Menu
What's new
By:
Filters
Indie Dev

Hello Guest!. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, sell your games, upload content, as well as connect with other members through your own private inbox!

Lack of encryption

eivl

eivl

Local Hero
Xy$
0.00
We are talking about different things.
Securing data and encrypting is something completely different.

HotfireLegend said:
I just looked through some of my locally-installed games to check that, and the data files (except for music) are all in some file format I cannot read.
Click to expand...
Yes, this is normal, it does not mean that the data is encrypted, it just mean that the data is not in a container that your file system understand.

Tsukihime said:
Almost every game company I know of encrypts their data.
They employ any of the various techniques

1. Packaging into archives, which may be proprietary. Or could just be a zip file with a password.
2. Using proprietary formats for each file.
3. Encryption on files, or archives
4. Compression on files, or archives

If you're using a game engine like unity, unreal, game maker, multimedia fusion etc. they typically offer their own proprietary formats, both for security as well as performance optimization.
Click to expand...
Funny you should mention unity, unreal and game maker, those are perfect examples of engines that do not encrypt the data.
1: making a special container is not encryption.
2: same as above.
3: i highly doubt that this is a normal technique.
4: this is quite normal to do in combination with your two first points.

Tsukihime said:
To my knowledge, almost every commercial game I've looked at secures their data in some shape or form. There are hundreds of different algorithms devs have employed.
Click to expand...
And here is the conclusion, yes, they secure their data. that does not mean that they encrypt it. Encryption is used when you want to send data to someone that has a key to open the data, like when you log on to your bank on the internet.

If the question is : how can we protect our data better, then yes there are more ways to do that.
If the question is : do other game developer encrypt their data, then the answer is no, because how would the user get the key?
What they do is use DRM so you can not access the game if you do not buy it, but making the game unable to run, meaning that they is far from encrypting the data.

HotfireLegend said:
Tsukihime and Eivl: Can you provide examples of those that encrypt and those that don't?
Click to expand...
Fallout 4 had preloaded data that to my knowledge was encrypted. there was missing essential files as well, maybe the .exe file.
At launch steam gives out the key to unlock the data and when it is done it unlocks the game and you get the last files.

I can talk more about this in detail if needed!
 
cav_dan

cav_dan

Towns Guard
Xy$
-0.10
About Javascript security:
Javascript is run on a VM on a browser. What MV does is create a HTML document that is loaded via NW.js (former Node-Webkit) and run that doc on a Google V8 Javascript VM under an open-source version of Webkit.

That means, you're running it in a browser, on the client, using interpreted code that can't be encrypted or compiled in any way. You could try to download protected assets on the fly, but these files will be somewhere on your temporary files anyway.

What you could create is a Node.js module to "decode" the files (encapsulated like what people said before), maybe directly to memory (I don't fully understand that part either, if that's viable), before loading the game. You can even compile this code using JXCore, or just use a compiled program in another language. Maybe that's a way to protect stuff.

Of course, security is never perfect. Maybe if some guy wants to steal your assets, let him steal it. Later, you can call a lawyer and sue him, or just demand some compensation for using your stuff.
 
LTN Games

LTN Games

Master Mind
Resource Team
Xy$
0.01
Fr om what I been gathering is that there is very little to do in order to protect your game in a browser and I am starting to accept this because it will just motivate me to stick with desktop and mobile versions of the game. It seems browsers are the unsafest for many reasons, everyone has a browser and it seems there is no good methods of even slowing down a user attempting to crack the code. Mobile versions mainly IOS seem to be the toughest to crack at the moment because of apples encryption and not everyone Jailbreaks/roots their mobile devices meaning not as many people will try and take a crack at source of the game. Desktop is probably second unsafest but at least there is a options to protect the source. So overall it seems there is not much you can do to protect your assets and the best thing you can do is minimize the ways you share the game, maybe eliminate browser games all together, as well as take the extra steps to protect your assets on other platforms until something better is released for MV.
 
cav_dan

cav_dan

Towns Guard
Xy$
-0.10
LTN Games said:
(...) the best thing you can do is minimize the ways you share the game, maybe eliminate browser games all together, as well as take the extra steps to protect your assets on other platforms until something better is released for MV.
Click to expand...
In all honesty, I don't think a better alternative is bound to be released. I think if someone decides to create a DRM system, they're bound to make it worth their while. Not that there's anything wrong with it.

For the browser "problem", I don't even think there should be anything better. The web is open, and if you want protection, stay away from it. The only way I can see for protecting your game in a browser's terms is to set it behind a paywall. In this case, at least you're making someone pay for the assets they intend to steal.
 
