Jump to content

  • Log In with Google      Sign In   
  • Create Account


How to 'ship' your game assets


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
16 replies to this topic

#1 cozzie   Members   -  Reputation: 1474

Like
1Likes
Like

Posted 12 May 2013 - 01:29 PM

Hi,
Like many of us I'm working on the next top gaming title. But before that, just doing some small games.
When I finished my first game I ran into something quite basic but never thought off.

My game folder concists of:
- an executable
- a data folder with sub folders for textures and sounds (bmp, png, tga, wav, mp3, ogg)
- some ascii files with highscores and own file format 3d scene information
- some X files (binary) with 3d meshes

What I want to prevent is to have all these assets and files 'open to public' within a grasp.
How would/ do you do this?

A few first thoughts:
- compress them all to a ZIP file, rename extension to i.e .abc
at runtime unpack the contents to a temporary folder (with some ZIP/ compression API).
Remove the files when application quits (how to handle non sunny quitting?)
- use some sort of DIY encryption and rename the file extensions
- ....

It's no problem if it's not waterproof though.
Really like to know your ideas and suggestions on this.

Sponsor:

#2 radioteeth   Prime Members   -  Reputation: 918

Like
2Likes
Like

Posted 12 May 2013 - 02:43 PM

You could always make your own format, the header would be an index (which associates file 'paths' with file offsets). Each file could be individually compressed, maybe even based on its data type, as audio and images are more efficiently compressed using methods suited to each. Perhaps even a layer of encryption, on the index header, and each asset itself, using your basic XOR against some generated value (from the asset's offset, name, etc)..

 

It's not difficult to write up a quick utility that will search out all the files in a folder, and its subfolders, and add them to such an asset package.

 

The *last* thing you want to do is extract an asset back to the disk, just to load it from there. You need to re-write your code so that it directly loads the asset from the packaged file. Writing it out to disk to load it is just silly.



#3 AllEightUp   Moderators   -  Reputation: 4122

Like
4Likes
Like

Posted 12 May 2013 - 03:18 PM

You are about to waste your time.  Once the game is in the hands of the user, you can encrypt, obfuscate and do anything else you want and it still takes about 10 minutes for anyone to browse textures, meshes etc.  Between DX intercept programs or format browsers such as http://multiex.xentax.com/, your users can get anything they want quickly.  Especially if you tried to encrypt the data, you have to provide the key so it doesn't take long for someone to dig that out and open the assets directly even if they don't want to use a DX intercept program.

 

You can of course do as you desire, but there is really little reason to put any effort into this just for obfuscation reasons.



#4 cozzie   Members   -  Reputation: 1474

Like
0Likes
Like

Posted 12 May 2013 - 03:35 PM

Thanks. Those are 2 completely directions :)
I personally think to agree withoption 2, don't waste all the time. Maybe for the feeling just rename files to associate them with my own code. Regarding the ascii files I might want to think about some sort of easy encryption (to just increase the effort needed to change quite some essential things in the game, like the highscore table :))

#5 AllEightUp   Moderators   -  Reputation: 4122

Like
0Likes
Like

Posted 12 May 2013 - 04:20 PM

I can understand 'wanting' to secure some data but really, once it is on the players machine, there is nothing you can do they likely can't hack in less time than it takes you to implement it.  A highscore table is just as invalid if they hack collisions/lives/etc as it is if they simply modify it directly.  So, why waste the time?  The only way to secure data is simply not give it to the user and store it on a server, of course garbage data in from hacked clients is still possible and invalidates the server data also, yer pretty much screwed either way..  :)



#6 Cornstalks   Crossbones+   -  Reputation: 6966

Like
0Likes
Like

Posted 12 May 2013 - 04:34 PM

One option is to not encrypt your data, but instead to hash its data when you load it to verify that the contents of the file haven't changed. You can precompute hashes of files, store then in your program in some array/map of strings or bytes, and when you load a file take the MD5 or SHA-1 hash of it and verify that it's the same.

