godotengine
Improve encrypted PCK robustness, by enforcing encrypted PCK usage and disabling certain unsafe features.
Adds some extra restrictions to the exports with embedded encryption key (compiled with SCRIPT_AES256_ENCRYPTION_KEY) to make encryption bypass by overriding project settings harder:
Allows encrypting asset files in the APK/AAB using existing PCK encryption key/export config, without using APK extension.
- Always encrypt PCK file list/metadata and some core files.
- Allow only encrypted main PCK to be loaded and ignore
project.godot/project.binaryoutside the PCK. - Disable command line arguments for remote filesystem, and script / scene selection when encryption is used.
- Disable
override.cfg.
Implements https://github.com/godotengine/godot-proposals/issues/6675
Hey - thanks so much for working on this, it looks great.
One thing I wanted to ask - will this also support AAB export? As new apps uploaded to playstore can only be uploaded in AAB format.
From looking at the code, I would assume so based on export_project_helper method doing checks for both APK and AAB file types?
Hey - thanks so much for working on this, it looks great.
One thing I wanted to ask - will this also support AAB export? As new apps uploaded to playstore can only be uploaded in AAB format.
From looking at the code, I would assume so based on
export_project_helpermethod doing checks for both APK and AAB file types?
@bruvzg Following on this comment, doesn't look like the encryption logic is applied to the Gradle build export path.
We're in feature freeze for 4.2, so this will be for 4.3 at the earliest.
Did anyone tried to export an encrypted aab? I tried, compiling all of this and building an export template with this. The aab have encrypted assets, but the app doesn't launch. My app was running when exported not encrypted in aab using 4.2. It may be unrelated, I'm going to continue looking for the issue.
from the logcat
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.timkrief.fallacyquiz/com.godot.game.GodotApp}: java.lang.IllegalStateException: Unable to initialize engine native layer
Did anyone tried to export an encrypted aab? I tried, compiling all of this and building an export template with this. The aab have encrypted assets, but the app doesn't launch. My app was running when exported not encrypted in aab using 4.2. It may be unrelated, I'm going to continue looking for the issue.
from the logcat
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.timkrief.fallacyquiz/com.godot.game.GodotApp}: java.lang.IllegalStateException: Unable to initialize engine native layer
I tried building this commit and the export templates (as well as 4.2.1, and 4.3dev6) and it wasn't working for me either unfortunately... is there any update on this? Kind regards
I tried to install an encrypted aab and it also crashed on startup, here's the full logcat:
Start proc 14858:com.novasoftinteractive.ahch1/u0a158 for activity {com.novasoftinteractive.ahch1/com.godot.game.GodotApp}
Invalid ID 0x00000000.
Late-enabling -Xcheck:jni
Unknown bits set in runtime_flags: 0x8000
mCompatibilityFlags - 4
applicationDensity - 240
applicationScale - 1.0
rotationForOrientation cts_verifier=
rotationForOrientation animationExist=1
rotationForOrientation mUserRotation=1 mUserRotationMode=0
rotationForOrientation rotationLocked=false mLastSensorRotation=1
mCompatibilityFlags - 4
applicationDensity - 240
applicationScale - 1.0
onPause
(REDACTED) [%s] forcing onFeedHide from onPause()
getTransport: Cannot find entry [email protected]::IServicetracker/default in either framework or device manifest.
(REDACTED) [%s] onFeedHide(). Feed was already hidden.
Transmission is done.
Connecting to perf service.
getTransport: Cannot find entry [email protected]::IIop/default in either framework or device manifest.
IIop:: Iop HAL Service is not available.
wallpaper visibility changes to: false
[Surface(name=AppWindowToken{28ecb25 token=Token{705c31c ActivityRecord{314548f u0 com.novasoftinteractive.ahch1/com.godot.game.GodotApp t264}}})/@0xb7889e - animation-leash#0] No local sync point found
[Surface(name=AppWindowToken{fb5d652 token=Token{8347add ActivityRecord{5a9feb4 u0 com.android.launcher3/com.android.searchlauncher.SearchLauncher t254}}})/@0xf6fc947 - animation-leash#0] No local sync point found
Creating new Godot fragment instance.
Warning: "/data/app/com.novasoftinteractive.ahch1-kNJOpc15sKXOjWPyAJfnRA==/base.apk!/lib/arm64-v8a/libc++_shared.so" unused DT entry: unknown processor-specific (type 0x70000001 arg 0x0) (ignoring)
USER ERROR: Can't open encrypted pack-referenced file '.godot/extension_list.cfg'.
at: open_internal (platform/android/file_access_android.cpp:182)
Error: Can't run project: no main scene defined in the project.
