Unity is an integrated development environment for creating an app simply, and it supports multi-platforms and makes developers develop apps easily. Various kinds of apps can be made on Unity, and the most popular genre is mobile game app. Unity has distinctive advantages and motivates app developers to make a game using the Unity engine.
While the development process is easy with the Unity engine, different types of vulnerabilities are also addressed. Before we discuss vulnerabilities, let’s see the first two build modes from Unity.
1.MONO mode
· Develops in C# to support various kinds of platforms · Converts C# code to IL(Intermediate Language) code · Creates Assembly-CSharp.dll (.NET framework based) when building (Important logics will be included in Assembly-CSharp.dll and speficif files)
2.IL2CPP mode
· Develops in C# to support various kinds of platforms · Convert C# code to IL(Intermediate Language) code · Converts IL code to C++ format · Creates libil2cpp.so(Binary based) when building (Important logics will be included in libil2cpp.so and specific files)
As above, Unity provides two kinds of modes to build. IL2CPP mode was developed to solve problems of MONO mode which couldn’t support 64bit and currently Unity is also recommending to use IL2CPP. MONO mode and IL2CPP mode files where the development is completed can be decompiled with the Decompile tool, which lead to vulnerabilities that can easily analyze important logic in the game.
» Decompile to Mono mode of Unity
» Decompile to IL2CPP mode of Unity
This exposed logic makes it possible to figure out what kind of function this logic does in the game, and it will be used maliciously to get skills, experience, and game money illegally. So there are severe damage cases, and they are getting increased.
To protect against this kind of threat, LIAPP provides Unity important file encryption function.
The app and app developers can stop fatal incidents in advance by using LIAPP’s Unity protection. LIAPP’s Unity Protection will prevent the leakage of critical logic (skills, experience, goods, payment logic, and game money) from distributed apps.
Furthermore, as this feature applies to compiled app files (apk), it is possible to apply to apk or aab files despite the developed language and framework.
The way how to apply Unity protection is also very easy and quick. You can set the Unity Protection feature on ‘Code Protection’ menu on LIAPP dashboard as below.
Let's strongly protect essential engine files in mobile apps which developed by Unity Engine.
Experience LIAPP
For any questions, please leave them in the comment section!