Sign in to follow this  
Medo Mex

Protecting game data against theft or modification

Recommended Posts

Medo Mex    891
How leading games protect their models, textures and other game data against theft or modification?

Does they use encryption methods? If so, what is the encryption method that's commonly used in popular games especially First-Person Shooter games? Edited by Medo3337

Share this post


Link to post
Share on other sites
Steve_Segreto    2080
It appears to me they don't. I haven't seen any resources that are encrypted. Usually they are compressed or packed into some archive file format, but not encrypted. Most games also have an active modding community so the art resources aren't validated client side. There are always exceptions of course. ..

Share this post


Link to post
Share on other sites
Hodgman    51325
[quote name='Medo3337' timestamp='1354034940' post='5004560']If so, what is the encryption method that's commonly used in popular games especially First-Person Shooter games?[/quote]Regular .zip or .7z files, with the file extension renamed. Really.

When you play online, the hash of important assets is compared with the server to check if they've been modified. Of course, you could hack the exe to make it lie about the hashes, so they then need 3rd party cheat detectors like PunkBuster/VAC to ensure the exe isn't modified, and then the anti-cheat programs need clever mechanisms to ensure the anti-cheat hasn't been cheated, and so on. Edited by Hodgman

Share this post


Link to post
Share on other sites
TheChubu    9454
Have in mind that videogames can use gigabytes and gigabytes of content. Decrypting it on the fly while running the game would take too much time and processing power to actually have a playable game running besides the whole decryption proccess (that or awfully long loading screens).

(im talking about actual encryption of the data, not just compression) Edited by TheChubu

Share this post


Link to post
Share on other sites
L. Spiro    25638
It is not possible to protect your game’s data. Most companies by now have realized this and simply allow their compression to act as a weak encryption rather than adding additional layers of protection for basically nothing.

Besides, if the encryption method was common, it would defeat the purpose of encryption. If you (think you) need it, make it yourself. Using one that is already well understood and cracked won’t be of much help.


L. Spiro

Share this post


Link to post
Share on other sites
SimonForsman    7642
[quote name='L. Spiro' timestamp='1354235688' post='5005521']
Besides, if the encryption method was common, it would defeat the purpose of encryption. If you (think you) need it, make it yourself. Using one that is already well understood and cracked won’t be of much help.

L. Spiro
[/quote]

It might be worth adding that this recommendation only holds if you are using encryption to prevent a user from copying/reading/modifying data on his own machine while that exact same machine running your software has to be able to decrypt that data.

When you are using encryption to send data to another person / machine and want to ensure that only that person / machine can read the data you should use a popular, well known and well tested encryption system.

Share this post


Link to post
Share on other sites
Medo Mex    891
[quote]Have in mind that videogames can use gigabytes and gigabytes of content.[/quote]
Remember that you only need to decrypt one single mission data to render the mission world, some encryption methods are fast especially because you are dealing with memory and not storage device.

Share this post


Link to post
Share on other sites
kubera    1589
For protecting your application, you could sign it by the Authenticode certificate.
Such application would check data's integrity.

Protecting resources in the GPU would be a problem.

Share this post


Link to post
Share on other sites
Bacterius    13165
[quote name='TheChubu' timestamp='1354235373' post='5005515']
Have in mind that videogames can use gigabytes and gigabytes of content. Decrypting it on the fly while running the game would take too much time and processing power to actually have a playable game running besides the whole decryption proccess (that or awfully long loading screens).

(im talking about actual encryption of the data, not just compression)
[/quote]
That's not possible. Encryption, when done right with the appropriate algorithms, is considerably faster than disk I/O, it cannot be a bottleneck (RC4 on an average processor can reach 600MB/s, that's on a single core). The main reason it's not done is that it's useless. By definition, any data that is going to be used by the program must be decrypted somehow, leaving it free to be read by anyone skilled enough to do so, no matter how many security checks you put in your code. Simply not encrypting, and renaming the compressed file, is enough to throw off near 100% of those who would steal the assets, at which point it's no longer cost-effective to work towards improving asset security.

[quote name='kubera' timestamp='1354276081' post='5005662']
For protecting your application, you could sign it by the Authenticode certificate.
Such application would check data's integrity.
[/quote]
Unfortunately this will do nothing. Anyone smart enough to do so will simply remove the integrity check from the binary, and there goes your clever scheme.

Share this post


Link to post
Share on other sites
kubera    1589
[quote name='Bacterius' timestamp='1354283400' post='5005681']
Unfortunately this will do nothing. Anyone smart enough to do so will simply remove the integrity check from the binary, and there goes your clever scheme.
[/quote]

Yes, but the signature would be broken.

Share this post


Link to post
Share on other sites
Bacterius    13165
[quote name='kubera' timestamp='1354339429' post='5005941']
Yes, but the signature would be broken.
[/quote]
But how would this matter in practice? :)

Share this post


Link to post
Share on other sites
Hodgman    51325
Signed executables are required on a lot of platforms (consoles and some PC publishing platforms), however, they're only any use if the security of the authenticator can't be broken. On consoles, it's a closed platform, so this works until someone cracks the hardware/OS, but on PC it's not possible to make 100% secure. If authentication is done locally it can be cracked, and if it's done remotely then a local hack can send lies over the network. In either case, you can still interfere with a running program after it's been launched/authenticated.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this