The Daily Click ::. Forums ::. Klik Coding Help ::. Encrypting files (specifically INI)
 

Post Reply  Post Oekaki 
 

Posted By Message

Muz



Registered
  14/02/2002
Points
  6499

VIP MemberI'm on a BoatI am an April FoolHonored Admin Alumnus
6th February, 2004 at 22:03:53 -

It's simple. I'm saving data from my game onto INI files. I don't want people to be able to edit it. So, I want some way to totally prevent someone other than myself (and the game) from accessing those files.

I know there's this Encryption object by a certain Mokhtar, but it encrypts too easily and has a little trouble decrypting it. Even then, it's hard to make sure that it doesn't double encrypt or double decrypt the file.

So, any ideas, good people?

 
Disclaimer: Any sarcasm in my posts will not be mentioned as that would ruin the purpose. It is assumed that the reader is intelligent enough to tell the difference between what is sarcasm and what is not.

Image

Steve Harris

Codito Ergo Sum

Registered
  28/01/2002
Points
  2032

Has Donated, Thank You!VIP MemberGOTM JULY - 2009 - 3RD PLACE!Hasslevania 2!Wii OwnerChristmas Tree!GOTW Winner January 2011!
7th February, 2004 at 05:52:07 -

If you've got mmf 1.5 go for the file encoder object, you can even make up your own encryption keys or do a byte shift or do double encryption... whatever you want

 
http://www.create-games.com/project.asp?view=main&id=927

www.steveharris.info
www.useful-by-design.co.uk
www.aellamassemailer.com
www.turningthetide.info

Tigerworks

Klik Legend

Registered
  15/01/2002
Points
  3882
7th February, 2004 at 06:02:42 -

Everyone on TDC seems really far behind the latest stuff - get the Clickteam Bonus Pack and use the Blowfish encryption object, or use the Binary object's Blowfish encryption. Blowfish is by far the most secure encryption available to use Clickers...

 
- Tigerworks

Shen

Possibly Insane

Registered
  14/05/2002
Points
  3497
7th February, 2004 at 07:17:53 -

Or use an associative array, which is sort of the same, with built-in encryption for you.

 
gone fishin'

Kramy



Registered
  08/06/2002
Points
  1888
8th February, 2004 at 14:11:24 -

My method: use 4x encryption on the file encryptor. Zip up the file in a ~64 to ~128 char password protected zip archive. Use blowfish encryption on the archive.

It worked for my RPG engine in TGF, so should be easy in MMF.

 
Kramy

Shen

Possibly Insane

Registered
  14/05/2002
Points
  3497
8th February, 2004 at 14:23:15 -

Kramy: That's good for bigger games, but it could take quite a long time per save, having to zip and unzip and all that ><

 
gone fishin'

Kramy



Registered
  08/06/2002
Points
  1888
8th February, 2004 at 14:26:55 -

True, it takes about 5 seconds on my computer. If you have to save often, that's a lot of time your program is busy.

 
Kramy

Shen

Possibly Insane

Registered
  14/05/2002
Points
  3497
8th February, 2004 at 14:31:28 -

How many values/stuff did you have to save?

 
gone fishin'

Kramy



Registered
  08/06/2002
Points
  1888
8th February, 2004 at 14:51:25 -

A couple hundred.

 
Kramy

Rick (AntiMatter Entertainment)

Possible psychotic

Registered
  18/10/2002
Points
  814

VIP Member360 OwnerWii Owner
8th February, 2004 at 19:00:56 -

This is a fairly easy (albiet slow) method, which isn't really encrypting but still protects your data:

Say your INI (in this example, it's for an RPG) looks like this:

[PlayerInfo]
HP=120
MP=20
LVL=4

You will want to add another group:

[Security]
SEC1=144 (HP Value + MP Value + LVL Value)
SEC2=290 ((SEC1 Value * 2)+ 2)
SEC3=48 ((MP Value + LVL Value)* 2)
SEC4=63 (15 + SEC3 Value)

Now, this may look wierd, but these are your security values. Have the first frame of your game run tests to see if the SEC values add up to what they're supposed to. If they don't, take the player to a "Save game has been modified" screen and from there you can erase all saved data or make it quit, or whatever.

For example, in frame 1, have counters for all of your INI values (ie. HP Counter, MP Counter, LVL Counter, SEC1 Counter, SEC2 Counter, SEC3 Counter). Then make each one load correctly, ie.

- Start Of Level
: Set INI file to "YourGameName"
: Set Group to PlayerInfo
: Set Item to HP
: Set 'HP Counter' to value from INI
etc.

