[Off Topic]-Easy Method To Protect Game's Saved Data?

[Off Topic]-Easy Method To Protect Game’s Saved Data?

Hi,

We are currently working on a new shareware version of our word spelling game “LettersFall”.
We need to now protect somehow the game’s saved data.
Can someone make a recommendation to an easy to implement data protection scheme?

The saved data is options, high scores, and most importantly shareware status.
We don’t need 1024Bit encryption (it’s just a game and not plans for a nuclear weapon).
Looking for something simple and easy to implement.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values for letters.
The problem is that (3+2) = (4+1) and so on.

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com

Very simple methods can be, a text file and to every character is added a
certain int number then the same amount is subtracted when “decoding”, that
would result in a text file full of numbers with no meaning, another simple
method involves making a password protected zip file.

I assume a more robust way to deal with this would be to handle your own
file data as a binary data file.

2014-08-20 15:44 GMT-06:00 JeZ-l-Lee :> [Off Topic]-Easy Method To Protect Game’s Saved Data?

Hi,

We are currently working on a new shareware version of our word spelling
game “LettersFall”.
We need to now protect somehow the game’s saved data.
Can someone make a recommendation to an easy to implement data protection
scheme?

The saved data is options, high scores, and most importantly shareware
status.
We don’t need 1024Bit encryption (it’s just a game and not plans for a
nuclear weapon).
Looking for something simple and easy to implement.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values for
letters.
The problem is that (3+2) = (4+1) and so on.

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org


Javier Flores

Don’t even bother. It’s a fool’s errand.? Microsoft puts more engineering resources into protecting their software than you will ever have available to you in your entire lifetime, and yet the latest version of Windows literally had a working crack available before RTM, IIRC.

If you want a shareware version and a full version, make two builds, one of which has certain features IFDEFed out.? If you want high score data that the user can’t tamper with, store it someplace other than on the user’s computer.? But what you’re trying to do is impossible.

The fundamental question of cryptography can be summed up rather simply as “Alice wants to send a message to Bob, without Charlie being able to read it even if he should get ahold of it.”? The problem here is, Bob and Charlie are the same person.

MasonOn Wednesday, August 20, 2014 2:44 PM, JeZ-l-Lee wrote:

[Off Topic]-Easy Method To Protect Game’s Saved Data?

Hi,

We are currently working on a new shareware version of our word spelling game “LettersFall”.
We need to now protect somehow the game’s saved data.
Can someone make a recommendation to an easy to implement data protection scheme?

The saved data is options, high scores, and most importantly shareware status.
We don’t need 1024Bit encryption (it’s just a game and not plans for a nuclear weapon).
Looking for something simple and easy to implement.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values for letters.
The problem is that (3+2) = (4+1) and so on.

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

Let’s see:

  • Options: it may be worth not encrypting this one. They only affect
    the player, and modifying them from outside the game may make sense if
    for some reason some setting makes the game unusable or anything like
    that. Don’t waste your time with this time.

  • High-scores: are they local or others can see them? If they’re just
    local again don’t bother, at worst the player will cheat him/herself.
    If they matter on-line, then you should be storing that stuff in the
    server and not locally (and you should implement an anti-cheat system
    to detect invalid submissions).

  • Shareware status: the best option here is to outright not include
    the non-shareware data in the game, period. This means that even if it
    gets somehow cracked it’ll remain unusable since the required data is
    missing. At this point anybody who wants to by-pass this will look for
    a cracked full version, but this would happen regardless of what
    mechanisms you implement.

Don’t bother encrypting data for copy protection. There are whole
companies, which do nothing but DRM systems and even they get cracked
quite quickly.
So it’s just a waste of time and effort…

Additionally it’s just a punch in the face of the user!
Those who bought your game will definitively get problems with the
encryption someday. (I have games, which I’m not able to play anymore
because of that)
And those who “stole” it will have a much better experience - and laugh
at the “idiots” who bought it.

The only useful application for encryption is getting data across an
unsafe channel like the internet.

Hi,

We are currently working on a new shareware version of our word
spelling game “LettersFall”. We need to now protect somehow the
game’s saved data. Can someone make a recommendation to an easy to
implement data protection scheme?

what do you want to protect it from? From being modified by the user?
That’s simply impossible, you can only make that very hard, but you can
never stop a determined person from still being able to change it so
your programm will accept the result.

But still, you can make it more complicated :slight_smile:

If you want to protect yourself against data corruption (due to faulty
storage media etc.), using a simple checksum is fine. But don’t try
something home-brewn, use something well-known instead. A simple CRC32
is already a good start, or MD5. You can find enough implementations
online, so you don’t really have to know how to do it yourself.

In case you really want to encrypt, use a simple cipher (DES, AES, …:
again, you can find enough implementations online so there’s no need to
roll your own) with a fixed key which is hard-coded in your program.
This obviously isn’t very safe, since a determined person can extract
the key and encrypt/decrypt, but that requires some technical knowledge
and is a lot of work, which usually nobody bothers to invest.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values for
letters. The problem is that (3+2) = (4+1) and so on.

That’s what I meant with home-brewn. Many clever persons designed many
good hash functions, and it is very easy to produce a very bad one. If
you don’t have very special needs, just take one which has been around
for a long time. One of the simplests are CRC32
(https://en.wikipedia.org/wiki/CRC32) and FNV-1/FNV-1a
(https://en.wikipedia.org/wiki/Fowler–Noll–Vo_hash_function#The_hash).
Or MD5 (https://en.wikipedia.org/wiki/MD5), which is completely broken
from a cryptographic point of view, but which totally suffices for your
application since anyone could simply compute the hash anyway, no
matter what complicated hash procedure you choose.

Cheers,
Felix>

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com


Felix Fontein – @Felix_Fonteinhttps://felix.fontein.de/

If you just want a checksum/hash you could make it harder to reproduce
by “salting” it, i.e. you don’t only hash the values saved in the
config, but add some secret random string to the to-be-hashed data.
Of course this isn’t super-secure either, but it’s better then nothing.

Cheers,
DanielAm 21.08.2014 07:25, schrieb Felix Fontein:

Hi,

We are currently working on a new shareware version of our word
spelling game “LettersFall”. We need to now protect somehow the
game’s saved data. Can someone make a recommendation to an easy to
implement data protection scheme?

what do you want to protect it from? From being modified by the user?
That’s simply impossible, you can only make that very hard, but you can
never stop a determined person from still being able to change it so
your programm will accept the result.

But still, you can make it more complicated :slight_smile:

If you want to protect yourself against data corruption (due to faulty
storage media etc.), using a simple checksum is fine. But don’t try
something home-brewn, use something well-known instead. A simple CRC32
is already a good start, or MD5. You can find enough implementations
online, so you don’t really have to know how to do it yourself.

In case you really want to encrypt, use a simple cipher (DES, AES, …:
again, you can find enough implementations online so there’s no need to
roll your own) with a fixed key which is hard-coded in your program.
This obviously isn’t very safe, since a determined person can extract
the key and encrypt/decrypt, but that requires some technical knowledge
and is a lot of work, which usually nobody bothers to invest.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values for
letters. The problem is that (3+2) = (4+1) and so on.

That’s what I meant with home-brewn. Many clever persons designed many
good hash functions, and it is very easy to produce a very bad one. If
you don’t have very special needs, just take one which has been around
for a long time. One of the simplests are CRC32
(https://en.wikipedia.org/wiki/CRC32) and FNV-1/FNV-1a
(https://en.wikipedia.org/wiki/Fowler–Noll–Vo_hash_function#The_hash).
Or MD5 (https://en.wikipedia.org/wiki/MD5), which is completely broken
from a cryptographic point of view, but which totally suffices for your
application since anyone could simply compute the hash anyway, no
matter what complicated hash procedure you choose.

