123
-=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- (c) WidthPadding Industries 1987 0|148|0 -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=-
Socoder -> Blitz -> Encrypting assets

Thu, 24 Sep 2009, 02:54
LostUser
My game has an assets folder, in which there are images, sound, etc.

However I do not want the end-user editing the images, nicking the images (as I paid for them) or altering rules.dat files as it will crash the game.

Therefore I've been thinking about encrypting assets.

I did this before but I found that it does not unencrypt in the memory and just unencrypts in the same folder.

Obviousily this isn't very good as the user could easily CTRL+ALT+DEL and have all the unencrypted assets.

Is there a way around this so that the images, sound, etc are all pre-compiled with the game or some kind of package system which is MD5'd or something.
Thu, 24 Sep 2009, 03:25
Jayenkai
Then don't leave the assets there, too long.
Give yourself a second or two to unencrypt, and load the file, then instantly delete it again once you've actually loaded it.

Do it per-file, rather than as a whole, so that even if the player were to ctrl-alt-del they'd only get to one of the files as opposed to everything at once.

-=-=-
''Load, Next List!''
Thu, 24 Sep 2009, 03:49
Afr0
The most effective way to keep people out (these days, even 10 year old script kiddies know that they can get the key to your encryption by debugging your executable in realtime) is making a proprietary archive format and encrypting each file inside the archive with a unique key (say, the hash of the file's name). To encrypt the file you could use a freely available algorithm like Blowfish.
A basic layout for a proprietary archive format could be something like so:



Then, to make doubly sure you're on the safe side, you could encrypt the entire archive with Blowfish using the archive's hashed filename as a key before outputting it to file.

Edit: You could also be creative and re-encrypt the files periodically (say, every second time your program is run) by downloading keys from a remote php script that is fed keys from a database that is periodically updated by a client-program that is run on your PC. That way, the chance of anyone ever working out the correct key to decrypt any file in the archive would be abysmally small, at least so long as your php script stays online!

-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Thu, 24 Sep 2009, 04:03
LostUser
Hi there.


Give yourself a second or two to unencrypt, and load the file, then instantly delete it again once you've actually loaded it.


Yes, I experimented with this concept -- it does work, and I guess its the best quick and dirty solution. I really don't want to go down the route of reprogramming everything in BlitzMax.


Using blowfish ... to encrypting each file inside the archive with a unique key


I do like the idea of doing this, but I am not sure if the processing would take longer, it is something I would have to experiment with.

I have done some experiments with the following code I found, it is not blowfish though;


Thu, 24 Sep 2009, 04:07
Afr0
I have no idea if that's 'safe' or not. I'm not good with encryption or numbers in general. If I were you, I'd just use something that already existed like Blowfish.


-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Fri, 25 Sep 2009, 03:54
LostUser
Okay, thanks for your help. I will try to use Blowfish to encrypt/decrypt images and go from there.

Thanks for your help.
Fri, 25 Sep 2009, 04:25
LostUser
I've found some packers via the Blitz Basic website.

Has anyone used Blitz Media-Linker V1.9?
URL: https://www.arem.us/stuff/pack.bb

Apparantly it Creates Stand-Alone-Executables (Single Executables) of your own Blitz-Programs with all the assets, this would be really useful.

I'm going to try some of the packers and see if they help

Sat, 26 Sep 2009, 15:56
Phoenix
If someone wants to get their hands on your resources, regardless of the protection technique you've used, they will either just take a screenshot and cut out the relevant bits or use a recording program to capture the music.

I say put the files in the game folder, and leave a copyright notice somewhere in there. Save yourself the trouble. People rarely steal assets; especially not from individuals, especially not for public use, and especially not anyone who'd know how to finish a game anyway.
Sat, 26 Sep 2009, 16:03
Afr0
IIRC, while it does packs them, I don't think it encrypts them.


Obviously. You can't encrypt an exe file.
That said, encryption and packing/compression are almost like two sides of the same thing. Compression is encryption with an added purpose.

-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Sun, 27 Sep 2009, 11:08
JL235
Afro That said, encryption and packing/compression are almost like two sides of the same thing.

No, it's really not.
Sun, 27 Sep 2009, 11:21
Afr0
Afro That said, encryption and packing/compression are almost like two sides of the same thing.

No, it's really not.


That depends how you see it.

-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Mon, 28 Sep 2009, 02:35
LostUser
I didn't mean to start a debate on the issue.

I've tried some the packers, one of which offers 32-bit encryption, and they seem to do the job I was after.

I think a copyright notice will help, so I will definitely put that in there.

Thanks to all for your help.
Fri, 02 Oct 2009, 08:17
NRasool
Hi there

New to this forum, with regards to protecting your assets, if you have money you could use molebox pro https://www.molebox.com/. That work very well with Blitz3d. I use it