's not a big one. Just next time do a little more research on issues that might concern you. The best solution is to make money regardless, while taking some legal steps [as already mentioned, dmca etc.] should you desire.

    Of course it's relevant. The OP has put his assets up easily available for anyone to pirate - yet is concerned about someone who went through the inconvenience of decompiling the web-player?

    You released your assets into the world. Those assets can now be pirated. It's not U3D fault rather standard industry concerns. Should you desire to actually do something about it, I already gave my suggestions.

    Or the asset store. Or PC/MAC. Or iOS/Android. Or even release a video. Or even a still. Or...

    My advice is to concern yourself with making money and, if you desire, take legal action. Pretending for a second that one form of release is significantly harder to break than another is simply wishful thinking and self-deception.
     
    Last edited: Mar 14, 2012
  17. lilymontoute

    lilymontoute

    Joined:
    Feb 8, 2011
    Posts:
    1,181
    Exactly my policy. Offering a free evaluation of my software with extensive support and updates has definitely helped with sales way more than any piracy impact.

    There are dedicated websites for pirate Asset Store content - whether you have a webplayer or not, it will get out there (even faster if it's popular). The easiest way to get a potential customer to pay for your product as opposed to pirating it is to make it 1) easier to obtain 2) reasonable in price 3) offer incentives for purchasing the product - more support, other offers, etc.

    Sure, you want to eliminate low hanging fruit (you wouldn't post code up somewhere in plaintext, for example), but that's really all that's needed.
     
  18. Mr.T

    Mr.T

    Joined:
    Jan 1, 2011
    Posts:
    546
    My 2 cents

    If you are mainly an art asset maker avoid web player preview as much as possible.
    Webplayer preview to showcase your talent = good idea
    Webplayer preview to showcase every single art asset you have on sale = bad idea

    If on the other hand you are selling a game or something like that, webplayer is a good idea. You can always show a portion of your game as a demo while keeping the full version for sale only.

    In either case, like others have pointed out you aren't immune from piracy of course. Always the possibility that Pirate would buy it/acquire it and then pirate it but Pirates usually will not go to the trouble of actually spending money on something to pirate it unless its really popular.

    (And if something you made becomes actually popular enough for a pirate to BUY it and pirate it, I think that one can bet 9 out of 10 times, you have recovered enough money from sales to cover the cost of production of said asset plus a healthy profit. Here I am talking in the context of Unity assets, not game development in general)
     
    Last edited: Mar 15, 2012
  19. Amon

    Amon

    Joined:
    Oct 18, 2009
    Posts:
    1,384
    Well, got to agree with NPSF3000 here. Not much more to add really as he basically covered it all.
     
  20. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    To tell you the truth, I don't care about getting hacked (memory hacks etc.). Even games made in C/C++ can be memory hacked.

    But being able to reverse engineer my game's source code is really disheartening. Except Unity iOS, which I believe compiles it.

    I just wanted to say that. Its just an opinion, it doesn't have to make sense to you.
     
  21. Doddler

    Doddler

    Joined:
    Jul 12, 2011
    Posts:
    269
    I imagine one possible solution to this would be (at least if you're using c#) to put your scripts into a dll, which would allow you the same code protection as a normal c# project. Mind you, that's mostly just obfuscation, but it's better than giving away full source.
     
  22. andorov

    andorov

    Joined:
    Feb 10, 2011
    Posts:
    1,061
    Putting your code in a C# DLL offers 0 protection, because the de-compilation process is VERY human readable. The only thing lost is the comments. Obfuscating provides SOME protection and is generally a very easy thing to do. Theres plenty of free ones that integrate right into your build pipeline.

    In any case, people engaged in digital media production want all the good and none of the bad. Its human nature. They want the marginal cost of their products to be zero, but they still want the characteristics of physical goods; its never going to happen. Time to accept reality!
     
  23. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830

    They did, you just didn't understand it.
     
  24. hippocoder

    hippocoder

    Digital Ape

    Joined:
    Apr 11, 2010
    Posts:
    29,723
    I do think unity should make it easier to disguise the code for online assets, because then if they do rip it, at least it is in gibberish and only the shaders would be really that usable, if limited.

    Random one way symbol and letter encryption so it's just nonsense.


    Combating piracy is about damage limitation, not cures.
     
  25. swiv

    swiv

    Joined:
    Mar 22, 2009
    Posts:
    30
    I used .NET Reflector on my desktop Unity game and was able to retrieve the source code complete. All my function, variable names etc. Personally I think this is the biggest single problem with Unity. From everything I read about Unity in magazines etc they seem to be wanting to target the AAA market, and yet can you see a big company making a triple A game and then just handing over the source code? I can't.

    I work a lot in the gambling industry. I don't care if anybody sees how I draw things to the screen or how I handle input or anything like that. But I have to protect the maths that determines how the game pays out money and when. This is what makes a game and is commercially sensitive information. I cannot use Unity to make gambling games because I am essentially just handing over our secret formula to competitors.

