Code obfuscation suitable for Unreal Engine 4

Is there any plans to support code obfuscation for unreal engine 4? I think this would be a valuable tool to have as part of the UE4 dev tools. I haven’t seen mentioned anywhere in the forums where anyone has managed to do this on their own for their UE4 projects and would really like this feature, as I’m sure many others would as well.

Compiled binaries with excluded source is not secure. This might not be of concern to some but I’m sure that to many it is. With a small handful of the right tools, a compiled binary can be reverse engineered surprisingly fast.

Maybe someone in the community has managed to come up with a solution for this already and I’ve missed it?

This kind of thing is a waste of time. You can’t protect art assets if the graphics card can display it and source code can always be read if the CPU can run it.
What you “can” to do is some pack of tricks to stop regular players from cheating (debuggers, cheat engine users, etc), like I used to do in Unity, but real programmers you can’t stop them from cracking your game.

What are you trying to accomplish?

• If you are trying to stop crackers from defeating your DRM, you won’t.
• If you are trying to prevent the theft of art assets, that’s impossible.
• If you are trying to prevent single player cheating, there are some tricks you can use, but ultimately obfuscation won’t help.
• If you are trying to prevent multi-player cheating, that is insanely difficult and a multi-million dollar industry. You are not going to stop it.
• If you are trying to prevent emulation, obfuscation won’t do anything. Even encrypting your packets won’t stop emulators. See Ultima Online. I worked on RunUO, Polserver, and Lonewolf.
• If you are trying to protect intellectual property, why? Unreal gives out their source! I mean, you don’t get more open than that, and they are not bankrupt.

Is there something outside of this that you are trying to accomplish? I would rather see them focus on stabilizing the features Unreal already has and completing the documentation.

This isn’t so much about stopping hackers from cheating as this can be handled in proper design patterns if that’s a concern, and nothing to do with protecting art assets, its about protecting proprietary game code that can take literally thousands of man-hours to code.

This has absolutely nothing to do with licensees and their work and completely irrelevant. That is a choice by Epic in their business model and will not be reflected by many, if any, commercial game studios and their proprietary works.

Someone capable of decompiling your work, building a map of the code, and understanding how to use it, is also capable of coding it themselves. I can see a few circumstances where you might want to really protect your code - simulators, specialized proprietary languages, ect - but not for 90% of games.

Any kind of encryption or digital protection can and will be hacked if someone wants it badly enough.

As Britain said, if (in the highly unlikely circumstance) somebody wants to look at your code badly enough that they build a decompiler and can get that decompiled code to an even remotely human-readable state, they are probably capable of doing the same if not a better job in half the time it would take them to do that.

Out of pure interest, what is it specifically you’ve coded in that’s so innovative that it warrants such protection? I mean this would be a pretty hefty amount of time invested on Epics part should they implement something like this (I imagine so anyway), and would take time away from other features. I find people are far too protective of their content in this industry sometimes. I can’t remember the last time a big game shipped with mod support or an editor. I miss those days… I appreciate that everybody wants to be the first to do everything, but they’re probably not going to be, and there will always be somebody out there who can do it better.

Code obfuscation? Obviously you haven’t seen my blueprints!

Do you come from C#/.NET/Unity background? If so, I think I know why you have such concerns.

However, in UE4 game code is native C++, compiled to final binary form, which means (long story short) that it is just not viable and not needed to obfuscate your code.

^ That too. If you can find a C++ Decompiler that actually works I’ll be amazed.

Assets on the other hand will never be protected by that. Software has existed to extract stuff from UE3 .upk’s for years, I imagine it won’t be long until .PAK’s and .UAsset files are the same, especially with open source.

Yeah I remember using a “Dotfuscator” program for a couple of .net programs I created a few years back, using C#/.net you do need to worry about your code since it is so easy to reverse engineer.

But take a look on google and try and find a C++ decompiler that your average user will be able to afford… They are extremely expensive, and will not output a 1:1 reverse engineered copy of your code. There are a few free ones out there, but as TheJamsh noted, they just don’t work. The code that comes out of those programs is usually so garbled, hard to read, and incomplete that the average person would give up pretty quick.

I don’t come from a Unity background (played with it out of curiosity, was very disappointed) but I my background is almost entirely .NET platform for desktop/networking and finally putting more focus on native development for the sake of working with UE4 most efficiently so that’s definitely why I have the concerns of reverse engineering. It’s scary easy for people to reverse engineer a .NET assembly. I figured c++ would share similar vulnerabilities after some of the things I had seen over the years.

I guess just keeping source well protected and out of peering public eyes should do in that case.

You really don’t need to worry about this. The C# language is easily reverse engineered due to the way the language supports reflection/introspection etc. Unreal only supports reflection due to the code injection mechanisms enabled by the header tool etc. Essentially its got a fudge in there to allow some reflection/introspection but its not a base part of the language and wouldn’t really help because it only exposes the properties/methods chosen to expose (rather than doing it by default in the language). I happen to like the C# approach and I appreciate how much effort went into the UE version, but its basically a bit of a hack around the language limitations and as such doesn’t pose the same vulnerability.

Don’t bother…just create your game the best you can, weed out all the bugs and make your players happy.

Wasting time on diabolical protection schemes, like some did in the past and still do, at the end just bites you back in the a$$. There are people who will crack stuff for fun and as a challenge and, if you make it a challenge for them, the time you spent on the protection (that could’ve been spent on polish) will only hurt even more when they are done cracking it.

So everything that someone can make to goal the deal of dream game can be reversed.
But i want to ask and the shaders theys can be reversed too?If so it too bad.

MAchine code can be more readable if you use “Development” and “Debug” builds which might include debug symbols, data aligning machine code to source files, but as i know in VS you got them in sperate file PDB, but build in “Shipping” anything that you plan to distribute

Welcome to the world of digital.

As others have pointed out … Obfustication is pointless here.

Typically code obfustication is used in websites and javascript to make it harder for people to understand or read your code … security through obscurity … but it does not make your code secure at all … and if your code is now compiled in to an executable … that makes it even more pointless because no one will be looking at your source code but rather the machine code.

I used to be heavily paranoid about my game and the assets and the IP and all the other stuff … but then I realised that loosing sleep over it would not help me at all, as long as there are people wanting to pirate your work or crack your work or hack your work … they will find ways of doing it. You can take measures against this to slow them down … obfustication is not one of those measures.

Once again … this is merely my opinion. 8-}

After putting up with such pointless obfuscation requirements (constantly broken code, hughe costs, no effect) in a business software project for months, I only can say “thank you” for all the answers against it.

c++ is quite hard to decompile, java .net and all “bitcode” languages are very easy to decompile and you must use an obfuscator to protect it, a little.

skimming through the tutorials I read ue4 uses bitcode though?, is that for blueprints? If you start a c++ project will it be completely compiled to machine code? or will any blueprints you use be possible to decompile?

I think this could have been a hot topic at the dawn of game development. Nowadays it’s irrelevant. Starting with Wolf3D and up to Doom 3, idSoftware released entire engine and gamecode, for free. To the date no one (maybe one team did) took advantage and either used the code as-is or built on top of that, for a commercial game dev. Worth mentioning that it’s a solid example of how to write decent gamecode framework. Even with that people didn’t use it.

What makes anyone think that someone will go to extreme of decompiling your game code? o.O

Devs with money would license your code, and devs without money wouldn’t be able to do much with decompiled code anyway.