Tsukihime

Tsukihime

Praised Adventurer
Xy$
0.00
eivl said:
We are talking about different things.
Securing data and encrypting is something completely different.

Funny you should mention unity, unreal and game maker, those are perfect examples of engines that do not encrypt the data.
1: making a special container is not encryption.
2: same as above.
3: i highly doubt that this is a normal technique.
Click to expand...
Oops, ya, I was under the assumption that you claimed companies do not secure their data.

Encryption isn't that uncommon. They are typically symmetric algorithms, but it's enough to deter most people from grabbing them.

If you just XOR the entire file, or XOR every 20 bytes, it would be enough to confuse most people.

I wouldn't spend too much time on coming up with a clever encryption scheme, since they would all have performance implications.
 
eivl

eivl

Local Hero
Xy$
0.00
Tsukihime said:
If you just XOR the entire file, or XOR every 20 bytes, it would be enough to confuse most people.
Click to expand...
this is quite normal.
If you spend to much time making something more complicated it will as you say just impact performance.
if you take your data, Zip it and store it using 4 bit for every byte and fill the remaining 4 bits with random and after this you xor the file entirely or in part, you will get something that is clever and difficult for a human to read, still it is not encrypted.

This example i have written to protect data earlier, it is in my opinion "good enough", people that want to steal your data can do so by reading memory instead of trying to decode the algorithm.
 
Tsukihime

Tsukihime

Praised Adventurer
Xy$
0.00
eivl said:
this is quite normal.
If you spend to much time making something more complicated it will as you say just impact performance.
if you take your data, Zip it and store it using 4 bit for every byte and fill the remaining 4 bits with random and after this you xor the file entirely or in part, you will get something that is clever and difficult for a human to read, still it is not encrypted.

This example i have written to protect data earlier, it is in my opinion "good enough", people that want to steal your data can do so by reading memory instead of trying to decode the algorithm.
Click to expand...
Why wouldn't that be considered encryption? There isn't much different from just XOR'ing each byte in a simple way, and using some full-blown algorithm like blowfish or AES.

RC4 is basically just XOR'ing a bunch of bytes.
 
cav_dan

cav_dan

Towns Guard
Xy$
-0.10
Tsukihime said:
Why wouldn't that be considered encryption? There isn't much different from just XOR'ing each byte in a simple way, and using some full-blown algorithm like blowfish or AES.

RC4 is basically just XOR'ing a bunch of bytes.
Click to expand...
If rot13 can be called encryption, almost anything can... 8)
 
eivl

eivl

Local Hero
Xy$
0.00
Tsukihime said:
Why wouldn't that be considered encryption?
Click to expand...
Because you are delivering the key with the code. Encryption means that Bob and Alice can talk to each other without anyone being able to listen. If you deliver the key with the message then even if you use an encryption technique it is not considered an encryption.

Yes you can argue that ROT13 is encryption, and yes it is, but there is no implementation of this that are feasible for security.
As my colleague of mine said (a crypto analyst for the military of defense)
Client side security does not work!
Click to expand...
I rest my case!
 
Tsukihime

Tsukihime

Praised Adventurer
Xy$
0.00
eivl said:
Because you are delivering the key with the code. Encryption means that Bob and Alice can talk to each other without anyone being able to listen. If you deliver the key with the message then even if you use an encryption technique it is not considered an encryption.

Yes you can argue that ROT13 is encryption, and yes it is, but there is no implementation of this that are feasible for security.
As my colleague of mine said (a crypto analyst for the military of defense)


I rest my case!
Click to expand...
I agree, if it is only considered encryption if it were feasibly difficult to break, then many of the techniques that computer scientists consider to be "encryption" are at best just a layer of obfuscation.

But then, what kind of encryption technique doesn't rely on the client getting the key at some point?
Because of man-in-the-middle, the key can always be obtained (if they're not careful). And then it's a matter of figuring out the algorithm they're using for encryption.
 
eivl

eivl

Local Hero
Xy$
0.00
You must do what everyone else does, regardless if you use an editor or not, obscufate your data. How, that depends on what plattform you are building on.
 
eivl

eivl

Local Hero
Xy$
0.00
no, by no means, you can have all your assets in one big file and have a wrapper around the game that unpacks all assets into memory. Lots of way to do this, it all depends on your platform.

Data.dat = all images
sound.dat = all sound
music.dat = all music
 
eivl

eivl

Local Hero
Xy$
0.00
Not sure if anyone sells a 1-2-3 solution for this or if you need to do it yourself.

You should check out if the titanium project can help you
[doublepost=1449247859,1449247788][/doublepost]I would write it myself in .net for windows and with Objective C for the mac.
 
You must log in or register to reply here.
Top