21 replies to this topic

[mechlore]

Im not sure if this is the right place to post this, but...

ive been searching the forum/googling for a good easy way to encrypt external text files/.gmspr files. (and possibly the entire executable and the external files it needs to access).

I need this primarily because the majority of text in MechLore is stored and read from external text files. I did this so that I could use the simple read_line gamemaker function to display a "page" of text, without needing a complicated message system. (Its also nice to be able to edit in game text while the game is running).

My problem is this.

I'm going to release a demo for MechLore very soon, but I dont like the idea of absolutely ANYONE being able to open up the text files and read/change the dialog to anything that they wish.

There are a few encryption/archive creating dlls and extensions on the GMC, but they all seem to revolve around the idea of extracting the files during runtime, at which point they're still on the players harddrive in easily editable form. Even if you have code to destroy the folders/files on game end, there is still a chance of the files remaining, as you can't always control when the user will end the game, if it crashes, etc.

It all seems rather messy to me.

The best and easiest solution that I have found, for texts at least, is a script that I found here http://gmc.yoyogames...howtopic=319847
which basically encrypts the text in the text files with a crypto algorithm. This would make it so anyone could change the files, but a read would have no idea what those text files said without first decrypting them.


Mostly this is acceptable, but difficult to implement, as I would have to manually encrpyt each text file and then add decryption code to each place that that textfile is read.


Are there any easier ways?


Is it possible to simply put all the external files in one "archive" of some type, and just read directly from it?


Even better, is there some kind of "shell" that you could encapsulate the entire executable and external files in that would basically preform like normal internally, but still prevent users from accessing or changing anything inside?


Im not looking for super hard encryption, just enough to stop the average user from being able to simply browse in, decompile the executable, edit texts, directly reuse sprites, etc.


Also... (this post is getting long)... on the subject of the decompiler and anti-decompiler...

how efficacious is this? Is it worth using? Should I try and find another way to protect my source code if im worried about people borrowing from it? (which I am... I realise people are often overly paranoid about this sort of thing, but ive been working on MechLore for what seems like forever. To be finally about to release a demo is exciting, but also seems to bear a certain degree of risk. )


Hopefully someone can help me with this... as its a problem farther beyond the scope of my ability than I think I can really figure out on my own.

Edited by mechlore, 09 February 2012 - 12:11 AM.

[Troy Martin]

I'm going to release a demo for MechLore very soon, but I dont like the idea of absolutely ANYONE being able to open up the text files and read/change the dialog to anything that they wish.

Why not? It's their copy of the game, and they're just playing around with it. I don't see why this could be a problem as long as people aren't sharing your original content...

how efficacious is this? Is it worth using? Should I try and find another way to protect my source code if im worried about people borrowing from it? (which I am... I realise people are often overly paranoid about this sort of thing, but ive been working on MechLore for what seems like forever. To be finally about to release a demo is exciting, but also seems to bear a certain degree of risk. )

If you're that paranoid about people stealing your code, you have a couple options:

• Don't release your game.
• Find the GML Obfuscator (can't remember the link).
• Ask your preferred deity (if you have one) for a lack of noobs stealing your stuff.

Encryption? Try GMLScripts. ARC4 and XOR encryption are fast and effective.


This thread should really be in Distributing Games... I'll flag it for a mod to shuffle it around if you don't mind.

[mechlore]

I'm going to release a demo for MechLore very soon, but I dont like the idea of absolutely ANYONE being able to open up the text files and read/change the dialog to anything that they wish.

Why not? It's their copy of the game, and they're just playing around with it. I don't see why this could be a problem as long as people aren't sharing your original content...

For a few reasons...

1: its unprofessional and generally just... not good.

2: They can change those text files and redistribute them at will. Literally anyone who can browse into the folder.
Imagine the thousands of versions of your game that will appear with all the text replaced with just the word "Dicks" or "Took an arrow to the knee" when literally any troll can change it.

If you're that paranoid about people stealing your code, you have a couple options:

Don't release your game.
Find the GML Obfuscator (can't remember the link).
Ask your preferred deity (if you have one) for a lack of noobs stealing your stuff.

Thats kindof the boilerplate response... "too bad" isnt really the solution im looking for though.

Im more interested in discussing the idea of reading from an archive or something along that line.

Encryption? Try GMLScripts. ARC4 and XOR encryption are fast and effective.

I believe the script I linked uses arc4... again, this is a pain to implement and the final result is still sloppier than I would like. It would probably tie in terms of time spent with just making all text internal.

Edited by mechlore, 09 February 2012 - 12:36 AM.

[Loaf]

I second encryption. There is a good DLL that encrypts and restores files with a single command that would be suitable for game start / game end. You specify a password (I suggest a serial of numbers) when encrypting so only you can revert it. Very effective.

