Encryption in Construct 2

Discussion and feedback on Construct 2

Post » Sat Feb 11, 2017 2:40 pm

There's third party plugs already for generation, including one that uses the Sfxr code base.
We just need editors to work with them better. In C3 hopefully.

I need to say that the generation does come at a cost to cpu usage, but it should be quite useful in moderation.
Image ImageImage
B
169
S
50
G
169
Posts: 8,284
Reputation: 108,212

Post » Sat Feb 11, 2017 3:36 pm

Yeah. We can always generate a few sounds at start or when a specific action is done and store and repeat the generated soud for that action. So you have a new set of sounds on each new game
Image
B
34
S
6
G
2
Posts: 224
Reputation: 3,355

Post » Mon Feb 13, 2017 11:42 am

Base64 is not encryption. It's just a different format for the same data. Using Base64 is like swapping PNG for JPEG, it offers no protection at all, and only works if someone knows how to extract one format but not the other, which seems unlikely.

Base64 is also a text-based format so uses more space on disk and more memory too. So given how some people are worried about their games taking too much memory, that also seems like a bad tradeoff to make.
Scirra Founder
B
395
S
232
G
88
Posts: 24,368
Reputation: 193,746

Post » Mon Feb 13, 2017 6:10 pm

I wouldn't bee to concerned about your content being stolen. If it's copyrighted material, you could always wave the big lawsuit flag at the perpetrators and I'd imagine that most of them would just drop the assets and go steal them from someone else.
B
21
S
7
G
4
Posts: 233
Reputation: 3,474

Post » Mon Feb 13, 2017 9:31 pm

Ashley wrote:Base64 is not encryption. It's just a different format for the same data. Using Base64 is like swapping PNG for JPEG, it offers no protection at all, and only works if someone knows how to extract one format but not the other, which seems unlikely.

Base64 is also a text-based format so uses more space on disk and more memory too. So given how some people are worried about their games taking too much memory, that also seems like a bad tradeoff to make.


Yeah, you're totally right, but it's hidden in the code or in JSON files, so harder for anyone to look into it and to change back.
Also, I think the main use of this would be as I said to make 3rd party editors as there is no way to load animations and images from external files in C2 (tell me if I'm wrong tho)

Hasuak wrote:I wouldn't bee to concerned about your content being stolen. If it's copyrighted material, you could always wave the big lawsuit flag at the perpetrators and I'd imagine that most of them would just drop the assets and go steal them from someone else.


Yeah, but most of the time people don't really care, because, either they did not pay attention to your warning, or they know you're not rich enough to actually open a lawsuit against him.
Image
B
34
S
6
G
2
Posts: 224
Reputation: 3,355

Post » Tue Feb 14, 2017 4:44 pm

skymen wrote:Yeah, but most of the time people don't really care, because, either they did not pay attention to your warning, or they know you're not rich enough to actually open a lawsuit against him.


True, but your content has to be pretty top notch to have even the slightest chance of being stolen anyway. Just saying.
B
21
S
7
G
4
Posts: 233
Reputation: 3,474

Post » Tue Feb 14, 2017 6:37 pm

Hasuak wrote:True, but your content has to be pretty top notch to have even the slightest chance of being stolen anyway. Just saying.


True, and The next Penelope is a good exemple. As it did happen that someone stole assets from the game
Image
B
34
S
6
G
2
Posts: 224
Reputation: 3,355

Post » Wed Feb 15, 2017 12:04 pm

Here's a little game that decided to leave all its assets out in the open.

http://www.darkestdungeon.com/

So far it sold about 1.1 million copies I think?
B
39
S
16
G
6
Posts: 542
Reputation: 7,617

Post » Wed Feb 15, 2017 4:14 pm

I was part of this conversation in the C3 thread as well. A major concern of mine in regards to not being able to encrypt one's assets is that sometimes assets from a third party are licensed under the condition that the developer takes the appropriate steps to protect those assets by encrypting them.

