-
-
Notifications
You must be signed in to change notification settings - Fork 21.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Protecting game resources in exported apk #39115
Comments
Please don't ask support questions here, as this issue tracker is meant to be used for bug reports only. Use one of the other community channels instead. You could also open a proposal on the Godot proposals repository, although writing a good proposal will be easier if you have prior experience with obfuscation/encryption systems. Also, I would consider this to be mostly a duplicate of #24716 Edit: The part about PCK is not actually correct, see #39115 (comment). |
This solves the issue only partially. All the file directory structure is visible in APK. Some of the files are still in plain text |
Edit: This is not actually correct, see #39115 (comment). |
I asked 3 or 4 questions on discord, did not receive the answer for most of them. Also I was recommended to ask on github. |
Well, I guess they were wrong 🙂 In general, large GitHub issue trackers don't make for good support platforms, as bug reports will become intertwined with support requests (and sometimes feature requests) over time. |
When I export my game into Android APK I am getting all asset files (be it with script encryption or not) put individually into the assets folder. Folders are visible and some files are in plain text. Scripts are either encrypted or compiled. What I am not getting here. Thanks |
@dariuspranskus Did you export the project using the "old" method or the "new" method? Maybe the final structure differs depending on the method used. Still, I was pretty sure only a PCK file was included in the APK. cc @m4gr3d |
I used the old method. Will try the new one. Thanks |
@Calinou Same with the "new-way" - individual folders and files in assets folder in APK. I also found the following discussion about the legal liability to protect loyalty-free assets |
@dariuspranskus There were issues with the export changes not 'sticking' - did you clear the export folder on PC/uninstall the app completely before retesting? Just making sure you're not seeing the old export... |
@Zireael07 : Using v.3.2.2beta2, emptied the export folder, used the custom build, still no PCK file in the APK, individual folders and indicidual assets and compiled/encrypted scripts in the asset folder inside the APK |
You can unzip the .apk to see what the contents are. |
Example from https://gitlab.com/QbieShay/bring-out-your-dead:
So yeah it doesn't use a PCK, the project files are exported to the Scripts are compiled by default ( |
As @akien-mga mentioned, the project files are exported directly to the However the engine supports reading project data from an exported
@dariuspranskus Could you open a godot-proposals for the described process. Once the proposal is opened, could you take a stab at the first step. One thing to make clear though is that this would make it harder for the game resources to be accessed, not impossible. @akien-mga slightly unrelated, do we know if the |
@m4gr3d PCK is a custom, Godot-specific format. Unlike ZIP, it's not compressed but it supports fast random seeking. You can use the PCKPacker class to create them programmatically. |
Thanks! So we should probably use that as the default for export to the apk |
@m4gr3d There are a few tools for that, such as https://github.com/hhyyrylainen/GodotPckTool. I don't consider this to be much of a problem, as you'll never find a way to have unencrypted data that's not easily extractible. (There are tools that can recognize data structures even in custom, undocumented formats.) Also, the APK expansion feature appears to be broken: #28214 |
This is correct behavior, APK size is limited to 100MB, AAB to 150MB (and it's not supported yet), OBBs are additional files if you need bigger size (2GB each), Play Store should download and place it to the correct location automatically. |
As mentioned in this issue, OBBs do require "READ_EXTERNAL_STORAGE" permission (on some implementations of Android 6+ and all older versions), so it's probably not broken. |
@dariuspranskus Most of the logic you need to tie together for proposal #946 should be in the export.cpp source file. I'd recommend taking a look at the Engine development section, and particularly the Introduction to Godot development and the IDE configuration section to get started. Once you're set, I'd take a look at the Compiling section. You'll probably have to validate your changes by compiling the editor, exporting an Android apk, and validate the apk's Feel free to ask here or on irc if you have any questions. |
@m4gr3d Thanks. will take a look. |
This comment has been minimized.
This comment has been minimized.
@m4gr3d, @Calinou, @akien-mga Hello. Could someone please help me with the following: I have the following development environment set up:
I am able to debug the core editor app - set breakpoints, stop at them, see variables, etc. But I am struggling to debug the code in platform/android, can't set the breakpoints there, it looks like it is a separate module or something. How do I debug the export code? Thanks |
@dariuspranskus Most of the code in |
@dariuspranskus just to confirm, you're generating the build using |
@m4gr3d or anyone else - if you have any pointers about implementation, please let me know. Looking to get this done as I need to encrypt the contents of my app for shipping the .aab to Play Console. Thanks |
Hello
This is not a bug as such, this was raised and discussed some time ago #19790 but I would like to raise this question again.
I completely understand, that there is no way to securely export encrypted/compressed assets and script files to apk which couldn't be hacked or broken in.
But I still believe that the files should not be exported to apk in plain text or the whole folder structure is visible. For me this is one of the biggest issues at the moment.
I started my game with unity, and was overwhelmed how it is heavy not for development but how it is running, every task takes ages. Then I played with the Game Maker, and it was OK, except that it demanded so much resources. And then I came across Godot, and it was almost perfect, light, fast and full of features. Until I discovered this issue
I do not want to port my game third time to some other platform.
So I would like to ask, please, how would it be possible to pack and encrypt my assets/code/scenes in apk into single/few files, so it is not visible just by unzipping.
I have recently became patreon and would also be willing to contribute to the codebase. I am a developer with many years of experience in various languages, unfortunately not in C++, but I understand the syntax, and would figure it out somehow, if someone can lead me into right direction. I would really want to develop such feature in Godot.
Thanks
Regards,
Darius
The text was updated successfully, but these errors were encountered: