It's simple. I'm saving data from my game onto INI files. I don't want people to be able to edit it. So, I want some way to totally prevent someone other than myself (and the game) from accessing those files.
I know there's this Encryption object by a certain Mokhtar, but it encrypts too easily and has a little trouble decrypting it. Even then, it's hard to make sure that it doesn't double encrypt or double decrypt the file.
So, any ideas, good people?
Disclaimer: Any sarcasm in my posts will not be mentioned as that would ruin the purpose. It is assumed that the reader is intelligent enough to tell the difference between what is sarcasm and what is not.
If you've got mmf 1.5 go for the file encoder object, you can even make up your own encryption keys or do a byte shift or do double encryption... whatever you want
Everyone on TDC seems really far behind the latest stuff - get the Clickteam Bonus Pack and use the Blowfish encryption object, or use the Binary object's Blowfish encryption. Blowfish is by far the most secure encryption available to use Clickers...
My method: use 4x encryption on the file encryptor. Zip up the file in a ~64 to ~128 char password protected zip archive. Use blowfish encryption on the archive.
It worked for my RPG engine in TGF, so should be easy in MMF.
This is a fairly easy (albiet slow) method, which isn't really encrypting but still protects your data:
Say your INI (in this example, it's for an RPG) looks like this:
[PlayerInfo]
HP=120
MP=20
LVL=4
You will want to add another group:
[Security]
SEC1=144 (HP Value + MP Value + LVL Value)
SEC2=290 ((SEC1 Value * 2)+ 2)
SEC3=48 ((MP Value + LVL Value)* 2)
SEC4=63 (15 + SEC3 Value)
Now, this may look wierd, but these are your security values. Have the first frame of your game run tests to see if the SEC values add up to what they're supposed to. If they don't, take the player to a "Save game has been modified" screen and from there you can erase all saved data or make it quit, or whatever.
For example, in frame 1, have counters for all of your INI values (ie. HP Counter, MP Counter, LVL Counter, SEC1 Counter, SEC2 Counter, SEC3 Counter). Then make each one load correctly, ie.
- Start Of Level
: Set INI file to "YourGameName"
: Set Group to PlayerInfo
: Set Item to HP
: Set 'HP Counter' to value from INI
etc.
Then, have the level test to see if any of the SEC values aren't what they're supposed to be. For example,
(Negate) SEC1 Counter = HP Counter + MP Counter + LVL Counter)
: Go to frame X
(Negate) SEC2 Counter = (SEC1 Counter * 2)+ 2
: Go to frame X
etc.
(Where X is your 'save game has been modified' frame)
Then, simply have an event that makes the game proceed to the main menu / your company logo screen after 1 second (The INI values and Counters should load up way before 1 second is over, make it 2 seconds if you're unsure).
Now, if you've got your 'quit' option to exit you straight from the game, have it send you to a 'quit' frame instead. Do with this frame exactly what you did with your first one that tests security (ie. a Counter for each INI value), only instead of having the security values TEST if they're right, instead have them change to the values they're supposed to.
Add the following events:
- Start Of Level
: Set SEC1 Counter to (HP Counter Value + MP Counter Value + LVL Counter Value)
: Set SEC3 Counter to ((MP Counter Value + LVL Counter Value)* 2)
- SEC1 Counter > 0 (Because this SEC value gains its value from SEC1)
: Set SEC2 Counter to (SEC1 Value Counter * 2)+ 2
etc.