App trying to use insecure INPUT_FEATURE_NO_INPUT_CHANNEL flag. Ignoring
Unable to setup the Godot engine! Aborting...
Shutting down VM
--------- beginning of crash
FATAL EXCEPTION: main
Process: com.novasoftinteractive.ahch1, PID: 14858
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.novasoftinteractive.ahch1/com.godot.game.GodotApp}: java.lang.IllegalStateException: Unable to initialize engine native layer
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3271)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3410)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:83)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2017)
at android.os.Handler.dispatchMessage(Handler.java:107)
at android.os.Looper.loop(Looper.java:214)
at android.app.ActivityThread.main(ActivityThread.java:7407)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:935)
Caused by: java.lang.IllegalStateException: Unable to initialize engine native layer
at org.godotengine.godot.GodotFragment.performEngineInitialization(GodotFragment.java:199)
at org.godotengine.godot.GodotFragment.onCreate(GodotFragment.java:190)
at androidx.fragment.app.Fragment.performCreate(Fragment.java:3094)
at androidx.fragment.app.FragmentStateManager.create(FragmentStateManager.java:504)
at androidx.fragment.app.FragmentStateManager.moveToExpectedState(FragmentStateManager.java:268)
at androidx.fragment.app.FragmentManager.executeOpsTogether(FragmentManager.java:1943)
at androidx.fragment.app.FragmentManager.removeRedundantOperationsAndExecute(FragmentManager.java:1839)
at androidx.fragment.app.FragmentManager.execSingleAction(FragmentManager.java:1751)
at androidx.fragment.app.BackStackRecord.commitNowAllowingStateLoss(BackStackRecord.java:323)
at org.godotengine.godot.GodotActivity.onCreate(GodotActivity.kt:79)
at com.godot.game.GodotApp.onCreate(GodotApp.java:45)
at android.app.Activity.performCreate(Activity.java:7825)
at android.app.Activity.performCreate(Activity.java:7814)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1307)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3246)
... 11 more
App trying to use insecure INPUT_FEATURE_NO_INPUT_CHANNEL flag. Ignoring
add tag=data_app_crash isTagEnabled=true flags=0x2
Force finishing activity com.novasoftinteractive.ahch1/com.godot.game.GodotApp
finishActivityLocked packagename=com.novasoftinteractive.ahch1
ActivityTrigger activityPauseTrigger
Background execution not allowed: receiving Intent { act=android.intent.action.DROPBOX_ENTRY_ADDED flg=0x10 (has extras) } to com.google.android.gms/.stats.service.DropBoxEntryAddedReceiver
QUALCOMM build : a7d4a14, Iba1deb6915
Build Date : 07/23/20
OpenGL ES Shader Compiler Version: EV031.27.05.10
Local Branch :
Remote Branch :
Remote Branch :
Reconstruct Branch :
Build Config : S L 8.0.12 AArch64
mCompatibilityFlags - 4
applicationDensity - 240
applicationScale - 1.0
PFP: 0x005ff113, ME: 0x005ff066
getTransport: Cannot find entry [email protected]::IServicetracker/default in either framework or device manifest.
Sending signal. PID: 14858 SIG: 9
I think this is causing the crash in particular: USER ERROR: Can't open encrypted pack-referenced file '.godot/extension_list.cfg'.. If I extract the contents of the encrypted aab, there is no .godot/ folder in assets directory, it's only present in the non-encrypted aab.
Did anyone tried to export an encrypted aab? I tried, compiling all of this and building an export template with this. The aab have encrypted assets, but the app doesn't launch. My app was running when exported not encrypted in aab using 4.2. It may be unrelated, I'm going to continue looking for the issue.
from the logcat
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.timkrief.fallacyquiz/com.godot.game.GodotApp}: java.lang.IllegalStateException: Unable to initialize engine native layer
Me too!!!!!!!!!!!!!!!!!!!
Hello! Just stumbled upon this, whats the current status? i'm very interested in exporting an encrypted aab to upload to the play store...
Closing in favor of https://github.com/godotengine/godot/pull/105984 (also enabled encryption for APK/AAB without excessive changes).
Closing in favor of #105984 (also enabled encryption for APK/AAB without excessive changes).
I might be misunderstanding but wasn't this issue meant to improve robustness for every platform, while #105984 is ONLY for android? So are the other platforms just basically removed from consideration? Because this feature would make sure that when encryption is enabled, only further encrypted PCKs can be loaded.
That feature is not the case now though... I think the whole addition of require_encryption to the PCK loader would have been generally a sweet thing to have, to have more safeguards in place to prevent exported games from being penetrated with imported packfiles too easily, heh
