You can choose to either distribute your AssetBundles with your game or app, or they can be downloaded from remote servers by your game or app. In the latter case, when you download AssetBundles, it’s important to take precautions to prevent AssetBundle data corruption as well as attacks by malicious actors. A common cause of mysterious crashes on user devices comes from data corruption in downloaded AssetBundles. Such situations can cost a large amount of effort and time to diagnose and resolve. And, even though AssetBundles cannot contain executable code, changing serialized data could allow an attacker to exploit a vulnerability in the game code or the Unity runtime.
UnityWebRequestAssetBundle can be used to download and cache AssetBundles from the internet. When using this API you should use the HTTPS protocol in your URL, unless your URL refers to a local web server that runs on the same machine. The HTTP protocol is not secure and is vulnerable to a malicious man in the middle attack.
Unity provides the tools for you to use a checksum to determine that an AssetBundle is not corrupted or modified when downloading it. A 32-bit checksum is generated during the AssetBundle build process and recorded in the .manifest file and exposed by BuildPipeline.GetCRCForAssetBundle. When you use a CRC check, it ensures the AssetBundle data was not corrupted or tampered with after it was built. You must provide this CRC when downloading AssetBundles through UnityWebRequestAssetBundle.GetAssetBundle so that invalid AssetBundles content cannot make it into the cache. See AssetBundle compression and caching for additional details.
If you download or distribute AssetBundles yourself, and do not use the built-in AssetBundle Cache, then you should be sure to perform integrity checks prior to using any content that you have retrieved. One way to do that is to use the optional parameters on the AssetBundle Load APIs to pass in the expected CRC value. When provided, the loading system calculates the checksum of the uncompressed content of the AssetBundle before loading it. If the CRC of the AssetBundle does not match the provided CRC, the AssetBundle will not load. For AssetBundles compressed with LZ4 this can be costly because it forces the file to be fully decompressed into RAM. For LZMA compressed AssetBundles the load already forces a full content decompression, so performing the CRC check is not a significant additional cost. Overall it can be practical to avoid the cost of CRC calculations by performing the integrity check once, as the file is retrieved and stored on the device, rather than repeating it at each load.
Note: If you are using AssetBundle compression then you shouldn’t use other common hash algorithms (such as md5) to validate your AssetBundle files. This is because Unity sometimes recompresses your AssetBundles even if their contents didn’t change, which means the file content hash may change in cases when the contents of the file are actually still valid. In contrast, the CRC value for an AssetBundle is calculated from its uncompressed content, which remains constant even when the bundle is recompressed.
Note: the AssetBundle hash that a Unity build calculates and stores inside the .manifest is not a hash of the AssetBundle’s full file content. It can be used as a version value for the AssetBundle but is not suitable to use for file corruption detection.
如果您允许用户上传分发给其他玩家的内容(用户生成的内容),则您有责任过滤此数据中的不当或恶意内容。我们不建议您让用户构建和上传二进制 AssetBundle 文件。最好让您的用户上传他们的源资源,并让您(开发人员)为他们构建 AssetBundle 二进制文件。这将使您更容易通过手动和自动流程过滤掉恶意或不适当的内容。如果您升级到更高的 Unity 版本,这样还可以让您根据需要重建 AssetBundle。