Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

AppGameKit Classic Chat / HTML5 - security of assets

Author
Message
Jambo B
15
Years of Service
User Offline
Joined: 17th Sep 2009
Location: The Pit
Posted: 21st May 2016 09:41
Link
Hi all,

First off - most impressed by AppGameKit on HTML5. Very nice.

I've been looking at how to protect assets from just being downloaded from the app's folder when stored on a webserver.

The problem is, that if the address "http://whateversite.com/MyApp/AGKPlayerData.data" (for example) is entered into the browser, the graphics for the game can be downloaded and nicked. I know we could encrypt these, by the way. This thread is about how we could secure these files so that Joe Public could not get at them in the first place.

I have tried setting permissions on the other files in the folder, but AGKPlayer needs to be able to read these to run the game. AGKPlayer's security context is the same as a public viewing of the website, so if we make the files unavailable to the outside world, AGKPlayer can't get at them either.

To my mind, there are two options here. Firstly, find some way to run AGKPlayer in a different security context so that it can access the protected files it needs. I don't know how you'd do this.

Secondly, randomise/mangle the filenames in some way. Maybe put all files apart from the html and related graphics into a randomly-named subfolder (AGKPlayer would somehow know this name, and be able to find its files).

Just thinking aloud. Does anyone else have any thoughts about this?

Cheers,

James
Back to top
Profile PM
janbo
16
Years of Service
User Offline
Joined: 10th Nov 2008
Location: Germany
Posted: 21st May 2016 11:07 Edited at: 22nd May 2016 18:39
Link
Hi Jambo,

How about encrypting the media files itself with the memblock commands.
And then decrypt them in runtime, of course it would take it's time.
https://www.thegamecreators.com/pages/newsletters/newsletter_issue_151.html

Using AGKv2 Tier1
Back to top
Profile PM Email Website
Blendman
10
Years of Service
User Offline
Joined: 17th Feb 2014
Location: Arkeos
Posted: 21st May 2016 12:10
Link
Hi

Quote: " the graphics for the game can be downloaded and nicked."
How do you do to get the graphics/sounds or other files from AGKPlayerData.data.
I guess it's a data files, so I'm not sure it's easy to get the files from this .data

For my game, I encrypt the files I would like to protect.
AGK2 tier1 - http://www.dracaena-studio.com
Back to top
Profile PM Website
Jambo B
15
Years of Service
User Offline
Joined: 17th Sep 2009
Location: The Pit
Posted: 21st May 2016 16:24
Link
Hi,

When I downloaded AGKPlayerData.data from the webserver by entering the address "http://whateversite.com/MyApp/AGKPlayerData.data" (for example), Firefox displayed it as an image.

I agree with you about the encryption - I just wondered if there could be a way to prevent assets and other files from being downloaded from the server in the first place.

James
Back to top
Profile PM
Paul Johnston
TGC Developer
22
Years of Service
User Offline
Joined: 16th Nov 2002
Location: United Kingdom
Posted: 22nd May 2016 16:53
Link
Quote: "When I downloaded AGKPlayerData.data from the webserver by entering the address "http://whateversite.com/MyApp/AGKPlayerData.data" (for example), Firefox displayed it as an image."

It probably recognised one of the images in the file, but the individual media files are not easily accessible. However it is impossible to prevent someone just downloading the data file and figuring it out since the browser has to do so to hand the files to AGK. If you're really concerned about it then the best way would be to use memblocks to change all or part of the file in some way and undo it before loading. That would hide the media loading process inside your code, and be unique to you, making it much harder to figure out.

But ultimately if the user is able to see or hear in the app the media you are trying to protect, then it's impossible to stop them copying it whilst still letting them see it. You can only increase the amount of work they have to do, and then it only takes one person willing to put in that effort to undo it.
Back to top
Profile PM Email
BatVink
Moderator
21
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 22nd May 2016 17:12
Link
Quote: "and then it only takes one person willing to put in that effort to undo it."


...Although that person is probably putting their efforts into cracking Doom, GTA or some other AAA title.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Quidquid latine dictum sit, altum sonatur
TutCity is being rebuilt
Back to top
Profile PM Email
Jambo B
15
Years of Service
User Offline
Joined: 17th Sep 2009
Location: The Pit
Posted: 22nd May 2016 18:20
Link
Quote: "...Although that person is probably putting their efforts into cracking Doom, GTA or some other AAA title."


I'm sure you're right, BatVink, I don't think they'd be interested in my 'home-made' assets!

Licensed assets, on the other hand, have to be as inaccessible as possible - as per the agreement. I agree that the memblock and encryption which Paul mentioned above is the way to go.

Thanks all,

James
Back to top
Profile PM
Digital Awakening
AGK Developer
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: Sweden
Posted: 22nd May 2016 22:03
Link
Is it possible to use memblocks to protect music files too? IIRC AppGameKit streams them. And I am thinking more for PC release specifically as they are fully open as is.
Back to top
Profile PM Website
Back to top

Login to post a reply

Server time is: 2024-11-25 05:25:17
Your offset time is: 2024-11-25 05:25:17