Then, have the level test to see if any of the SEC values aren't what they're supposed to be. For example,

(Negate) SEC1 Counter = HP Counter + MP Counter + LVL Counter)
: Go to frame X

(Negate) SEC2 Counter = (SEC1 Counter * 2)+ 2
: Go to frame X

etc.

(Where X is your 'save game has been modified' frame)

Then, simply have an event that makes the game proceed to the main menu / your company logo screen after 1 second (The INI values and Counters should load up way before 1 second is over, make it 2 seconds if you're unsure).

Now, if you've got your 'quit' option to exit you straight from the game, have it send you to a 'quit' frame instead. Do with this frame exactly what you did with your first one that tests security (ie. a Counter for each INI value), only instead of having the security values TEST if they're right, instead have them change to the values they're supposed to.

Add the following events:

- Start Of Level
: Set SEC1 Counter to (HP Counter Value + MP Counter Value + LVL Counter Value)
: Set SEC3 Counter to ((MP Counter Value + LVL Counter Value)* 2)

- SEC1 Counter > 0 (Because this SEC value gains its value from SEC1)
: Set SEC2 Counter to (SEC1 Value Counter * 2)+ 2
etc.

- SEC3 Counter > 0 (Because this SEC value gains its value from SEC3)
: Set SEC4 Counter to (15 + SEC3 Counter Value)

- SEC1 Counter > 0
: Set INI file to 'YourGameName'
: Set group to Security
: Set item to SEC1
: Set value to SEC1 Counter Value

- SEC2 Counter > 0
: Set INI file to 'YourGameName'
: Set group to Security
: Set item to SEC2
: Set value to SEC2 Counter Value

- SEC3 Counter > 0
: Set INI file to 'YourGameName'
: Set group to Security
: Set item to SEC3
: Set value to SEC3 Counter Value

- SEC4 Counter > 0
: Set INI file to 'YourGameName'
: Set group to Security
: Set item to SEC4
: Set value to SEC4 Counter Value

- Timer equals 0"01'00 (or 0"02'00)
: End the game

Your INIs should now be secure, because if one of the security values doesn't add up to what it's supposed to, it'll make the game declare that the save game has been modified and it will take the appropriate action. Also, player's can't edit the files because they don't know the SEC Value formulas. Of course, with this method you can't protect strings, such as a high score name. Only values, you hear!

Of course, you can change the names of the Security items, and the formula, but avoid the following:

Using DIVIDE to find a value
The reason? Let's say that your HP value is 31. If you have the formula for SEC1 equal HP/2, then the SEC1 Value would be 15. If you ever need to make the game translate this number by multiplying by 2, the resulting value will be 30, NOT 31.

Using SUBTRACT when the value could end up negative
Negatives stuff up all of this, so if your HP was 100 and your MP was 30, and you wanted your formula to be MP-HP, you'd end up with a negative value. Just avoid using subtracts at all.

Finally, the more SEC values you have, the harder your security is to crack, but the more time you'll use. All known faults with this system are listed below:

- Can't protect strings
- 'Translating' can come up with the wrong numbers if you don't use brackets correctly (assuming you use translating)
- Can't use subtract in a formula without the possiblity of changing a value
- Can't use divide in a formula without the possiblity of changing a value

Hope this helps! Any other flaws that people can see, please point them out, as this is the only method I have for protecting my own games' data!

Image Edited by the Author.

 

Kramy



Registered
  08/06/2002
Points
  1888
8th February, 2004 at 20:04:45 -

Good idea Antimatter, but you'd probably have to get even more cryptic.

[PlayerInfo]
ps0=24
ps1=396
ps2=5
ps3=184

If I post the formulas it would be pointless, wouldn't it?

Image Edited by the Author.

 
Kramy

Fire and Ice interactive



Registered
  27/01/2004
Points
  512
8th February, 2004 at 20:24:04 -

I USE INIS, THEN THEN UPLOAD THEM TO A GOLBAL ARRAY, THEN RE-ENCRYED THE INI FILE



 
For the latest of fire and ice go to..


http://www.freewebs.com/fai_interactive/Home.htm

Rick (AntiMatter Entertainment)

Possible psychotic

Registered
  18/10/2002
Points
  814

VIP Member360 OwnerWii Owner
8th February, 2004 at 21:14:06 -

Yeah, you'd probably have to rename HP, MP, LVL, etc. to something like BR_GBS1 or something cryptic so people can't see exactly what they're trying to modify. But yeah, my idea does work, even though it takes a while to get working. It's a shame about not being able to protect strings, though. But then, every string that was saved would probably be something like, Player Name, etc. so you wouldn't have to worry about protecting that. If the player wants to change their name, let them!

