API Reference
Complete reference for all public classes and methods in OZero SDK. All classes live in the OZeroSDK.Security namespace unless otherwise noted.
OZeroSecurityManager OZeroSDK.Security
The central singleton that manages all active security modules. Survives scene transitions via DontDestroyOnLoad. Access it through the static Instance property. Created automatically by OZeroBootstrapper at one of three [RuntimeInitializeOnLoadMethod] hooks before the first scene loads — do not instantiate it manually.
Properties
| Name | Type | Description |
|---|---|---|
| Instance | OZeroSecurityManager | Static singleton accessor. Returns the active instance. |
Methods
Registers a third-party callback on the user chain. The built-in default handler runs on a separate chain and cannot be silenced by unregistering user callbacks. The callback receives an OZeroSecurityEvent containing the module type, public abort code, message key, safe diagnostic message, and whether the current policy will terminate the app.
Removes a previously registered user callback. Always call this in OnDisable or OnDestroy to prevent memory leaks.
Delegate
The callback signature used by RegisterUserCallback. Read evt.Type, evt.AbortCodeHex, evt.MessageKey, evt.Message, and evt.WillAbort to decide your own UI, logging, or save-flow response.
Example
using OZeroSDK.Security;
using UnityEngine;
public class MySecurityListener : MonoBehaviour
{
void OnEnable()
=> OZeroSecurityManager.Instance.RegisterUserCallback(OnThreat);
void OnDisable()
=> OZeroSecurityManager.Instance.UnregisterUserCallback(OnThreat);
void OnThreat(OZeroSecurityEvent evt)
=> Debug.Log(
$"Threat={evt.Type}, Code={evt.AbortCodeHex}, Message={evt.Message}");
}OZeroSecurityEvent class
Customer-facing violation payload passed to RegisterUserCallback. It intentionally exposes stable, safe diagnostics rather than internal detection details.
| Name | Type | Description |
|---|---|---|
| Type | ModulationType | Security module that raised the violation. |
| AbortCode | OZeroAbortCode | Stable public abort code category. |
| AbortCodeValue | int | Numeric code value, useful for server logs. |
| AbortCodeHex | string | Hex string such as 0x0C. |
| MessageKey | string | Stable English message key for localization and analytics grouping. |
| Message | string | Safe customer-facing English diagnostic message. |
| WillAbort | bool | True when the current response policy will terminate the app after callbacks return or the grace timer expires. |
ModulationType enum
Identifies which security module raised an alert. Available as OZeroSecurityEvent.Type.
| Value | When fired |
|---|---|
| MemoryModulation | A Secure Type variable is accessed in a suspicious way |
| SpeedHack | Speed hack or time manipulation detected |
| TimeHack | System clock anomaly detected (backward jump, NTP mismatch) |
| Injection | Memory injection tool (e.g. Frida) or illegal DLL detected |
| PhysicsHack | Impossible position delta detected (fired by OZeroPhysicsHackDetector — attach to individual player objects; not auto-spawned by Bootstrapper) |
| DeviceBindingModulation | Save data loaded on a device that doesn't match the binding |
| InstallSource | App was not installed from an authorized store |
| BuildIntegrity | Assembly hash mismatch, debugger attached, or platform check failed |
| EnvironmentModulation | Emulator or non-standard runtime environment detected |
| SteamAntiPiracy | Steam ownership or ticket validation failed. |
OZeroBootstrapper OZeroSDK.Security
Zero-wiring auto-bootstrap entry point. You do not call anything on this class directly. It connects the SDK to Unity startup, loads the verified security configuration, and prepares enabled detectors automatically before gameplay starts. Native runtime protection is also initialized here when available.
OZeroSecurityConfig asset.
OZeroSecurityConfigRuntime OZeroSDK.Security
Runtime loader for the protected build-time security configuration. It validates the packaged configuration, prepares an in-memory OZeroSecurityConfig snapshot, and applies the configured threat-response policy if validation fails.
Properties
| Name | Type | Description |
|---|---|---|
| Current | OZeroSecurityConfig | The blob-hydrated config snapshot. Calls EnsureLoaded() on first access. In player builds, OZeroSecurityConfig.Instance proxies through this property. |
Methods
Idempotent loader — safe to call repeatedly. First access validates and loads the packaged configuration; later calls reuse the same snapshot. Failure handling follows the configured global threat-response policy.
OZeroSecurityConfig and the Unity editor window as the supported integration surface.
OZero Secure Variables OZeroSDK.Security
Encrypted drop-in replacements for primitive types. Values are stored exclusively in the Native C++ heap and encrypted with OZero proprietary cipher. A per-frame per-frame masking layer is applied on top, so memory scanners see only noise. All arithmetic operators and implicit conversions are supported — existing code requires only a type name change.
Available types
| Class | Replaces |
|---|---|
| OZeroSV_Int | int |
| OZeroSV_Int64 | long |
| OZeroSV_UInt | uint |
| OZeroSV_UInt64 | ulong |
| OZeroSV_Short | short |
| OZeroSV_UShort | ushort |
| OZeroSV_Byte | byte |
| OZeroSV_Float | float |
| OZeroSV_Double | double |
| OZeroSV_Decimal | decimal |
| OZeroSV_Bool | bool |
| OZeroSV_String | string |
| OZeroSV_Vector2 | Vector2 |
| OZeroSV_Vector3 | Vector3 |
| OZeroSV_Buffer | byte[] |
Supported operators
Numeric types (Int, Int64, UInt, UInt64, Short, UShort, Byte, Float, Double, Decimal) support all arithmetic (+ - * / %), comparison (== != < > <= >=), compound assignment (+= -= *= /=), and increment/decrement (++ --) operators, plus implicit conversions to/from their primitive equivalent. Vector2 and Vector3 support arithmetic and equality operators. Bool supports equality operators only. String supports ==, !=, and +. Buffer provides raw byte-array access with index operators.
stackalloc and native atomic counters, making them safe to use even in hot paths called thousands of times per frame.
OZeroSafePlayerPrefs OZeroSDK.Security
An encrypted drop-in replacement for Unity's PlayerPrefs. Key names are hashed with message authentication and values are encrypted with OZero proprietary cipher using a device-bound encryption key. The stored data cannot be read by browsing the device's registry (Windows) or preference plist (iOS).
Methods
All methods are functionally identical to their PlayerPrefs counterparts. No migration step is required — simply replace the class name.
OZeroSafePlayerPrefs is not compatible with standard PlayerPrefs. If you switch between the two, existing data will not be readable by the other.
OZeroSV_File OZeroSDK.Security
Encrypts and decrypts files with built-in integrity verification. Keys live at the app level (not device-bound), making the format compatible with Steam Cloud Save. On read, the integrity check runs before the data is returned; tampering causes an exception rather than silently returning corrupted data.
Methods
Encrypts contents and writes the protected payload (header + ciphertext + authentication tag) to path. The directory must already exist.
Reads the file at path, verifies its integrity, and returns the decrypted string. Throws InvalidDataException if the file has been tampered with.
Encrypts a raw byte array and writes it to path.
Reads and decrypts a file written by WriteAllBytes. Verifies the integrity tag before returning.
Example
using OZeroSDK.Security;
string path = Application.persistentDataPath + "/save.json";
string json = JsonUtility.ToJson(saveData);
// Write (encrypts automatically)
OZeroSV_File.WriteAllText(path, json);
// Read (decrypts + integrity check)
try
{
string loaded = OZeroSV_File.ReadAllText(path);
saveData = JsonUtility.FromJson<SaveData>(loaded);
}
catch (System.IO.InvalidDataException)
{
// File was tampered — handle accordingly
Debug.LogError("Save file integrity check failed.");
}OZeroBuildIntegrityValidator OZeroSDK.Security
Runtime validator for build tampering, debugger/timing anomalies, platform-native integrity checks, and optional Pro server attestation. The component is created automatically by OZeroBootstrapper when Build Integrity is enabled in OZeroSecurityConfig.
