How to secure your game assets

Admin: Tutorial moved to here:

http://www.scirra.com/tutorials/39/how-to-secure-your-game-assets

Nice tutorial.I have seen how easy files could be ripped from Classic Construct's exe files.I wish there was a way to secure the exe file somehow.

There are many exe packers you could use. Some are free, the best are not <img src="smileys/smiley2.gif" border="0" align="middle" />

Examples are UPX, Armadillo, ASPack, ASProtect etc.

Hi The_Funny_Guy,

I've reduced the tutorial submission minimum rep to 250 to allow you to post this under the tutorials part of the website if you wish! It should then reach more people and be more recognised and useful for other casual users as well.

Tom

Hi The_Funny_Guy,

I've reduced the tutorial submission minimum rep to 250 to allow you to post this under the tutorials part of the website if you wish! It should then reach more people and be more recognised and useful for other casual users as well.

Tom

hey thank you Tom! ill do just that and right away! :D

Glad you managed to get it up, I edited it a little to improve formatting some spelling/grammar, hope you don't mind.

I think it's important to note that this is what is known as 'security through obscurity', there's a good write up on Wikipedia:

en.wikipedia.org/wiki/Security_through_obscurity

Do you think it might be worth mentioning this? I like the bit you wrote about the fact if someone wants your assets bad enough they can always get it (from recording, screen dumping), it might be good to reference the wikipedia article in regards to that, just a suggestion anyway :)

Might point out we have an official plug that does Crc32 in CC.

Not that it has much to do with obfuscation.

Might point out we have an official plug that does Crc32 in CC.

Not that it has much to do with obfuscation.

yeah but i never figured how that thing works actualy <img src="smileys/smiley12.gif" border="0" align="middle" />

so to not sound as a hypocrite i havent said a word about it.

Its actually one of the easiest to use. All it does is generate hash data that you can then use to determine if a file or data has been altered.

Or like Tom was explaining about how the Gravatar thingy can detect your email addy without having to show it publicly.

Its actually one of the easiest to use. All it does is generate hash data that you can then use to determine if a file or data has been altered.

Or like Tom was explaining about how the Gravatar thingy can detect your email addy without having to show it publicly.

Quite possible, but it doesnt change the fact that i couldnt figure out how to use it <img src="smileys/smiley12.gif" border="0" align="middle" />

And as i dont feel that unique ( ;) ) i presume that there more people then just me, who also cant learn that.

In the other hand, method described in this tutorial can be used by anybody, anywhere, anytime. Without the use of all that scary words like "hash" <img src="smileys/smiley36.gif" border="0" align="middle" />

But as i stated at the end - the more the marrier!

mixing diffrent protection methods and techniques into combo, as long as they are compatible, empowers the overall protection.

Its not a choice of "this or that", but rather "this or this AND that".

And i would to like say this again - theres virtualy no kind of softwere protection that CANT be cracked.

But to "crack" trickery you need hell of a brain and strong portion of detective sense <img src="smileys/smiley1.gif" border="0" align="middle" />

You would definitely want to combine the obfuscation (renaming files/filetypes) with a hash technique. I know this is common knowledge, but it is really easy to write a tool to automate renaming files to their proper file type. In just a few hours somebody could write a Python script to read each file's header and determine what type it is and then rename it to that type. This can be done recursively so that an entire directory structure can be restored in seconds.

I do think this is a pretty good technique to deter the casual user though. So thanks for the tut!

Nice tutorial.I have seen how easy files could be ripped from Classic Construct's exe files.I wish there was a way to secure the exe file somehow.

I haven't seen that, mustve missed it. Could you link me to where you saw this occured?

lucid : I found this problem by myself when i used an ordinary file extraction program.All the pics and music can be extracted very easily that way.And it even shows where the original file was located on the user's pc <img src="smileys/smiley3.gif" border="0" align="middle" />.I downloaded an app called reshacker to extract some icons from some of my apps and when i wanted to extract an icon from one of my Construct exe files i got more than just the icons.

I have found an exe packer app which seems to secure all the assets of Construct's exe files ,It's called Npack and it's freeware.

Yeah, but hiding assets is much less secure than keeping it within the exe. As Scidave said, all you have to do is look at the header, which anybody can do by simply opening it with notepad.

For example if you were to open a jpg in notepad it will tell you its a jpg, and you can usually even tell what program was used to make it.

Little tip for the "arrrgh" software users out there...

Maybe if all your game assets could have some kind of embedded watermark which shows that you are the creator of that particular sprite or music file.If someone steals your assets then you can sue the seven shades of #$%^ out of them and have enough proof to show that you are the soul owner of that particular asset.

But court cases are expensive and money is scarce these days ,So one can only hope that your hard work won't get stolen.