Hi,

The saved data is […] shareware status.

this part is different from the others. You should not simply store
"this is shareware" or “this is not shareware”, but you should store
the user’s licence key (which he has to enter after buying your
game). The licence key should be some kind of cryptographic
signature, which can be checked with your public key (which is stored
inside the program), and which can only be created with your private
key (which you of course don’t store in your program). You check the
signature against the public key on every startup, and if it is valid
(and the signed data good), you know your game isn’t in shareware mode.

A determined user can still crack your program (like, remove the
check), but the probability for this is usually very low. The only
countermeasures for this are adding some kind of copy protection, but
these things only increase the level of annoyance, both for the cracker
and often also for the end user (because of sudden incompatibilities,
random crashes on some machines, …).

In case you want to do something like this, I recommend to not
implement the crypto stuff yourself (except if you really know what
you’re doing). It’s better to use a ready library for the crypto parts,
like NaCl (http://nacl.cr.yp.to/). Using a crypto library correctly is
already complicated enough, but still way simpler than rolling your own
crypto.

Cheers,
Felix> We don’t need 1024Bit encryption (it’s just a game

and not plans for a nuclear weapon). Looking for something simple and
easy to implement.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values for
letters. The problem is that (3+2) = (4+1) and so on.

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com


Felix Fontein – @Felix_Fonteinhttps://felix.fontein.de/

I kind of have to agree that even packing game data into a custom
container format has proven time and again to be merely an annoyance.

If you don’t want the user to have something without paying for it,
don’t give it to him until he does. Freemium games also work well by
allowing superior players access to perks by earning points, but
allowing lesser players to buy in a little at a time. They also
slowly ramp up the difficulty to addict players. Of course the
freemium games tend to be more casual in nature. Work out the same
formula for “serious” gamers and you’ve got a solid business model.
:wink:

JosephOn Thu, Aug 21, 2014 at 04:37:29AM +0200, Robotic-Brain wrote:

Don’t bother encrypting data for copy protection. There are whole
companies, which do nothing but DRM systems and even they get cracked
quite quickly.
So it’s just a waste of time and effort…

Additionally it’s just a punch in the face of the user!
Those who bought your game will definitively get problems with the
encryption someday. (I have games, which I’m not able to play anymore
because of that)
And those who “stole” it will have a much better experience - and
laugh at the “idiots” who bought it.

The only useful application for encryption is getting data across an
unsafe channel like the internet.


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

Don’t listen to the doom and gloom “More trouble than it’s worth” or,
“Too hard to do on your own” folks. Just store somewhere in your code, a
seed value that you’ll use to seed a pseudo random number generator (PRNG).

Then you take the data you want to obscure and you XOR each byte with a
byte of data from your (PNRG), writing the result out to disk.

To reverse the encryption, you just use the same seed for the PRNG and
the exact same process, and as you XOR the data read from disk with the
same stream of pseudo random digits, you convert it right back to it’s
original value.

Quick, simple, and as long as you don’t lose your seed value, reliable.

It’s not world class encryption, but it’s so close, the people who
defeat it will have to do so by figuring out your seed value. It will
keep the honest players from messing with your data.On 08/20/2014 03:44 PM, JeZ-l-Lee wrote:

[Off Topic]-Easy Method To Protect Game’s Saved Data?

Hi,

We are currently working on a new shareware version of our word
spelling game “LettersFall”.
We need to now protect somehow the game’s saved data.
Can someone make a recommendation to an easy to implement data
protection scheme?

The saved data is options, high scores, and most importantly shareware
status.
We don’t need 1024Bit encryption (it’s just a game and not plans for a
nuclear weapon).
Looking for something simple and easy to implement.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values for
letters.
The problem is that (3+2) = (4+1) and so on.

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com http://www.16BitSoft.com


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values for letters.
The problem is that (3+2) = (4+1) and so on.

Checksums (and CRC) cannot be 100% effective against those who temper with the file. Yet I think it does most of the time. I don’t there’s is a way to really prevent that to happens. What you can do is to apply multiple techniques to raise the level of the protection, but does that even necessary? I don’t know lol.

