Jump to content
  • Advertisement
Sign in to follow this  
Paradoxish

Verifying authenticity of a file

This topic is 4694 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hopefully this is a simple problem: Most of the important information for my current project is stored in external files that are loaded in at runtime, mostly during level loading. This is specifically being done to cater to modifications, but I'd still prefer that the game is relatively sure it's loading 'pure' files when a new, unmodified game starts. What I'm looking for is a way to test each file to be sure it's the same file that's expected. This is important, because modifications to the game are done by placing modified data files in a separate folder. The game only loads the modified files present in that folder and uses the default files for everything else - you can even mix and match modifications if the same files aren't found in both paths. Since some modifications may rely on the base files being intact, it's important for error checking that the game be able to report if the base files have been changed. It doesn't really matter to me if the system is easy to circumvent. Like I said, this is mostly an error checking mechanism; not a security one. If someone wants to go through the trouble of possibly breaking the game for no real gain, they're welcome to. What's the best way to approach this? Or hell, what's any way to approach this? Most of the ideas I've been trying haven't worked too well. [smile]

Share this post


Link to post
Share on other sites
Advertisement
You can generate a hash or CRC of each file and check the hash when loading. Things like MD5 or CRC32 would probably work ok in this case.

Share this post


Link to post
Share on other sites
Quote:
Original post by SiCrane
You can generate a hash or CRC of each file and check the hash when loading. Things like MD5 or CRC32 would probably work ok in this case.


That's pretty much what I was thinking, although I was considering doing a hash list of all the data in each file so problems could be pointed out more specifically. That's probably more trouble than it's worth for my purposes, though.

Anyway, thanks. I guess I wasn't really on the wrong track after all. [smile]

Share this post


Link to post
Share on other sites
Keep in mind MD5 and SHA-1 have been compromised.

If this is just for a small game then I wouldn't worry. However if you're working on a mainstream project with 10,000+ potential users, or if your system is at all automated or distributed, then you will want to go with something more secure like SHA-256.

While a small game with a small user base might not be tempting, a large one could be a good vector for spreading viruses, etc. If it took 2 years to discover a hash collision for a malicious file before, then it can be done by those same people in about 8 hours now.

Share this post


Link to post
Share on other sites
This all depends on need. For example, error detection, a simple xor checksum would work fine. Run through every four bytes of a file, xoring each together, and store the 32 bit xor checksum in a table file.

For security, as in to verify that the files haven't been changed by the users at all, calculate the SHA-512 hashes for each file and store them on a table within the sources of the program (or, if its an MMO game, on the servers to be checked on connect).

Share this post


Link to post
Share on other sites
Quote:
Keep in mind MD5 and SHA-1 have been compromised.


There's no practical way for a home user to use those attacks.


Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!