Securing C2 game against pirating...

Get help using Construct 2

Post » Tue Dec 27, 2016 12:56 am

i'm 1-2 weeks away from finishing my soon-to-be commercial game, and before trying to distribute/sell it online i wanted to know:

1- are there any issues you have run into with particular online web sites or companies that cannot be trusted because they compromise the safety of your game, intellectual property, or try to cheat you with payments?
2- what precautions should i take now to ensure my online game is not hacked/pirated? there is no such thing as 100% hack/pirate proof, i understand that...but there are lots of things we can do to ensure our titles are not easy targets? any experiences, suggestions?
3- is there a special way i should ensure game play online to prevent the C2 code from being "read"/exposed, copied?

any other suggestions, recommendations, or advice you'd like to share?

thanks a million for sharing your past experiences.
B
141
S
44
G
10
Posts: 135
Reputation: 14,103

Post » Tue Dec 27, 2016 4:45 am

Unfortunately anyone who can load the game can access the files. One thing you can do to minimize piracy (you can't stop it, and in trying to you will only make things worse for everyone) is test for whether it is being played on the right server. You can use the Browser.Domain or Browser.URL to do this. However, what you test it to is going to be plaintext in the files, so someone can crack it if they try. You could however, store it encrypted or in a way that C2's export will obfuscate it.
B
42
S
14
G
3
Posts: 165
Reputation: 5,115

Post » Tue Dec 27, 2016 8:11 pm

thanks a million Sumyjkl, what have you heard of the APK format being download?

i dont know much about advanced CAPX stuff, this is my first commercial/real game with C2 that i will be publishing, do you know what some folks have said? they discourage against posting your game on sites where the apk is exposed, or that the game is not removed from the local drive, after it is played.

not sure what all that means, and tried to research it with no luck...do you know if those things expose your game to piracy, and if so how to know which sites to distribute the game through and which sites to ignore? or what precautions to use for "removing" the game after it's played?
B
141
S
44
G
10
Posts: 135
Reputation: 14,103

Post » Tue Dec 27, 2016 10:28 pm

I know APKs are sometimes taken off Google Play etc. and hosted on other sites, is that what you are referring to? If so I can't imagine any way of guarding against that, apart from (maybe) testing for Google Play services (which would make the game online-only).

I think I know what you mean there in your second paragraph; when you play a game online you download the HTML5/Java/Flash etc. code needed to run it. Usually it's not hard to just find the files you have downloaded in this process (unless they're sneaky and only load into RAM somehow).
The reason it's not advisable is that people can download your game and reupload it somewhere else, earning ad revenue from your game and possibly hurting your reputation. However, there's not much you can do to stop this apart from testing whether the game is being hosted on the right server.

The site the game is hosted on has no power to force it to be deleted after it's played. Besides, someone wanting to get your game would just make a copy of it while the game was running.
As for what sites... There aren't any really. Google Play is good for a platform as people won't be likely to download it elsewhere, and apart from that your HTML5 can be downloaded and reuploaded easily regardless of what you do (unless you try to test for the right host).

I once made a DRM system which locked out all but certain host domains by checking against the obfuscated list of allowed domains. There are ways to do this, they just take some tinkering.
B
42
S
14
G
3
Posts: 165
Reputation: 5,115

Post » Wed Dec 28, 2016 2:11 am

Sumyjkl, thanks a lot for all of your feedback...one last question and i promise i'll stop bothering you...

Do you recommend removing all comments from the code prior to "compiling" a version to upload on a server? although the C2 comments are vital for a large project, are they published in the final version (if so, that might make pirating easier). what are your thoughts, suggestions?
B
141
S
44
G
10
Posts: 135
Reputation: 14,103

Post » Wed Dec 28, 2016 12:30 pm

C2 does not export comments with the project, they're useless at runtime.

Also make sure you enable "minify script" when exporting, to make sure the Javascript is mangled to be unreadable.
Scirra Founder
B
403
S
238
G
89
Posts: 24,660
Reputation: 196,167

Post » Wed Dec 28, 2016 3:28 pm

coolness, thanks a million Ashley
B
141
S
44
G
10
Posts: 135
Reputation: 14,103

Post » Thu Dec 29, 2016 6:54 pm

The only way to prevent pirating, is to have all of your game logic on a server application. That way the client is just a dead pile of images without the logic to run it.
https://www.ravenheart.ca/home
I don't check the forums much anymore, but I will receive an email for PMs.

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
23
S
6
G
1
Posts: 1,419
Reputation: 4,857

Post » Thu Dec 29, 2016 8:28 pm

Gumshoe2029, thank you for your comment.

while your statement may be true, i dont think it is possible with C2 to create such a game.

in my original post, i indicated that it is not possible to prevent pirating 100% of the time, i only wanted to ensure i was taking the necessary precautions to ensure it was minimized and i was not making a newbie mistake of putting it all out on the internet to easily pirate, nor was i posting on questionable web sites.

1- Ashley recommended using "minify script", and also confirmed that developer comments within the game, which are very critical during development, are never in the final build (making reverse engineering a bit more complicated and time consuming)
2- Sumyjkl suggested to test for the right host

If you know of a practical way splitting the game into server-side and client-side components, please share it. I agree with your observation, but do not think it's feasible (at least not given my limited knowledge of C2).

Thank you everyone for sharing your knowledge and experiences on this tread, i hope my game will be successful and as secure as possible, given reasonable precautions and best-practices.
B
141
S
44
G
10
Posts: 135
Reputation: 14,103

Post » Fri Dec 30, 2016 7:29 pm

hyem wrote:i dont think it is possible with C2 to create such a game.


It is. I have my development client running right now, and it works. Unless our server is down, then it just displays the background image and nothing else. Because our game client is worthless without the server application behind it, because all of the game logic is on the server. The client simply displays information and submits change requests.

I have to laugh some at all the people who think they can secure their HTML games without a server.

This post asks more or less the same question: viewtopic.php?f=159&t=185260 and I have the same answer there.

Minifying helps, but it will not guarantee that your game will not be pirated.
https://www.ravenheart.ca/home
I don't check the forums much anymore, but I will receive an email for PMs.

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
23
S
6
G
1
Posts: 1,419
Reputation: 4,857

Next

Return to How do I....?

Who is online

Users browsing this forum: angryscientist and 24 guests