15 replies to this topic

[riuthamus]

I want to release a playable version of our game so far but have some serious fears about doing so with C#. I was under the impression that C# was fairly simple to revers engineer.... if this is incorrect can somebody explain? I know that you can obscure the code with some external programs but none of them seem to be working for us. Any help or guidance with this would be greatly apprecaited.

[quiSHADgho]

I think your right about C# and reverse engineering but I also think theres always a way to do it so all you can do is try to make it has hard as possible. The best way would be to programm the sensible parts in C++ and use the unmanaged DLL in C#. If your using Visual Studio there should be a version of dotfuscator in it which you can use to obscure your code but I dont know if its free for commercial projects:
http://www.preemptive.com/products/dotfuscator/index.html
If you want to invest some money there are plenty programs out there. Just search for ".Net obfuscator". The first I found while searching was:
http://rustemsoft.com/SkaterLight.htm
It seems to be free for both personal and commercial use.

[mgoss]

I've tried both of those and they don't seem to like our code. :/

[darookie]

I wouldn't worry too much about people reverse-engineering your code. The ones that like to do this will find a way no matter what you do. It is true that .NET assemblies can easily be decompiled into fairly readable C# or VB.NET code. Even professional code obfuscation software can only do so much to avoid this. The question is - why are you so worried about anyone being able to read your code? The suggestion to rewrite parts of your game in C++ doesn't seem practical, btw. It requires a considerable amount of resources that are basically wasted because skilful people will easily be able to reverse engineer these parts, too. You basically only delay them for a bit.

Worrying about your game code "being stolen" is just like worrying about your game's artwork being "borrowed" by others. The only definite way to protect your code and game assets is to never actually release them to the public ;)

IMHO the following discussion might be useful regarding the topic:
http://stackoverflow...rse-engineering

The article about writing your own executable packer mentioned in the link above is no longer available, so I took the freedom of finding and attaching it, just in case you are still interested in protecting your code.

HTH.

Attached Files

•  CBM_1_2_2006_BigBoote_Own_Packer.pdf   987.69K   131 downloads

[Radikalizm]

The only solid way to protect any asset of your game, be it code or artwork, is to use legal protection.
As stated above, people will always find a way to reverse engineer your code, just like they'll always be able to get hold of your artwork, so releasing your application under a proper license is the only way to 'guarantee' that nobody will be able to use them for their personal gain.

[riuthamus]

Hm... interesting. Well I am very new when it comes to this so I am not sure what the best route would be. Any suggestions? I will do some research on what lisc. there are and how we can release them. Thanks guys and I hope to have an answer shortly so I can share my demo and see what people think.

Also thanks for the links, i will read them today.

Edited by riuthamus, 28 July 2012 - 02:30 PM.

[MrDaaark]

Not sure what the laws are where you are, but you usually just need to post a notice.

Copyright 2012 <Your name or company name>. All rights reserved.

[jefferytitan]

Off the top of my head, CIL/MSIL can be decompiled relatively easily - just check out Reflector to see what your code looks like decompiled. If it's a release build (e.g. no PDBs) then class, method and property names will be exposed but not local variable names and comments etc. Unless you some crazy new tech in it, I wouldn't worry much about people decompiling and stealing source. You could obfuscate it. You could make it challenging for people to easily mod it, for example store your level data as a public key encrypted byte array of serialised objects, then decrypt and deserialise it at runtime. But for most purposes it would be overboard. 99.999% of people wouldn't bother. For the rest, put a copyright notice both with the executable and in the executable, and perhaps put some signature weird code in it as a fingerprint so that you can prove in court (if necessary) that someone stole your code. I don't think it happens that often.

[riuthamus]

thank you all for the great suggestions. We have some small issues though

1) We have tried the obfuscate process and it only makes the game crash. Not sure what it doesnt like about our code...

2) I am not so worried about people taking the code right now, but rather, when we get further into development and I want to release a demo as well... i dont want to see it being taken at that point. With our modular design people will be able to mod this game with relative ease. I simply want something that will protect us ( slow them down ) while we are developing.

3) Lastly, we dont have any new tech out yet... but the idea is to hinder those people who are noobs trying to take stuff. I know determined hackers will always get to your stuff ( look at the mooage and diablo 3 crack ). I just want something to hinder them while I let the people who just want to play and try out the demo, play and try out the demo.

Maybe I am being paranoid about this, but what if I am not? Anyway, thank you for the great comments and for the suggestions. I will see if we cant get it to work, maybe we just need to find a good tutorial for this type of stuff!

Edited by riuthamus, 28 July 2012 - 04:24 PM.

[MrDaaark]

No one can protect their stuff. The android market is full of clones using roms, company names, assets, etc... The internet is even more full! Anything that can be created, digital or not, can be copied very easily.

The law is the only thing that works.

[fallenphoenix]

When I first started writing applications that I considered more than trivial, I spent a fair amount of time worrying about people stealing my code as well. As many have stated here, it's impossible to completely secure code, and I've come to believe it's actually not worth spending much time trying either. To me, if someone is stealing my code, they probably didn't have the ability to develop it themselves, and will likely end up with an obviously inferior product as a result.

[Postie]

Minecraft was inspired by another project called Infiniminer which was abandoned by it's creator about a month after release due to losing control of his own source code.

Quoted from RockPaperShotgun:
“I stopped working on Infiniminer when the source code was leaked. It was totally my fault, as that’s what I get for releasing an un-obfuscated .NET assembly, but it nevertheless enabled hackers to create hacked clients and players upset with my balancing decisions to fork and write their own clients and servers.”

So it's worth doing some really basic obfuscation and making sure you don't release debug builds. Also, listening to your community and getting them involved will eliminate the need for them to build their own stuff based off your work.

[riuthamus]

Perhaps it is a paranoid fear, but for now.. i am going to just hold on to the source until we can get it to work.

We have used alot of the ones suggested and all of them break reflection. Anybody have any other suggestions?

[riuthamus]

We found out why it was not working, We had to comment out all of the XML parts. The only product that looks like it does anything worth a damn is:

http://www.red-gate.com/products/dotnet-development/smartassembly/pricing

Although, that is a bit pricy... just to release a demo. Anybody have any suggestions for a very good obfuscation program that is relatively cheap? The one i linked about is really overboard for what we need but when we used reflection on it almost all of it was really jacked and hard to decipher. So something that would do that is the key. Thanks for the suggestions and any help you guys can provide. I am happy to get this started so we can start giving out demos for people to test stuff with.

[krippy2k8]

Don't listen to the people who say "somebody's going to reverse it anyway." While it is true that there are plenty of people that can successfully reverse-engineer your code regardless of what you do, there are many more people that can not if you use some type of obfuscation. Unless you release a really popular game, the chances are the people that can reverse-engineer obfuscated code are unlikely to bother with your game.

Legal protection only works if you have enough money to throw at a legal team and the hackers at hand happen to live in the US or other country with favorable IP laws, assuming you ever find out they stole your code.

Edited by krippy2k8, 03 August 2012 - 04:27 AM.

[riuthamus]

Thanks for the kind words. I agree with the fact that you cant stop it from being hacked, that is not the goal. The goal is exactly what you and others have said, stop the small timers from easily getting it, specially during the development phase. We have done some amazing work with voxel based systems and really would hate to see that show up in other places before we actually went public with the full game. Anyway, thank you again.