- UNITY ASSETS BUNDLE EXTRACTOR DOWNLOAD HOW TO
- UNITY ASSETS BUNDLE EXTRACTOR DOWNLOAD APK
- UNITY ASSETS BUNDLE EXTRACTOR DOWNLOAD ANDROID
P/s: Maybe I will implement this technique into a CTF challenge in the future.
UNITY ASSETS BUNDLE EXTRACTOR DOWNLOAD HOW TO
This article does not go into how to prevent attacks, I just hope it can be to raise awareness about some risks in your application. Using Remote Asset Bundle is not a perfect way to hide your source code in Unity Framework, and in addition it is appropriate only when your application requires an internet connection. The rest is decompiling the new file, and this is what we are looking for ?Īs you can see, securing applications is not an easy task. We just remove this section to restore PE header file. Using an editor / hex editor, we can realize that it is PE File (beginning with MZ), but was inserted into the previous another section. Load our bundle to UABE and view its information I found a pretty good tool to extract bundles called Unity Assets Bundle Extractor TitleOriginal releaseSource code found or leakedGenreOriginal.360: Three Sixty19992020RacingSmart D.Actua Soccer 9619961996sports gameGremlin.Adventure in Time19812016Adventure gamePhoenix. The first resource is a text file that contains the content that appears on the screen, and bundle seems to contain ExtendModuleActivity that we are looking for.Īn AssetBundle is a collection of assets and/or scenes from a project saved in a compact file with the purpose of being loaded separately to the built executable application.ĪssetBundles can contain scripts as TextAssets but as such they will not be actual executable code. This app downloaded two resource from a remote server: Then open the app and observe at the proxy
![unity assets bundle extractor download unity assets bundle extractor download](https://answers.unity.com/storage/attachments/94677-page3.png)
UNITY ASSETS BUNDLE EXTRACTOR DOWNLOAD ANDROID
Note that you make sure your proxy can sniff the HTTPS Request by trusting Proxy’s Certificate in Android Client. I suspect the app downloaded required modules via HTTP, so I do some configs to force this app goes through a HTTP Proxy (such as ZAP, BurpSuite …) to know what it actually does. I assume that the decompiler is not effective and it does not show the source code completely Dynamic Testing So, where is ExtendModuleActivity? I haven’t seen it in the decompiled code. “Find me if you can!” string that we have seen when runing the app. We easily decompile a dll written in C# by using decompilers such as dnspy, ilspy or dotpeek…Īt line 39, the app loads Component ExtendModuleActivityĪt line 40 and 41, displaying the content of the Component above to screen.
UNITY ASSETS BUNDLE EXTRACTOR DOWNLOAD APK
After extract the apk file, we can see it at: /assets/bin/Data/Managed/Assembly-CSharp.dll In Unity Framework, the main code is written by C# language and compiled to a dll file. When running the application on an Android Emulator, you will see results like bellow. Notice this file is not the original version, it was modified to fit the article. Then, click Plugins and select Export to. asset file you would like to extract, for example, Select the files you need/want. Run AssetBundleExtractor.exe and open the. And in this article, I will describe my work process. Download Unity Assets Bundle Extractor by searching using your search engine of choice or via this link. I really doubt this method, so I try to reverse this app to obtain the hidden code.
![unity assets bundle extractor download unity assets bundle extractor download](https://i.imgur.com/YOz46IG.jpg)
If you are a mobile application developer, you may be interested in exposing sensitive information from your application because of decompilation a mobile app such as Android app is not too difficult.Ī friend of mine recently developed an Android application using Unity framework, it can hide code by downloading the required modules from a trusted-server at the runtime.