[Off Topic]-Easy Method To Protect Game's Saved Data? |
JeZ-l-Lee
|
[Off Topic]-Easy Method To Protect Game's Saved Data?
Hi, We are currently working on a new shareware version of our word spelling game "LettersFall". We need to now protect somehow the game's saved data. Can someone make a recommendation to an easy to implement data protection scheme? The saved data is options, high scores, and most importantly shareware status. We don't need 1024Bit encryption (it's just a game and not plans for a nuclear weapon). Looking for something simple and easy to implement. I personally tried to implement a checksum, but it has some problems. The checksum reads the file as int's for numbers and ASCII values for letters. The problem is that (3+2) = (4+1) and so on. Thanks in advance for your help! JeZxLee 16BitSoft Inc. Video Game Design Studio www.16BitSoft.com |
|||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
javierecf
|
Very simple methods can be, a text file and to every character is added a certain int number then the same amount is subtracted when "decoding", that would result in a text file full of numbers with no meaning, another simple method involves making a password protected zip file.
I assume a more robust way to deal with this would be to handle your own file data as a binary data file. 2014-08-20 15:44 GMT-06:00 JeZ-l-Lee:
-- Javier Flores |
|||||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Mason Wheeler
Guest
|
Don't even bother. It's a fool's errand. Microsoft puts more engineering resources into protecting their software than you will ever have available to you in your entire lifetime, and yet the latest version of Windows literally had a working crack available before RTM, IIRC.
If you want a shareware version and a full version, make two builds, one of which has certain features IFDEFed out. If you want high score data that the user can't tamper with, store it someplace other than on the user's computer. But what you're trying to do is impossible. The fundamental question of cryptography can be summed up rather simply as "Alice wants to send a message to Bob, without Charlie being able to read it even if he should get ahold of it." The problem here is, Bob and Charlie are the same person. Mason On Wednesday, August 20, 2014 2:44 PM, JeZ-l-Lee wrote: [Off Topic]-Easy Method To Protect Game's Saved Data? Hi, We are currently working on a new shareware version of our word spelling game "LettersFall". We need to now protect somehow the game's saved data. Can someone make a recommendation to an easy to implement data protection scheme? The saved data is options, high scores, and most importantly shareware status. We don't need 1024Bit encryption (it's just a game and not plans for a nuclear weapon). Looking for something simple and easy to implement. I personally tried to implement a checksum, but it has some problems. The checksum reads the file as int's for numbers and ASCII values for letters. The problem is that (3+2) = (4+1) and so on. Thanks in advance for your help! JeZxLee 16BitSoft Inc. Video Game Design Studio www.16BitSoft.com _______________________________________________SDL mailinghttp://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Sik
|
Let's see:
- Options: it may be worth *not* encrypting this one. They only affect the player, and modifying them from outside the game may make sense if for some reason some setting makes the game unusable or anything like that. Don't waste your time with this time. - High-scores: are they local or others can see them? If they're just local again don't bother, at worst the player will cheat him/herself. If they matter on-line, then you should be storing that stuff in the server and not locally (and you should implement an anti-cheat system to detect invalid submissions). - Shareware status: the best option here is to outright not include the non-shareware data in the game, period. This means that even if it gets somehow cracked it'll remain unusable since the required data is missing. At this point anybody who wants to by-pass this will look for a cracked full version, but this would happen regardless of what mechanisms you implement. _______________________________________________ SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Robotic-Brain
Guest
|
Don't bother encrypting data for copy protection. There are whole
companies, which do nothing but DRM systems and even they get cracked quite quickly. So it's just a waste of time and effort... Additionally it's just a punch in the face of the user! Those who bought your game will definitively get problems with the encryption someday. (I have games, which I'm not able to play anymore because of that) And those who "stole" it will have a much better experience - and laugh at the "idiots" who bought it. The only useful application for encryption is getting data across an unsafe channel like the internet. _______________________________________________ SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Felix Fontein
Guest
|
Hi,
what do you want to protect it from? From being modified by the user? That's simply impossible, you can only make that very hard, but you can never stop a determined person from still being able to change it so your programm will accept the result. But still, you can make it more complicated If you want to protect yourself against data corruption (due to faulty storage media etc.), using a simple checksum is fine. But don't try something home-brewn, use something well-known instead. A simple CRC32 is already a good start, or MD5. You can find enough implementations online, so you don't really have to know how to do it yourself. In case you really want to encrypt, use a simple cipher (DES, AES, ...: again, you can find enough implementations online so there's no need to roll your own) with a fixed key which is hard-coded in your program. This obviously isn't very safe, since a determined person can extract the key and encrypt/decrypt, but that requires some technical knowledge and is a lot of work, which usually nobody bothers to invest.