- SEC3 Counter > 0 (Because this SEC value gains its value from SEC3)
: Set SEC4 Counter to (15 + SEC3 Counter Value)
- SEC1 Counter > 0
: Set INI file to 'YourGameName'
: Set group to Security
: Set item to SEC1
: Set value to SEC1 Counter Value
- SEC2 Counter > 0
: Set INI file to 'YourGameName'
: Set group to Security
: Set item to SEC2
: Set value to SEC2 Counter Value
- SEC3 Counter > 0
: Set INI file to 'YourGameName'
: Set group to Security
: Set item to SEC3
: Set value to SEC3 Counter Value
- SEC4 Counter > 0
: Set INI file to 'YourGameName'
: Set group to Security
: Set item to SEC4
: Set value to SEC4 Counter Value
- Timer equals 0"01'00 (or 0"02'00)
: End the game
Your INIs should now be secure, because if one of the security values doesn't add up to what it's supposed to, it'll make the game declare that the save game has been modified and it will take the appropriate action. Also, player's can't edit the files because they don't know the SEC Value formulas. Of course, with this method you can't protect strings, such as a high score name. Only values, you hear!
Of course, you can change the names of the Security items, and the formula, but avoid the following:
Using DIVIDE to find a value
The reason? Let's say that your HP value is 31. If you have the formula for SEC1 equal HP/2, then the SEC1 Value would be 15. If you ever need to make the game translate this number by multiplying by 2, the resulting value will be 30, NOT 31.
Using SUBTRACT when the value could end up negative
Negatives stuff up all of this, so if your HP was 100 and your MP was 30, and you wanted your formula to be MP-HP, you'd end up with a negative value. Just avoid using subtracts at all.
Finally, the more SEC values you have, the harder your security is to crack, but the more time you'll use. All known faults with this system are listed below:
- Can't protect strings
- 'Translating' can come up with the wrong numbers if you don't use brackets correctly (assuming you use translating)
- Can't use subtract in a formula without the possiblity of changing a value
- Can't use divide in a formula without the possiblity of changing a value
Hope this helps! Any other flaws that people can see, please point them out, as this is the only method I have for protecting my own games' data!
Yeah, you'd probably have to rename HP, MP, LVL, etc. to something like BR_GBS1 or something cryptic so people can't see exactly what they're trying to modify. But yeah, my idea does work, even though it takes a while to get working. It's a shame about not being able to protect strings, though. But then, every string that was saved would probably be something like, Player Name, etc. so you wouldn't have to worry about protecting that. If the player wants to change their name, let them!
I forgot how I did ps1. I'll try and figure it out later.
The calculation for HP works fine with dividing in TGF, so long as the hp does not go extremely low, or negative (see bottom)
HP = 120
MP = 20
Lvl = 4
[playerinfo]
ps0 = 24
ps1 = 396
ps2 = 5
ps3 = 184
Check1: Number of items = lvl
Check2: If ps2 = number of items+1
// have level
Check3: Mana = ps0+lvl
// have mana
Check4: ((ps3-lvl)*2)/3 = HP
// have hp (Check: 120+(120/2) + lvl = 184)
// If 119 + (119+1)/2[60] + lvl = 183
// If ((183-4)*2)/3 = 358/3 = 119
// If 118 + (118+1)/2[59] + lvl = 181
// If ((181-4)*2)/3 = 354/3 = 118
// If 117 + (117+1)/2[59] + lvl = 180
// If ((180-4)*2)/3 = 352/3 = 117
// If 116 + (116+1)/2[58] + lvl = 178
// If ((178-4)*2)/3 = 348/3 = 116
"The calculation for HP works fine with dividing in TGF"
That depends what you divide it by. The trouble is, it's possible to have a lower HP value than whatever you put after the divide. For example, the user saves the game with only 10 HP left, but has 15 Mana. If your formula is:
ps1=HP/MP
10 / 15 = 0.66666666666666666666666666666667
And that can't be used!
Basically, you have to avoid subtracts and divides just in case any given value is saved lower than the one you need to subtract from it, or divide it by.
I dunno about you lot, but when I made games, I enjoyed building whole new fileformats to save with.
It narrows down the number of possible hackers to those with hex-editing knowledge. Couple that with a few checksums, and you're already on your way to a pretty secure lump of stuff. Do a bit of blowfish on some of the data inside, and no one'll be cracking that any time soon.
I like my own file formats, because you can tailor them for maximum game efficiency. When working on a level format, for example, I could arrange the data in the order it would be read, making loading a much quicker and simpler process.