delete this post

Yellownakji · October 16, 2018, 08:45:57

Removed due to lack of community interest. please delete.

Derron · October 16, 2018, 09:01:58

Without having checked that file:

- remove file headers (magic bytes) from the "processed" assets
- write your own stream readers (so you can eg. interweave 2 image data blocks to one block - A B A B ...)
- ..

BUT ... Why should I try to decode your data files if I just could fetch the assets once you shoveled it to the GPU? There are software tools allowing to go step by step through your render pipeline - including exposure of each texture.
What about audio? I want your music files? Your game surely has different checkboxes for "environment audio, "effects", "music" ... just silence them each after another and rip the audio right from the output (or tunnel the application output into an audio file).

Encrypting your data is only useful if you want to send private data from A to B without C being able to "easily" play man-in-the-middle. As soon as you (dis)play your assets within your application, there is nearly no way to stop external access to it.

bye
Ron

Matty · October 16, 2018, 09:05:03

Attempting to protect assets is worthless.

Derron · October 16, 2018, 09:07:30

Not editing my previous post as Matty already replied now.
----

I wont write you a private message - I think if you want others to have a look at something, then this should be done here publically or not at all (encryption algorithms could always be done publically without making it "flawed").
Without disclosing something: Open the file in a hex editor and you will find some patterns used very often (not just talking about the fact that the images were created with paint.net).

bye
Ron

Yellownakji · October 16, 2018, 09:09:24

Quote from: Derron on October 16, 2018, 09:07:30
Not editing my previous post as Matty already replied now.
----

I wont write you a private message - I think if you want others to have a look at something, then this should be done here publically or not at all.
Without disclosing something: Open the file in a hex editor and you will find some patterns used very often (not just talking about the fact that the images were created with paint.net).

bye
Ron

So much for community. Why do i bother..

Derron · October 16, 2018, 09:14:25

I could expose way more - but in a developer forum the first thing people will do with your file: open it in a hex editor and scan through if they see something (straight readable strings) and if not, they will check if they see patterns (eg a simple xor-manipulation of data).

If you really encrypted the data files (no matter how simple - eg. first byte is shifted by 1, next by 2, third by 3 ...) then we could not decode it without knowing how much files were in, which format was used - or how one of the files looked "unencrypted". I could literally send you a dump file containing "nothing but garbage" and claim there were "some or none" files in it. No way to find out if that is true or not.

and yes .. "community" means doing something in a "community way" not in a one-to-one communication.
Next time one asks for others to paint him a logo - but please only hand them in via PM instead of replying to the thread.

edit: You should not secure your data from extraction (as said you will display them anyways...) but from tampering (editing). Most simple approach would be to check your file hashes against a database (whose hash is compared to something online). Online connections might be faked too (proxy...) but it is another hurdle to climb. Image hashes to compare? Comparison function could be stubbed with a hex editor - so you would need to check your binary hash too. And you would need to check if tools are running which inject code into yours (so "comparison function" will be disabled "on the fly").
At the end you run into the same problem all "anti piracy" tools want to tackle - and you will most probably fail the same way as others did.

I understand that data must be "protected" if it is 3rd party media (they could have it in their contracts) means you need to use "state of the art" technics to protect data. Means: your own solution might at the end not be "state of the art" and you broke the contract - which can get expensive. Better buy in a solution both parties agree on.

bye
Ron

Derron · October 16, 2018, 09:52:06

@ delete this post
Nope - I wont like to see my posts deleted just because you feel miffed/peeved.

You asked people to have a look into a file containing multiple "images". You wanted the "community" to have a look. But asked to reply certain stuff via PM.

I did not expose explicit stuff (except that your images seem to be exported via paint.net) and also explained what people will most probably do - and why protecting assets does not work as you plan (they would try to disassemble your binary/reader and see if it eg. reads your .dat file from end to begin or if files are interweaved).

To now play the miffed dude is no attitude justifying a thread deletion - at least imho. I have put (some) efforts in replying to your project and it is not up to you to purge my posts/words from the internet.

bye
Ron

Kippykip · October 16, 2018, 10:06:06

Quote from: Derron on October 16, 2018, 09:52:06
@ delete this post
Nope - I wont like to see my posts deleted just because you feel miffed/peeved.

Too be fair Derron, the few times I've seen you on this forum you're complaining about a question asked or provide unwanted answers to the OP.

I get low disposition often too when I ask general questions on a Linux forum and get shot down, not a good feeling.

Derron · October 16, 2018, 10:31:19

Please quote me for complaining about questions ...
I know that I provide answers for untold questions.

@ general questions
It was no general question: OP provided a file and wanted the community to try to find the files in it - and asked to not post in this thread how we extracted the files (not as "game" but as "security measurement" for his protection scheme). I did not say how I extracted them (I did not do that) and just wrote what most people will do to analyze the file. And I also wrote why this protection is senseless if you use it in an application capable of reading (and even (dis)playing) your assets.
I also wrote (as you can read above) that I do not like that "private reply" thing. It is like asking people for (unpaid) help and nobody should know about the fact you wont pay. Asking a community should also be a "reply publically to the community".
This last thing is what the OP is offended by and wants to delete its post.

So this is not "shooting down" the OP but just replying to what he described.

Naughty Alien · October 16, 2018, 14:20:38

..if your media is very well done, maybe better choice is to leave it non encrypted, as that could be eventually, a good way to earn money, if some baboon try to use it commercially..