|
|
|
This thread is locked; no one can reply to it.
|
1
2
|
| Save-file encryption |
|
kdevil
Member #1,075
March 2001
 |
I've been wondering about this for a while now... How do you encrypt a saved-game file so people won't be able to just go in and 'adjust' their score or level? ----- |
|
23yrold3yrold
Member #1,134
March 2001
 |
Click here. Part of GameDev that actually IS working right now This is something I've been thinking about myself; I'd like my animation editor to be able to encrypt files via a key so people can keep others from stealing their graphics -- |
|
Derezo
Member #1,666
April 2001
 |
There's also packfiles "He who controls the stuffing controls the Universe" |
|
Sirocco
Member #88
April 2000
 |
I had this tremendously huge post over at a private forum describing in detail how I go about encrypting the save files for FB demo 2, but I don't feel like reproducing it for obvious reasons But think about this: along with modification on the byte level, why not also cut the file data into 'chunks' of various sizes and rearrange them as well? Tie that into a simple algo with a random key (like maybe the time/date stamp on the file?) and you've got some really kooky possibilities. It works quite well ^.^ --> |
|
Bob
Free Market Evangelist
September 2000
 |
Of course, it won't help against determined people who have your executable and a disassembler -- |
|
23yrold3yrold
Member #1,134
March 2001
|
As I understand it, nothing will help against such an individual -- |
|
Thomas Fjellstrom
Member #476
June 2000
 |
Quote: All you can really do is just make it too much trouble to be worth the effort Although, to such individuals, the 'trouble' makes it worth the effort... -- |
|
Sirocco
Member #88
April 2000
|
Quote: Of course, it won't help against determined people who have your executable and a disassembler This is, unfortunately, the truth of the matter. Even in the world of copy protection, where Star Control II reigned supreme, there were working TSR cracks -- albeit very few that actually worked consistently. Seems the developers got the idea of grabbing up unused interrupts so would-be crackers couldn't find anything to latch their scopes on to. According to... damn... what was his name... of INC, they forgot about one interrupt that was at the time undocumented, and he latched onto it successfully and started doing his snooping around The crack worked, but made the game so unstable I eventually bought a real copy just so I could play the game for more than ten minutes without it crashing --> |
|
Dark
Member #749
November 2000
 |
Can't you just write out an ascii file, and add a number to every ascii value of every character? Like adding 128 to everything? It will make it look like garbage in most text editors. Or just squares with some fonts
__________________________________ |
|
spellcaster
Member #1,493
September 2001
 |
Save file encryption is not the key anymore... there're very elaborate tools available to get thegfx out of the running program, scan for changing values (like scores) or even scan for changing values and try to find out if there's a relation between these changing values and the one the user is searching for. There're also some "trainers" out there which try to automatically skip levels by checking the asm, and then trying to find the win scenario (the jump condition) and then faking it. In other words: In a single player game, it's normally not worth the effort. if the player wants to cheat, let him. It's his experience which gets destroyed. If somebody wants to rip the gfx, he will. There's still the screenshot and magic wand. Take a look at the many rips from comercial (and comercially protected) files, the amount of "p1r8 copies" etc. which floats around. Most security schemes can be "killed" by turning a conditional jump to an unconditional one. No big deal here. Once this is done (and if there's interest in the game), the modified version will float the web... While blizzard managed to get a good scheme working for starcraft, people simply started using Blizzard's own routines (stored in a dll) to load and save the encrypted values. If they want to hack your game, they will. Then they'll make the modified version available on the web - and you've spend a lot of time with wasting your time -- |
|
amarillion
Member #940
January 2001
 |
Quote: Can't you just write out an ascii file, and add a number to every ascii value of every character? Like adding 128 to everything? It will make it look like garbage in most text editors. Or just squares with some fonts Yes of course, that works as a very basic protection scheme -- |
|
DanielH
Member #934
January 2001
 |
You shouldn't be worried about someone hacking on your games. Because it's not safe no matter what you do. To get a fair amount of protection: Use packfiles with a password attached. Just don't hardcode the password in your game like this. char my_password[ 13 ] = "mikey doodle"; Thats' the first place I look when I want to look at someone's password protected datafiles. And I usually find it. Unless the exe has been shrunked with upx. Which is another good idea to do. This will show up in the exe file where it keeps all it's strings. What I do and does about the same thing is this. char my_password[ 13 ] = { 'm', 'i', 'k', 'e', 'y', ' ', 'd', 'o', 'o', 'd', 'l', 'e', '\0' }; |
|
Mandrake Root Produc
Member #300
April 2000
|
yeah, but I like Sirocco's point of view: if they are going to hack it, make it a challange. Make it so they'll be up for months on end just trying to figure out the right clever hack to get right into the code and try to extract something from it. And their are ways around screen capturing...all of which I've used (which really piss some people off...heh). but in the end, it's all this: paranioa doesn't matter. Hackers don't matter. Encrypt it because you want to learn how to encrypt it. Fuck any other reason. |
|
Dark
Member #749
November 2000
|
Oops, I left out the last part..!:o Quote: Can't you just write out an ascii file, and add a number to every ascii value of every character? Like adding 128 to everything? It will make it look like garbage in most text editors. Or just squares with some fonts.