 

You can also mix this up with other encryption/obfuscation schemes.

 

Of course, if someone wanted to hack your game, it would literally take them only minutes to figure it out and hack your game (regardless of what you do, encrypting, obfuscating  hashing, etc.), so I wouldn't bother with it. Once one person figures it out, he/she can make a tool for everyone. It's not worth your time, most likely. But of course, if you're programming for fun, and you have fun encrypting/obfuscating/hashing/etc, then go ahead and have some fun.


[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

#7 Fredericvo   Members   -  Reputation: 230

Like
0Likes
Like

Posted 12 May 2013 - 06:16 PM

Personally I store my assets as resources. (the Microsoft specific standard that stores icons, menus, some strings, bitmaps etc or custom data if you want)

I assume with resource editors it's still as simple to extract non-encrypted files of course but I can ship a stand-alone exe that self-contains everything.

If this solution interests you, look into the following functions on MSN: FindResource(), LoadResource(), LockResource()

The custom type is RT_RCDATA and is "defined" as 10. You would need to pass that value to the FindResource() function.

 

As an aside, I disagree that encrypting/obfuscating a program is useless because somebody in the world (a clever hacker) will undo that anyway. You can still buy some time and avoid every script-kiddie and his grandma to already steal your assets. If it were really useless then AAA titles wouldn't go to so much trouble doing it. Whenever you ask how to do this here, you are either suspected of wanting to bypass such a scheme yourself to steal a game (which sort of proves that such a system IS useful or why would they be so afraid that you bypass it) or maybe there is some elitism in which newbies aren't encouraged to be able to code to the same protected standards.



#8 Kryzon   Prime Members   -  Reputation: 2511

Like
0Likes
Like

Posted 12 May 2013 - 07:27 PM

There are some older threads with a similar subject here on GDev, and some of the posts in them make a great point on the subject - in fact, it would be a shame not to reference them:

http://www.gamedev.net/topic/506247-why-do-game-companies-use-custom-texture-formats-instead-of-the-dds-format/

http://www.gamedev.net/topic/605910-encrypting-images-png-with-directx/
http://www.gamedev.net/topic/577588-what-are-some-simple-ways-to-protect-my-games-assets-sprites-sound-music-etc/
http://www.gamedev.net/topic/316093-protecting-game-assets/
http://www.gamedev.net/topic/627723-packing-the-game-resources/
http://www.gamedev.net/topic/547471-protecting-shader-code/
http://www.gamedev.net/topic/555394-binary-file-writing-making-it-unreadable-c/

To my view, the point most people make against the encryption-for-protection idea is that the best kind of protection for your assets is the legal one. Make a good copyright claim, a good EULA document.
But they do make a point for managing your game asset file formats in a sense that you should write it in a game-engine specific, binary manner so as to load it as fast as possible (meaning just dumping the data to memory and setting up your pointers, without having to parse data extensively). This kind of binary file formatting provides a "side-effect", unintentional protection as you wouldn't be dealing the original formats anymore. So as Hannah Montana would say, it's the best of both worlds.


Edited by Kryzon, 12 May 2013 - 07:33 PM.


#9 AllEightUp   Moderators   -  Reputation: 4122

Like
1Likes
Like

Posted 12 May 2013 - 07:29 PM

As an aside, I disagree that encrypting/obfuscating a program is useless because somebody in the world (a clever hacker) will undo that anyway. You can still buy some time and avoid every script-kiddie and his grandma to already steal your assets. If it were really useless then AAA titles wouldn't go to so much trouble doing it. Whenever you ask how to do this here, you are either suspected of wanting to bypass such a scheme yourself to steal a game (which sort of proves that such a system IS useful or why would they be so afraid that you bypass it) or maybe there is some elitism in which newbies aren't encouraged to be able to code to the same protected standards.

