[this question has nothing login credentials, or user/player inputting kind of pass-phrase, etc; thank , keep reading.]
first off, question has sort of been asked, here , here. question different either of these though, because not connecting through internet data or concerned type of "logging in". put can, making game, , games resources encrypted proprietary format, takes single password decrypt data. have hide password in source code. can't think of other way keep password within application itself. encrypting password within file still take password, , starts endless circle of hide password, , on.
this got me wondering, how modern games handle resource decryption passwords? think of games call of duty, elder scrolls, grand theft auto, etc. encrypt data, right? means need password/salt/etc decrypt it. such password need within executable, too. so hide it? how obfuscate it?
i considered 1 option, seems pretty good. basically, construct method run through bizzare gauntlet of mathmatical computations, construct string, , return data serve password. rip method out of code , launch in own private app, @ least wouldnt blatant as:
public const string resourcedecryptionpassword = "my_awesome_decryption_password"; also, considered keeping password large hardcoded array of bytes, convert string during application start.
can suggest other solutions problem?
also, , forgot mention: source code of game obufsicated. no brainer, make difficult visually walk through code. need solution how hide password encrypted resources.
based on comments received, know "hiding" security key in code not practice. it's security through obscurity , it's not efficient.
for games, used long time ago. advance of world wide web, games required online connection register/activate game.
however, these games popular ended cracked whatsoever (by replacing online activation dummy check). that's why big part of modern games content (if not all) available when connected game servers.
anyway games retains parts of old scheme , use drm while others (pillars of eternity) don't have any.
the common principle drm make reverse engineering of key (or debugging of whole program) difficult: easy compute, difficult debug.
- like hundred or embedded encryption/decryption (with hundreds of keys).
- another example drm software process code vm.
- call unmanaged code decrypt data.
- detect debugger , kills it.
- generate decryption unmanaged code, compile , run it.
anything sufficiently complex do.
i've seen financial known console refused launch when vnc run on machine... others complained process explorer.
however, such hiding job complex , if you're saying code obfuscated, should handled obfuscation software.
way, shouldn't miss windbg if intent play games.
Comments
Post a Comment