What it checks
| Check | Description |
|---|---|
| Assembly / Manifest | Verifies the generated integrity manifest and managed assembly state on supported build targets. |
| Debugger / Timing | Detects attached debuggers, abnormal timing gaps, and breakpoint-like pauses while suppressing common focus-loss false positives. |
| Platform Native | Runs platform-specific integrity checks such as Android package/signature checks, iOS jailbreak checks, and desktop runtime checks when enabled. |
| Pro Attestation | When Pro server attestation is enabled, requests a server-issued attestation token after local checks pass. |
Public properties
| Name | Type | Description |
|---|---|---|
| Instance | OZeroBuildIntegrityValidator | Current validator instance, if the module has been created. |
| LastValidationResult | bool? | Most recent local validation result. null before the first validation run. |
| IsValidating | bool | True while a validation run is in progress. |
| IsIntegrityVerified | bool | True after the latest enabled local checks pass. |
| AttestationToken | OZeroBuildAttestationToken | Most recent Pro attestation token. Null until server attestation succeeds or fails. |
Events and methods
Invoked when all enabled local checks pass.
Invoked when an enabled local check or Pro attestation rejects the build.
Invoked after Pro server attestation succeeds and AttestationToken contains a valid token.
Starts a manual validation run. Normal projects usually rely on the dashboard's startup and periodic validation settings instead.
OZeroSpeedHackDetector OZeroSDK.Security
Detects speed hacks and time manipulation using five independent detection signals. A threat is reported only when signals confirm each other, reducing false positives.
Detection signals
| Signal | Description |
|---|---|
| TimeScale | Monitors Unity's Time.timeScale for unauthorized changes |
| API Clock | Compares OS time API against native background timer |
| Thread Drift | Measures drift between Unity runtime timing and an independent native timing source |
| Time Backward | Detects backward jumps in system time |
| NTP | Optional — cross-checks with an NTP server for absolute time verification (requires network) |
Detection fires via OZeroSecurityManager callbacks with ModulationType.SpeedHack or ModulationType.TimeHack. Configured in OZeroSecurityConfig.
OZeroInjectionDetector OZeroSDK.Security
Observes abnormal runtime module, hook, debugger, and trusted-module policy signals. Periodic checks use jittered scheduling where applicable to reduce predictable scan timing.
What it detects
| Runtime module | Unexpected module or hook-related runtime signal |
| Debugger | Debugger or tracer attachment signal |
| Memory map | Suspicious runtime memory or module layout signal |
| Illegal DLL | Unauthorized managed assemblies loaded into the process (Windows/Unity Editor) |
Detection fires via OZeroSecurityManager callbacks with ModulationType.Injection.
OZeroSecurityConfig ScriptableObject
A ScriptableObject asset that stores global security settings. Author it in the Editor, then let the build pipeline package a protected runtime configuration for player builds. Access the effective settings through OZeroSecurityConfig.Instance.
Fields
Fields are grouped into nested settings classes (Response, Integrity, InstallSource, DeviceBinding, SpeedHack, Injection) accessed via the matching property on OZeroSecurityConfig.Instance. The most commonly tuned fields are listed below — see the inspector tooltips on the asset for the full set.
