Pages: 1 2 »
  Print  
Author Topic: Encryption  (Read 3981 times)
Offline (Male) Josh @ Dreamland
Posted on: March 02, 2010, 09:04:44 AM

Prince of all Goldfish
Developer
Location: Pittsburgh, PA, USA
Joined: Feb 2008
Posts: 2949

View Profile Email
Despite what I'd like to believe (and maybe even what I'd like you to believe), making something in C++ doesn't mean it can't have its resources modified or even stolen. ENIGMA (being C++) makes sure that code isn't such a resource. No one can decompile your game. However, we do have a problem.

Because ENIGMA will be a regular system, unoptimized output executables will have the same basic format. Furthermore, because it is open source, an encryption algorithm is even more futile than it was in Game Maker. I can't just hide a seed and expect everyone to give up before finding it.

Now, in R3, rooms were stored as an array in the source code. This means that it would take a good amount of skill to modify them, but it's still feasible. Someone with a decent knowledge of how GCC handles such could probably make a tool to do it. If ENIGMA were to inherit GM's better disassemblers, we could possibly face problems with such (the hope is that since no one can get all of it, no one will write a tool to get some of it).

Fortunately, as long as you let GCC optimize your code, it should be too irregular to be removable by an automated tool. (Even if it was removed, it couldn't be decompiled other than manually, don't worry.) However, I'm not sure about unoptimized code. It would be far too much work to decompile it back to EDL (especially with the C++ goodness that gets thrown in), but it may be possible to remove entire events and replace them (making games easy to mod or cheat).

What's more, unified sprite and sound encryption is worthless. Pidgin doesn't encrypt passwords it stores for users because the developers understand that in an open source project--and for that matter, in any other project--doing so accomplishes nothing. So ENIGMA can not have a unified encryption system to protect non-code resources.

Personally I don't see this as a problem. However, I know one of the reasons people are in awe of the idea of C++ is that they think it will protect such resources. I can't think of a decent game whose resources aren't an open book (there are many Windows resource extractors. Not to mention, you Valve fans, think Garry's Mod). But, I can think of a way to fix this.

R4, as some of you are aware, will allow you to define C++ functions for use in your game. This is a great way to do with DLLs (but do note that external_define has been done for months). I could allow the implementation of a function called resource_encrypt (and one called resource_decrypt) to allow users to define their own algorithms. This would be done with the hopes that such an algorithm would not be in a uniform position in the executable every time. :eng99: If it was, it'd be as simple as writing a tool to look for like bits of code and extract the new stuff. Though they could still not decompile your code (and I am talking about the algorithm), they could call the decryption algorithm themselves, right where it sits, on whatever resources they extracted. Frankly, I think our better bet is to not waste time on encryption.

To protect room tampering, ENIGMA could hard code their creations in a large function (which would be optimized hopefully to un-uniform gobbledy... but it could still be replaced by a determined expert).

The function could be implemented conditionally; only executing if it has been defined by the user. This is just an idea I'm putting out, thoughts welcome. Especially from assembly people.

TL;DR: Paranoia resulting from the idea of really talented people wasting their time hacking games. Mods are inevitable, resource extraction is hard to stop, decompilation highly unlikely (as in, no one will waste their time on a huge game, and automation is impossible).
« Last Edit: March 02, 2010, 09:13:08 AM by Josh @ Dreamland » Logged
"That is the single most cryptic piece of code I have ever seen." -Master PobbleWobble
"I disapprove of what you say, but I will defend to the death your right to say it." -Evelyn Beatrice Hall, Friends of Voltaire
Offline (Male) retep998
Reply #1 Posted on: March 02, 2010, 12:11:17 PM

Member
Location: Where else?
Joined: Jan 2010
Posts: 248
MSN Messenger - retep998@charter.net AOL Instant Messenger - retep998 Yahoo Instant Messenger - retep998
View Profile Email
All I care about is my speedy c++ code.
I couldn't care less if someone tries to modify or decompile or rip my game.
You can never stop them completely.
Just work on getting Enigma to work, and let the userbase create it's own protection.
Logged
Offline (Male) Rusky
Reply #2 Posted on: March 02, 2010, 01:30:40 PM

Resident Troll
Joined: Feb 2008
Posts: 955
MSN Messenger - rpjohnst@gmail.com
View Profile WWW Email
Umm... You can't prevent it; why bother? Go for extensibility and ease of use rather than false security.
Logged
Offline (Unknown gender) Grundoko
Reply #3 Posted on: March 02, 2010, 02:16:55 PM
Member
Joined: Sep 2008
Posts: 22

View Profile Email
Performance over False Protection
Logged
Offline (Unknown gender) luiscubal
Reply #4 Posted on: March 02, 2010, 02:40:04 PM
Member
Joined: Jun 2009
Posts: 452

View Profile Email
Even if you can't prevent it, C++ already provides decent protection.
I mean, Game Maker games were decompiled because they were ridiculously badly protected. I mean, COMMENTS in decompiled code!!?