[mechlore]

I second encryption. There is a good DLL that encrypts and restores files with a single command that would be suitable for game start / game end. You specify a password (I suggest a serial of numbers) when encrypting so only you can revert it. Very effective.

Link? I'll try it out...

Ive tried out a few of them. All of the ones ive seen either

1: Store the files in memory... defeating the purpose of external graphics, but might be fine for text files

2: Unpack straight onto the hard drive

[Loaf]

http://gmc.yoyogames...howtopic=245305

[mechlore]

http://gmc.yoyogames.com/index.php?showtopic=245305

looks interesting... I'll try it out when I get home.

last updated 2006 though... erf.

[Loaf]

Despite the date it still works fine. I implemented it into a project last year and I intend to use it again in one of my latest games, which uses massive rooms and has to load over-sized backgrounds externally.

[icuurd12b42]

GMBinfile, in my tools allows encryption of your data. It's seamless for data, you can also insert other files in the main file like a .gmspr but those need to be extracted to a temp file for GM to read them..

[kburkhart84]

You can always use whatever method you choose to extract files for GM to read, and then as soon as it finishes, delete the file yourself. This way, you are not leaving it on the hard drive, and if you are using some kind of encrypted archive, you have that extra level of security. But there is nothing that says you can't delete a file as soon as you get what you need from it.

My kbzip extension does exactly this on the graphics section. You simply call the archive background/sprite loading function. It extracts the gmspr/gmbck, loads it in, and deletes the file. It happens so fast that the file is hardly if ever seen through the windows explorer. I'm sure you can do the same for your text files, either with my extension, or another that supports encryption(mine doesn't), such as the one suggested in the post above mine. Just use GM's function for deleting files as soon as you are done.

[9_6]

You can just write some simple encrypt script and decrypt the textfiles before executing them.

However,

1: its unprofessional and generally just... not good.

2: They can change those text files and redistribute them at will. Literally anyone who can browse into the folder.
Imagine the thousands of versions of your game that will appear with all the text replaced with just the word "Dicks" or "Took an arrow to the knee" when literally any troll can change it.

This is not good enough of a reason to overcomplicate things that much.
You know filling your game with chaff like that will make it more prone to breaking down under the added weight?
More complex = more fun with debugging.

Hopefully someone can help me with this... as its a problem farther beyond the scope of my ability than I think I can really figure out on my own.

Yet you can make a game thousands of people would want to steal from and redistribute?

Suggestion: Stop worrying and focus on making the game better instead.
Unless it's online, you have no reason to use elaborate encryption schemes.

Edited by 9_6, 09 February 2012 - 05:55 AM.

[vdweller]

Now let's be rational. Even huge commercial games don't get that much attention, with people changing their text and stuff. But even if they got this treatment, I'm not sure they stayed in history because someone made a dick joke variant.

Jedi Knight was totally unprotected. So people changed its sounds, with lightsabers making fart noises etc. Please go to its wiki page, for example. Does it mention it anywhere? No? Guessed so. Will your game make it to major reviewing websites? If yes, then who cares if some idiot replaces your mech with Pamela Anderson!

If your game is good, noone will even dare to alter a single digit, because that would spoil the awesomeness.

The only valid reasons for encrypting resources are
1) To prevent spoilers (eg I open the 'enemy' directory and see images of all monsters, encountered so far or not)
2) To hinder players wanting to change game variables in order to have an easier time

...but even those reasons are debatable! If your game is played by a large amount of people, some *will* crack your safe! But then, do wish that that many people will play it!

[paul23]

For a few reasons...

1: its unprofessional and generally just... not good.

Uhm have you ever looked at other games? - Take rome total war for example - every data is simply stored in a textual based manner.

2: They can change those text files and redistribute them at will. Literally anyone who can browse into the folder.
Imagine the thousands of versions of your game that will appear with all the text replaced with just the word "Dicks" or "Took an arrow to the knee" when literally any troll can change it.

And that is a problem... why? It allows for modding of your game: something many people love to do.


Actually for textual data I can't really remember any (large) game where it isn't just readable. Sometimes it is simply grouped together & archived to save space (WC3, GTA if I remember correctly). But really the efford is neglectable for the gain. If you wish to look more professional you'll look into grouping data under archives. As in my opinion the worst thing about this is that you'll get 100s of files.

Or use them internal to GM (as datafiles) - this is the best option for minigames where you don't provide an installer. Everything is stored inside the executable.

[Loaf]

Yet you can make a game thousands of people would want to steal from and redistribute?

I hate this logic. It makes me want to scream. So many people try propose that encryption and anti-decompiler efforts are un-necessary because the game isn't reaching a massive user base for the risk of theft to be substantial.

Its too early to say whether or not this game will be substantial for a start. Its not impossible to get thousands of downloads at Yoyo Games or via advertising your work on YouTube / other mediums. It would be ridiculous to release the program then have to scramble to put in protective measures when its too late. And if the game isn't successful, it still only takes one person to steal content and make a game that could potentially reach a wide audience in itself. Theft is actually more likely in an indie environment where there are people who are under-skilled, and have little to no legal obligation, and can easily take what they want.

The people who get screwed over are always the people who aren't prepared or think it won't happen. Over protective? Maybe. But certainly not naive or stupid to want these measures in place before release.

I have seen many online cases (both in and outside of small time online game design) where people have work stolen, and even if the person who steals the work doesn't profit from it, its a matter of principal.

Its very serious to steal website content and blog content. Its serious to steal and / or upload video content to platforms like YouTube. So why is the attitude towards game creation so lackluster?

Edited by Loaf, 09 February 2012 - 11:34 AM.

[9_6]

I hate this logic. It makes me want to scream. So many people try propose that encryption and anti-decompiler efforts are un-necessary because the game isn't reaching a massive user base for the risk of theft to be substantial.

Its too early to say whether or not this game will be substantial for a start. Its not impossible to get thousands of downloads at Yoyo Games or via advertising your work on YouTube / other mediums. It would be ridiculous to release the program then have to scramble to put in protective measures when its too late. And if the game isn't successful, it still only takes one person to steal content and make a game that could potentially reach a wide audience in itself. Theft is actually more likely in an indie environment where there are people who are under-skilled, and have little to no legal obligation, and can easily take what they want.

The people who get screwed over are always the people who aren't prepared or think it won't happen. Over protective? Maybe. But certainly not naive or stupid to want these measures in place before release.

I have seen many online cases (both in and outside of small time online game design) where people have work stolen, and even if the person who steals the work doesn't profit from it, its a matter of principal.

Its very serious to steal website content and blog content. Its serious to steal and / or upload video content to platforms like YouTube. So why is the attitude towards game creation so lackluster?

Okay now how is this related to people editing plain text files to give themselves 999999 lives in that singleplayer game or the aforementioned replacement of all the dialogue with "dicks" in that roleplaying game again?
As for other resources such as graphics or sound, if someone who has half a clue of what they're doing wants it, they'll find a way to get it.
The only way to truly prevent that would be not to publish the game online. It's better to come in terms with that and accept it than to clutter up your whole project with security code out of paranoia.
Another question is, would anyone want the resources of the game in the first place?

The answer to almost all the games I see on here would be most likely a resounding no. Almost all games here look hideous (no offense but lets get real for a moment here) and the audio doesn't exactly stand out as brilliant all too often either.
As for your final question, it may be because a game is more than text and resources which you can't really protect anyway.

[Gamer3D]

I hate this logic. It makes me want to scream. So many people try propose that encryption and anti-decompiler efforts are un-necessary because the game isn't reaching a massive user base for the risk of theft to be substantial.

I don't think that's what they intended you to read it as.

I think it's more "You'll get more downloads/money/whatever with a good unprotected game than with a horrible protected game."

Its too early to say whether or not this game will be substantial for a start. Its not impossible to get thousands of downloads at Yoyo Games or via advertising your work on YouTube / other mediums. It would be ridiculous to release the program then have to scramble to put in protective measures when its too late. And if the game isn't successful, it still only takes one person to steal content and make a game that could potentially reach a wide audience in itself. Theft is actually more likely in an indie environment where there are people who are under-skilled, and have little to no legal obligation, and can easily take what they want.

Which would you prefer:
A: Your game reaches 1000 people, 5 of whom downloaded it illegally.
or
B: Your game reaches 2000 people, 40 of whom downloaded it illegally.

One thing people often fail to realize is that piracy in moderation is free advertising, because it increases knowledge of the game, which increases the pool of potential customers. Many people would rather pay a reasonable price than pirate a game; this idea is part of why World of Goo was such a success, without any software measures to prevent people from taking it. My "reasonable" price for games is usually around $5-$10 USD (Steam deals FTW!), but I have been willing to pay extra for good games (Portal 2, Civ V, Batman AA, Left 4 Dead, etc.), and have been unwilling to pay for overpriced games (Modern Warfare 1,2,3, Skyrim, etc). Note: I did not pirate those games. I have simply decided not to acquire them because they cost more than I think they are worth.

The people who get screwed over are always the people who aren't prepared or think it won't happen. Over protective? Maybe. But certainly not naive or stupid to want these measures in place before release.

Not true. Heard of Spore? A big games company spent a lot of money trying to keep people from pirating ("stealing") it. End result: One of the most pirated games ever.

