# Protect Unity3D application in Windows/Linux system
## Protect Unity3D Projects in Windows/Linux system
### Introduction
**Virbox Protector** support to protect/encrypt the Unity3D App compiled in Mono framework and IL2CPP compiling mode.
**Virbox Protector** supports to protect Unity3D App in both GUI tool and CLI tool.
With Virbox Protector, Developer protect/encrypt the whole Unity3D directory and critical libs and data assets for Unity3D android Apk, inlcudes:
Assembly-CSharp-firstpass.dll, Assembly-CSharp.dll, global-metadata.dat, and other C# assemblies,
and Unity3D data assets (`.resS and resource`)
and to Protect the Unity3D App in general protection:
Anti- debugging, Anti-Injection and other features.
Here we use Virbox Protector GUI tool to show the protection process for Unity3D app step by step . For more detail, you may also refer to the User Manual\_Virbox Protector Standalone or contact us.
### Protect Unity3D Application in 5 steps
1. Import Unity3D projects: Drag related Unity3D App into Virbox Protector;
2. Setting to protect the C# dll, gloabl metadata and protect Unity3D APK in general in "Protection Option"
3. Setting to protect Unity3D App Resource in "Resource Encryption"
4. Click to start "Protection" Process
5. Back up source APK and Use the protected APK for further testing or distribution.
### Prerequisites
Sign-up Virbox Protector and install the Virbox Protector;
Open Virbox Protector and sign in with your account;
{% hint style="info" %}
Above pre-requisition is for test/evaluation Virbox Protector only.
To protect formal and commercial release software, pls purchase and get the related Virbox Protector license.
{% endhint %}
### Protection Process
#### 1. Import Unity3D Project:
Drag the whole Unity3D app **folder** into Virbox Protector; Then Virbox protector will parse the Unity3D application automatically. and show Unity3D App information in the "Basic info" tabs, shown as snapshot below:
#### 2. Setting to protect the C# dll, gloabl metadata and protect Unity3D App in general in "Protection Option"
Go to "Protection Option" to set:
2.1 Output path and output file name, click the button in right to change output path and name; the on default output will create new sub directory in same path; with configuration file: *xxx.app.ssp.*
2.2 Set the protection option to Unity3D project in General to prevent debugging and decompiling
For Mono frame based and IL2CPP compiled App, the configuration may slightly different:
For Unity3D App based on Mono framework, The *Assembly-CSharp-firstpass.dll*, *Assembly-CSharp.dll* will be encrypted on default by Virbox protector;
You can add other C# assemblies under "Managed directory" by click "+".the Virbox Protector GUI shown as attached below:
For Unity3D app compiled on IL2CPP, Virbox Protector will protect/encrypt the metadata on default, click to select other protection options:
Memory Check:
Verify memo and check memo integrity(effective to IL2CPP project);
Metadata Name obfuscation:
Obfuscate the name of method metadata (effective to IL2CPP project);
Anti debugging:
Click to set to this feature, The protected application will quit the execution when debugging of process has been detected;
Plugin:
Switch on/off RASP Protection (Advanced Process Protection)
{% hint style="info" %}
Enable to RASP feature: additonal license required
{% endhint %}
Runtime application self protection, the advanced Protection feature to protect the process for windows application, which effective to prevent debuging tool to debug your application and also prevent the "Cheat Engine" tool to scan the memo of process, this protection function is most effective way for the highly security scenario to protect applications
There are 3 features can be select in the "RASP" Protection plugin:
* Memory Protection:
Click to protect the memory information executed for windows application; which to prevent the attacker/hacker to scan the process memory by use of "Cheat Engine" tools;
* Kernel Mode Anti-debugging
Click to activate the Anti-debugging feature to prevent the debugging tool to debug the kernal;
* Show Error Message
Pop up error message inlcudes error code when program execution error occured, and popup message will be quite after 5 seconds automatically;
as shown attached below:
#### 3. Setting to protect Unity3D project Resource in "Resource Encryption"
Go to "Resource Encryption" tab, developer can set and protect the data assets and resource of Unit3D project here.
Switch on "Enable" button, then Virbox Protector will load the resource file;
Input password to encrypt Resources (Optional, if no password input, use the random password)
click "Select Files" to add other resource file to encrypt/protect it.
{% hint style="info" %}
It is recommend to encrypt the resource file on default.
{% endhint %}
#### 4. Click to start "Protection" Process
Click to "Protect Selected Projects" to start the protection process.
Go to the output folder, besides of original project directory, `Ball2018 2.4f1_X64`.
you will find 1 new protected app folder (*Ball2018.4.f1\_X64 protected*) and
1 new file (the configuration file: *`Ball2018.2.4f1_X64.ssp`*) has been generated.
Go to the "protected folder", you can find and use the protected application in this folder for further testing and evaluation,
#### 5. Back up source Apk and use the protected Apk for further testing
You need to back up your source app, configuration file and use debugging tool and decompiler to verify, test the security performance of protected App.
{% hint style="info" %}
The configuration file can be used for:
When you updated your App version and protect your latest version with same "protection option"
Use Virbox protector CLI tool to protect your app later.
{% endhint %}
## Use Virbox Protector CLI tool to protect the Unity3D Apk
### Set protection options and generate the configuration file
Open Virbox Protector GUI tool, Set the protection options to your apk and generated the configuration file, you may refer and follow the steps to the protection setting described in above chapter.
and click the button: `"Save Selected Project`" in the main menu to generate the "configuration file", a file with the suffix name: `.ssp`
Put this configuration file into the same directory of the apk which you want to protect.
### Use the Virbox Protector CLI tool to protect your App
Find the Virbox Protector CLI tools: `virboxprotector_con.exe`:
windows:
`C:\Program Files\senseshield\Virbox Protector 2\bin`
Linux:
`/usr/share/virboxprotector/bin`
macOS:
`/Applications/Virbox Protector 2.app/Contents/MacOS/bin`
**Use following command to protect you apk in CLI mode**.
`virboxprotector_con -o `
## Execution Performance and Technical Mechanism
| Protection Feature | Performance impact | Technical mechanics |
| ------------------------------------- | -------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Assembly Encryption | Execution performance related with the Qty. and size of methods encrypted. | To encrypt the methods which contained in the Assembly and Encrypt the assembly also, and decrypt these methods and assembly when compiling the IL during JIT process. |
| Resource Encryption | related with the the size and no. of "resource" encrypted | Select the resource to encrypt and decrypt it in the Unity enginer (modefied) when executed. |
| Anti Debugging | almost no impact to performance | Use the system API or memo status to detect the debug tool |
| Unity3D Engine Protection (IL2CPP) | Slightly impact execution performance | Obfuscate the instruction combine with calling detect |
| MetaData-Name of Obfuscation (IL2CPP) | No impact | Parse gloabl-metadat.dat and modify the name |
| Memory Check (IL2CPP) | slightly impact when start execution | Vcan and verify if the instruction be tampered. |
| Signature Check | slightly impact when start execution | Verify the developer signature in the APK or AAB |
| File Check | Slightly impact when start execution | Verify the hash of each file |
| Anti Injection | almost no impact execution performance | Use the system API to prevent debugger and modify the momory |
| Emulator Detection | Slightly impact when start executio | To detect if the runnging device info. is real hardware info generated. |
| Root Detection | Slightly impact when start executio | To detect if the running environment is root environment. |
| Multi-Parallel Detection | Slightly impact when start executio | To detect if the running environment is multi-parallel environment |