TheRealDannyyy's Forum Posts

  • Removed information from the post by myself, PM's will be send from now on.

    Hello Developers,

    What do you really want see in C3 !!!

    Sorry I don't want to be that guy but there are already tons of existing "suggest your C3 ideas" topics in the forums.

    Please read and use those instead of creating new ones.

  • Well, if you want unhackable software, it's not possible!

    I know and I accept that no changes will be made about that because it would be pointless as you already stated.

    We basically bundle the game data with NW.js and that's it. If you make actual suggestions of changes, I could perhaps evaluate them.

    My suggestion would go more into the "personal preference" category of suggestions and actually not be really useful.

    I personally like my games folder to be clean and each file to be sorted into folders and sub-folders.

    The packaging of assets into a single file for example is a thing that I like, maybe other files such as dll's or some of the

    other random (surely useful) files that can be found inside the exported game folder, could also be sorted like that.

    That's basically why I asked on how much control you actually have about NWjs and it's file structure.

    Again, I don't think that this is something with high priority. As long as everything works I'm ok with it.

    Well, I think this "Bugreport" went a little too far but I'd like to thank everyone, who participated in this discussion.

    If someone thinks that there is still a lot to discuss about, feel free to create a topic in the general section.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • TheRealDannyyy shinkan Old news. Me and many others had been reporting this from like forever. No one gave a damn back then, and I don't think they started caring here and now. Plus, they are too busy adding that Xbox support that no one will ever use

    quote]

    You could encode everything into base64 strings, and load it that way.

    It would bloat the already bloated nwjs export of course.

    quote]

    TheRealDannyyy and you will.

    "Hackers" or "Pirates" are not the issue here. They don't care about your assets, they just want to crack your game so other people can play it for free.

    The real issue here are "modern teenage devs" raised on internet and cracked games. Too lazy or too cheap to make/paid for their own assets they will take all ...

    Wow you guys are finally coming out of your shells?

    Those are things that I would normally say and receive hate and threatening E-Mails for...

    I think there's an interesting analogy with fan games. Some people (quite possibly a non-overlapping section of users to those posting here) like to make their own versions of Mario, Sonic, etc. and end up using ripped sprites. Firstly even these big companies can't stop people getting hold of artwork and such ...

    It depends on the case, nowadays pretty much any kind of game mechanic could be marked as "stolen" from X games.

    For me personally it doesn't matter if someone is trying to copy my games basic mechanics and add some unique changes to it.

    It's more about the fact that people would try to steal my whole IP, including my games art.

    I highly doubt that we can do something about that anyway, at least as an indie developer.

    There was recently a case of a big company shutting down a fangame (Metroid 2 clone I believe), which received a tremendous amount of hate from the community.

    That's basically why I want to try to prevent a case like that from happening beforehand.

    In my perspective it's like one of the following, without proper prevention:

    A - Let the "fans" do what they want = Possible drop in sales because of look-alike copies of my game

    B - Block/shut down fangames using the law = Possible drop in sales because of you forcing a shutdown of a popular fan game

    Besides all of that, I still don't know how much control you actually have with NWjs ASHLEY.

    Do you manage all the folders and archives or does NWjs handle everything and you have to deal with it?

    I would like to suggest things that are actually possible with the current setup of exporting desktop games.

  • As pointed out, if someone wants to steal content from your game, removing devtools won't help stop them.

    True, besides that concern I just wanted to hide the fact that the game runs in a browser-like environment.

    So by blocking the right click menu using args I've achieved that goal for my game.

    TBH the most effective protection against people stealing your work is copyright law.

    Yeah, that's a possible way to secure your content from others using it commercially at least.

    Well, I don't know what to say about this anymore, everything seems to be pointless.

    I could pull comparisons on how other engines handle this but it would all result in the same thing I guess.

    I will leave everything as is and hope that I won't find a stolen copy of my game or its art assets on any semi-popular gaming platform soon.

  • ...

    As Ashley was informed in his question to the NWjs gurus here 2 years ago, there is no point in obfuscating or hiding any game assets - if your game can decrypt the assets then so can a hacker. Thus your best bet is to simply leave everything in the package.nw file, which will deter most casual investigators.

    Good to read that there was at least an attempt to prevent that.

    As to if there is anything else you can do - that really depends on what sort of piracy you wish to prevent... But, if your game is on Steam then it can only be played on Steam - by registered Steam users - because the Steam plugin checks for a Steam client login. Thus any game you make for the Steam platform will only be played by people who have bought it.

    And then there are fake Steam clients that only require the game files, however it's good to know that Madspy is giving the pirates a good fight, with his ways of protection inside his Steamworks plugin. I guess in the end I will have to rely on nice and honest customers, that support you and your games.

  • I'm not sure what you think watermarking will do.

    People don't steal assets, they steal entire games.

    I want to secure my art assets, at least that way we could stop the "inexperienced" pirates from stealing and making their copy-cat games with our assets.

    You cannot stop advanced game pirates, that's impossible just look at the big guys with their AAA games and security systems, in which they invest thousands of dollars monthly.

    It took them like what, 4-5 months to crack their cryptions and security layers?

