md5 check on node webkit

Hi,

So, I was messing with a demo I exported on Node-Webkit and I noticed that the package.nw file is just a .zip with all the images/code/music/sounds inside of it.

Since C2 does a good job obfuscating the code, I'm not worried with it.. however I'm a bit worried that people can change the images of my game, put it in the "zip" file, and run it. I tested it here, and the game run perfectly, even with the modified package.nw file.

I asked this question in the node-webkit group on google, but I'll also ask here.. is there a good way to protect that file from anyone modifying it ?

Maybe check the md5 hash of the file to compare it in-game, and give an error if it doesn't match? I know there's a plugin around but I couldn't find a way to retrieve the hash out of the package.nw file at the beggining of the game to compare it..

Thanks!

Curious about this as well - noticed I can see everything including base txt files that are being AJAX'd into the game simply by unzipping the package.nw file. If I recall, previous versions had the package grouped into the exe which I assume made it harder to just unzip? Is there a way to enable this?

Hey Agni

I posted about this on the node-webkit google group and someone recommended me this:

enigmaprotector.com/en/aboutvb.html

It's free to use commercially, too! I haven't tested it yet though.

Wow, thank so much for the quick response. This looks pretty cool, will test. :)

Haha, okay so this doesn't seem to work very well. I can just rename the boxed exe file to zip and then unzip it to see all the files.

Agni weird, I just tried it out and it worked! I renamed it to .zip and it didn't extract, I even tried using a software called "UniExtract" which usually extracts whatever it cans from .exe files, and all it extracted were some weird files.

And the game still runs perfectly!

Did you do it right? You have to add the files at the bottom, then pick the exe at the top and click process.

Like this:

<img src="http://i.imgur.com/DqBjPhF.png" border="0" />

I went into file options and checked 'compress files' and it worked after that! With default settings it extracted the file as .enigma1 (which I could then extract again to see everything)

andreyin Wondering if you have found anything similar for webstorage protection? Just enough so you can't edit with notepad++ would be nice since that seems a bit silly. Searching through forums I saw some crc32 stuff with Construct Classic but not sure how to use that with C2.

Agni sorry, what do you mean? I haven't tested saving with webstorage yet, what happens when you do it? It creates a file in the game's folder?

Sent you a PM but this appears to be a reasonable fix:

scirra.com/forum/plugincb-hash-md5-sha1-and-sha256_topic43824.html

Awesome stuff, guys!

Does it affect performance and memory in the hardware?

How do you use it with package.nw ? Mind sharing step by step ?

Thanks

Joannesalfa I'm not sure, but when I tested it it run pretty well (same as Node-Webkit). But it did increase the file (my game is around 65mb right now, with Enigma it became 104mb).

tumira here's a gif

<img src="http://i.imgur.com/P6gJBJl.gif" border="0" />

I didn't change any options for this to work.

andreyin

Thank you very much.

This is for windows only right ? How do we protect our assets if we want to distribute it in linux or mac ?

How to use the hash plugin to check the md5 sum of the package.nw ?

Thanks again.