Runtime Acquisition of Decryption Key
For Pak’s encryption and signing, the corresponding key must be obtained at runtime.
In the definitions of UE_REGISTER_ENCRYPTION_KEY and UE_REGISTER_SIGNING_KEY above, it can be seen that there are two extern:
1 | extern void RegisterEncryptionKeyCallback(void (*)(unsigned char OutKey[32])); |
These two functions are the engine’s methods for obtaining keys:
1 | typedef void(*TSigningKeyFunc)(TArray<uint8>&, TArray<uint8>&); |
These two functions are called (i.e., the constructors of FEncryptionKeyRegistration and FSigningKeyRegistration).
Recall the initialization process of the Monolithic module mentioned in a previous article: UE Plugin and Tool Development: Basic Concepts #Monolithic Mode.
They are created when the module starts.
When loading PAK, FCoreDelegates::GetPakEncryptionKeyDelegate() is invoked to obtain the key:
1 | void FPakPlatformFile::GetPakEncryptionKey(FAES::FAESKey& OutKey, const FGuid& InEncryptionKeyGuid) |
Then it is used to decrypt data:
1 | void DecryptData(uint8* InData, uint32 InDataSize, FGuid InEncryptionKeyGuid) |
Thus achieving the entire process from build-time encryption to runtime decryption. ## Serialization Structure of Pak
It was mentioned in the previous article that UE’s PAK is a typical Archive structure:
Generated through certain serialization rules, and it is also read at runtime according to format rules:
- When mounting PAK, first read PakInfo from the end of the file to obtain the offset for the Index
- Get EncodePakEntrys based on the Index offset, which can acquire PakEntry information for each file
- Each PakEntry records the information of the current file, guiding how to read and decompress
It is also an important part of UE’s virtual file system.
However, since UE’s source code is open, the serialization structure of PAK itself lacks confidentiality. If the encryption key is obtained through reverse engineering, the files within the PAK can be directly decrypted using the official UnrealPak engine’s logic.
Additionally, there are some third-party tools, such as UModel or UnrealPakViewer, that can achieve this as well. Therefore, in addition to the keys and decryption obfuscation, the serialization structure of the PAK itself also requires modification.
Reinforcement Plan
Drawbacks of the Default Plan
Based on the previous two sections, the following conclusions can be drawn:
- The decryption key is directly compiled into the code as a macro definition.
- By using the engine source code + static analysis, it is relatively easy to locate the function for obtaining the key.
- The exported symbols in the code can directly expose the location of the decryption function.
- The PAK strings in the code (logs/ProfilingTag) can assist in locating the critical decryption function.
- The default use of AES encryption has obvious code characteristics, making it easy to analyze.
- The serialization format of PAK is quite common, allowing retrieval of keys to decrypt using public engines like UnrealPak or tools like UModel/UnrealPakViewer.
Consequently, based on these situations, we need to make various modifications to the encryption scheme to increase the cost of decryption as much as possible. However, due to security demands, I will only introduce some encryption concepts and will not provide specific code.
Key Reinforcement
The first section mentioned that keys are generated through Base64 encoding after a macro definition and obtained during runtime. We can write some unique key obfuscation logic to add a layer of processing to the key itself, preventing it from being directly obtained through static analysis.
Symbol Removal
By default, if symbols are not removed, when opening the executable program with tools like IDA, the function names can be viewed directly:
This way, the decryption function can be easily identified, and the key can be captured. Therefore, all packages for the release platform need to have their symbols removed.
After symbol removal:
You can refer to my previous article: Ultimate Optimization of UE Android APK Size
Removal of PAK Strings
For the same reason, the engine prints out various logs related to mounting PAK. Analyzing the access positions of these log strings can also assist in locating the decryption logic:
Once the decryption function is found, attaching a debugger allows you to retrieve the actual key from memory.
Thus, removing PAK-related strings is very necessary.
Log Removal
For the removal method, we hope to retain logs in Dev while removing them in Shipping:
1 | //++[lipengzha] Remove PAK-related strings in shipping |
Thus, we can encapsulate the UE_LOG macro, forwarding it by default in Dev and replacing it with an empty macro in Shipping.
Removal of BOOT_TIMING
We also need to remove strings introduced by SCOPED_BOOT_TIMING:
1 | //++[lipengzha] Remove PAK-related strings in shipping |
Then replace all UE_LOG occurrences in IPlatformFilePak.cpp and IPlatformFilePak.h with UE_PAK_LOG, and all SCOPED_BOOT_TIMING with UE_PAK_SCOPED_BOOT_TIMING.
This way, the related strings will be automatically removed during Shipping.
PAK Structure Obfuscation
In the previous section (Serialization Structure of Pak), I introduced the serialization method of the PAK structure. Therefore, for commercial projects, obfuscating the structure itself is also necessary.
On the basis of maintaining the original UFS file system, modifications can be made to the serialization of the PAK, altering the organization of the structure and encrypting or modifying the data to avoid public engines and open-source tools from being able to decrypt once they obtain the key. This can also ensure the uniqueness of each pak structure and decryption to prevent cases where one is cracked, leading to a cascade of breaches.
This part will not be elaborated on further, as each project must implement it individually.
Decompression Algorithm Obfuscation
As files are typically compressed using a compression algorithm after being packaged into a PAK, they need to be decompressed at runtime. Additionally, which compression algorithm was used is serialized in the PakInfo, with records in each PakEntry’s Index.
Therefore, some processing can also be applied in this area so that even if the key and PAK structure are reverse-engineered, an extra obfuscation behavior can occur during the actual file decompression:
Replacement of AES Algorithm
Since AES is standard in UE, it can also be located via signature codes during reverse engineering. Thus, AES can be replaced, or logical modifications can be made to the code.
What algorithm to specifically replace it with needs to be evaluated based on the project situation.
Dynamic Key Distribution for Key Assets
According to the previous analysis, if all assets use a single default key, it is directly compiled into the code. If this key is cracked, all resources may face the risk of exposure. Furthermore, local decryption has low security.
In such cases, for certain key assets or files (such as not yet released commercial content), the asset may be pre-embedded in the client but not yet available. Using a common key in this scenario poses significant risks.
The engine itself also provides logic for dynamically registering decryption keys:
1 | class CORE_API FCoreDelegates |
Thus, a dynamic key mechanism can be implemented within the update process, ensuring that the encrypted PAK does not contain the decryption key in the program body. Only after a specific time and version is released can the key be dynamically delivered, allowing the client to use it. This ensures that early unpacking and leakage does not occur.
Summary
This article introduced the default encryption logic of UE, analyzed potential risks, and provided some feasible reinforcement strategies for reference.
Note: The article analyzed the engine’s encryption process and reverse engineering methods solely to promote safer practices and is not a hacking tutorial. Any game reverse engineering-related activities are unrelated to the author. Thank you!
