Encryption and Obfuscation.

I'm sorry if this has been asked before but I have not seen anything about it.

Does/ Will Construct 3 provide encryption and/ or obfuscation of the published game?

I read on Buildbox forums that a lot of their Iphone and Android games have been basically stolen ripped from adds and re-uploaded. The developers seemed to have deemed this a big issue - for good reason - and is building some sort of encryption for the next version.

If there aren't any currently. (Last I checked with C2 there were none)Are there any way of adding some sort of protection to those desktop and browser games? If not currently is this a planned feature for C3?

Ok, what does encryption do for a copy of a game?

I mean they have a copy of the game, and they are selling copies of the game.

They don't need to decrypt the game to do that.

5 notifications, but no posts. Lets call it monkeyball whispers

Im going to assume there was an argument that it was a ad based app.

Tell me, what good is encryption when the id used by the advertiser is easily found, and replaced?

If you serve an encrypted game or parts of games that are encrypted, the client needs to decrypt it to play it at some point. At that point, it's copyable.

I believe last time I spoke to Ash about it in the future there is plan for basic XOR encryption on C3 game assets as an option, this just puts a small roadblock up for more amateur copiers. Anyone determined will be able to get around anything else pretty trivially. Beware of other engines that oversell the benefits of encryption.

Don't forget there is always going to be an overhead when decrypting something which could detract from user experience of your game. It's important to remember this as attempts to completely protect your games are futile - so is it even worth it?

Previous discussion: https://www.scirra.com/forum/encryption-in-construct-2_t187566

Long story short, no matter how sophisticated the encryption, the app itself needs the resources decrypted and a good attacker will scrape the resources from RAM. AFAIK there's very little that can be done about that. Copyright law is probably the best protection. Something like a quick XOR pass will only keep lazy script kiddies out.

I read that thread now and I see the pro's and cons.

I think something simple to at least make it not so obvious for layman to just rip the assets should be ok.

Maybe the Plugin route is better. The people that want to add soe kind of protection can do so via a plugin.

Either case, it will happen no matter what you do I guess. If they want steal the content there are ways.

I'm with Havok. All I would need is something simple to keep the casual user from copying the game or running it on another site.

In the past I've ran across a person who set up one of my games on his personal site and let other educators know they could run it from his site so they could play the game without having to see the ads on my web pages. That was a Flash game before I copy protected them. I'm pretty sure he just copied it to his site and ran it. Nothing sophisticated.

I have a custom obfuscation system i use with c2 whenever i export,but it only prevents the user from stealing the source cause it basically breaks the game if you try and unobfuscate anything i cant protect assets unless i try and do what unity does for webgl export,but that's also why its not a good web exporter

I'm with Havok. All I would need is something simple to keep the casual user from copying the game or running it on another site.

In the past I've ran across a person who set up one of my games on his personal site and let other educators know they could run it from his site so they could play the game without having to see the ads on my web pages. That was a Flash game before I copy protected them. I'm pretty sure he just copied it to his site and ran it. Nothing sophisticated.

Another option is to serve all of your math content from php scripts. I have taken this approach for several of my services, and it works pretty well for educational content.

Surely you could just use the browser object to just get the browser URL and then break the game if it doesn't match your own site? Hell you could even force the page to redirect to your own page.

I'm with Havok. All I would need is something simple to keep the casual user from copying the game or running it on another site.

Encryption and obfuscation won't prevent someone copying the game wholesale. You probably want domain lock instead. It's covered in this tutorial.

Sorry, I guess I shouldn't have said that I was looking to prevent a game from running on another site as I am using domain locking in my games and that isn't an issue. Really just looking for a way to freely distribute the games without it being easily altered as was done with Flash games on Flash Game Distribution. This model allowed sites to download and run the game from their site without having to use an iframe to run the game from your site. Look ma, no iframe! If something like SecureSWF was used on the swf file the game could be distributed freely this way without casual users being able to alter it.

With the output from Construct 2/3 it is very easy to change the images (specifically logos). I know it may not seem like a big deal but it is for publishers who want to distribute their games for branding purposes.

Well, I looked at the HTML5 games (made using various other software as well as Construct 2/3) I have site-locks of and the ones I looked at do have images that are easily replaceable so it seems this an issue with most HTML5 development tools and not just Construct.

Personally I love Construct 2/3 and will continue to use it and request developers to use it. I just feel like it would help some if Construct could protect the assets some from alteration.

With the output from Construct 2/3 it is very easy to change the images (specifically logos). I know it may not seem like a big deal but it is for publishers who want to distribute their games for branding purposes.

Well, I looked at the HTML5 games (made using various other software as well as Construct 2/3) I have site-locks of and the ones I looked at do have images that are easily replaceable so it seems this an issue with most HTML5 development tools and not just Construct.

It is a little extra work, but I think you could get around this issue by serving your logos from your own server. Like anything, it isn’t perfect, but it would prevent someone from simply swapping out an image.

Reskinning without using the Construct editor should actually be a pretty big pain in the assets especially with the way sprite sheeting is set up.

cjbruce Nice option. The only problem I see with this is there are some sites that will block traffic such that the More Games buttons won't work and I assume it wouldn't load my logo either. But really this would be good for the level of security I need. Thanks for the suggestion.

newt Yes I agree. I took a look at the sprite sheets and they can definitely help to keep someone from easily modifying the logos.