Let's look at the facts:
1. Compiled games have no comments
2. A significant portion of the names used in ENIGMA will be gone, namely local variables.
3. The code formatting is gone forever

So indeed, the *code* is protected. And if huge-scale proprietary games have their resources unprotected(technically, they're impossible to protect), why bother to protect them in ENIGMA?
Also, if the infringer is in the USA, you can always use DMCA to prevent decompilation.
Logged
Offline (Male) RetroX
Reply #5 Posted on: March 02, 2010, 04:58:47 PM

Master of all things Linux
Contributor
Location: US
Joined: Apr 2008
Posts: 1055
MSN Messenger - classixretrox@gmail.com
View Profile Email
I don't care about encryption; I'll probably make all of my games open-source, anyways.
Logged
My Box: Phenom II 3.4GHz X4 | ASUS ATI RadeonHD 5770, 1GB GDDR5 RAM | 1x4GB DDR3 SRAM | Arch Linux, x86_64 (Cube) / Windows 7 x64 (Blob)
Quote from: Fede-lasse
Why do all the pro-Microsoft people have troll avatars? :(
Offline (Female) IsmAvatar
Reply #6 Posted on: March 02, 2010, 05:25:10 PM

LateralGM Developer
LGM Developer
Location: Pennsylvania/USA
Joined: Apr 2008
Posts: 886

View Profile Email
While an automated encryption system would be infeasible for the reasons mentioned above, a user-interaction encryption is still relatively feasible. For example, any password-based encryption system, a user-provided seed, or an encryption based on a user-provided input (such as xor'ing 2 files).
Whatever the case, I think most of us could care less about encryption - we'd more readily implement our own if we needed it.
Logged
Offline (Male) Josh @ Dreamland
Reply #7 Posted on: March 02, 2010, 07:04:56 PM

Prince of all Goldfish
Developer
Location: Pittsburgh, PA, USA
Joined: Feb 2008
Posts: 2949

View Profile Email
I'm afraid to reread my topic considering the replies are exactly what I was trying to convey. ;_;

Really, my biggest fear is room tampering.
Logged
"That is the single most cryptic piece of code I have ever seen." -Master PobbleWobble
"I disapprove of what you say, but I will defend to the death your right to say it." -Evelyn Beatrice Hall, Friends of Voltaire
Offline (Unknown gender) Micah
Reply #8 Posted on: March 02, 2010, 07:09:29 PM

Resident Troll
Joined: May 2008
Posts: 129

View Profile
most of us could care less about encryption
I think that most of us couldn't care less. If we could care less, we would care at least some.
Logged
Offline (Male) RetroX
Reply #9 Posted on: March 02, 2010, 08:44:22 PM

Master of all things Linux
Contributor
Location: US
Joined: Apr 2008
Posts: 1055
MSN Messenger - classixretrox@gmail.com
View Profile Email
most of us could care less about encryption
I think that most of us couldn't care less. If we could care less, we would care at least some.
I think that your statement seems to be in reverse. :P
Logged
My Box: Phenom II 3.4GHz X4 | ASUS ATI RadeonHD 5770, 1GB GDDR5 RAM | 1x4GB DDR3 SRAM | Arch Linux, x86_64 (Cube) / Windows 7 x64 (Blob)
Quote from: Fede-lasse
Why do all the pro-Microsoft people have troll avatars? :(
Offline (Unknown gender) freezway
Reply #10 Posted on: March 02, 2010, 09:03:02 PM

Member
Joined: Dec 2009
Posts: 220

View Profile
I'll just open source my games anyway, i dont want slow(er) and not decompilable. Just out of curiosity, how is R4 coming?
Logged
if you drop a cat with buttered toast strapped to its back, which side lands down?
joshdreamland: our languages are based on the idea that it's going to end up FUBAR
/kick retep998
Offline (Male) Josh @ Dreamland
Reply #11 Posted on: March 02, 2010, 10:12:23 PM

Prince of all Goldfish
Developer
Location: Pittsburgh, PA, USA
Joined: Feb 2008
Posts: 2949

View Profile Email
Sometimes one bites off more than one can chew. Like including windows.h. It introduced a few concepts I saw in Boost but was afraid of. So those have been implemented. Other than that, it's going pretty swell. :P

Anyway, it's nice to see that those who hang around these boards are more down-to-earth.
Logged
"That is the single most cryptic piece of code I have ever seen." -Master PobbleWobble
"I disapprove of what you say, but I will defend to the death your right to say it." -Evelyn Beatrice Hall, Friends of Voltaire
Offline (Unknown gender) The 11th plague of Egypt
Reply #12 Posted on: March 04, 2010, 10:17:56 AM
Member
Joined: Dec 2009
Posts: 276

View Profile
Com'on people, it's good to see someone design for securety. However, cheating is only harmuful in multiplayer games,
and I don't see any WoW coming out of GM coders any time soon. But, if you really care, you can just implement some
server-side checks, right?
Logged
Offline (Male) Rusky
Reply #13 Posted on: March 04, 2010, 10:40:31 AM

Resident Troll
Joined: Feb 2008
Posts: 955
MSN Messenger - rpjohnst@gmail.com
View Profile WWW Email
Designing for security your own security is one thing; designing for everyone else's is something else.
Logged
Offline (Unknown gender) Micah
Reply #14 Posted on: March 04, 2010, 05:58:42 PM

Resident Troll
Joined: May 2008
Posts: 129

View Profile
But, if you really care, you can just implement some server-side checks, right?
This is really the only non-stupid thing to do even when you have super-fancy-compiled-encrypted code.
Logged
Pages: 1 2 »
  Print