Question about Resource Encryption

Hi there,

I was thinking about encrypting me resource so I could actually prevent from everyone being able to just copy the models/textures etc.

Since changing the Encryption key of the .res files is fairly easy to figure out, I was wondering what other suitable ways of encrypting the client there are.

I know that many released sources use AESCrypt, how safe is this form of encryption?

Also, are there any other recommended encryption softwares?

Regards.

Don't encrypt, obfuscate.

Quote:

Originally Posted by Naltalah Hi there, I was thinking about encrypting me resource so I could actually prevent from everyone being able to just copy the models/textures etc. Since changing the Encryption key of the .res files is fairly easy to figure out, I was wondering what other suitable ways of encrypting the client there are. I know that many released sources use AESCrypt, how safe is this form of encryption? Also, are there any other recommended encryption softwares? Regards.

The issue with encryption is not the AESCrypt tool itself, encrypting data with AES is actually pretty secure since if correctly implemented there is no known way yet to decrypt data without the key. The most common mistake with these AES tools is to just change the AES key in source code because when you compile the game the key has to be embedded into your executable. The compiler doesn't know that this key is highly sensitive data so it will just be put somewhere easy accessible and if you're good in reverse engineering you can easily retrieve the key from the game executable because you know what you're looking for. Try generating the key at runtime by using math, shift it through random arrays, use a lot of loops and jumps. That all will lead to a more obfuscated and scrambled result in the final executable and it will be harder to retrieve the key.

Quote:

Originally Posted by Graphicscore The issue with encryption is not the AESCrypt tool itself, encrypting data with AES is actually pretty secure since if correctly implemented there is no known way yet to decrypt data without the key. The most common mistake with these AES tools is to just change the AES key in source code because when you compile the game the key has to be embedded into your executable. The compiler doesn't know that this key is highly sensitive data so it will just be put somewhere easy accessible and if you're good in reverse engineering you can easily retrieve the key from the game executable because you know what you're looking for. Try generating the key at runtime by using math, shift it through random arrays, use a lot of loops and jumps. That all will lead to a more obfuscated and scrambled result in the final executable and it will be harder to retrieve the key.

Alright, this makes sense. I was just wondering if there are any easy to get into alternatives are. I know that things like VMProtect exists, yet I'm not really sure on how to implement it or work with it.

And to be completely honest, I'm still a noob when it comes to this, so I'm more or less interested in how this stuff works in the first place.

afterall im sure you can get the resources in simple way:

Call the decryption method from the client itself, or simply dump the graphics in runtime.

Im not sure if ure able to protect your models n stuff fully. There's allways a way :P

Just try to pass 99% of the script kiddies arround, a medium-strong obfuscation should be more then enough but its up to you to complicate it as much as you wish to (:

Cheers

Quote:

Originally Posted by netHoxInc afterall im sure you can get the resources in simple way: Call the decryption method from the client itself, or simply dump the graphics in runtime. Im not sure if ure able to protect your models n stuff fully. There's allways a way :P Just try to pass 99% of the script kiddies arround, a medium-strong obfuscation should be more then enough but its up to you to complicate it as much as you wish to (: Cheers

Yup, that's the problem here, there's always some way of course, since a decryption exists for obvious reason. I just want something that protects any potential bought models from just being openly in the client folder. :heh:

go for AES then, can recommend it aswell.