Skip to content

UE Engine Protection

1 Overview

For UE-powered games, many scattered asset files, which may even include blueprint and Lua script, are packed into one PAK file. Many tools are available for extracting PAK assets. Although the UE can encrypt the PAK file, attackers may easily obtain the key through script extraction and export all assets in the PAK file. This greatly undermines the benefits of game developers.

UniSec provides a set of new encryption modes with a high security level to protect the PAK files in UE games.

1.1 Adverse Effect of Asset Cracking

According to news reports, there are a wide assortment of auxiliary tools available on the Internet for cracking game assets, which has dealt a fatal blow to the games.

Game assets are a kind of intellectual property. Once they are cracked or leaked, game developers will suffer an untold loss.

1

1.2 Asset Protection Solutions

1.2.1 Characteristics

  1. Source codes related to UE asset PAK are customized after in-depth research.

  2. The asset PAK index encryption algorithm and the payload encryption algorithm are optimized.

  3. The packing process, unpacking process, and decryption process during runtime are optimized.

  4. The performance of asset PAK encryption is optimized.

  5. The balance between security and performance is optimized.

1.2.2 Solution Comparison

The table below compares the existing UE asset protection solutions available on the market.

Encryption Mode Advantage Disadvantage Security Level
UE built-in encryption Easy and ready to use. Easy to crack, as a number of cracking tools and methods are available on the Internet. Low
PAK structure modification Convenient for modification, able to defend against tool-reliant attackers. Easy to crack for those who are familiar with the PAK file structure. Low
PAK IndexInfo encryption Encrypts data not covered by UE built-in encryption, providing higher security. Still able to be cracked as the data is not thoroughly encrypted. Medium
Encryption logic modification The most secure solution so far. Still able to be cracked if the encryption mode is simple. High

UniSec adopts the encryption solution with a higher security level: encryption logic modification for better protection.

1.2.3 Strengths

2

2 Feature Effects

2.1 Protection Effect

The original UnrealPak.exe for UE is used. The asset PAK cannot be unpacked even if a correct key is entered. The unpacking tool builded after accessing the SDK must be used.

  1. The asset cracking steps before and after SDK access are compared.

3

  1. After the solution is applied, unpacking tools such as UnrealPak and UnrealPakViewer cannot extract asset files.

4

  1. After the solution is applied, only the unpacking tool of UniSec can extract asset files.

5

2.2 Performance Effect

  1. Test case

    1. Time point

  3. Go to the map "Sanctuary" and run it until asset loading plateaus out.

  4. Data

    1. Time spent reading the files and the data size
    2. UE solutions encrypt all assets: time spent decrypting the data, and the data size
    3. UniSec solutions encrypt all files: time spent decrypting the data, and the data size
    4. UE solutions only encrypt index: time spent decrypting the data, and the data size
  1. size of data to be readed files or decrypted assets

6

  1. time spent reading files or decrypting assets

7

The test case shows that the performance loss of the UniSec UE encryption solution is much lower than that of the UE built-in encryption solution, and is similar to that of the PAK IndexInfo encryption solution. The UniSec UE encryption solution proves to have higher security without compromising performance.

3 Access

To use this solution, you need to modify the source code related to the PAK engine. We have made version control system patches for the corresponding versions according to the source code of each UE official version by using the diff function of the version control system. If you modify the PAK-related source code by yourself, contact us and our technical team will assist you in access.

  1. Modify the source code of the PAK-related engine.

The patches are generated by Git diff and can be used as either the Git version control system or the SVN version control system. The following are steps for installing patches of the two version control systems:

  1. Git version control system

    1. Open the CMD or PowerShell to access the UE source code directory.

      cd $ (UE directory)

    2. Run the command "git apply" to install a patch.

      # Check whether the patch of the Git version control system is valid.
git apply --check $(patch directory)0.2.0-alpha-patch\diff
# Install a patch of the Git version control system.
git apply $(patch directory)\0.2.0-alpha-patch\diff

  2. SVN version control system

    1. Open the CMD or PowerShell to access the UE source code directory.

      cd $ (UE directory)

    2. Run the command "svn patch " to install a patch.

      # Install a patch of the SVN version control system.
svn patch $(patch directory)\0.2.0-alpha-patch\diff

  3. Regenerate a solution for IDE.

You need to regenerate a solution for IDE because the [ModuleName].build.cs file (indicating module dependency) is modified in the patch.

  • Right-click Project File and select Generate Visual Studio project files.

8

  1. Build a game project editor.

Open the solution and build a game project editor (UE editor).

  1. Configure an encryption mode.

The method for filtering encryption files in this solution is the same as that for the UE built-in encryption solution.

After you patch asset protection, open Packaging Settings Project > Crypto > Encryption and check to Encrypt all files(Four checkboxes as shown in the image below) to achieve the optimal effect..

9

After you enable asset protection, if you want to disable asset protection temporarily to test the UE built-in encryption solution.

  1. In the Engine\Source\Runtime\NEPPak\Private\NEPConfig.h file, set the macro NEPPAK_IS_ALL_PROTECTED to 0. The engine determines to use the NEPPak solution or the UE built-in encryption solution according to the macro.

    // NEPPAK_IS_ALL_PROTECTED: Enable or disable asset protection.
// 1: Enable asset protection.
#define NEPPAK_IS_ALL_PROTECTED 1

// 0: Disable asset protection and execute the original UE asset protection logic.
//#define NEPPAK_IS_ALL_PROTECTED 0