If you do it this way, you MUST provide your own implementation of a
PRNG. Using whatever the system supplies will guarantee precisely
the kind of problems the “More trouble than it’s worth” people are
talking about.

JosephOn Thu, Aug 21, 2014 at 01:06:16AM -0600, charlesw wrote:

Don’t listen to the doom and gloom “More trouble than it’s worth” or,
“Too hard to do on your own” folks. Just store somewhere in your code,
a seed value that you’ll use to seed a pseudo random number generator
(PRNG).

Then you take the data you want to obscure and you XOR each byte with
a byte of data from your (PNRG), writing the result out to disk.

To reverse the encryption, you just use the same seed for the PRNG and
the exact same process, and as you XOR the data read from disk with
the same stream of pseudo random digits, you convert it right back to
it’s original value.

Quick, simple, and as long as you don’t lose your seed value, reliable.

It’s not world class encryption, but it’s so close, the people who
defeat it will have to do so by figuring out your seed value. It will
keep the honest players from messing with your data.

On 08/20/2014 03:44 PM, JeZ-l-Lee wrote:

[Off Topic]-Easy Method To Protect Game’s Saved Data?

Hi,

We are currently working on a new shareware version of our word
spelling game “LettersFall”.
We need to now protect somehow the game’s saved data.
Can someone make a recommendation to an easy to implement data
protection scheme?

The saved data is options, high scores, and most importantly
shareware status.
We don’t need 1024Bit encryption (it’s just a game and not plans for
a nuclear weapon).
Looking for something simple and easy to implement.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values
for letters.
The problem is that (3+2) = (4+1) and so on.

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com http://www.16BitSoft.com


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

I kind of have to agree that even packing game data into a custom
container format has proven time and again to be merely an annoyance.

True story, from one of the biggest games of all time:

Blizzard really did not want people poking around in the internals of StarCraft.? They encrypted and obfuscated things seven ways from Sunday, using multiple layers of confusion to keep people out.? They even invented their own archive format called MPQ, and unlike civilized archive formats, it didn’t contain index metadata stating the names of each file.? No matter what the Wikipedia article “officially” says about it, I was there.? At the start, it was designed with one very specific purpose in mind: keeping people out.

Within the first year, this brilliant developer by the name of Andy Bond managed to reverse-engineer it, and figure out how Starcraft and StarEdit were accessing the archive files.? He built a tool called StarDraft that allowed people to extract data files and create patches that it could insert into StarCraft at runtime (without modifying the base archive), and a big modding community took off from that.

Blizzard could probably have sued him over that.? Technically it was against the EULA.? Heck, they probably could have sued me over some of the modding stuff I did once StarCraft got opened up by a handful of really smart guys like him.? But do you know what they did?

They offered Andy Bond a job.? Today he’s credited on some of their games, including World of Warcraft.On Wednesday, August 20, 2014 11:25 PM, T. Joseph Carter wrote:

I wouldn’t worry about creating your own PRNG. The ones available in
your development environment are heavily tested and any weaknesses are
public knowledge, a little research will tell you all you need to know,
but for this task, I wouldn’t stress it if all you had was a PRNG with a
known weakness. You’re not trying to redefine the state of the art in
encryption, you just need something quick, simple, reliable that has a
seed size of 32 bits or better (bigger is better).On 08/21/2014 04:00 AM, T. Joseph Carter wrote:

If you do it this way, you MUST provide your own implementation of a
PRNG. Using whatever the system supplies will guarantee precisely the
kind of problems the “More trouble than it’s worth” people are talking
about.

Joseph

On Thu, Aug 21, 2014 at 01:06:16AM -0600, charlesw wrote:

Don’t listen to the doom and gloom “More trouble than it’s worth” or,
“Too hard to do on your own” folks. Just store somewhere in your
code, a seed value that you’ll use to seed a pseudo random number
generator (PRNG).