    I know you could always decompile an EXE and figure out how such a game plays in other ways, but to just hand it over in clear text is ridiculous. It's such a shame because I love Unity and want to use it for every project I undertake!
     
  26. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    I can confirm this. Checking that page, the text "gives you the full strength, speed and flexibility" is actually l33t speak for "your code is JIT compiled, not AOT compiled". If you didn't know that, then its obviously your fault for not being born to be as cool as NSPF3000.
     
  27. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    That and the section that says:

    NET based

    Game logic runs on the Open Source .NET platform, Mono.



    The ability to decompile .net [or mono] code is actually a 'feature' of the platform - and is widely documented. And while I do consider not being me a fatal flaw - the issue here is a lack of research. Making the assumptions something is secure is the first flaw of security, the second being to blame someone else :p


    • Obfuscate it.
    • Wrap the program in a wrapper.
    • Run code in a trusted environment.
    • Ignore it.

    Not magic.
     
    Last edited: Mar 16, 2012
  28. swiv

    swiv

    Joined:
    Mar 22, 2009
    Posts:
    30
    I've looked at the obfuscation route. There is a commercial unity3d obfuscator, but I was still able to retrieve my code after obfuscation with the latest version of .NET reflector. I've tried some other tools but without much success. My main worry is the easy lifting of data tables in my game and I don't think obfuscation would help me that much.

    I've also looked into wrappers. None of them seem to work as advertised. A lot of them seem to trigger virus warnings. I got quite far with one wrapper that specifically mentions Unity3d but then found out it didn't work on other people's PCs. So I abandoned that route.

    I can't put the code in a trusted environment. For the project I wanted to do the code has to reside on coin operated machines, it wasn't a client/server based setup.

    I also can't ignore it. No boss is going to let me hand over the code I have written for the last x amount of months (and influenced/based on many years of c++ code that was developed by the company) to a competitor.

    I agree that is may not be an issue for many, and it isn't for my personal projects. I'm just moaning because I want to use Unity for all my dev work.
     
  29. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    Have you tried just plain .net obfuscation?

    An example would be steam's suite. Though I've not used any personally, I suggest looking a little harder if you need it.

    The coin operated machine cannot be secured?

    Then spend more time on the above options. Consider legal protections.

    You appear to focus too much on 'this is U3D' rather than 'this is .net/.exe how do I protect it'.
     
  30. Farfarer

    Farfarer

    Joined:
    Aug 17, 2010
    Posts:
    2,249
    Also, I think you'll find the normal maps intact, with the other channel being in the alpha channel of the texture. You'd just have to re-swizzle it to get the normal map back out of it.
     
  31. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    Wow! So you know a tool that can decompile AOT-compiled .NET/Mono code? Do you have the link?
     
  32. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    Of course it can be decompiled, but you are right in that case it's usually a tad harder.
     
  33. cannon

    cannon

    Joined:
    Jun 5, 2009
    Posts:
    751
    @swiv

    Since it's not a web player, put the code you wish to secure in a native C++ DLL using the Pro plugin feature.

    @OP

    Yes, for tools and assets it's not a good idea to use a web player; a video is better. It will still be easily pirated, but there's no need to let people use your site to do it.

    @Everyone worried about their game code being decompiled

    This comes up every couple of years some new people discover that .net code (and swfs for that matter) are easily decompilable.
    The irony of decompilation is that once you decompile someone else's code:

    1. It will have no documentation, therefore:
    1a. if you can understand it, you wouldn't want to use it, as you would rather write it yourself
    1b. If you can't understand it, you can't debug it
    2. Regardless, there are far more interesting games than yours to decompile. Fusion Fall, Tiger Woods, Battlestar Galactica.
    3. Most of us aren't too fond of debugging other people's code. Ergo, not a lot of people are terribly interested in poring through your code either
    4. There are far more interesting code bases that do have documented source on the Internet, that don't need decompiling
    5. Most shipping games have unsightly code, unfit to see the light of day

    These are the reasons this hasn't been an issue for game code in the past 5 or so years. Tools are a different matter since they're documented and designed for reuse.
     
  34. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    We are so terribly lucky that everyone in the game industry (or anyone who can code for that matter) all have the same opinions as you've detailed! For the past 5 or so years! This is fascinating!
     
  35. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    But seriously, if you know a way to decompile AOT compiled code in human readable form letting me see the classes, variables, methods, and whatnot, I'd be interested how that was pulled off. Do you have a link?
     
  36. cannon

    cannon

    Joined:
    Jun 5, 2009
    Posts:
    751
    Pretty much all the guys who write the big Unity games and MMOs,, Battlestar Galactica, Fusion Fall, Tiger Woods, they've stopped worrying about this. This topic is seriously old, it's been this way since Unity switched from Python to dot net.
     
  37. cannon

    cannon

    Joined:
    Jun 5, 2009
    Posts:
    751
    If it helps to put it into perspective, every Flash swf on Kongregate and New grounds is decompilable. People apparently still write games in it.
     
