current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Game Development Stack Exchange is a question and answer site for professional and independent game developers. Join them; it only takes a minute:

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote -1 down vote favorite

Currently when launching the client of the game, it connects to the server and loads all the cachedata in a normal form (= folders, .txt files and .png files). However I don't like that the players can edit the images very easily and read all the .txt files etc.

  • How could I deny user access to the cache or hide it? (in java)
  • Is there anyway to save .png images in a text form and load them into images using somekind of decrypt system?
  • How's that kind of stuff normally done?
share|improve this question
1  
You can't deny forever the user from tampering with the files; some users are smart and very determined. You can make it harder, however, by putting your files in a large zip file, for instance, and renaming the extension, would at least hide it from most users. – Alexandre Vaillancourt Mar 12 '15 at 14:13
    
Possible duplicate: gamedev.stackexchange.com/questions/23296/… – Byte56 Mar 12 '15 at 14:27
1  
Why do you want to deny access to the user in the first place? By designing the game as transparent as possible you are providing fertile soil for a modding community to grow. – Philipp Mar 12 '15 at 14:42
up vote 0 down vote

As the game executable has to be able to decode the data to use it, there is no protection from an user determining the decryption key and doing the same to read the data.

You can get limited protection from modifying files by encrypting them with a private key server-side, as the user will not be able to encrypt new data in a manner that is decryptable by the public key present in the executable. This of course does not protect against the user modifying the decryption key in the executable and re-encrypting all the data with a private key of their own.

If this is a multiplayer game, there's no end to the amount of attempted countermeasures you can do, and there's a whole industry around mitigating them.

If this is a single player game, let the user do what they want. Moddability tends to be a net win in publicity and is likely to extend game longevity way past what you intend it to.

share|improve this answer
    
I know that there's no way to make the user completely unable to use the data and edit it.. but atleast I'd like to make it hard to do that.. like if you check clients of other online games like runescape/league of legends/any other, their caches do not have pure .model files there, I'm wondering what would be a way to make something like that? – minisurma Mar 12 '15 at 17:42
up vote 0 down vote

What do you want to prevent? Editing or reading?

Preventing reading is impossible. Your client has to be able to read and display the images and text files to allow playing the game, so everything someone would need to crack any protection you add would always have to be included in your client software.

If you want to make it less tempting for a user to just go in the files and read the text or look at the images and get the solution to a riddle too easily, use a simple transformation on your text and images, like XORing each byte with a fixed number or Rot13. But since users can go online and read walkthroughs, why bother?

If you want to prevent editing (why? You'll prevent modders from modding your game, making it popular, and becoming already-educated future employees or collaborators), use a checksum or a signature. That will let you detect that a file has been modified and reject (or re-download) it. Checksums are not that hard to figure out. Signatures are pretty much impossible to figure out (OpenSSL will let you sign stuff). For signatures, there is a "private" key you use to sign the code, and a different "public" key your client uses to, but since a user can edit the client software on their hard disk, they could still replace the public key in the client with their own public key and sign their changed version that way.

So in the end, if it's on the user's computer, the user can edit it. The only way to avoid the client from editing the game to make it easier is to not transfer the data to the client's machine until they actually need it, and to cache as little as possible.

Also, if your game is a network game, you need to be even more paranoid and only send user actions to the server, not results of the actions, because anyone can hack the client to transmit "I just killed 1000 monsters", while it's harder to send messages that say "step forward, step forward, step forward, strike" to kill a monster.

share|improve this answer
    
The signature stuff sounds really good, I think. And well if you guys really think that it's not worth trying to prevent editing the files maybe I won't. It just seems a bit stupid that you can find every single piece of equipment from a single folder and just change the names to make the worst equipment get the skin of the best one and stuff like that.. (of course only for that user though..) Also I think if you see lots of different looking images all around the internet of the game, it might be a bit confusing? Well maybe it's just me and my stupid ideas – minisurma Mar 12 '15 at 17:52

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.