Oh, and your formulas are:

ps0 = MP + LVL
ps1 = (HP + MP + LVL) * 2
ps2 = MP / 4 (Shouldn't use divides!)
ps3 = (HP + MP + LVL) + 40 (or MP*2, or LVL*10)

(That's my guess!)

The reason it's so easy to guess is because you'd need to add more to it, ie.

ps1 = ((HP + MP + LVL) * 2) + (MP + 5)

Because there's no way they will guess that.

Image Edited by the Author.

 

Kramy



Registered
  08/06/2002
Points
  1888
9th February, 2004 at 15:01:10 -

I forgot how I did ps1. I'll try and figure it out later.

The calculation for HP works fine with dividing in TGF, so long as the hp does not go extremely low, or negative (see bottom)

HP = 120
MP = 20
Lvl = 4

[playerinfo]
ps0 = 24
ps1 = 396
ps2 = 5
ps3 = 184

Check1: Number of items = lvl
Check2: If ps2 = number of items+1
// have level
Check3: Mana = ps0+lvl
// have mana
Check4: ((ps3-lvl)*2)/3 = HP
// have hp (Check: 120+(120/2) + lvl = 184)

// If 119 + (119+1)/2[60] + lvl = 183
// If ((183-4)*2)/3 = 358/3 = 119

// If 118 + (118+1)/2[59] + lvl = 181
// If ((181-4)*2)/3 = 354/3 = 118

// If 117 + (117+1)/2[59] + lvl = 180
// If ((180-4)*2)/3 = 352/3 = 117

// If 116 + (116+1)/2[58] + lvl = 178
// If ((178-4)*2)/3 = 348/3 = 116

Image Edited by the Author.

 
Kramy

Shen

Possibly Insane

Registered
  14/05/2002
Points
  3497
9th February, 2004 at 15:26:57 -

Oh, while you're all at it, I wrote some articles a while ago

 
gone fishin'

Kramy



Registered
  08/06/2002
Points
  1888
9th February, 2004 at 15:47:15 -

Item5 = ExplodingCowFound (37 is no, 614 is yes)

I like that...ExplodingCowFound.

Gives me an idea. Encrypt values with strings!

Quest1=1
Quest2=1
Quest3=0
Quest4=0

Change to:

Duh=woogie!
Huh=odd???
Dahhhh=oam
cow=42

Lol, that would be hillarious if they opened up a save file and found that.

 
Kramy

Shen

Possibly Insane

Registered
  14/05/2002
Points
  3497
9th February, 2004 at 15:51:39 -

Even better if there was a

UserIsGay=1

or something odd like that. just to be evil

 
gone fishin'

Kramy



Registered
  08/06/2002
Points
  1888
9th February, 2004 at 16:00:57 -

Lol

[Game]
UserIsGay=1
HackersIsQueer=1
WhyAreYouReadingThis=1
AreYouReadingThisInNotePad=0
Ok_HowAboutWordpad=0
No_OkInInternetExplorer=0
Well_WhatAreYouReadingThisInThen=1

 
Kramy

Rick (AntiMatter Entertainment)

Possible psychotic

Registered
  18/10/2002
Points
  814

VIP Member360 OwnerWii Owner
9th February, 2004 at 17:42:49 -

"The calculation for HP works fine with dividing in TGF"

That depends what you divide it by. The trouble is, it's possible to have a lower HP value than whatever you put after the divide. For example, the user saves the game with only 10 HP left, but has 15 Mana. If your formula is:

ps1=HP/MP

10 / 15 = 0.66666666666666666666666666666667

And that can't be used!

Basically, you have to avoid subtracts and divides just in case any given value is saved lower than the one you need to subtract from it, or divide it by.

 

DeadmanDines

Best Article Writer

Registered
  27/04/2006
Points
  4758
11th February, 2004 at 07:37:07 -

I dunno about you lot, but when I made games, I enjoyed building whole new fileformats to save with.

It narrows down the number of possible hackers to those with hex-editing knowledge. Couple that with a few checksums, and you're already on your way to a pretty secure lump of stuff. Do a bit of blowfish on some of the data inside, and no one'll be cracking that any time soon.

I like my own file formats, because you can tailor them for maximum game efficiency. When working on a level format, for example, I could arrange the data in the order it would be read, making loading a much quicker and simpler process.

 
191 / 9999 * 7 + 191 * 7
   

Post Reply



 



Advertisement

Worth A Click