    Anyway, asking for fully "pirate save" C2 games would be too much I think.

  • It's the same for html5 web exports, they just have to know where to look.

    In fact all someone needs to show your game somewhere else is to know where the index file is.

    Its up to the host to block that kind of thing, which of course may also limit the games functionality.

    Its up to you to sitelock your games, and of course they don't provide that information readily.

    Not sure htf you're supposed to do that with nwjs.

    Im my case only the NW.js part would be important.

    I find it very concerning that the exported end-product lacks in security, I hope that C3 brings changes to that.

    I remember a few years ago, I found a clever way of security for open art assets like these.

    It was some sort of software creator (cannot remember the name of it)

    and the way that their software handled this problem was by injecting a watermark layer to all art assets.

    So can guess the process was structured like this:

    1. Load asset with watermark

    2. Remove watermark

    3. Show asset inside the software without watermark

    I have no clue how they managed to create a system like that because I was unable to remove the watermark,

    using any kind of image editing software with layer support. (e.g. Photoshop, Paint.Net)

    I don't want to be rude with this suggestion either, I just want to give an example on how to secure assets.

  • TheRealDannyyy There's no need to worry about devtools. if you want to start worrying about people messing up with your game then open your "package.nw" with winrar (for Total Commander users just press enter on it or double click left mouse button) . NW.js does absolutely nothing to make your game and game assets secure. Everyone can in literally 2 seconds steal all your graphics, sounds, music, code etc.

    That is EXACTLY what we were talking about with Madspy yesterday, my assets are open for grabs basically.

    To be honest, I stopped caring about that for now as it seems like nothing will or can be done about that.

  • I can only agree, Construct 2 is and hopefully will remain the easiest "non-coding" game engine on the market.

    Even though it has some flaws here and there (like any kind of software has), I've always received help when I needed it.

    Scirra should be thankful about the nice community and we (the community) should be thankful for this amazing product made by Scirra.

    I hope that C3 will be as good as C2 and that we will hopefully soon, get at least partly involved in its development like we did with C2.

    I might act at bit "salty" sometimes by critically criticizing certain things but in the end you can be sure that I do that only because I want to see one of my favorite products, improving even further.

    To sum it all up, thanks for this amazing piece of software and best wishes for all your future projects Scirra!

  • Closing as this is not really a vulnerability, it's no more a problem than the fact you can open Chrome dev tools on any page. It's there by design to help you diagnose any issues with your game, and includes the usual profiler, timeline etc. Even if you removed it, there are still easy ways to "hack" a game, it's not really relevant to that.

    Not really helpful but acceptable response.

    A well known community member going by the name of Madspy found a real solution for the problem, by simply adding "--disable-devtools" to a json file.

    I don't want to be rude but that's the kind of support that I would like to see.

  • Ok..... There is not a problem with c2 or NW.

    There are 2 versions of NW available - the one that comes with c2 is the developer (SDK) version. That version permits you to access the developer tools because - it's for developers. If you right click on the NORMAL version of NW then you cannot inspect / open the dev tools becasue they are not included in the build - they are not there to open.

    I get it but why does C2 export the projects with the SDK version then?

    It makes no sense for me because I have no background information about all the processes.

    So I guess this could be turned into a must-have suggestion for exporting NW.js projects using the non-SDK version?

    Either way, the current situation is not acceptable for me and should be investigated by Ashley.

  • Just export into a non-developer version of NWjs - ie the NORMAL and not the SDK options.

    Thanks for the suggestion but I'm rather looking for actions to fix this problem and not for any workarounds.

  • Problem Description

    It is possible to access the developer tools by right clicking and inspecting form elements.

    Since inputboxes are mandatory for text input, users could inspect and "hack" their way through to the games mechanics. So this could be seen as a major security problem.

    Attach a Capx

    Get a basic example HERE.

    Description of Capx

    Includes the most common form elements that can be tested.

    Steps to Reproduce Bug

    • Open the capx or create a new project with any form element in it
    • Right click on one of the form elements
    • Click on "inspect" and gain full access to the developer tools

    Observed Result

    I was able to gain access to the developer tools and many more options.

    This could make it possible for users to run JS commands and other things.

    Expected Result

    Right clicking shouldn't open up any menu and should always be blocked!

    Affected Browsers

    • NW.js: (YES)

    Operating System and Service Pack

    Windows 7 with latest updates and up to date drivers.

    Construct 2 Version ID

    Newest release r233 Steam release. [Personal Edition]

    Additional maybe useful information:

    • NW.js version: v0.16.0 (Chromium 52)
    • Checked C2 data with the Steam software data check system (0 Errors Found)
  • TheRealDannyyy

    I don't think there are any rules against re-submitting and there have been cases where people have done that, but usually after a bit of re-development or improvement based on the feedback they got, since re-submitting without change isn't likely to get you any more votes or closer to being greenlit.

    An alternative would be to post in the Concepts section, which is specifically for games in early stages with WIP content, and allows you to get feedback on what you need to improve to get votes/make the game great.

    That's kinda sad but well I guess you are right about the change in votes.

    The concept section could also be helpful in order to see if there is an audience for my game, I might use that in near future.

    Thanks for the quick response and the helpful information!