| Field | Type | Default | Description |
|---|---|---|---|
| — Top-level — | |||
| developerSecret | string | "" | Passphrase for key-derivation function key derivation in OZeroSV_File and OZeroSafePlayerPrefs. Must be unique per game and never changed after release. |
| enableLog | bool | true | Enable debug logs from the SDK (always stripped from release builds via OZeroSecLog). |
| — Response — | |||
| response.forceQuitOnDetection | bool | true | Force-quit on any threat (enforced by OZeroInternalFallbackReceiver via native OZ_AbortProcess). Disable to handle via the user callback chain only. |
| — Integrity — | |||
| integrity.useIntegrity | bool | true | Master switch for the build integrity module. |
| integrity.validateOnStartup | bool | true | Run the full integrity check at Start(). |
| integrity.periodicCheckInterval | float | 120 | Seconds between recurring re-validation runs. Set ≤ 0 to disable periodic checks. |
| integrity.checkAssemblyHash | bool | true | SHA-256 / public-key-token verification of compiled assemblies against the OZeroAssemblyManifest. |
| integrity.checkDebugger | bool | true | Detect attached managed debuggers, Unity debug-build flags, and CPU timing anomalies. |
| integrity.checkPlatformNative | bool | true | Run platform-specific native checks (Root, Jailbreak, APK signature, Authenticode, etc.). |
| integrity.failIfManifestMissing | bool | false* | Treat a missing or unloadable assembly manifest as a violation. *Forced to true in non-development player builds regardless of the serialised value. |
| integrity.requireManifestSignature | bool | false* | Require a valid public-key signature signature on the assembly manifest. Generate keys via Tools → OZero → Generate Manifest Signing Keys. *Forced to true in release player builds. |
| integrity.blockEmulator | bool | true | (Android) Treat emulator detection as an integrity violation. |
| — InstallSource (Android) — | |||
| installSource.useInstallSource | bool | true | Master switch for the install-source validator. |
| installSource.allowGooglePlayStore | bool | true | Allow installs from Google Play (toggle individual store flags for Galaxy Store, Amazon Appstore, AppGallery, OneStore, etc.). |
| — DeviceBinding — | |||
| deviceBinding.useDeviceBinding | bool | true | Master switch for device-binding validation. |
| deviceBinding.hardwareChangeTolerance | int (0–3) | 1 | Number of hardware-fingerprint components allowed to differ before the device is treated as new. |
| — SpeedHack — | |||
| speedHack.useSpeedHack | bool | true | Master switch for the speed-hack detector. |
| speedHack.checkInterval | float | 1.0 | Polling interval in seconds (clamped to 0.05–5). |
| speedHack.requiredDetections | int | 3 | Consecutive suspicious samples required before firing a violation (clamped to 1–10). |
| speedHack.useWebTimeValidation | bool | true | Enable HTTPS HEAD-based cross-validation of game time against external endpoints. |
| speedHack.webTimeUrls[] | string[] | [] | List of integrator-controlled endpoints used for round-robin time cross-validation. Configure ≥ 2 entries you control. Falls back to the legacy single webTimeUrl field only when this list is empty. |
| speedHack.minSuccessfulEndpoints | int | 2 | Minimum number of endpoints (out of webTimeUrls) that must respond with a valid Date header for a round to be considered successful. |
| speedHack.maxConsecutiveFailures | int | 6 | Maximum consecutive failed rounds before onWebTimeUnavailable escalation fires. |
| speedHack.onWebTimeUnavailable | enum | WarnOnly | Policy when web-time endpoints stay unreachable: WarnOnly (default — log and keep running, suitable for offline-first games), Strict (treat as hostile environment, fire SpeedHack callback), or Silent (no log, no escalation — not recommended). |
| — Injection — | |||
| injection.useInjection | bool | true | Master switch for the injection / hooking detector. Behaviour by build flavour: release → fail-fast; development build → warn-only (M-5 hardening, 2026-04-24); editor → ignored. |
OZeroLicenseConfig OZeroSDK.Security.License
ScriptableObject loaded from Resources/OZeroLicenseConfig. It selects the license tier, stores the Plus/Pro license key, and enables optional Pro runtime features. Missing or empty config behaves as Standard/serverless mode.
Fields
| Field | Type | Description |
|---|---|---|
| tier | OZeroLicenseTier | Standard runs fully offline. Plus enables project-bound native variants. Pro includes Plus and enables server-backed runtime features. |
| licenseKey | string | Plus keys use OZ-PLS-...; Pro keys use OZ-PRO-.... Empty key falls back to Standard/serverless behavior. |
| requireVariantManifestForBuild | bool | For Plus/Pro builds, fails the Unity build when the project-bound native Variant manifest is missing or mismatched. |
| variantProjectId | string | Optional project identifier used by the Variant preflight check when the downloaded manifest contains a project id. |
| serverBaseUrl | string | Base URL for Pro activation and server features. Leave the default unless OZero support gives you a dedicated endpoint. |
| serverPublicKeyHex | string | Public verification key provided with your Pro license. Used to verify signed responses from the license server. |
| previousServerPublicKeyHex | string | Optional previous public key. Fill this only when OZero support instructs you during a server key transition. |
| tokenTtlSeconds | int | How long a successful Pro entitlement can be trusted while offline. After expiry, Pro-only features stay disabled until activation succeeds again. |
| activationTimeoutSeconds | float | Maximum wait for Pro activation before the SDK continues in Standard/serverless mode. |
| enableLog | bool | Enables license-flow diagnostics through OZeroSecLog. |
| enableDevicePolicyHeartbeat | bool | Pro only. Periodically checks whether the current device is still allowed. |
| enableSecurityLevelCheck | bool | Pro only. Lets the server verify that the build declares the expected security level. |
| enableRemoteSpeedHackConfig | bool | Pro only. Allows Speed & Time Hack thresholds to be updated from server policy. |
| enableSignedServerTime | bool | Pro only. Uses signed server time as the primary trusted time source when available. |
| injectionWhitelistEntries | OZeroInjectionWhitelistEntry[] | Optional hash/signature whitelist entries for known trusted modules. |
Useful properties
Loads the runtime config from Resources. Treat null as Standard/serverless mode.
True for Standard, Plus, or an empty license key. False only when Pro activation should run.
True for Plus and Pro. Used by the build preflight and native Variant binding.
OZeroLicenseRuntime OZeroSDK.Security.License
Runtime facade for the current license state. It is initialized automatically at app startup, so most projects only read its state or call HasCapability.
Properties
| Name | Type | Description |
|---|---|---|
| Entitlement | OZeroLicenseEntitlement | Current activated entitlement. Null in Standard/serverless mode. |
| HasEntitlement | bool | True when an entitlement is currently available. |
| IsServerless | bool | True when the SDK is running without Pro server features. |
| Initialized | bool | True after the license runtime has completed its first startup pass. |
| IsProDowngraded | bool | True when Pro activation failed or expired and the SDK gracefully continued as Standard. |
| DowngradeReason | string | Diagnostic reason for the most recent graceful downgrade. |
| DeviceIdProvider | Func<string> | Optional override for the device id used by activation. Set before initialization if your project needs a custom identifier. |
Methods
Idempotent startup method. Usually called automatically by the SDK; custom bootstraps may await it before reading license state.
Returns whether the active entitlement includes a capability such as telemetry, signed_time, or attestation_v1. Returns false in Standard/serverless mode.
License Server Runtime Calls
Pro features use HTTPS JSON calls under /v1. These calls are issued by the SDK automatically; game code normally interacts through OZeroLicenseRuntime and module settings instead of calling the endpoints directly.
| Endpoint | Purpose |
|---|---|
| POST /v1/activate | Activates a Pro license for the current device and refreshes the local entitlement. |
| GET /v1/time | Provides signed server time for Speed & Time Hack validation when enabled. |
| POST /v1/attest | Issues a Pro build attestation token after enabled integrity checks pass. |
| POST /v1/validate | Validates an OZA token from your game server. Set consumeToken=true for one-time high-value actions. |
| POST /v1/managed-session | Validates a Pro OZA token through OZero Managed Verification and returns an allow/warn/block verdict plus a short managed session for teams without their own backend. |
| POST /v1/telemetry | Sends Pro telemetry for security events when the telemetry capability is active. |
OZeroAbortCode & Event Messages
When a confirmed security violation occurs, the SDK creates an OZeroSecurityEvent. The event contains a ModulationType, a stable public OZeroAbortCode, a MessageKey, a safe English Message, and WillAbort.