I have never encrypted data in a game client and I've shipped quite a few.  Not bothering has nothing to do with elitism, or any particular belief things should be open/free for access, it is simple practical reality, it doesn't work and is a waste of time.  Additionally, if grandma wants to make her character pink instead of brown, more power to her as long as she enjoys the game and hopefully paid for it.  The only typical encryption in AAA titles, and it's just obfuscation really, is because the formats are written custom with practical reasons in mind such as speed, i.e. pack files are used by many games purely because it is hugely faster to load multiple pieces of data from a single already opened file than it is to load from multiple loose files.  Often the data is also compressed, again, this is not usually an attempt to increase obfuscation or implied encryption, it is just a practical reason that at the cost of some CPU it is faster to load and decompress than wait for an HD to read in the entire uncompressed piece of data.  Or the data looks like garbage but is really precompiled script VM or other things like that.



#10 stillLearning()   Members   -  Reputation: 212

Like
0Likes
Like

Posted 12 May 2013 - 07:37 PM

Perhaps something like BoxedApp is what you're looking after? It packs files into the executable and unpacks them in a virtualized environment for your game.exe to use. I'm not security expert at all (really, I haven't got the slightest idea what I am talking about!), but as far as I am concerned it gives you basic protection against DLL-injections and hides your resources from public view. Also you get a single binary for shipping. No installation required, just click the exe and run the game. Registry-values is saved in a virtual registry.


Edited by Kuxe, 12 May 2013 - 07:38 PM.

If you don't understand the stuff written here, please sharpen your C++ skills.


#11 kburkhart84   Members   -  Reputation: 1570

Like
0Likes
Like

Posted 13 May 2013 - 12:15 AM

I would have things simply renamed or compressed into zip files named something else.  The reason is that something this basic would stop many would-be hackers, and NOTHING will stop the real hackers.  Let's say that these simple things are 10% effort, with 100% being something like an all out DRM(like maybe the famous one from Spore that was cracked very quickly anyway).  The average game player may look at files, but when they don't see something familiar(like files with zip icons, etc...) they won't do much else.  Let's say this is 95% of the game players, which of course may be off, but it can't be THAT far off.  So....10% effort stops 95% of the players from hacking, and the other 5% wouldn't have been stopped even at 100% effort, so though there is no reaspon to go all out, there is also no reason to not do that small 10%.





#12 BGB   Crossbones+   -  Reputation: 1545

Like
0Likes
Like

Posted 13 May 2013 - 12:41 AM

non-standard file-formats are likely to be a bigger protection than encryption:

with encryption, once they figure out the basic algorithm and/or encryption keys, they are done;

with a non-standard file-format, they have the data, but may still need to go through the time/effort to reverse-engineer the file-format and write loaders/converters/...

 

granted, many straightforward uncompressed formats can generally be worked out pretty quickly just by looking at a hex-dump, but if it is a non-standard compressed format, there wont be so many obvious visual cues (it may well just look like a garbled mess of random bits).

 

like, say, the developer uses a custom arithmetic-coded BWT variant or similar (vs something more obvious, like Deflate... like person looks at a hex-dump and spots "78 DA" from the ZLib header or something... or if savvy, will recognize the magic numbers used in things like BZip2 and similar as well, ... at which point you have pretty much already lost...).

 

even as such, a determined person will still probably have it all figured out within a few days or weeks.

 

(then again, who knows, maybe if a person can devise "sufficiently convoluted" file formats, it might well slow them down... like, say, they didn't expect some random glob of compressed data to use right-to-left bit-packing, or variable-width gray-codes as numbers, or text strings are obfuscated as pseudo Chinese, or whatever else... then maybe figuring it out takes them around a month...).

 

 

granted, there are other reasons for making custom file-formats though...


Edited by cr88192, 13 May 2013 - 12:44 AM.


