Concealing resources.
by Nathan Huffman · in General Discussion · 04/26/2006 (1:37 am) · 15 replies
I was curious about concealing your resources. For example, I downloaded the demos to a couple games created with the Torque Engine and you can browse into the data folders and just 'steal', browse, edit, replace, view, etc... you name it... on the game's resources (textures, models, etc, etc).
Is there a method to conceal this data included with Torque?
If not, what options do I have?
I don't like the idea of my game being 'open' in that manner. That was the major turn off with certain RPG point-and-click creation tools I used as a child :)
Thanks.
Is there a method to conceal this data included with Torque?
If not, what options do I have?
I don't like the idea of my game being 'open' in that manner. That was the major turn off with certain RPG point-and-click creation tools I used as a child :)
Thanks.
#2
04/26/2006 (1:57 am)
This has been discussed to death before, and this is the wrong forum. Search is your friend, and use the Torque Public/Private area.
#3
Could I ask quite quickly, is it even possible to conceal the contents of the main.cs file?
Perhaps I should continue my developement work and become more fimiliar with the system before being pesky.
At least this is the only concern I am asking about :)
Mincetro, thanks for the awesome responce.
04/26/2006 (2:37 am)
I apologize for the forum-troll-like intrusion, Stefan.Could I ask quite quickly, is it even possible to conceal the contents of the main.cs file?
Perhaps I should continue my developement work and become more fimiliar with the system before being pesky.
At least this is the only concern I am asking about :)
Mincetro, thanks for the awesome responce.
#4
04/26/2006 (2:45 am)
As Stefan said Search is you friend. The first hit on main.cs gave this www.garagegames.com/index.php?sec=mg&mod=resource&page=view&qid=6252
#5
from my experience with torque i think the biggest security concern for torque developers using torquescript is the .mis file. why arent these compiled as well? even the .gui files are compiled. in think tanks for example anyone can open up the .mis file and make changes to the actual game properties and environment. i wrote a bit of code a few months ago which writes all the mission data directly to an empty .mis file from a huge string during startup and erases the file during shutdown. it worked fine so it's there is a way to get around this in script and I'm sure those with access to the source could code other kinds of workarounds as well.
04/26/2006 (6:53 am)
Nathan you can implement the resource but keep in mind many commercial games are susceptible in this same way. many commercial games use some kind of text files which can be easily modified just like main.cs. UT for instance, uses .cfg files which can be changed directly. even if you zip up the resources anyone could jsut use winzip to unzip them and access all your media. the Q3 engine is susceptible to modifications this way. I dont think you should be concerned with this. the major benefit of zip encryption is that it reduces the overall size of your application which is more important.from my experience with torque i think the biggest security concern for torque developers using torquescript is the .mis file. why arent these compiled as well? even the .gui files are compiled. in think tanks for example anyone can open up the .mis file and make changes to the actual game properties and environment. i wrote a bit of code a few months ago which writes all the mission data directly to an empty .mis file from a huge string during startup and erases the file during shutdown. it worked fine so it's there is a way to get around this in script and I'm sure those with access to the source could code other kinds of workarounds as well.
#6
04/27/2006 (4:06 pm)
.cs files are compiled by torque into .DSO files... which are no longer text files. So you wouldn't need to worry about modiications as long as you delete the .cs files for the shipped version. And all media can be put into encrypted zip files.. which you can name whatever you want. So there's many ways to protect the data. Everything in the torque demo was purposefully left intact.
#7
My main concern is to prevent cheats as my game is intended to be mmo-like in nature.
04/27/2006 (6:19 pm)
Sean, I believe the trick behind zipping my resources would be encrypting the 'zip file' (or making it a passworded archive) with the 'password' embedded within the compiled executable. I've seen this done in other games.My main concern is to prevent cheats as my game is intended to be mmo-like in nature.
#8
04/27/2006 (7:47 pm)
.mis files are only run on a server, so it doesn't matter if a client changes theirs. And if you're making a single player game, it's the players perogative to cheat if they want to.
#9
04/28/2006 (2:23 pm)
That's just it, Paul. It's multiplayer and I don't want any seems left open for simple cheats.
#10
04/28/2006 (2:31 pm)
Like I said. They're only on the server. In a multiplayer game, the client's .mis files are irrelevant, they get all that data from the server version.
#11
Sure Torque checks Art for relevent files, but that can be easily diverted (has been in every title from half life to world of warcraft) so at least 'encrypted' resource files makes cheating not worth it, espically if I change up the encryption every patch.
05/25/2006 (1:29 pm)
Indeed. But what if a client replaces a lot of textures with transparent stuff to have some makeshift 'wallhack' (see through walls).Sure Torque checks Art for relevent files, but that can be easily diverted (has been in every title from half life to world of warcraft) so at least 'encrypted' resource files makes cheating not worth it, espically if I change up the encryption every patch.
#12
05/25/2006 (2:10 pm)
You can just simply design your own way of accesing the resources of the game. Instead of files you could create your own file system and place your resources inside there. 
#13
05/25/2006 (2:37 pm)
I haven't tried this myself, but look into getFileCRC and computeCRC. These may be able to help you setup a client validation process to make sure that client files do not differ from what the server expects them to have.
#14
A pack that let's developers make secure distributions and installations with the 3 engines.
05/26/2006 (9:58 am)
There is a customer / market for a Secure Torque Pack ...A pack that let's developers make secure distributions and installations with the 3 engines.
#15
05/30/2006 (5:40 pm)
I took the approach outlined by Matt, and it worked like a charm!
Torque 3D Owner iHugMedia