In general, if you try to stop people from copying your game, you end up making your game worse for the people who legitimately acquire it (or its resources) than for the people who pirate it. And determined people WILL pirate it. There is currently no method of preventing piracy. (Just a lot of failed attempts)

I have seen many online cases (both in and outside of small time online game design) where people have work stolen, and even if the person who steals the work doesn't profit from it, its a matter of principal.

"Stealing" a video game requires only 2 actions, whether encrypted or not: Copy, Paste. Even measures to prevent this (CD keys and online activation, for example) can be (and are) circumvented.

Its very serious to steal website content and blog content. Its serious to steal and / or upload video content to platforms like YouTube. So why is the attitude towards game creation so lackluster?

The attitude is the same because they are essentially the same thing.

Content creators put data out in public. Someone makes a copy of the data. Content creator gets mad because someone didn't give them money.

A better question is why music, videos, and games are treated so much differently from text. It's generally frowned on to copy someone else's text (But it's fine again if you give credit). It's generally illegal to copy text that encodes a game, video, or music without the creator's permission.

So in short, the question is not "Why are games treated differently than music or videos?", it's "Why are music, videos, and games treated differently than text?"

[mechlore]

Hopefully someone can help me with this... as its a problem farther beyond the scope of my ability than I think I can really figure out on my own.

Yet you can make a game thousands of people would want to steal from and redistribute?

Considering that the nature of Gamemaker and other middleware is to be able to create content with as little technical knowledge as possible, I take objection to that question.




I believe that the tools that Ive found/ have been suggested will suffice. Thanks to everyone that participated constructively.

This thread has derailed a bit though.

On the subject of whether or not I should even care protecting it...

The bottom line is that its always better to make anything you value as difficult to steal as possible. Yes, we live in a world where there will always be some way to circumvent whatever you do.


Just because the lock on your door wont stop a battering ram, and that its unlikely on any given day that someone will even have the desire to rob your house.... does not mean its a good idea to leave your door unlocked.

Edited by mechlore, 10 February 2012 - 03:03 AM.

[Gamer3D]

Considering that the nature of Gamemaker and other middleware is to be able to create content with as little technical knowledge as possible, I take objection to that question.

It's more "If he can't search the forum on his own, how can he..."

I believe that the tools that Ive found/ have been suggested will suffice. Thanks to everyone that participated constructively.

Choose the resources you "protect" carefully. Some of them may be excellent modding material.

The bottom line is that its always better to make anything you value as difficult to steal as possible. Yes, we live in a world where there will always be some way to circumvent whatever you do.

You want it difficult to steal? Don't put it out in public. The instant someone downloads your game (legitimately or not), it's out in public and can be copied as the public wishes.

Just because the lock on your door wont stop a battering ram, and that its unlikely on any given day that someone will even have the desire to rob your house.... does not mean its a good idea to leave your door unlocked.

If you left a window open, adding locks to the door just wastes your time.

Note: In this metaphor, there's always a window open because someone can always crack your game/resources. In GM's case, the easiest way could be to run your code after adding code to save the decrypted files.


All we want is for you to make the best game you can. If you spend 5-10 minutes adding protection to your game, that's 5-10 minutes that would be better spent improving your product.

[Loaf]

Gamer3D, why are you ranting about game piracy for? I was talking about external files (esp. graphics and external content) being stolen and used for the wrong purposes.

[9_6]

Considering that the nature of Gamemaker and other middleware is to be able to create content with as little technical knowledge as possible, I take objection to that question.

You're speaking of "thousands" of altered copies floating around the web here.
Making an altered copy is actual work so not many people will even do it.
Maybe only 1 of 1.000 people who play your game would so you're speaking of at least 1.000.000 people downloading your game.
That is if the game was so riveting that someone would even want to take their time to alter anything and upload it.

Yet you say making textfiles non-human-readable is beyond the scope of your abilities.

Thus I call the claim of thousands of desecrated copies in question.
I think 0-10 is a bit more realistic.

On the subject of whether or not I should even care protecting it...

The bottom line is that its always better to make anything you value as difficult to steal as possible.

Your bottom line.
Fair enough though. Dabble in cryptography.
Knowing how bits and bytes work will make you better at making games but mark my words - you're making things needlessly complicated for little to no benefit here.

Just because the lock on your door wont stop a battering ram, and that its unlikely on any given day that someone will even have the desire to rob your house.... does not mean its a good idea to leave your door unlocked.

And, you wouldn't steal a car, punch a baby and steal its lolipop etc etc.
We're not even talking about piracy here so all theft and locking something to protect a scarce good metaphor is even more out of place.
What you're paranoid about would be copyright infringement at best if even that.

Nowhere here am I seeing you saying you want to sell anything.

Edited by 9_6, 10 February 2012 - 09:53 AM.