Jump to content

ung and CRC-Errors


photo

Recommended Posts

Hello

 

 

When creating a ung file with password protection I can not start the engine:

 

PackageUng::read_string(): CRC error
PackageUng::load(): can't load "/home/mgysin/Downloads/03_sort/UnigineSDK-binary-2011-07-21/data/core.ung" file
FileSystem::load_file(): can't open "/home/mgysin/Downloads/03_sort/UnigineSDK-binary-2011-07-21/data/core.ung" package

 

Some releaes ago this worked and it was possible to start the engine without providing the password for the ung archive, since there is:

 

Unigine::Engine::init
static Engine * init(int version,App * app,int argc,char ** argv,const char * project,const char * password)

 

I have to start the engine with this right? (Somehow I don't like to provide the password in a shipped binary)

This works without problems but there is no usable way to store the password safely in a binary file shipped to the client. Is there something I missing?

 

main.h

#include "Unigine.h"

using namespace Unigine;

int main(int argc,char **argv) {

Engine *engine = Engine::init(UNIGINE_VERSION,argc,argv, 0, "mypassword");
engine->main();
Engine::shutdown();

return 0;
}

 

main compiled

....
<C4>^H<C3>^@^@^A^@^B^@mypassword^@^@^AESC^C;$^@
...

 

Is there a best practices for this?

 

 

Thanks

Manuel

Link to comment

No better way to store the password, any experienced hacker can read out the password, no matter how you store the password in plain text or encrypted format.

Link to comment

Thats my problem. I can create a char array and freak with it but like you say, at one point I have to make the engine call and the password is readable in the memory. (security by obsucrity...)

 

So this means that anyone who gets access to the ung_xXX archiver and invest some time to get the password is able to extract the ung-archives?

Link to comment

Can an Unigine member please give a statement about this? (I think this is a important topic which affect not only us)

There is only some information under https://developer.unigine.com/en/docs/1.0/code/environment/linux_app#build_app_releasen

 

Disassembly a binary file is something but in this case when the password is known the attacker has full access to the game logic with everything!

 

 

(I know this is a long know problem of every developer which needs to store sensitive data in the client and there is no solution other then security by obscurity. But maybe there is something already implemented in the unigine library to help. If an attacker get the password there is too unigine system code which is readable and not only our code which can be a legal problem)

Link to comment

There is a Resource tool for password encryption (<UnigineSDK>/bin/resource_*). The password will be zipped and encoded to base64.

 

Hi manguste

 

 

Thanks for the help.

I played around the the resource_*, when I run resource_* password.txt ("MySecretPassword") I get a const char* []

 

 

static const char *password_resource[] = { "24 16",
"eJzzrQxOTS5KLQlILC4uzy9KAQA1uwaAAA=="};

 

 

What the first entry in the array mean? (16 seems the string length, but what is 24?)

Too how I "unzip" and decode it so that I pass it to the engine call?

 

There is no documentation about this topic but is the workflow like:

 

  1. Run resource_* for the password file
  2. Copy the const char *[] into the source code where engine is called
  3. Compile and deploy it

 

 

Thanks

Manuel

Link to comment

static const char *password_resource[] = { "24 16",
"eJzzrQxOTS5KLQlILC4uzy9KAQA1uwaAAA=="};

What the first entry in the array mean? (16 seems the string length, but what is 24?)

The first one is the uncompressed length and the second is the compressed one.

 

The workflow is as follows:

 

  1. Create a password.txt file that contains your password.
  2. Run resource_*. You will get password.resource file as the result. (If your txt file has some other name, specify a -o password flag when running Resource).
  3. Copy password.resource into <UnigineSDK>/source/engine folder.
  4. Compile the engine via SCons with password flag set:

scons password=1

Link to comment

The first one is the uncompressed length and the second is the compressed one.

 

The workflow is as follows:

 

  1. Create a password.txt file that contains your password.
  2. Run resource_*. You will get password.resource file as the result. (If your txt file has some other name, specify a -o password flag when running Resource).
  3. Copy password.resource into <UnigineSDK>/source/engine folder.
  4. Compile the engine via SCons with password flag set:

scons password=1

 

Hello manguste

 

 

Thanks for the detailed workflow.

While we are only have a license for the binary version we can not recompile the engine.

 

There is no other way or?

 

 

Thanks and a nice weekend

Manuel

Link to comment
  • 7 months later...

I'm still fighting with this problem. Some dirty hacks are protecting the password in the memory, but when calling unigine the password is for a short time accessible in the memory.

 

Question to others unigine customers: How did you solved the problem?

Link to comment
  • 2 years later...

Hi there,

 

I'm trying to follow the above description to encrypt my packages.

 

Recompiling the main with the below line and the password "test" works fine, if I use this command to create the archive:

CLI> ung_x64 -p "test" -o myData.ung myData.h
Engine *engine = Engine::init(UNIGINE_VERSION, argc, argv, 0, "test");

If I try to increase the security by using the resource_* command I get the following variable, which I use to recompile the main.

static const char *pwd_resource[] = { "12 4",
		"eNorSS0uAQAEXQHBAA==" };
static const char *pwd_resource[] = { "12 4",
		"eNorSS0uAQAEXQHBAA==" };
	
Engine *engine = Engine::init(UNIGINE_VERSION, argc, argv, 0, *pwd_resource);

Do I have now to recreate the archive myData.ung? And how do I get Unigine to load the encrypted archive? Because I always get the error:

 

PackageUng::load(): can't read string

...

 

Thanks for the help

Renato

Link to comment

Hi Renato,

 

According to this article passwords from Archiver tool and from C++ side should match. So, you need to rebuild ung package with new password.

 

You can try to load ung archive via -extern_package command on startup (main_x86d.exe -extern_package "/path/to/package.ung").

 

Thanks!

How to submit a good bug report
---
FTP server for test scenes and user uploads:

Link to comment

Hi Silent

 

As it is described here, it works properly. Although there is a little semantic fault in the Docs:

Engine *engine = Engine::init(UNIGINE_VERSION, argc, argv, 0, 123456);

This line won't compile, due to the fact that the init function wants a const char* as last argument. Or do I overlook something? It should be "123456" in parenthesis...

 

I was reading the question by manuel.gysin and tried to increase the security with resource_*.exe. Or isn't it nescessary to use resource_*.exe anymore? What do you propose?

 

Thanks a lot,

Renato

Link to comment

Hi, Renato!

 

You're absolutely right about char* argument. It's our mistake in docs, we'll fix that.

 

The "resource_* thing" they discussed in this thread is not an .exe file, it's just a resource file which will be included during compilation of the binary. That said, it requires full engine recompilation from the source and if you don't have source license then all you can do (I assume you're going to use .ung archives) is to obfuscate your password string or calculate it dynamically but it'll be in memory anyway.

 

Another thing you can do is to implement your own protected archives with proper toolchain and tell Unigine's filesystem how to use them.

Link to comment

Hi Andrey

 

Thanks for the explanation, for now we will use the .ung archives. I was just looking for approaches for a future deployement of our software.

 

Cheers,

Renato

Link to comment
×
×
  • Create New...