Encryption in Construct 2

Discussion and feedback on Construct 2

Post » Wed Feb 15, 2017 4:58 pm

newt wrote:There's third party plugs you can use to do that already.
Convert your assets to base64, encode them with one of the encoder plugs, add the encrypted text files to the project files.
Load by url already converts the decrypted base64 images, and there's even an audio plug to play base64 audio(haven't tried it in a while however).
Theres also an audio stream plug which has pros, and cons.

If it really is a big issue for you then you can continue down the third party path for easier methods.
In other words there are options beyond relying on Scirra.

Edit:
Supposedly C3 was to make it easier to work with the sdk, and roll our own plugs.
Of course no way to know if that's part of the free version.


I am not sure whether "load image by URL" works with NW.js exported applications. Aside from this, it would be way too much of a hassle to deal with hundreds of assets this way.

Switching to an alternative is indeed the best solution in this case.
Win7 64- i7 [email protected], p6t Deluxe v1, 48gb, ATI 7970 3gb, EVGA 590 3GB, Revodrive X2 240gb, e-mu 1820. Screens: 2 x Samsung s27a850ds 2560x1440, HP 1920x1200 in portrait mode
B
30
S
10
G
8
Posts: 170
Reputation: 7,074

Post » Wed Feb 15, 2017 6:22 pm

I think Rex has plug for that too.
http://c2rexplugins.weebly.com/rex_spri ... oader.html

The hard part would be making sure you had an existing blank frame for each image.
Something you would do without encryption anyway.

I think the argument for an external spite type would be the thing to look for here.
Image ImageImage
B
168
S
50
G
164
Posts: 8,239
Reputation: 105,597

Post » Wed Feb 15, 2017 8:25 pm

After some emailing back and forth regarding the actual legal stance related to GraphicsRiver's license and unencrypted assets in released (Windows) desktop games, I asked for a definitive legal answer rather than "should be fine", and I have been moved up to level 3 support - to their legal department! Seems the situation is not as clear cut as it seems to be.

The plot thickens... I'll keep you informed - might take a couple of days.
Win7 64- i7 [email protected], p6t Deluxe v1, 48gb, ATI 7970 3gb, EVGA 590 3GB, Revodrive X2 240gb, e-mu 1820. Screens: 2 x Samsung s27a850ds 2560x1440, HP 1920x1200 in portrait mode
B
30
S
10
G
8
Posts: 170
Reputation: 7,074

Post » Wed Feb 15, 2017 10:17 pm

So I was thinking about this some more, and I guess something we could do with hopefully minimal performance impact is something simple like XOR encrypt the project name over the content of all asset files. If it's reversed at the point of loading hopefully there won't be too much delay (although this remains to be seen), and it stops you "just opening" any asset files.

The thing is this is basically homeopathy for security. It is not remotely secure in any meaningful way. XOR encryption is the type of thing treated as a joke by professionals (but it's quick and simple, which is the main reason I consider it). But - if you find the file you can't immediately open it until you figure out how to at least run the reverse XOR process. So this will function well enough to stop people idly browsing around your assets. But it won't pose much of a barrier to anyone with common technical skills. We could choose some really tough encryption, but then crackers will fall back to other tactics like scraping from RAM while your game startup time needlessly suffers.

My main objection is what does this really solve? I feel like people want to tick a box on a checklist that says "encryption" and get a warm fuzzy feeling that their work is at last safe, but that is not at all the case, even with some supposedly strong encryption. If someone wants to rip your music and sell it online, they can find a way. By far the more effective way to counter this is copyright law.

We're also a small team and I'm keen to spend time where it matters. Lots of people want exciting new features like modularity in events. I want to do that a lot more than I want to sit around fine-tuning the performance of a placebo algorithm.

So, is this really what people want? Do you really think this will make a material difference to anything?
Scirra Founder
B
387
S
230
G
88
Posts: 24,251
Reputation: 192,464

Post » Wed Feb 15, 2017 10:28 pm

I'd be more worried about protecting the whole game.
The only measure we have now is involves various ways of checking urls.
Image ImageImage
B
168
S
50
G
164
Posts: 8,239
Reputation: 105,597

Post » Wed Feb 15, 2017 10:49 pm

Ashley wrote:So, is this really what people want? Do you really think this will make a material difference to anything?

If it's quick and simple to do I think it would be a good idea to add, if for nothing else than to put people's minds at ease.

On a related note, I'd actually like to see an option to make build code less obfuscated, so end-users can mod it more easily.
B
38
S
16
G
6
Posts: 537
Reputation: 7,582

Post » Thu Feb 16, 2017 12:11 am

what if let say in stead of naming the player "PlayerObj" can we name it the same name as the game ID like "com.wizdigitech.jamwheel" so when some one is try to decode it give him hell when they search and see more than one Game ID make it harder for the to know which is the correct one to change. i am planing to do that

change all my asset and variable names to the plugins name, game id etc

seen we cant encrypt it then make it a pain in hacker ass when they trying to decode it looool wish Ashley would do that with C3 instead of you know what already
Image
B
35
S
11
G
2
Posts: 312
Reputation: 3,714

Post » Thu Feb 16, 2017 11:26 am

wizdigitech wrote:change all my asset and variable names to the plugins name, game id etc

Most of that information - such as all object and variable names - is stripped out from exported projects. So going through your projects renaming things is a waste of time, because all that information is removed.

Also if you enable "minify script", the resulting obfuscation is pretty strong protection against anybody reverse-engineering the logic of your project.

Anyways, this is pretty confusing and I can't seem to pin down what people want. There's discussion of obfuscating the project data - which is already done pretty strongly on export! - or even asking for less obfuscation (you can turn off "minify script" if you want but that doesn't make your project easy to mod).

What exactly are people after here? I'm not going to start writing a feature until I have a clear answer that makes sense about what people want and why.
Scirra Founder
B
387
S
230
G
88
Posts: 24,251
Reputation: 192,464

Post » Thu Feb 16, 2017 11:41 am

Instead of decrypting/encrypting, how about just inserting watermark over each and every sprite sheet during export? Then, when game is launched, C2/3 hides that watermark. This way, every asset is at least copyrighted to the author of that game. Also hacker(s)/cracker(s) has to at least do some clean up to be able to use those assets.

Of course this method can't be used for music and sound :/ Maybe an extra channel of noise is inserted in music file(s) on export? So if someone unzips music from game, those music pieces would be complete garbage. Then, after game launch, that noise channel is muted and music plays normally. Just an idea, dunno would it work at all.

This is my idea for this encryption/decryption topic. I don't know are my suggestions easy to implement in C2/3 but they are something to think of. Personally, I'm more interested of copyright issue than covering my assets because I do know that every game assets/GFX/music/sound etc can be ripped of from game. For example, every (or at least close to every) GFX/music piece from NES games are ripped of. People will find a way to hack your game, like it or not.

-M-
B
16
S
2
Posts: 58
Reputation: 980

Post » Thu Feb 16, 2017 12:01 pm

Ashley wrote:What exactly are people after here? I'm not going to start writing a feature until I have a clear answer that makes sense about what people want and why.

My understanding is Rayek, Eisenhans and maybe others are concerned about legal hassles with 3rd parties if their assets are exposed, and that even a modicum of protection would cover C2 users legally. Me, I'm not interested in encryption at all so you can disregard my earlier post.
B
38
S
16
G
6
Posts: 537
Reputation: 7,582

PreviousNext

Return to Construct 2 General

Who is online

Users browsing this forum: rovacado and 3 guests