That's what I meant with home-brewn. Many clever persons designed many good hash functions, and it is very easy to produce a very bad one. If you don't have very special needs, just take one which has been around for a long time. One of the simplests are CRC32 (https://en.wikipedia.org/wiki/CRC32) and FNV-1/FNV-1a (https://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function#The_hash). Or MD5 (https://en.wikipedia.org/wiki/MD5), which is completely broken from a cryptographic point of view, but which totally suffices for your application since anyone could simply compute the hash anyway, no matter what complicated hash procedure you choose. Cheers, Felix
-- Felix Fontein -- -- https://felix.fontein.de/ _______________________________________________ SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Daniel Gibson
Guest
|
Am 21.08.2014 07:25, schrieb Felix Fontein:
If you just want a checksum/hash you could make it harder to reproduce by "salting" it, i.e. you don't only hash the values saved in the config, but add some secret random string to the to-be-hashed data. Of course this isn't super-secure either, but it's better then nothing. Cheers, Daniel _______________________________________________ SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Felix Fontein
Guest
|
Hi,
this part is different from the others. You should not simply store "this is shareware" or "this is not shareware", but you should store the user's licence key (which he has to enter after buying your game). The licence key should be some kind of cryptographic signature, which can be checked with your public key (which is stored inside the program), and which can only be created with your private key (which you of course *don't* store in your program). You check the signature against the public key on every startup, and if it is valid (and the signed data good), you know your game isn't in shareware mode. A determined user can still crack your program (like, remove the check), but the probability for this is usually very low. The only countermeasures for this are adding some kind of copy protection, but these things only increase the level of annoyance, both for the cracker and often also for the end user (because of sudden incompatibilities, random crashes on some machines, ...). In case you want to do something like this, I recommend to *not* implement the crypto stuff yourself (except if you really know what you're doing). It's better to use a ready library for the crypto parts, like NaCl (http://nacl.cr.yp.to/). Using a crypto library correctly is already complicated enough, but still way simpler than rolling your own crypto. Cheers, Felix
-- Felix Fontein -- -- https://felix.fontein.de/ _______________________________________________ SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Joseph Carter
|
I kind of have to agree that even packing game data into a custom
container format has proven time and again to be merely an annoyance. If you don't want the user to have something without paying for it, don't give it to him until he does. Freemium games also work well by allowing superior players access to perks by earning points, but allowing lesser players to buy in a little at a time. They also slowly ramp up the difficulty to addict players. Of course the freemium games tend to be more casual in nature. Work out the same formula for "serious" gamers and you've got a solid business model. Joseph On Thu, Aug 21, 2014 at 04:37:29AM +0200, Robotic-Brain wrote:
SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
charlesw
Guest
|
Don't listen to the doom and gloom "More trouble than it's worth" or, "Too hard to do on your own" folks. Just store somewhere in your code, a seed value that you'll use to seed a pseudo random number generator (PRNG).
Then you take the data you want to obscure and you XOR each byte with a byte of data from your (PNRG), writing the result out to disk. To reverse the encryption, you just use the same seed for the PRNG and the exact same process, and as you XOR the data read from disk with the same stream of pseudo random digits, you convert it right back to it's original value. Quick, simple, and as long as you don't lose your seed value, reliable. It's not world class encryption, but it's so close, the people who defeat it will have to do so by figuring out your seed value. It will keep the honest players from messing with your data. On 08/20/2014 03:44 PM, JeZ-l-Lee wrote:
|
|||||||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Joseph Carter
|
If you do it this way, you MUST provide your own implementation of a
PRNG. Using whatever the system supplies will guarantee precisely the kind of problems the "More trouble than it's worth" people are talking about. Joseph On Thu, Aug 21, 2014 at 01:06:16AM -0600, charlesw wrote:
_______________________________________________ SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Mason Wheeler
Guest
|
On Wednesday, August 20, 2014 11:25 PM, T. Joseph Carter wrote:
I kind of have to agree that even packing game data into a custom container format has proven time and again to be merely an annoyance. True story, from one of the biggest games of all time: Blizzard *really* did not want people poking around in the internals of StarCraft. They encrypted and obfuscated things seven ways from Sunday, using multiple layers of confusion to keep people out. They even invented their own archive format called MPQ, and unlike civilized archive formats, it didn't contain index metadata stating the names of each file. No matter what the Wikipedia article "officially" says about it, I was there. At the start, it was designed with one very specific purpose in mind: keeping people out. Within the first year, this brilliant developer by the name of Andy Bond managed to reverse-engineer it, and figure out how Starcraft and StarEdit were accessing the archive files. He built a tool called StarDraft that allowed people to extract data files and create patches that it could insert into StarCraft at runtime (without modifying the base archive), and a big modding community took off from that. Blizzard could probably have sued him over that. Technically it was against the EULA. Heck, they probably could have sued *me* over some of the modding stuff I did once StarCraft got opened up by a handful of really smart guys like him. But do you know what they did? They offered Andy Bond a job. Today he's credited on some of their games, including World of Warcraft. |
|||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
charlesw
Guest
|
I wouldn't worry about creating your own PRNG. The ones available in
your development environment are heavily tested and any weaknesses are public knowledge, a little research will tell you all you need to know, but for this task, I wouldn't stress it if all you had was a PRNG with a known weakness. You're not trying to redefine the state of the art in encryption, you just need something quick, simple, reliable that has a seed size of 32 bits or better (bigger is better). On 08/21/2014 04:00 AM, T. Joseph Carter wrote:
_______________________________________________ SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Ken Paulson
Guest
|
If you're serious about selling your game, I would suggest joining an
organization like the Association of Software Professionals ( http://asp-software.org ). It's not very expensive and you'll get advice and support from people who've been selling independent software for decades. _______________________________________________ SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||
|
[Off Topic]-Easy Method To Protect Game's Saved Data? |
Joseph Carter
|
Didn't say write one. Just include one. Don't count on the system
library because your system library is possibly going to use a different PRNG than mine does. Joseph On Thu, Aug 21, 2014 at 12:52:08PM -0600, charlesw wrote:
SDL mailing list http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org |
|||||||||||||||||||||
|