Lack of encryption

[HotfireLegend]

Ignoring the whole argument about whether it's worth encrypting at all (because that's a whole different can of worms, but it IS worth encrypting even to a basic level if your project has custom or paid-for resources as that is the difference between a random unmotivated individual and a determined ripper getting their hands on them and/or using them) - is there any way to encrypt html5/js for non-web deployment?

So far, my research has told me that it isn't possible to encrypt html5, but js can be obsuficated(sp?). I have not heard anything regarding images, music (the latter I believe can't be encrypted anyway?), etc. This makes me think MV isn't viable for commercial use if it is impossible...

 

[eivl]

talking about ios, android, pc and mac now?

anyway, yes it is possible to encrypt your files. is it practical? well.. not realy,

http://www.justbeck.com/three-ways-to-encrypt-phonegap-and-cordova-mobile-applications/

for mobile, i would go for a phone gap build encryption plugin.

 

[LTN Games]

I'm more worried about browser games and their encryption. I don't want the assets I have, to be easillt accesible on my server , is there are way to do hide, encrypt or move the image/audio/plugin folders, maybe even have them on a seperate server and the main game on another server. Can you scramble our RM games? I'm curious about this topic because I may not even do browser games if the protection of the game is so weak.

 

[eivl]

No matter what you do i would still get your assets, maybe not on ios. So, since most people are not like me, you should obscure the data. It is not safe in any way, shape or form, but it would make it harder.

You must decide how hard a user must work to get the content, let is say that only one in twenty should be able to get content, how hard is for 5% of any userbase to do it.... Uglify the code should be enough.

 

[LTN Games]

So something like JS Scrambler should uglify the code enough that it will make a majority of users unable to find where anything is located.? Should I also be renaming my folders before uploading and making sure the game looks for a different folder than the defualt names.?

 

[eivl]

Short answer is yes, but depending on the plattform, you would need more.
I have not build any projects and then try to unbuild them. I might try it soon. Need to get some quality coding time this weekend :)

But, original question was based around if this is a safe plattform to release commercialy, answer is, it is the same for everyone else who develop applications or Games, you must choose your own way to do it.

Maybe i could make something for commercial use down the line. Guessing nobody are close to something commercial jet.
[doublepost=1447431176,1447431020][/doublepost]Clarification, you can encrypt your game, but where should you store your key? If it is done one the device that is not secure even if it is encrypted.

 

[HotfireLegend]

If the game was encrypted with a random algorithm (unique to each game) and this random algorithm was used to generate the encryption key, that might work well enough.

 

[eivl]

no, would not work....
[doublepost=1447469973,1447468579][/doublepost]You could use cordova and have the key be something unique like the apple ID thing. but that is also why i said that ios might be safer in this case
[doublepost=1447470019][/doublepost]Android -> Java can easily be decoded since the key is on the phone

 

[HotfireLegend]

How much effort would it take to do a simple decryption like that tho?

 

[eivl]

it is no effort, but not a lot of people knows how to do it.
depends on your platform and depends on your time. If you spend 1000 hours getting a good encryption and then later it does not impact your sales in any way, you have spend all that time that you could have spent on making the game better.

In my honest opinion, wait for someone else to make security solution for this, and focus on creating a better game.
Stay away from web deployment and use your time one PC/Mac, Android/iOS/windows phone

 

[HotfireLegend]

Exactly my point - if not many people know how to do it, and you're up against a population of 1000 people, 800 of which are pirates and 200 of which are unmotivated individuals who don't care about copyright and want to copy your game/resources (and are unlikely to bother with trying to crack your game if it's encrypted) then you will at least have protected against those 200 people. It's not much, but it's something.

(Note: legit purchasers and enjoyers not taken into account in above numbers :P)

 

[eivl]

Well, i know of no big game company that encrypts their data. Copying assets is illegal and that is that.

 

[Boy Who Codes]

Encrypting is nice, if you don't want your stuff to be stolen. But what is the chance that someone out there won't be able to create a decrypting tool? There's always someone. Remember in RMVXAce? Early when it was released there was a program called RGSSAD (RGSSA decrypting tool) where it gets / steals all your assets. We can't prevent this 100%, but that's why there's licensing, DRM and whatnot.

I suppose TCrypt does not work anymore for graphics and music for RMMV though, I don't know, considering there's the android / iOS feature.

 

[HotfireLegend]

Well, i know of no big game company that encrypts their data. Copying assets is illegal and that is that.

I just looked through some of my locally-installed games to check that, and the data files (except for music) are all in some file format I cannot read. There's some 3D stuff which are "packages" but I don't know what program that goes with. There's some image resources like textures that aren't encrypted - but the main difference I believe here is that we don't actually have the engine capable of essentially extracting these resources and using them, even if we had them. Tilesets aren't so "strict". They can be used in a lot of 2D apps.
Plus, while I can't read many of the games' data files, JSON format is easily readable.

