INI protection

Post your own tutorials, guides and demos.

Post » Wed Sep 02, 2009 7:44 am

also keep in mind most knowledgeable people (not even hackers) will know which alogrithm you're using by counting digits.

Mix, cut and interleave hashes (CRC32, SHA1, MD5) to keep them guessing. Don't name the files something obvious, then you have a decent check that requieres some effort to crack.

=)
B
3
S
2
G
4
Posts: 1,445
Reputation: 4,665

Post » Wed Sep 02, 2009 10:40 am

Thanks for the suggestions.

I was thinking of renaming the file extension something different than ini but hadn't got round to trying it yet.

Also making the hash look different than what it is ie hiding it in a longer "fake" hash sounds good as well.

I'll play around with the ideas.

Thanks guys.
B
46
S
23
G
7
Posts: 459
Reputation: 6,763

Post » Wed Sep 02, 2009 10:53 am

You are spending a lot of energy on the INI protection. Sure, it grants you invaluable experience, but shouldn't you be focusing on the main project at hand?

Simple solutions oft prove to be the best. In this case, you can opt to save the INI file with no extension or obfuscated extension (not .txt nor .ini), by doing so you will stop about 80% of players from editing the file. MD5 hashing and such would only stop like 15% of the remaining 20%.

The 5% will find a way to hack into it in any case - most likely by editing values in memory.

In the future, as our projects get more serious, we'll want serious protection as well. By then, we'd have a need for encryption of some kind - scrambling the text and using a certain key to decode the content. Perhaps a plugin could be developed for that purpose, who knows?

Just my two (broken) cents.
B
62
S
21
G
12
Posts: 1,910
Reputation: 13,155

Post » Wed Sep 02, 2009 11:06 am

[quote="Mipey":2etrnszo]You are spending a lot of energy on the INI protection. Sure, it grants you invaluable experience, but shouldn't you be focusing on the main project at hand?

Simple solutions oft prove to be the best. In this case, you can opt to save the INI file with no extension or obfuscated extension (not .txt nor .ini), by doing so you will stop about 80% of players from editing the file. MD5 hashing and such would only stop like 15% of the remaining 20%.

The 5% will find a way to hack into it in any case - most likely by editing values in memory.

In the future, as our projects get more serious, we'll want serious protection as well. By then, we'd have a need for encryption of some kind - scrambling the text and using a certain key to decode the content. Perhaps a plugin could be developed for that purpose, who knows?

Just my two (broken) cents.[/quote:2etrnszo]

Thanks Mipey.

I agree with all you said. The ini protection was just a side project and to gain experience in construct and ini files that I had never used before.

For my game I'll keep the CRC32 hash and as a few others have mentioned rename the file extension. I've also kept the ini itself a bit ambiguous - items are simply numbers and I have a list to match up my variable to the ini item, if you open the ini in notepad there is isn't a nice line of text saying "LIVES" edit here.

Thanks again.
B
46
S
23
G
7
Posts: 459
Reputation: 6,763

Post » Thu Sep 03, 2009 5:52 pm

You should be aware if you're only using a well-known one-way hash algorithm anyone sufficiently determined will still be able to crack it (curious people like me open cabs, dlls, sys files etc with suspiciously small file sizes). If you really want a good solution, use something like blowfish encryption.
Scirra Founder
B
359
S
214
G
72
Posts: 22,946
Reputation: 178,528

Post » Wed Sep 09, 2009 12:29 am

Also: if there is no multiplayer, I'd say just let'em at it.

It's their game to enjoy!
B
3
S
2
G
4
Posts: 1,445
Reputation: 4,665

Previous

Return to Your tutorials & example files

Who is online

Users browsing this forum: No registered users and 0 guests