This is done in order to protect the developer from legal litigation by said third party. Simply stated: plausible deniability. You as the developer took steps to protect the assets, and when someone hacks that encryption, you cannot be held legally responsible.

I came upon this at the GraphicsRiver asset foundry in their extended license:
11. You must not permit an end user of the End Product to extract the Item and use it separately from the End Product.

https://graphicriver.net/licenses/terms/extended

I read this, and in my opinion unencrypted assets potentially break this requirement. Tom's opinion is that as long as a Terms and Conditions statement (txt file) accompanies your game, you should be fine.

Tom wrote:Definition of "Permit": officially allow (someone) to do something.

So in my understanding of this, as long as you do not give official permission for them to take the assets you're good. Put in your T&C something along the lines of "You are not permitted to extract and use any assets in this game for any purpose". I can see how this might be interpreted in the way you say though, but doubt that's the spirit of it because it's impossible to enforce imo.

Probably best to check with Envato though of course. If you don't want to clarify that with them, let me know and I can send them an email if it's a big concern for you.

* This is my opinion, IANAL etc.


So I contacted Envato (owners of GraphicsRiver) and today Envato Market Help got back to me:

Thanks for taking the time to thoroughly research the terms of our license usage. Many people buy the assets without caring. That being said, you should be fine with an extended license but adding the statement on what is not allowed is wise. I can see how GraphicRiver assets would commonly be distributed in other items but that should cover you legally, if needed. The buyer would then be essentially doing what we ask of our buyers in our disclosures.

Go forth and prosper!

Kind Regards,


Now, the part that worries me once again is the "you should be fine" and "should cover you legally" parts. "should" will not hold up in the worst legal scenario.

Of course, it is a very slim chance that someone will care about all this, I agree. But let's just assume someone develops a game in Construct 2/3 that becomes incredibly successful, and sells tens of millions of copies. The game uses a number of assets from GraphicsRiver. The designer of those assets notices this, and downloads/installs the game on a Windows machine, and discovers that his/her assets are unencrypted, and anyone can have access to them by merely unzipping them. The designer (US based) is aware of point (11) of the extended license, and decides to take legal action against the game developer in the US.

Even though the developer included a T&C, I could imagine that US copyright lawyers shred it to pieces because of the fact the plaintiff's assets were not encrypted at all and left out in the open, because in my view (11) implies that the developer must take appropriate steps to help protect the plaintiff's assets, and a case could possibly made by high-flying lawyers that the defendant failed to do so.

I am aware that it is highly unlikely and doubtful that such a situation may occur, but the point I am making is simple: if Construct allows for a simple asset encryption option during export, the game developer won't have to run any such risk at all in the first place.

All the other game engines allow the user to encrypt their files. Yes, assets can be hacked/ripped anyway, yet I think it is a fundamental option to have anyway. At least provide the option to do so.
Win7 64- i7 [email protected], p6t Deluxe v1, 48gb, ATI 7970 3gb, EVGA 590 3GB, Revodrive X2 240gb, e-mu 1820. Screens: 2 x Samsung s27a850ds 2560x1440, HP 1920x1200 in portrait mode
B
30
S
10
G
8
Posts: 170
Reputation: 7,074

Post » Wed Feb 15, 2017 4:37 pm

There's third party plugs you can use to do that already.
Convert your assets to base64, encode them with one of the encoder plugs, add the encrypted text files to the project files.
Load by url already converts the decrypted base64 images, and there's even an audio plug to play base64 audio(haven't tried it in a while however).
Theres also an audio stream plug which has pros, and cons.

If it really is a big issue for you then you can continue down the third party path for easier methods.
In other words there are options beyond relying on Scirra.

Edit:
Supposedly C3 was to make it easier to work with the sdk, and roll our own plugs.
Of course no way to know if that's part of the free version.
Image ImageImage
B
169
S
50
G
169
Posts: 8,284
Reputation: 108,212

PreviousNext

Return to Construct 2 General

Who is online

Users browsing this forum: SaRaB and 7 guests