  38. Starsman Games

    Starsman Games

    Joined:
    Jan 30, 2011
    Posts:
    2,152
    Why is this news for so many? Decompilers have existed for ages!!! And "human readable" is just a mask for "pretty code", all decompiled code is human readable, given the human working it is patient and knowledgeable enough to figure the code out.

    Decompilers have not only existed for nearly as long as compilers have, but also they are legal within certain constraints. Copying code to use in your own game is not such legal case. If you ever find anyone stealing your code (and care enough to go about decompiling other people’s apps to find out) you have legal standing to prosecute the infringers.

    At the end of the day, it’s not anymore of an issue than someone stealing your art; even the laws protecting you are exactly the same one that protect art: copyright law.
     
  39. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    No one is claiming its new. And no one is claiming there are variations that weren't human readable. If I somehow implied that way, excuse my wrong wording.

    If reading megabytes worth of assembly code is like English to you, well, more power to you sir.


    No one is claiming people do not write games for Flash anymore.
     
  40. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    http://stackoverflow.com/questions/205059/is-there-a-c-decompiler

    Use a decompiler, sit down and make sense of it.

    If you actually have anything worth protecting [hint: you often don't] AOT won't stop someone from getting the info.

    As people have been saying - it's really not a big deal.

    I can sit down and 'decompile' a Rolex, yet Rolex is still in business.
     
  41. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    Then obfuscate it...

    It's really not that hard.
     
  42. George Foot

    George Foot

    Joined:
    Feb 22, 2012
    Posts:
    399
    You keep making a distinction when there is none. .NET assemblies are compiled into CIL. CIL is the 'assembly language' of .NET. There is nothing deeper. Mono adds AOT compilation, but I believe it still requires the CIL code at runtime to operate properly. I doubt the linker gets much chance to blur interface boundaries enough to make it hard to reverse engineer the code - having it appear in assembler is at best a minor inconvenience to anyone who has a serious financial motivation to steal your algorithms.

    It is mathematically possible to supply somebody with a program which does useful work but cannot be reverse-engineered in any useful way, but I'm not aware of anybody actually doing it. In any case, you still can't stop somebody from simply encapsulating your program verbatim on their own, though.

    You really should take on board the points made by cannon on the previous page - especially numbers 3 and 4, which dissuade casual thieves. If you have reason to worry about more motivated thieves then you should talk to a lawyer.
     
  43. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    Yeah! That's what I want, a game made in Unity whose exe and dll files are as good as C/C++ compiled code. That just isn't the case right now though.
     
  44. npsf3000

    npsf3000

    Joined:
    Sep 19, 2010
    Posts:
    3,830
    Write your code in C/C++.
     
  45. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    Yeah I wish I could, I don't have Unity Pro
     
  46. AnomalusUndrdog

    AnomalusUndrdog

    Joined:
    Jul 3, 2009
    Posts:
    1,551
    Oh and I don't think its allowed to use C/C++ dlls on web builds.
     
  47. the_motionblur

    the_motionblur

    Joined:
    Mar 4, 2008
    Posts:
    1,774
    That's exactly my stance on this whole subject matter at the moment, as well.

    There have been discussions about this a months ago, as well. Most of the problems about cathcing the web player content and pirating/distributing it that were said then, have come up in this thread now, as well. It's sad that it's like that but unfortunately at the moment cannot be prevented. It was said back then that people should not uns the web player for the exact same reasons. Though, personally, I always thought like Eric here: it's gonna get out there anyways. People who are creating honest content will buy it. NOT making a webplayer might delay the inevitable a few days but in the end will fend off more of the people who might be willing to buy something that rocks and they can preview first.

    In general I'd of course be happy if there was a way to prevent people from pirating thins as easy. But as long as there's nothing to counter that in an acceptable way for the customer as well there's not much else to do than to keep producers aware of the problems. It's the downside of being able to virtually replicate goods for no cost.
     
    Last edited: Mar 17, 2012
  48. cannon

    cannon

    Joined:
    Jun 5, 2009
    Posts:
    751
    If you're willing to forego some of your target audience, consider compiling to NaCL/Pepper, and support/push for it to become a standard.
    Most other web technologies are easy to decompile partially as a side effect of making them easy to sandbox.

    Just to be clear, I would like to have dotfuscator or something similar built into Unity, but it's more of a nice to have, and the lack has never really been a showstopper for most people.
     
  49. Morning

    Morning

    Joined:
    Feb 4, 2012
    Posts:
    1,141
    Obfuscation does not prevent reverse engineering but what it does is keep the noobs out.
     
  50. cannon

    cannon

    Joined:
    Jun 5, 2009
    Posts:
    751
    True, I used to run dotfuscator on my C# apps before shipping; IIRC I did try to decompile it just to see what it was doing. Refactoring tools then were powerful enough that a couple of right-click->Refactor->Renames were enough to make it readable, adding probably about only a couple of minutes per file to make it convert completely.

    But if it was just a checkbox I would still turn it on, just for the warm fuzzy feeling, and the handful of bytes that it shaves off the file size.
     
    rakkarage likes this.