Are you concerned about securing your assets in browser games?

[Tsukihime]

With the browser demo, one thing is clear: by default there is probably not much in terms of security for your assets.

What does this mean for you as a developer?

• People can take your graphics
• People can take your audio
• People can take your scripts
• People can take your fonts
• People can take your videos
• People can take your data
• People can take your cat pictures also

Word from the official forums: we know it can be done...just don't do it! We can ban!

Which isn't a good sign for those that wish to have better security.

Does absolute security exist for browser games?

No. Probably not.

There really isn't a way to prevent people from taking your resources: if the files are sent to their machine, they will be able to analyze it and do whatever they want with it.

Can we do anything about it?

As it stands, all of your assets can be taken without any effort on the player's part. Things CAN be done in an attempt to deter them from simply copy pasting it.

Proprietary Formats

A "proprietary format" is basically a "custom" format, where the specifications are typically not published for everyone to see and use. Rather than using one of the "common" or "standard" formats like PNG, or OGG, or AVI, you implement your own way of storing the data.

If you worked with RM2K, they came with an image format called "xyz".
In XP and above, all of the assets (except for audio and video) were packed into an archive called "rgssad", "rgss2a", or "rgss3a".

Of course, these formats have also been reversed and tools are available to convert and unpack them.
However, that means that someone had to go and provide such a tool, and there are in general less people that can perform reverse engineering work than people that want the resources.

One problem with proprietary formats is that your game needs to be able to read them as well, and if players can take your scripts, they will eventually find how the game is loading the resources by looking through the scripts and all they have to do is do the same thing.

So even proprietary formats are not completely fool-proof and may be easy to take figure out, but it should at the very least deter people from taking them.

Other Solutions?

What are some techniques you can think of to make it more difficult for people to "rip" your resources?

 

[Amysaurus]

That's something I've been wondering about for a while.

I know how crazy everyone went over resources being snagged from the MV demo, and it makes me unsure that I'd want to post a browser game at all. I'd really rather not have any resources (especially ones I had to pay for/made myself) taken without my knowing. I really like the idea of browser games being an option, but I'd like to have at least a some sense of security regarding resources being stolen.

I will give the staff this - they probably weren't expecting people to catch on to that so quickly, but it's still a major problem.

 

[HotfireLegend]

I would heavily advise adding a line in your resource TOU about usage in browser-embedded games.

I would never browser-embed a game that has more than RTP in it.

 

[Tu Chau]

I'm concerned about this issue too but I don't know much about the way we can protect our resources. I think there some way like denying access from others but the game its own or somehow to make the scripts unreadable (or at least hard to read).

 

[HotfireLegend]

If you obscifuciate (can't spell it) the script, it can be undone anyway.

 

[Tsukihime]

If you obscifuciate (can't spell it) the script, it can be undone anyway.

That depends on what kind of obfuscation you're using.
If you simply uglify it, I can just beautify it.

For example, here's a script for unlimited resolution, which is uglified

!function(){var a=Graphics.initialize;Graphics.initialize=function(b,c,d){b=1920,c=1280,a.call(this,b,c,d)}}();

If you beautify it, you'll get

! function() {
    var a = Graphics.initialize;
    Graphics.initialize = function(b, c, d) {
        b = 1920, c = 1280, a.call(this, b, c, d)
    }
}();

Which is really easy to read.

However if you had something like this...

But I don't think there are any tools that will take javascript and convert it into something messy like this.

 

[HotfireLegend]

If I really, really wanted to, I could try. But I'm not that bothered :P

 

[Rise Evil]

To be honnest, this is one of the reasons I'm against game browsing. For now, I think it's better to not browse at all. It's a great concept, but too risky at the same time I'm afraid.

 

[LTN Games]

Im not too worried about resources being stolen, but It is still a concern to think about. I would not be sure of any alternatives or fixes other than making it so complicated the resource hacker wont bother with attempting it. If it was hard enough to decompile then not everyone will attempt it and it will reduce the amount of stolen work. I would like to see what idea people come up with though.

 

[Maebius]

Well, the few games I am pondering wouldn't be Commercial, and use the standard Resources, or any I custom-draw/create. As such I'd be pleased as punch if I found one of "my" arts out there someday in the wild. I'm posting it free, anyway, right?

Howeve,r I do see the issue with more commercial games, or folks who might use a lot of custom Stuff. Browser is as Browser does though, and it's an issue since the dawn of HTML, really, without a clear-cut and easy solution I guess.

 

[Rise Evil]

Im not too worried about resources being stolen, but It is still a concern to think about. I would not be sure of any alternatives or fixes other than making it so complicated the resource hacker wont bother with attempting it. If it was hard enough to decompile then not everyone will attempt it and it will reduce the amount of stolen work. I would like to see what idea people come up with though.

However, if a minority managed to do it, they might fully distribute to a vast array of people in the process. Your idea is good though ^^

 

[Cloud Knight]

The Way I See It Is "Commercially" The Html5 option would be worthless anyway. for the example above also as well most "browser games" are free anyway. Although those with the mobile market, mostly Android has the same problem. Not So Much Resources Stolen, But games themselves! as for me i couldn't care less in fact. if someone want's to go out the way to steal my game, it must mean it's that "good" i may loose out on a dollar or (whatever it is) if it's commercially released but then again it's all about "marketing" depending on how we can setup the apks! (like having ads shown) or someone get something out of it. may as well have paid and free versions. that way if someone really likes the game, who downloaded it for free. want's to toss some money at the dev, he could have the option.
so yes there is a problem in this area. which leads back to protecting your stuff, ect. so we gotta find a way around it. or embrace the inevitable and just keep it plugging...... personalty a lot of my free games with custom content or even fan games that get's protected under fair use act will be html5 browser games, so that way i can advertise them on game jolt. new-grounds ect build a name up. it all comes down to choice !

