Verifying authenticity of a file
Author
Hopefully this is a simple problem:
Most of the important information for my current project is stored in external files that are loaded in at runtime, mostly during level loading. This is specifically being done to cater to modifications, but I'd still prefer that the game is relatively sure it's loading 'pure' files when a new, unmodified game starts. What I'm looking for is a way to test each file to be sure it's the same file that's expected.
This is important, because modifications to the game are done by placing modified data files in a separate folder. The game only loads the modified files present in that folder and uses the default files for everything else - you can even mix and match modifications if the same files aren't found in both paths. Since some modifications may rely on the base files being intact, it's important for error checking that the game be able to report if the base files have been changed.
It doesn't really matter to me if the system is easy to circumvent. Like I said, this is mostly an error checking mechanism; not a security one. If someone wants to go through the trouble of possibly breaking the game for no real gain, they're welcome to.
What's the best way to approach this? Or hell, what's any way to approach this? Most of the ideas I've been trying haven't worked too well. [smile]
You can generate a hash or CRC of each file and check the hash when loading. Things like MD5 or CRC32 would probably work ok in this case.
Author
Quote:Original post by SiCrane
You can generate a hash or CRC of each file and check the hash when loading. Things like MD5 or CRC32 would probably work ok in this case.
That's pretty much what I was thinking, although I was considering doing a hash list of all the data in each file so problems could be pointed out more specifically. That's probably more trouble than it's worth for my purposes, though.
Anyway, thanks. I guess I wasn't really on the wrong track after all. [smile]
Keep in mind MD5 and SHA-1 have been compromised.
If this is just for a small game then I wouldn't worry. However if you're working on a mainstream project with 10,000+ potential users, or if your system is at all automated or distributed, then you will want to go with something more secure like SHA-256.
While a small game with a small user base might not be tempting, a large one could be a good vector for spreading viruses, etc. If it took 2 years to discover a hash collision for a malicious file before, then it can be done by those same people in about 8 hours now.
If this is just for a small game then I wouldn't worry. However if you're working on a mainstream project with 10,000+ potential users, or if your system is at all automated or distributed, then you will want to go with something more secure like SHA-256.
While a small game with a small user base might not be tempting, a large one could be a good vector for spreading viruses, etc. If it took 2 years to discover a hash collision for a malicious file before, then it can be done by those same people in about 8 hours now.
This all depends on need. For example, error detection, a simple xor checksum would work fine. Run through every four bytes of a file, xoring each together, and store the 32 bit xor checksum in a table file.
For security, as in to verify that the files haven't been changed by the users at all, calculate the SHA-512 hashes for each file and store them on a table within the sources of the program (or, if its an MMO game, on the servers to be checked on connect).
For security, as in to verify that the files haven't been changed by the users at all, calculate the SHA-512 hashes for each file and store them on a table within the sources of the program (or, if its an MMO game, on the servers to be checked on connect).
Quote:Keep in mind MD5 and SHA-1 have been compromised.
There's no practical way for a home user to use those attacks.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
