How protect the game's image files?

[iocpu]

Just wondering, how do you store the encryption key? I've recently implemented something similar - that is, loading encrypted archives into memory upon initialization and decrypting them with AES (I'm not using the .ZIP's built-in encryption though). I'm currently calculating the key at runtime as I didn't want to store it as plaintext within the binary - but perhaps there's a way to obfuscate the process even further?

[Carlitox]

Just wondering, how do you store the encryption key? I've recently implemented something similar - that is, loading encrypted archives into memory upon initialization and decrypting them with AES (I'm not using the .ZIP's built-in encryption though). I'm currently calculating the key at runtime as I didn't want to store it as plaintext within the binary - but perhaps there's a way to obfuscate the process even further?

I think that people who knows how to see password written in the binary will achieve the key with ofuscation too.

I don't know if it's possible to only let the game to open the encrypted files avoiding the user access from the folder. That could help but i don't know how to do it.

[korczurekk]

Store key xor'ed with (for example) 'g', now getting valid key will require both stored 'key' and algorithm used to create proper one.

[iocpu]

Store key xor'ed with (for example) 'g', now getting valid key will require both stored 'key' and algorithm used to create proper one.

I currently don't store a key at all - but rather calculate it at runtime from known constants. Obviously, anyone with a disassembly, debugger and enough time can easily extract the key just before it's used, though it's still a fun exercise to play with obfuscation.

[korczurekk]

Store key xor'ed with (for example) 'g', now getting valid key will require both stored 'key' and algorithm used to create proper one.

I currently don't store a key at all - but rather calculate it at runtime from known constants. Obviously, anyone with a disassembly, debugger and enough time can easily extract the key just before it's used, though it's still a fun exercise to play with obfuscation.

You can't fight someone with disassembler, debbugger and time at all without encrypting whole binary. And even then… well, give up.

[iocpu]

Store key xor'ed with (for example) 'g', now getting valid key will require both stored 'key' and algorithm used to create proper one.

I currently don't store a key at all - but rather calculate it at runtime from known constants. Obviously, anyone with a disassembly, debugger and enough time can easily extract the key just before it's used, though it's still a fun exercise to play with obfuscation.

You can't fight someone with disassembler, debbugger and time at all without encrypting whole binary. And even then… well, give up.

Yeah, the only secure way would be to store the key on an HSM or a smart card and then require the user to plug it in every time before the application starts But even then, as mentioned before, it would be possible to dump the resources from RAM (or vRAM) the moment they are stored as plaintext...