 

[dcsant]

I don't think that browser games are an attractive business today. For now, I pretend to sell my games on android.

 

[Storytailor]

I believe there is an auto-formatting tool in some IDE's, although immediately none come to mind... whatever the case, I feel uglifying chunks of code would do little to nothing for the persistent. Browser games I see as a means of advertising content, more putting out the free info for anyone with a web browser to come across, whereas those who seek to actually sell their games will do so in other formats.

In other words, yes, I would be worried about resources being stolen; however, as I will not be posting JavaScript within an HTML page, I'm not worried - not using such means is the best means of security, I suppose. ;D

 

[Tsukihime]

In other words, yes, I would be worried about resources being stolen; however, as I will not be posting JavaScript within an HTML page, I'm not worried - not using such means is the best means of security, I suppose. ;D

Do you mean you won't be offering a browser version?

 

[Storytailor]

Do you mean you won't be offering a browser version?

For my first project, I wasn't planning on it; my goal is to exercise some JavaScript and create a mobile app (though I suppose it wouldn't hurt to expand to Windows and OS X)... But for creating a browser version, I don't know that I see any use for it.

What are your thoughts on embedding in an HTML page? Do you have a personal website you're looking to post it to, or is there a site that would allow for you to share (maybe that you prefer)?

 

[Tsukihime]

What are your thoughts on embedding in an HTML page? Do you have a personal website you're looking to post it to, or is there a site that would allow for you to share (maybe that you prefer)?

I will likely be posting them on Kongregate as well as my website.
It also gives me an opportunity to put together a kongregate badge API.

Unless "embedding in an HTML page" was referring to something else.

 

[Storytailor]

I will likely be posting them on Kongregate as well as my website.
It also gives me an opportunity to put together a kongregate badge API.

Unless "embedding in an HTML page" was referring to something else.

No no, that's exactly what I was asking. I should go do research first, but I think I'll just ask straightaway: what is Kongregate? Also, do you have a focus on making free or commercially-sold games? Just curious.

 

[Tsukihime]

No no, that's exactly what I was asking. I should go do research first, but I think I'll just ask straightaway: what is Kongregate? Also, do you have a focus on making free or commercially-sold games? Just curious.

Kongregate is an online game portal.
I think it has a pretty large audience, which would be pretty good for custom assets because, while you probably can't stop people from taking it, the more people that know about you and your games, the higher the chances that someone will report games that are using your content.

For the other questions related to my own plans for the future that should probably go in another topic.

 

[Bizarre Monkey]

I don't even encrypt my RPGmaker games, so short answer... no.

Long Answer:
NOO-OOOOOO-OOOOOO-OOOOOO-OOOOOO-OOOO-OOOOOO-OOOO.

Mostly because, someone would have to be a lunatic to bother stealing something made by me, who is so untalented, but also because the CCC has a very recognizable style and the infamy we've accrued means someone would be hard pressed to make anything of us and get away with it. Not saying we'd do anything unless we found out, which is unlikely, but we do have a lot of reverence around the place and even on RMwebs where most of us are banned, most of the staff there know me or what I make as we were friends once, like I said, disagreements.

And as much as they may not like me I'm sure they'd call out plagiarism, because advocating it would hurt them, too.

But with how many pretty games there are out there I just somehow don't think it's likely? It's much more common for generic easily-reusable resources to be taken and used, perhaps even un-credited or at worst plagiarized.

I think the kind of things we make are probably a bit too fucking weird to be of any worth in comparison to a game like say, Ara Fell- or Moonchild. Grossly pretty and fairly generic games graphically. Those are big targets for plagiarism because the resources are:
A. Very rarely not immaculate in detail and beauty.
B. Made to suit a variety of levels and to please the unenlightened masses.
C. Usually in a similar style to the engine's RTP, thus difficult to trace unless the game is absurdly well known and respected (see Ara Fell).

There's also just the fact that even encrypted projects, are easy to crack open like a walnut, and software for doing it usually exists within the first three days of release.

Not saying I advocate those programs, but if you are worried people are going to crack into your encrypted files, and they actually do plan to, it will be done. I've seen firsthand the determination and thrill pirates and hackers alike get out of breaking through DRM and encryption.

And the more you try to safeguard your stuff, the more determined it will make them, that's how it works-- it's like a game, and the moment the game tosses a challenge their way, they know they can have fun.

My general advice is to not bother, and seek immortality through absurdity, then making generic pretty RPG #366, but that's just me!

If anyone actually manages to make a successful game using resources me or my team created and tries to claim they made them, we've got ways to prove it was originally our work.

If anyone actually manages to take one of my eventing systems and put it to better use than me, I'd sooner hire them than tell them that isn't cool. Half the reason I leave my projects unencrypted is because I remember when I was a young rpg mak babby and i wanted to see how people did things, when they encrypted it I was pretty much always annoyed.

So in the interest of player and developer learning, I leave them open.

Best case scenario, someone makes my evented system leagues better.

Worst case (and the most common) scenario they are scared off by the complexity.

I would heavily advise adding a line in your resource TOU about usage in browser-embedded games.

I would never browser-embed a game that has more than RTP in it.

I would never browser-embed more than a test/concept demo because those load screens? Ahahahaha no thanks.

That game didn't even have battles for pete's sake.