 

[Potato_Coach]

Well, if you're planning to upload your game in windows you could search the help file of RMMV for Enigma and read the instructions...

 

[Tsukihime]

Well, i know of no big game company that encrypts their data. Copying assets is illegal and that is that.

Almost every game company I know of encrypts their data.
They employ any of the various techniques

1. Packaging into archives, which may be proprietary. Or could just be a zip file with a password.
2. Using proprietary formats for each file.
3. Encryption on files, or archives
4. Compression on files, or archives

If you're using a game engine like unity, unreal, game maker, multimedia fusion etc. they typically offer their own proprietary formats, both for security as well as performance optimization.

I'm not sure which big game companies you are talking about or which country they might be based in, but I'm pretty sure most businesses try to at least protect their assets from being cracked and distributed on the first day or week of release.

Yes, copying assets is illegal, but people still do it anyways for their own hobbies.
Modding is an extremely popular scene and if they can grab their favorite models from their games and do whatever they want with them, they will go and do it.

 

[LTN Games]

I would love to be able to do this to mv games. Packaging them or renaming them in a way that the file format is not known unless you try opening the in a different software . No one will look in a folder named gch when all that is in it , is .gh files that no one would know what opens it. When really it's all image files that mv can read properly. I feel this is far in the future at the moment and the best we can do is encrypt desktop versions and not release Web browser versions for now until a better solution is available.

 

[Tsukihime]

I would love to be able to do this to mv games. Packaging them or renaming them in a way that the file format is not known unless you try opening the in a different software . No one will look in a folder named gch when all that is in it , is .gh files that no one would know what opens it. When really it's all image files that mv can read properly. I feel this is far in the future at the moment and the best we can do is encrypt desktop versions and not release Web browser versions for now until a better solution is available.

Custom proprietary formats are much easier to implement in MV than it is in Ace. Mainly because we have full control over how things like images, audio, video, and even data files are read.

Of course, the next problem is the fact that the code is on the client-side, so anyone that's interested in reversing it and providing a tool for others to use have a much easier time.

Unless the code is protected, which it LIKELY can't be because you can't, for example, hide it inside a DLL or your executable, there isn't much that can be done.

Of course, I'm talking about people that have experience in reverse engineering, and I'm just going by how I would attack the protection system. Maybe there are ways to protect algorithms in javascript that I'm not aware of.

For most people, if they see an extension called .gh, they will google "how to open .gh" and come across sites with people giving stupid suggestions like "rename to zip and then use winzip!"

So you're pretty safe until a reverse engineer comes along.

 

[HotfireLegend]

Tsukihime and Eivl: Can you provide examples of those that encrypt and those that don't?

 

[Tsukihime]

Tsukihime and Eivl: Can you provide examples of those that encrypt and those that don't?

Yes: http://aluigi.altervista.org/quickbms.htm
If you scroll down to "My scripts:" you'll see a list of scripts that aluigi has written to work with different games' resources.

Here's an excerpt

Ether Saga . \x31\x95\x34\x69
Eve Online . Eve Online
Evocron Legends
Excitebots . ExciteBots: Trick Racing . ??? . 0TSR . 0SERCOTE
Ezbind . gzip . EZBIND\0\0
F12010 Nefs . Codemasters F1 2010 Nefs . lzss
F12015 Erp . F1 2015 ERP . ERPK
F3ar Prebuild . F3AR / FEAR3 PREBUILD (script 0.1b) . zlib . mgf
F460 Config Bin . F460 F660 F420 config.bin . unzip_dynamic . \x99\x99\x99\x99 . \x44\x44\x44\x44 . \x55\x55\x55\x55 . \xaa\xaa\xaa\xaa
Factor5 . Factor 5 games (script 0.2) . zlib_noerror . ctp0
Fallen Earth Encryption Test . calldll
Falling Skies . Falling Skies: The Game (script 0.1.1)
Fallout1 . Fallout 1 . lzss
Fallout2 . Fallout 2
Fantasy College . Fantasy College Online . RVP\0\0\0\0
Fantasy Tennis . aes
Farming Simulator Lua . Farming Simulator 2013 patch 2.0 Lub->Lua decrypter
Fashion Forward . Fashion Forward . \x37\x75\x43\x23 . \x01\x00\x00\x00
Fastlane Pinball . Fastlane Pinball . zlib_noerror . 0xc3
Fat2 Fat3 . FAT2 and FAT3 Ubisoft games Dunia filesystem (sciprt 0.1.2) . 3TAF . FAT3 . 2TAF . FAT2 . lzma_dynamic . lzo1x . deflate . xmemdecompress . XMemDecompress
Fatal Frame . Fatal Frame / Project Zero: Maiden of Black Water (script 0.1.1) . LFMO . LNS5

This is the tool that I use to unpack or decrypt/decompress archives.
To my knowledge, almost every commercial game I've looked at secures their data in some shape or form. There are hundreds of different algorithms devs have employed.