You could do something, like use the day of the month the file was created to choose what number to add, then you have 31 different ways to write the save files. Added on top of that, you could write two files, and compare them? You could make a file called "credits.bmp" or something no one would look at, and use it to store a second copy of all the save files in an array. Then if a save file was edited, you'd know because it wouldn't match the one in the fake bitmap file.
__________________________________ |
|
Mandrake Root Produc
Member #300
April 2000
|
here's a nasty little manuver that will trip up some people, use an encrypted checksum for all data within the save file. If the checksum clacluated after retreiving the data does not add up to the checksum they bring in that's stored in the file, the file has been hacked and therefore should not be parsed. if you even added a CRC check, you would be to have the program auto-correct what should be in the savefile, thus really trashing any effort to try and hack it. |
|
Mattias
Member #1,387
June 2001
 |
Dark, that would be a bad idea in my opinion. I'd hate it when the game would restrict me from copying savegames from one computer to another (yes, some people do play single-player games with their friends). When choosing a password for an encrypted datafile, it's best to make it generated by some formula that uses rand() with a certain seed. A word of warning though - rand() isn't portable across platforms if you need the exact same series of numbers on the same seed, so you'll need to get some other random number generator implementation from the net. Or if you are really lazy, at least use a function name as the password, that wont show up as good as other strings in the game binary. |
|
Dark
Member #749
November 2000
|
Oh well.. I'm a mapper not a coder.
__________________________________ |
|
gnolam
Member #2,030
March 2002
 |
I encrypted the high score list for my previous incarnation of NukeWar with a method almost like that... I moved things around, stored a seed (based on the time the high score was calculated), multiplied different scores with different amounts, added random numbers, and had a few checksums and other nasty things to deter people from faking their high scores. Oh, and the game erased the high score list immediately if it found that it had been tampered with That was when I was still a complete C/Allegro newbie... this time I'm going to do some research beforehand and implement something truly devious -- |
|
Zaphos
Member #1,468
August 2001
|
Quote: And their are ways around screen capturing...all of which I've used (which really piss some people off...heh). What are those? Just curious, I can't think of any good way around screen capturing, so would be much happy if you explained how a bit ...
|
|
Irrelevant
Member #2,382
May 2002
 |
One option is to set some-flag-or-another that blocks all messages from the keyboard to the system. There is one somewhere, but I'm not sure where. Unfortunately, this also blocks vital stuff like the three finger salute. It could also be worked around with some kind of timer / other input activated snapshotters. <code>//----------------//</code>Here be l33tsp33x0rz. |
|
Zaphos
Member #1,468
August 2001
|
Hmm ... I guess that's a method. Looks kinda like you wouldn't want to use it in an actual game distro though; as you said, it would mess with three-finger-salute (not to mention other important stuff) and mainly it would just piss off valid users ... But yeah, it's one solution, I guess.
|
|
Derezo
Member #1,666
April 2001
|
Not only that, but it's completely ineffective Unless it's possible to deny other programs access to the system's resources, I don't think it's possible to stop screen captures... "He who controls the stuffing controls the Universe" |
|
kdevil
Member #1,075
March 2001
|
There is a program that denies other programs access to sufficient resources...it's called Windows. Sorry, that just slipped out.:-X Anyway, how would I take a normal text file and make it unreadable to, say, wordpad, but still readable to the game? Even more importantly, how would I be able to make it readable to wordpad again if I needed to? ----- |
|
Mandrake Root Produc
Member #300
April 2000
|
i heard if you use this magical place called google, it will take you where you want too, and show you the dark secrets you wish. but i also like to shoot off my mouth, so here goes some ways to do it (wordpad? bleach. most likely your porgram just uses ASCII output and that can be read in any text editor...) here is a simple way, what's called XOR encryption. Just open that file, read it in byte by byte, and xor it by some silly number. Hell, you can even do a random XOR seed and make it more fun for the small time weenie hackers. A more complicated varation on this theme would be to take the number of bytes left in a file, multiple that by a random seed, and then xor that to the data. that way, the key "mutates". here's a pretty nice algy that will warp some data for you:
but i wouldn't use that if I were you, since i just posted it on a message board where anyone can find it and use it against your program. It's just an example. if you use Linux, (or a varaint of GCC) you can always just use the encrypt command. |
|
ReyBrujo
Moderator
January 2001
 |
XOR is not useful to encrypt. However, it is still useful to keep "recovery records", so you can repair a damaged file. That is why I still use XOR. -- |
|
|
1
2
|
Love to hear some good encryption techniques .....