Then you take the data you want to obscure and you XOR each byte with
a byte of data from your (PNRG), writing the result out to disk.

To reverse the encryption, you just use the same seed for the PRNG
and the exact same process, and as you XOR the data read from disk
with the same stream of pseudo random digits, you convert it right
back to it’s original value.

Quick, simple, and as long as you don’t lose your seed value, reliable.

It’s not world class encryption, but it’s so close, the people who
defeat it will have to do so by figuring out your seed value. It will
keep the honest players from messing with your data.

On 08/20/2014 03:44 PM, JeZ-l-Lee wrote:

[Off Topic]-Easy Method To Protect Game’s Saved Data?

Hi,

We are currently working on a new shareware version of our word
spelling game “LettersFall”.
We need to now protect somehow the game’s saved data.
Can someone make a recommendation to an easy to implement data
protection scheme?

The saved data is options, high scores, and most importantly
shareware status.
We don’t need 1024Bit encryption (it’s just a game and not plans for
a nuclear weapon).
Looking for something simple and easy to implement.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII values
for letters.
The problem is that (3+2) = (4+1) and so on.

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com http://www.16BitSoft.com


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

If you’re serious about selling your game, I would suggest joining an
organization like the Association of Software Professionals (
http://asp-software.org ).

It’s not very expensive and you’ll get advice and support from people
who’ve been selling independent software for decades.

Didn’t say write one. Just include one. Don’t count on the system
library because your system library is possibly going to use a
different PRNG than mine does.

JosephOn Thu, Aug 21, 2014 at 12:52:08PM -0600, charlesw wrote:

I wouldn’t worry about creating your own PRNG. The ones available in
your development environment are heavily tested and any weaknesses are
public knowledge, a little research will tell you all you need to
know, but for this task, I wouldn’t stress it if all you had was a
PRNG with a known weakness. You’re not trying to redefine the state of
the art in encryption, you just need something quick, simple, reliable
that has a seed size of 32 bits or better (bigger is better).
On 08/21/2014 04:00 AM, T. Joseph Carter wrote:

If you do it this way, you MUST provide your own implementation of a
PRNG. Using whatever the system supplies will guarantee precisely
the kind of problems the “More trouble than it’s worth” people are
talking about.

Joseph

On Thu, Aug 21, 2014 at 01:06:16AM -0600, charlesw wrote:

Don’t listen to the doom and gloom "More trouble than it’s worth"
or, “Too hard to do on your own” folks. Just store somewhere in
your code, a seed value that you’ll use to seed a pseudo random
number generator (PRNG).

Then you take the data you want to obscure and you XOR each byte
with a byte of data from your (PNRG), writing the result out to
disk.

To reverse the encryption, you just use the same seed for the PRNG
and the exact same process, and as you XOR the data read from disk
with the same stream of pseudo random digits, you convert it right
back to it’s original value.

Quick, simple, and as long as you don’t lose your seed value, reliable.

It’s not world class encryption, but it’s so close, the people who
defeat it will have to do so by figuring out your seed value. It
will keep the honest players from messing with your data.

On 08/20/2014 03:44 PM, JeZ-l-Lee wrote:

[Off Topic]-Easy Method To Protect Game’s Saved Data?

Hi,

We are currently working on a new shareware version of our word
spelling game “LettersFall”.
We need to now protect somehow the game’s saved data.
Can someone make a recommendation to an easy to implement data
protection scheme?

The saved data is options, high scores, and most importantly
shareware status.
We don’t need 1024Bit encryption (it’s just a game and not plans
for a nuclear weapon).
Looking for something simple and easy to implement.

I personally tried to implement a checksum, but it has some problems.
The checksum reads the file as int’s for numbers and ASCII
values for letters.
The problem is that (3+2) = (4+1) and so on.

Thanks in advance for your help!

JeZxLee
16BitSoft Inc.
Video Game Design Studio
www.16BitSoft.com http://www.16BitSoft.com


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org


SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org