NW.js Is Vulnerable (Developer Tools Can Be Accessed!)

As pointed out, if someone wants to steal content from your game, removing devtools won't help stop them.

TBH the most effective protection against people stealing your work is copyright law. Whatever technical measures you put in place can be circumvented: if your game can read it, so can anyone trying to steal it. Everything else is just security through obscurity, and anyone who knows anything at all about security knows that's not much security at all.

Further, adding security can have serious side-effects for legitimate customers as well. Suppose you decide to encrypt all your game's assets. If your game is 500mb big, then on startup it has 500mb of content to decrypt, which could take a while on some systems. So now all your customers - including those who have paid - have a worse experience because you're paranoid someone's going to steal stuff. And they still can - there are tools which can pull the decrypted assets directly out of RAM. So the whole thing is kind of pointless.

As pointed out, if someone wants to steal content from your game, removing devtools won't help stop them.

True, besides that concern I just wanted to hide the fact that the game runs in a browser-like environment.

So by blocking the right click menu using args I've achieved that goal for my game.

TBH the most effective protection against people stealing your work is copyright law.

Yeah, that's a possible way to secure your content from others using it commercially at least.

Well, I don't know what to say about this anymore, everything seems to be pointless.

I could pull comparisons on how other engines handle this but it would all result in the same thing I guess.

I will leave everything as is and hope that I won't find a stolen copy of my game or its art assets on any semi-popular gaming platform soon.

TheRealDannyyy and you will.

"Hackers" or "Pirates" are not the issue here. They don't care about your assets, they just want to crack your game so other people can play it for free.

The real issue here are "modern teenage devs" raised on internet and cracked games. Too lazy or too cheap to make/paid for their own assets they will take all your shit and use it like they made it. They made that shit and mess on Arcades, Steam Google etc.

Every single game engine I have played with from AGS to UE4 have some sort of "packaging" after exporting game assets (we are talking about desktop games only, no mobile or browser)... But none of them let's you access game files in less than 3 seconds. NW.js is still the winner here

You could encode everything into base64 strings, and load it that way.

It would bloat the already bloated nwjs export of course.

TheRealDannyyy shinkan Old news. Me and many others had been reporting this from like forever. No one gave a damn back then, and I don't think they started caring here and now. Plus, they are too busy adding that Xbox support that no one will ever use

I think there's an interesting analogy with fan games. Some people (quite possibly a non-overlapping section of users to those posting here) like to make their own versions of Mario, Sonic, etc. and end up using ripped sprites. Firstly even these big companies can't stop people getting hold of artwork and such, even if they originate from cartridge-based systems. People find ways to rip it, or they just take them off screenshots, promotional imagery, or whatever they can find. Secondly they sometimes get upset when these big companies send them cease-and-desists, sometimes trying to frame it as "just trying to have some fun" (note these companies usually have a legal obligation to defend their work in order to keep their trademarks and such). Ultimately I think the same process will occur with your own games, you're just an indie dev instead of a megacorp.

TheRealDannyyy shinkan Old news. Me and many others had been reporting this from like forever. No one gave a damn back then, and I don't think they started caring here and now. Plus, they are too busy adding that Xbox support that no one will ever use

quote]

You could encode everything into base64 strings, and load it that way.

It would bloat the already bloated nwjs export of course.

quote]

TheRealDannyyy and you will.

"Hackers" or "Pirates" are not the issue here. They don't care about your assets, they just want to crack your game so other people can play it for free.

The real issue here are "modern teenage devs" raised on internet and cracked games. Too lazy or too cheap to make/paid for their own assets they will take all ...

Wow you guys are finally coming out of your shells?

Those are things that I would normally say and receive hate and threatening E-Mails for...

I think there's an interesting analogy with fan games. Some people (quite possibly a non-overlapping section of users to those posting here) like to make their own versions of Mario, Sonic, etc. and end up using ripped sprites. Firstly even these big companies can't stop people getting hold of artwork and such ...

It depends on the case, nowadays pretty much any kind of game mechanic could be marked as "stolen" from X games.

For me personally it doesn't matter if someone is trying to copy my games basic mechanics and add some unique changes to it.

It's more about the fact that people would try to steal my whole IP, including my games art.

I highly doubt that we can do something about that anyway, at least as an indie developer.

There was recently a case of a big company shutting down a fangame (Metroid 2 clone I believe), which received a tremendous amount of hate from the community.

That's basically why I want to try to prevent a case like that from happening beforehand.

In my perspective it's like one of the following, without proper prevention:

A - Let the "fans" do what they want = Possible drop in sales because of look-alike copies of my game

B - Block/shut down fangames using the law = Possible drop in sales because of you forcing a shutdown of a popular fan game

Besides all of that, I still don't know how much control you actually have with NWjs ASHLEY.

Do you manage all the folders and archives or does NWjs handle everything and you have to deal with it?

I would like to suggest things that are actually possible with the current setup of exporting desktop games.

Well, if you want unhackable software, it's not possible!

We basically bundle the game data with NW.js and that's it. If you make actual suggestions of changes, I could perhaps evaluate them.

Well, if you want unhackable software, it's not possible!

I know and I accept that no changes will be made about that because it would be pointless as you already stated.

We basically bundle the game data with NW.js and that's it. If you make actual suggestions of changes, I could perhaps evaluate them.

My suggestion would go more into the "personal preference" category of suggestions and actually not be really useful.

I personally like my games folder to be clean and each file to be sorted into folders and sub-folders.

The packaging of assets into a single file for example is a thing that I like, maybe other files such as dll's or some of the

other random (surely useful) files that can be found inside the exported game folder, could also be sorted like that.

That's basically why I asked on how much control you actually have about NWjs and it's file structure.

Again, I don't think that this is something with high priority. As long as everything works I'm ok with it.

Well, I think this "Bugreport" went a little too far but I'd like to thank everyone, who participated in this discussion.

If someone thinks that there is still a lot to discuss about, feel free to create a topic in the general section.

I know that this bug report is closed, however for people that stumble upon this post for a fix here you go:

1. Add the "browser" plugin to your project

2. Add an event "on start of layout" (you might have to use it on a globally included eventsheet)

3. Add the browser action "execute Javascript" and use the code from below

4. All right click actions should be blocked from now on

Code:

"document.addEventListener('contextmenu', function(e){e.preventDefault();}, false);"[/code:6f8nieiz]

I know that this bug report is closed, however for people that stumble upon this post for a fix here you go:

1. Add the "browser" plugin to your project

2. Add an event "on start of layout" (you might have to use it on a globally included eventsheet)

3. Add the browser action "execute Javascript" and use the code from below

4. All right click actions should be blocked from now on

Code:

"document.addEventListener('contextmenu', function(e){e.preventDefault();}, false);"[/code:3cyxe9vu]

Thank you so much!! It won't happen anymore

I know that this bug report is closed, however for people that stumble upon this post for a fix here you go:

1. Add the "browser" plugin to your project

2. Add an event "on start of layout" (you might have to use it on a globally included eventsheet)

3. Add the browser action "execute Javascript" and use the code from below

4. All right click actions should be blocked from now on

Code:

"document.addEventListener('contextmenu', function(e){e.preventDefault();}, false);"[/code:2jz76is9]

There is a similiar thing happening when middle-mouse clicking: it appears a scrolling icon and the some key actions are prevented unless i remove it. Is there a way to disable it too?

There is a similiar thing happening when middle-mouse clicking: it appears a scrolling icon and the some key actions are prevented unless i remove it. Is there a way to disable it too?

Could you provide more details please, maybe screenshots?

Also please note that I only tested this using NWjs, the result of this script may vary using other browsers.

EDIT: Never mind I know what you mean now, I thought there were problems with the script.

To be honest I have no clue how to prevent that icon from appearing, there might be a way to block the button itself.

I'll ask this question to some experienced JS devs, they might find an easy solution for you soon.

Could you provide more details please, maybe screenshots?

Also please note that I only tested this using NWjs, the result of this script may vary using other browsers.

EDIT: Never mind I know what you mean now, I thought there were problems with the script.

To be honest I have no clue how to prevent that icon from appearing, there might be a way to block the button itself.

I'll ask this question to some experienced JS devs, they might find an easy solution for you soon.

Thank you! I tried to take a screenshot but as i press any button the icon disappears. It's problematic not for the icon itself, but the fact it makes it difficult to properly use the middle mouse button.

Thank you! I tried to take a screenshot but as i press any button the icon disappears. It's problematic not for the icon itself, but the fact it makes it difficult to properly use the middle mouse button.

Yeah you would have to use an auto-screenshot program with a delay to screenshot that, whoops .

Anyway, thanks to the JS magician Armaldio I've got this for you:

1. Add the "browser" plugin to your project

2. Add an event "on start of layout" (you might have to use it on a globally included eventsheet)

3. Add the browser action "execute Javascript" and use the code from below

4. Set an ID for the form element(s) where you want to prevent middle clicking

5. Replace the ID inside the script with the ID you want to use (I've already set "test" as the ID in the script below, just replace the word after the "#" to whatever you like.)

6. Middle clicking is now no longer an option, you rule over the middle click function now!

"$(function(){$('#test').mousedown(function(e){if(e.button==1)return false});});"[/code:2ds8i2fa]

[i]By the way, I think that it should be possible to implement features like this into the plugins themselves.
If someone thinks about doing a "form +" plugin with additional features, feel free to add the stuff from above.[/i]