Welcome, Guest. Please login or register. Did you miss your activation email?

Author Topic: How protect the game's image files?  (Read 11239 times)

0 Members and 1 Guest are viewing this topic.

iocpu

  • Newbie
  • *
  • Posts: 10
    • View Profile
Re: How protect the game's image files?
« Reply #15 on: November 18, 2016, 09:40:15 pm »
Just wondering, how do you store the encryption key? I've recently implemented something similar - that is, loading encrypted archives into memory upon initialization and decrypting them with AES (I'm not using the .ZIP's built-in encryption though). I'm currently calculating the key at runtime as I didn't want to store it as plaintext within the binary - but perhaps there's a way to obfuscate the process even further?

Carlitox

  • Jr. Member
  • **
  • Posts: 53
    • View Profile
Re: How protect the game's image files?
« Reply #16 on: November 19, 2016, 12:43:54 pm »
Just wondering, how do you store the encryption key? I've recently implemented something similar - that is, loading encrypted archives into memory upon initialization and decrypting them with AES (I'm not using the .ZIP's built-in encryption though). I'm currently calculating the key at runtime as I didn't want to store it as plaintext within the binary - but perhaps there's a way to obfuscate the process even further?

I think that people who knows how to see password written in the binary will achieve the key with ofuscation too.

I don't know if it's possible to only let the game to open the encrypted files avoiding the user access from the folder. That could help but i don't know how to do it.
« Last Edit: November 19, 2016, 12:49:27 pm by Carlitox »

korczurekk

  • Full Member
  • ***
  • Posts: 150
    • View Profile
    • Email
Re: How protect the game's image files?
« Reply #17 on: November 19, 2016, 01:35:23 pm »
Store key xor'ed with (for example) 'g', now getting valid key will require both stored 'key' and algorithm used to create proper one.

iocpu

  • Newbie
  • *
  • Posts: 10
    • View Profile
Re: How protect the game's image files?
« Reply #18 on: November 19, 2016, 02:31:13 pm »
Store key xor'ed with (for example) 'g', now getting valid key will require both stored 'key' and algorithm used to create proper one.
I currently don't store a key at all - but rather calculate it at runtime from known constants. Obviously, anyone with a disassembly, debugger and enough time can easily extract the key just before it's used, though it's still a fun exercise to play with obfuscation.

korczurekk

  • Full Member
  • ***
  • Posts: 150
    • View Profile
    • Email
Re: How protect the game's image files?
« Reply #19 on: November 19, 2016, 02:41:12 pm »
Store key xor'ed with (for example) 'g', now getting valid key will require both stored 'key' and algorithm used to create proper one.
I currently don't store a key at all - but rather calculate it at runtime from known constants. Obviously, anyone with a disassembly, debugger and enough time can easily extract the key just before it's used, though it's still a fun exercise to play with obfuscation.
You can't fight someone with disassembler, debbugger and time at all without encrypting whole binary. :D And even then… well, give up.

iocpu

  • Newbie
  • *
  • Posts: 10
    • View Profile
Re: How protect the game's image files?
« Reply #20 on: November 19, 2016, 02:50:54 pm »
Store key xor'ed with (for example) 'g', now getting valid key will require both stored 'key' and algorithm used to create proper one.
I currently don't store a key at all - but rather calculate it at runtime from known constants. Obviously, anyone with a disassembly, debugger and enough time can easily extract the key just before it's used, though it's still a fun exercise to play with obfuscation.
You can't fight someone with disassembler, debbugger and time at all without encrypting whole binary. :D And even then… well, give up.
Yeah, the only secure way would be to store the key on an HSM or a smart card and then require the user to plug it in every time before the application starts :D But even then, as mentioned before, it would be possible to dump the resources from RAM (or vRAM) the moment they are stored as plaintext...