Abort code and message table
| Code | OZeroAbortCode | ModulationType | MessageKey | Message |
|---|---|---|---|---|
| 0x01 | MemoryModulation | MemoryModulation | memory_modulation | Protected memory value changed unexpectedly. |
| 0x02 | Injection | Injection | injection | Unexpected module, hook, or runtime injection signal detected. |
| 0x0A | BuildIntegrity | BuildIntegrity | build_integrity | Build integrity validation failed. |
| 0x0C | SpeedOrTimeHack | SpeedHack | speed_hack | Suspicious time scale or execution speed change detected. |
| 0x0C | SpeedOrTimeHack | TimeHack | time_hack | System clock or trusted time anomaly detected. |
| 0x0E | DeviceOrInstallPolicy | DeviceBindingModulation | device_binding | Device binding policy rejected the current device. |
| 0x0E | DeviceOrInstallPolicy | InstallSource | install_source | Application install source is not trusted. |
| 0x0F | PhysicsHack | PhysicsHack | physics_hack | Abnormal physics behavior exceeded the configured policy. |
| 0x10 | EnvironmentModulation | EnvironmentModulation | environment_modulation | Unsupported or unsafe runtime environment detected. |
| 0x13 | SteamAntiPiracy | SteamAntiPiracy | steam_antipiracy | Steam ownership or ticket validation failed. |
Treat OZeroAbortCode and MessageKey as stable public values for logs and localization. The human-readable Message is intentionally safe and may be shown in developer UI.
Handling abort events at runtime
Register a handler with OZeroSecurityManager.RegisterUserCallback if you need to flush an analytics queue, show a developer-facing warning, or persist a graceful save before the SDK aborts. Check evt.WillAbort to know whether the current response policy will terminate the app.
using OZeroSDK.Security;
void OnEnable()
{
OZeroSecurityManager.Instance.RegisterUserCallback(OnHack);
}
void OnHack(OZeroSecurityEvent evt)
{
Debug.LogWarning(
$"OZero: {evt.Type} {evt.AbortCodeHex} {evt.MessageKey} - {evt.Message}");
if (evt.WillAbort)
{
// Last chance to flush your own analytics or save state.
}
Analytics.FlushSync();
}Injection Detector API OZeroSDK.Security
Programmatic surface for the hash + signer-fingerprint whitelist. Use OZeroDispatch at runtime and OZeroLicenseConfig to seed trusted entries shipped with your game.
DTO — OZeroInjectionWhitelistEntry
[Serializable]
public class OZeroInjectionWhitelistEntry
{
// SHA-256 of the matched module file. Lowercase 64-char hex. Required.
public string HashHex { get; set; }
// SHA-256 of the module's signing certificate. Lowercase 64-char hex.
// Empty ("") means "match by hash only" (only mode for Android .so / Linux ELF).
public string SignerHex { get; set; }
// Module file format hint — "pe" | "macho" | "so". Defaults to "so".
public string Type { get; set; }
// Optional human-readable note (UI / audit only — never sent to native).
public string Comment { get; set; }
}Use this DTO when you need to seed locally trusted module entries from Unity. Pro customers usually manage the same policy from the portal.
Runtime API — OZeroDispatch
// Returns true when trusted-module policy support is available.
public static bool HasInjectionV3 { get; }
// Replace trusted module entries atomically. Pass null/empty to clear.
// Returns false when the runtime support is unavailable.
public static bool RegisterInjectionWhitelistHash(OZeroInjectionWhitelistEntry[] entries);
// Trusted-module aware scan. Returns true when a relevant runtime signal is observed.
// Output fields are diagnostic context for your review and may be empty.
public static bool DetectAssemblyInjectionV3(
out bool silencedByWhitelist,
out string hashHex,
out string signerHex,
out string matchedModulePath);All three are static helpers. Treat them as optional capability surfaces: check availability first and keep local trusted entries minimal.
Config — OZeroLicenseConfig
// Inspector array of OZeroInjectionWhitelistEntry — preferred surface.
public OZeroInjectionWhitelistEntry[] InjectionWhitelistEntries { get; }
public string[] InjectionWhitelistKeywords { get; }InjectionWhitelistEntries is the local seed for trusted module policy. Use it only for modules you intentionally ship or explicitly trust.