#13 AllEightUp   Moderators   -  Reputation: 4122

Like
2Likes
Like

Posted 13 May 2013 - 01:34 AM

Please don't take this as offensive, but it really comes down to several simple questions.  Who are you fighting?  Why are you fighting them?  And what do you think you gain in the process?  After 20 years of making games, I still don't follow this chain of thought, much like I don't believe in DRM beyond the "enter your key" level or non-intrusive Steam style which still allows play off line.  You are blocking 95% of folks from doing something they might enjoy because 5% scare you, but you admit the 5% will do it anyway so, what is actually gained?  If it makes the customer happy to fiddle with the assets on their local computer, that's fine with me.  Grammy thinks her character should wear pink instead of black, making it easy for her grandson to make the change will make them both happy in ways beyond the initial intention of the game.  If someone wants to use an asset as their Facebook image, please do, it's free advertising and the best form of up voting possible.

 

The only time worrying about asset integrity really matters is online games where modified assets can change the game experience for *others*, I don't give a damn what the hacker does locally.  Of course, this is generally going to be the 5% everyone so far as agreed that you can't beat, they will figure it out.  Asset protection locally isn't going to work against this group and all you can do is help prevent them from ruining the game for others which has little or nothing to do with preventing asset modifications.  Yes, common cheats are to hack opponent models to include huge axis bars so they show up from a long way away as easy to see, or to change shaders to render all opponents as hot pink without lighting.  Even if you could prevent this from the assets side, they can go in with D3D/GL intercepts and add it outside of your games control.  But, ignore all of that because it is way beyond the scope here.

 

So, back to the original point, the only people a single player game is fighting through obfuscation is your paying customer base.  Err, contradiction much, you are trying to entertain them but hiding a vector of entertainment value to some of them?  What a person does with their personal computer is not a damned bit of my business, just please clear your browser history before you let my niece and nephew use your computer.  :)  Other than the multiplayer aspect, everytime I see encrypt your files, obfuscate etc, I roll my eyes.



#14 BGB   Crossbones+   -  Reputation: 1545

Like
0Likes
Like

Posted 13 May 2013 - 03:00 AM

FWIW: I was sort of implying that all the effort that a person could put into encryption/obfuscation/... is ultimately pointless...



#15 cozzie   Members   -  Reputation: 1474

Like
0Likes
Like

Posted 13 May 2013 - 03:18 AM

Interesting thoughts, thanks everyone for all the input.
Probably this expains why ID ships big 'pak' files just to improve reading speed of the data. And another example, why valve ships a bunch of folders with wav files,which probably works fine for them in terms of speed/performance.

I'm going for the little effort option, which simply gives the folder contents the 'feel' I want it to have and keeps the 80% or 90% 'pickers' away.

@alleightup: I follow your thoughts, but when you're in startup, the beginning artist or sound guy in a team might also like it when there's at least a little measure on their content

#16 VladR   Members   -  Reputation: 722

Like
0Likes
Like

Posted 13 May 2013 - 01:18 PM

FWIW: I was sort of implying that all the effort that a person could put into encryption/obfuscation/... is ultimately pointless...

That is not entirely true and is entirely personal.

 

As the OP pointed out - the obfuscation will make the dev team feel safer about it - i.e. they're not just handing out the assets on the silver platter in the directory named "Take.Me.!!!"

 

The whole point of the obfuscation, as I see it, is to at least make it a little harder for the bastards that will take it and make them at least work for it (even if all it means for them is running another tool or two).

 

That, in my opinion, is well worth the few days of a programmer's time. What are 3-5 days on some bigger game, anyway ? It's a great learning excercise, plus it cleans out the whole directory of the old lingering mess.

 

Plus, as an added bonus, it makes those bastards curse as hell when they decrypt some nice welcome message (or some gory image you left for them in the textures directory) that you prepared for them and loose 15 more minutes - which is always welcome smile.png


VladR    My 3rd person action RPG on GreenLight:    http://steamcommunity.com/sharedfiles/filedetails/?id=92951596

 


#17 cozzie   Members   -  Reputation: 1474

Like
1Likes
Like

Posted 13 May 2013 - 01:54 PM

I fully agree




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS